Ke konci UsbFixu jsem dostal hlášku
Probíhá vypnutí systému. Uložte všechny rozpracované soubory a odhlaste se. Neuložené změny budou ztraceny. Vypnutí vyvolal NT AUTHORITY\SYSTEM
Čas do vypnutí 00:00:30
Zpráva
Systémový proces C:\WINDOWS\system32\lsass.exe neočekávaně skončil se stavovým kódem 0. Systém bude nyní ukončem a restartován.
Jinak tady je z něj log
############################## | UsbFix 7.014 | [Deletion]
User: Terulee (Administrator) # UZIVATEL-7DCD8A [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 23:58:07 | 17/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Pentium(R) M processor 1.70GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Enabled
Antivirus: ESET NOD32 Antivirus 4.2 4.2 [Enabled | (!) Outdated]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 56 Gb (20 Mb free - 35%) [] # NTFS
D:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 100%) [] # FAT32
################## | Files # Infected Folders |
Deleted ! C:\Documents and Settings\Terulee\qihtsu.exe
Deleted ! C:\Documents and Settings\Terulee\wuaucldt.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\034.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\183.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\282.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\308.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\378.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\435.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\442.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\473.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\523.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\552.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\577.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\634.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\656.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\673.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\684.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\784.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\882.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\883.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\905.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\925.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\955.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\1224515.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\1251803.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\2237.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\319788.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\42945.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\472256.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\5D6843~1.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\61032.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\70685.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\71952.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\8323.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\8929.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\9831.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\AutoRun.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\lsass.exe
Deleted ! C:\WINDOWS\regedit.com
Deleted ! C:\WINDOWS\rundl132.exe
Deleted ! C:\log.txt
Deleted ! F:\log.txt
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Listing |
[17/11/2010 - 14:13:32 | A | 0] C:\$$TEMP$$.~~~
[27/11/2009 - 14:07:34 | D ] C:\84180e2e932956edb553445f2b
[21/11/2009 - 14:27:33 | N | 0] C:\AUTOEXEC.BAT
[26/02/2010 - 19:25:40 | SH | 211] C:\boot.ini
[14/04/2008 - 13:00:00 | RASH | 4952] C:\Bootfont.bin
[17/11/2010 - 15:26:42 | SD ] C:\ComboFix
[21/11/2009 - 14:27:33 | A | 0] C:\CONFIG.SYS
[24/12/2009 - 20:05:29 | D ] C:\Documents and Settings
[23/11/2009 - 09:43:19 | D ] C:\DRIVERS
[21/11/2009 - 14:27:33 | RASH | 0] C:\IO.SYS
[01/04/2010 - 08:06:53 | A | 103] C:\mbam-error.txt
[21/11/2009 - 14:27:33 | RASH | 0] C:\MSDOS.SYS
[27/11/2009 - 12:44:24 | RD ] C:\MSOCache
[14/04/2008 - 13:00:00 | RASH | 47564] C:\NTDETECT.COM
[14/04/2008 - 13:00:00 | RASH | 250576] C:\ntldr
[17/11/2010 - 23:56:40 | ASH | 1610612736] C:\pagefile.sys
[17/11/2010 - 14:19:13 | RD ] C:\Program Files
[17/11/2010 - 14:43:01 | D ] C:\Qoobox
[18/11/2010 - 00:05:26 | SHD ] C:\RECYCLER
[17/11/2010 - 15:22:28 | A | 395] C:\rkill.log
[26/02/2010 - 19:29:49 | D ] C:\rsit
[27/02/2010 - 20:52:58 | SHD ] C:\System Volume Information
[18/11/2010 - 00:05:26 | D ] C:\UsbFix
[18/11/2010 - 00:05:30 | A | 3239] C:\UsbFix.txt
[18/11/2010 - 00:04:53 | D ] C:\WINDOWS
[16/11/2010 - 20:57:35 | A | 193024] C:\winn27.exe
[16/11/2010 - 05:58:16 | A | 91136] C:\winnt7.exe
[17/11/2010 - 23:54:22 | A | 1224471] F:\UsbFix.exe
[17/11/2010 - 23:56:40 | A | 1306] F:\BOOTEX.LOG
[17/11/2010 - 15:38:48 | A | 6153352] F:\mbam-setup-1.46.exe
[03/03/2010 - 11:20:02 | SHD ] F:\FOUND.000
################## | Vaccin |
A log ze SystemLook
SystemLook 04.09.10 by jpshortstuff
Log created at 00:16 on 18/11/2010 by Terulee
Administrator - Elevation successful
========== filefind ==========
Searching for "cdrom.sys"
C:\WINDOWS\system32\dllcache\cdrom.sys --a--c- 98240 bytes [04:59 16/11/2010] [09:37 17/11/2010] 512D1E14138FDE84E86665CFCF911A96
C:\WINDOWS\system32\drivers\cdrom.sys --a---- 98240 bytes [12:00 14/04/2008] [09:37 17/11/2010] 512D1E14138FDE84E86665CFCF911A96
-= EOF =-
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - zavirovaný NTB
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu - zavirovaný NTB
Log z OTM
All processes killed
========== FILES ==========
C:\Documents and Settings\Terulee\Data aplikací\Security Antivirus folder moved successfully.
File/Folder C:\Documents and Settings\Terulee\wuaucldt.exe not found.
C:\Documents and Settings\Terulee\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk moved successfully.
C:\Documents and Settings\Terulee\Nabídka Start\Security Antivirus.lnk moved successfully.
C:\Documents and Settings\Terulee\Nabídka Start\Programy\Security Antivirus.lnk moved successfully.
C:\WINDOWS\system32\secupdat.dat moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDCC8EEF-407E-449B-BE00-8E77F198F3C4}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDCC8EEF-407E-449B-BE00-8E77F198F3C4} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDAE7CFB-2CD4-4236-8F5D-40E1469DC459}\Disk1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDAE7CFB-2CD4-4236-8F5D-40E1469DC459} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{A7CFD024-4E29-4FC8-AD91-407D7177A209}\Disk1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{A7CFD024-4E29-4FC8-AD91-407D7177A209} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{781D5E0F-51A8-4304-90F0-B952DD87F6BC}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{781D5E0F-51A8-4304-90F0-B952DD87F6BC} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{75E117BA-1BDC-4695-8774-4F3BA77012CF}\en-us folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{75E117BA-1BDC-4695-8774-4F3BA77012CF} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{6466C259-AFA8-42AB-9C5F-306A845C727A}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{6466C259-AFA8-42AB-9C5F-306A845C727A} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{4585A9A6-601D-4C09-A14D-024DDE6DD4D2}\{71BFC818-0CED-42D6-9C87-5142918957EE} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{4585A9A6-601D-4C09-A14D-024DDE6DD4D2} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{206E7874-328E-4A4A-B276-BB507B703F91}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{206E7874-328E-4A4A-B276-BB507B703F91} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{19C2EE5F-D1C9-4A95-BC6E-DE6989ED6940}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{19C2EE5F-D1C9-4A95-BC6E-DE6989ED6940} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\SnameMenu folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\GIF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WPDNSE folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Word8.0 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WER11d9.dir00 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WER0c17.dir00 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\VBE folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\6648 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\3560 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\280 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\plugins folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\outlook logging folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\nodtmpb folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml1\01 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\winnt folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\vista folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\VSO folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\MSAD folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\MPF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MSC\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MSC folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\msad folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\winnt folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\vista folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MMI folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Low\ICQToolbar folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Low folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\ispC88.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\hsperfdata_Terulee folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Google Toolbar folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 2 pro Titulky07b.zip\setup folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 2 pro Titulky07b.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Vampires-Suck(0000157869).zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Titulky07b.zip\setup folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Titulky07b.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro SubtitleToolCZ.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\BTN%Copy%1\BTN%Copy%2 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\BTN%Copy%1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\AutoRun folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe\Acrobat folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\15.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\14.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\1.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp folder moved successfully.
C:\WINDOWS\system32\wuaucldt.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP175.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP263.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP385.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEBC3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF3.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d68f0c0920f4d1175ea577db54d63033\BIT6.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\PerfStringBackup.TMP moved successfully.
C:\WINDOWS\Temp\exp13.tmp moved successfully.
C:\WINDOWS\Temp\exp13B3.tmp moved successfully.
C:\WINDOWS\Temp\exp16.tmp moved successfully.
C:\WINDOWS\Temp\exp1B3.tmp moved successfully.
C:\WINDOWS\Temp\exp1D1.tmp moved successfully.
C:\WINDOWS\Temp\exp2245.tmp moved successfully.
C:\WINDOWS\Temp\exp31D6.tmp moved successfully.
C:\WINDOWS\Temp\exp350A.tmp moved successfully.
C:\WINDOWS\Temp\exp399E.tmp moved successfully.
C:\WINDOWS\Temp\exp3ACD.tmp moved successfully.
C:\WINDOWS\Temp\exp5479.tmp moved successfully.
C:\WINDOWS\Temp\exp5A3D.tmp moved successfully.
C:\WINDOWS\Temp\exp60BF.tmp moved successfully.
C:\WINDOWS\Temp\exp6FC7.tmp moved successfully.
C:\WINDOWS\Temp\exp7A9B.tmp moved successfully.
C:\WINDOWS\Temp\exp7F22.tmp moved successfully.
C:\WINDOWS\Temp\exp8655.tmp moved successfully.
C:\WINDOWS\Temp\exp8706.tmp moved successfully.
C:\WINDOWS\Temp\exp9746.tmp moved successfully.
C:\WINDOWS\Temp\expAF5B.tmp moved successfully.
C:\WINDOWS\Temp\expB73F.tmp moved successfully.
C:\WINDOWS\Temp\expDE7E.tmp moved successfully.
C:\WINDOWS\Temp\GUR1.tmp moved successfully.
C:\WINDOWS\Temp\GUR2.tmp moved successfully.
C:\WINDOWS\Temp\GUR3.tmp moved successfully.
C:\WINDOWS\Temp\GUR4.tmp moved successfully.
C:\WINDOWS\Temp\GUR5.tmp moved successfully.
C:\WINDOWS\Temp\GUR6.tmp moved successfully.
C:\WINDOWS\Temp\GUR7.tmp moved successfully.
C:\WINDOWS\Temp\GUR8.tmp moved successfully.
C:\WINDOWS\Temp\GUR9.tmp moved successfully.
C:\WINDOWS\Temp\GURA.tmp moved successfully.
C:\WINDOWS\Temp\GURB.tmp moved successfully.
C:\WINDOWS\Temp\GURC.tmp moved successfully.
C:\WINDOWS\Temp\GURD.tmp moved successfully.
C:\WINDOWS\Temp\IHD.tmp moved successfully.
C:\WINDOWS\Temp\SEP9.tmp moved successfully.
C:\WINDOWS\Temp\SEPA.tmp moved successfully.
C:\WINDOWS\Temp\wfpdawg5F5B9489.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Terulee
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4600908 bytes
->Java cache emptied: 48680525 bytes
->Flash cache emptied: 134251 bytes
User: Uzivatel
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3559954 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67295024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 119,00 mb
Restore points cleared and new OTM Restore Point set!
OTM by OldTimer - Version 3.1.17.2 log created on 11182010_001858
All processes killed
========== FILES ==========
C:\Documents and Settings\Terulee\Data aplikací\Security Antivirus folder moved successfully.
File/Folder C:\Documents and Settings\Terulee\wuaucldt.exe not found.
C:\Documents and Settings\Terulee\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk moved successfully.
C:\Documents and Settings\Terulee\Nabídka Start\Security Antivirus.lnk moved successfully.
C:\Documents and Settings\Terulee\Nabídka Start\Programy\Security Antivirus.lnk moved successfully.
C:\WINDOWS\system32\secupdat.dat moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDCC8EEF-407E-449B-BE00-8E77F198F3C4}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDCC8EEF-407E-449B-BE00-8E77F198F3C4} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDAE7CFB-2CD4-4236-8F5D-40E1469DC459}\Disk1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDAE7CFB-2CD4-4236-8F5D-40E1469DC459} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{A7CFD024-4E29-4FC8-AD91-407D7177A209}\Disk1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{A7CFD024-4E29-4FC8-AD91-407D7177A209} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{781D5E0F-51A8-4304-90F0-B952DD87F6BC}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{781D5E0F-51A8-4304-90F0-B952DD87F6BC} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{75E117BA-1BDC-4695-8774-4F3BA77012CF}\en-us folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{75E117BA-1BDC-4695-8774-4F3BA77012CF} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{6466C259-AFA8-42AB-9C5F-306A845C727A}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{6466C259-AFA8-42AB-9C5F-306A845C727A} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{4585A9A6-601D-4C09-A14D-024DDE6DD4D2}\{71BFC818-0CED-42D6-9C87-5142918957EE} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{4585A9A6-601D-4C09-A14D-024DDE6DD4D2} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{206E7874-328E-4A4A-B276-BB507B703F91}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{206E7874-328E-4A4A-B276-BB507B703F91} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{19C2EE5F-D1C9-4A95-BC6E-DE6989ED6940}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{19C2EE5F-D1C9-4A95-BC6E-DE6989ED6940} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\SnameMenu folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\GIF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WPDNSE folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Word8.0 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WER11d9.dir00 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WER0c17.dir00 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\VBE folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\6648 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\3560 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\280 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\plugins folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\outlook logging folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\nodtmpb folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml1\01 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\winnt folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\vista folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\VSO folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\MSAD folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\MPF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MSC\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MSC folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\msad folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\winnt folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\vista folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MMI folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Low\ICQToolbar folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Low folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\ispC88.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\hsperfdata_Terulee folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Google Toolbar folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 2 pro Titulky07b.zip\setup folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 2 pro Titulky07b.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Vampires-Suck(0000157869).zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Titulky07b.zip\setup folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Titulky07b.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro SubtitleToolCZ.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\BTN%Copy%1\BTN%Copy%2 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\BTN%Copy%1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\AutoRun folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe\Acrobat folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\15.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\14.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\1.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp folder moved successfully.
C:\WINDOWS\system32\wuaucldt.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP175.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP263.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP385.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEBC3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF3.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d68f0c0920f4d1175ea577db54d63033\BIT6.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\PerfStringBackup.TMP moved successfully.
C:\WINDOWS\Temp\exp13.tmp moved successfully.
C:\WINDOWS\Temp\exp13B3.tmp moved successfully.
C:\WINDOWS\Temp\exp16.tmp moved successfully.
C:\WINDOWS\Temp\exp1B3.tmp moved successfully.
C:\WINDOWS\Temp\exp1D1.tmp moved successfully.
C:\WINDOWS\Temp\exp2245.tmp moved successfully.
C:\WINDOWS\Temp\exp31D6.tmp moved successfully.
C:\WINDOWS\Temp\exp350A.tmp moved successfully.
C:\WINDOWS\Temp\exp399E.tmp moved successfully.
C:\WINDOWS\Temp\exp3ACD.tmp moved successfully.
C:\WINDOWS\Temp\exp5479.tmp moved successfully.
C:\WINDOWS\Temp\exp5A3D.tmp moved successfully.
C:\WINDOWS\Temp\exp60BF.tmp moved successfully.
C:\WINDOWS\Temp\exp6FC7.tmp moved successfully.
C:\WINDOWS\Temp\exp7A9B.tmp moved successfully.
C:\WINDOWS\Temp\exp7F22.tmp moved successfully.
C:\WINDOWS\Temp\exp8655.tmp moved successfully.
C:\WINDOWS\Temp\exp8706.tmp moved successfully.
C:\WINDOWS\Temp\exp9746.tmp moved successfully.
C:\WINDOWS\Temp\expAF5B.tmp moved successfully.
C:\WINDOWS\Temp\expB73F.tmp moved successfully.
C:\WINDOWS\Temp\expDE7E.tmp moved successfully.
C:\WINDOWS\Temp\GUR1.tmp moved successfully.
C:\WINDOWS\Temp\GUR2.tmp moved successfully.
C:\WINDOWS\Temp\GUR3.tmp moved successfully.
C:\WINDOWS\Temp\GUR4.tmp moved successfully.
C:\WINDOWS\Temp\GUR5.tmp moved successfully.
C:\WINDOWS\Temp\GUR6.tmp moved successfully.
C:\WINDOWS\Temp\GUR7.tmp moved successfully.
C:\WINDOWS\Temp\GUR8.tmp moved successfully.
C:\WINDOWS\Temp\GUR9.tmp moved successfully.
C:\WINDOWS\Temp\GURA.tmp moved successfully.
C:\WINDOWS\Temp\GURB.tmp moved successfully.
C:\WINDOWS\Temp\GURC.tmp moved successfully.
C:\WINDOWS\Temp\GURD.tmp moved successfully.
C:\WINDOWS\Temp\IHD.tmp moved successfully.
C:\WINDOWS\Temp\SEP9.tmp moved successfully.
C:\WINDOWS\Temp\SEPA.tmp moved successfully.
C:\WINDOWS\Temp\wfpdawg5F5B9489.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Terulee
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4600908 bytes
->Java cache emptied: 48680525 bytes
->Flash cache emptied: 134251 bytes
User: Uzivatel
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3559954 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67295024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 119,00 mb
Restore points cleared and new OTM Restore Point set!
OTM by OldTimer - Version 3.1.17.2 log created on 11182010_001858
Re: Prosím o kontrolu logu - zavirovaný NTB
Fajn, zkuste nyni spustit ComboFix v nouzovem rezimu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - zavirovaný NTB
Tak ComboFix skončil s tím, že vytvořil bod obnovení, odmítl jsem stáhnout konzoli a dostal jsem hlášku
Systém nemůže spustit určený program.
Systém nemůže spustit určený program.
Re: Prosím o kontrolu logu - zavirovaný NTB
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
- C:\WINDOWS\system32\dllcache\cdrom.sys
C:\WINDOWS\system32\drivers\cdrom.sys - Kliknete na Prochazet
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Kliknete na Send File
- Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
- Vysledek analyzy sem vlozte (jako odkaz)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
Znovu provedte mbam a nic nemazte - log sem"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - zavirovaný NTB
Ten soubor z DLLCACHE
http://www.virustotal.com/file-scan/rep ... 1290073333
a ten z drivers
http://www.virustotal.com/file-scan/rep ... 1290073354
http://www.virustotal.com/file-scan/rep ... 1290073333
a ten z drivers
http://www.virustotal.com/file-scan/rep ... 1290073354
Re: Prosím o kontrolu logu - zavirovaný NTB
Log z MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4052
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
18.11.2010 10:59:28
mbam-log-2010-11-18 (10-59-28).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 112776
Uplynulý čas: 6 minuta(y), 30 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové polo·ky registru: 0
Infikované slo·ky: 0
Infikované soubory: 3
Infikované procesy v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované moduly v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.
Infikované hodnoty registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované datové polo·ky registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované slo·ky:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované soubory:
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.
C:\Documents and Settings\Terulee\secupdat.dat (Worm.Autorun) -> No action taken.
A link na test toho souboru secupdat
http://www.virustotal.com/file-scan/rep ... 1290074565
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4052
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
18.11.2010 10:59:28
mbam-log-2010-11-18 (10-59-28).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 112776
Uplynulý čas: 6 minuta(y), 30 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové polo·ky registru: 0
Infikované slo·ky: 0
Infikované soubory: 3
Infikované procesy v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované moduly v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.
Infikované hodnoty registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované datové polo·ky registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované slo·ky:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované soubory:
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.
C:\Documents and Settings\Terulee\secupdat.dat (Worm.Autorun) -> No action taken.
A link na test toho souboru secupdat
http://www.virustotal.com/file-scan/rep ... 1290074565
Re: Prosím o kontrolu logu - zavirovaný NTB
Blby je ze nemame CF - ten by to pekne opravil.. Je tam napadeny systemovy soubor - nejdrive odsranime havet a pak jej opravime Stahnete SPTD http://www.duplexsecure.com/en/downloads
- Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
- Ulozte na plochu a spustte
- Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
- Ulozte na plochu a spustte
- Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Dejte logy z Gmeru - viz muj podpis"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - zavirovaný NTB
Takže Gmer mi vyhodil hlášku
C:\Windows\system32\config\software: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
a od te doby je ntb takový zasekaný. Nicméně nechám to ještě běžet - třeba ten druhej log dostanu.
SPTD volba uninstall nebyla, tka jsem krok přeskočil
Defogger dal jsem disable a "něco" se udělalo
log z mbr
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541060G9AT00 rev.MB3OA61A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
error: Read K dokončení po·adované slu·by není k dispozici dostatek prostředků.
První log z Gmer
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-18 14:18:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541060G9AT00 rev.MB3OA61A
Running: gmer.exe; Driver: C:\DOCUME~1\Terulee\LOCALS~1\Temp\pgairaog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Processes - GMER 1.0.15 ----
Process hidden process (*** hidden *** ) 40480
---- EOF - GMER 1.0.15 ----
C:\Windows\system32\config\software: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
a od te doby je ntb takový zasekaný. Nicméně nechám to ještě běžet - třeba ten druhej log dostanu.
SPTD volba uninstall nebyla, tka jsem krok přeskočil
Defogger dal jsem disable a "něco" se udělalo
log z mbr
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541060G9AT00 rev.MB3OA61A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
error: Read K dokončení po·adované slu·by není k dispozici dostatek prostředků.
První log z Gmer
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-18 14:18:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541060G9AT00 rev.MB3OA61A
Running: gmer.exe; Driver: C:\DOCUME~1\Terulee\LOCALS~1\Temp\pgairaog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Processes - GMER 1.0.15 ----
Process hidden process (*** hidden *** ) 40480
---- EOF - GMER 1.0.15 ----
Re: Prosím o kontrolu logu - zavirovaný NTB
Nejaky ten rootkit tam bude, zkuste nechat dobehnout hlavni skne gmeru - pokud by se sekal, tak provedte v nouzovem rezimu - PC moc pouzivat pri skenu gmerem nepujde, jelikoz ten jej vytezuje radne...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - zavirovaný NTB
Při prvním scanu co jsem dělal ntb vytuhl tak, že se nedalo ani hnout myší - následoval restart a teď pracuju na druhým scanu. Jen se mi zdá, že tu chybí červenej řádek s
Process hidden process (*** hidden *** ) 40480
tak snad se tím restartem nic nepokazilo. A všechny scany co dělám jsou v nouzovém režimu - do normálního se mi nedařilo přihlásit(po přihlášení ntb vytuhl) a od té doby jsem to nezkoušel.
Process hidden process (*** hidden *** ) 40480
tak snad se tím restartem nic nepokazilo. A všechny scany co dělám jsou v nouzovém režimu - do normálního se mi nedařilo přihlásit(po přihlášení ntb vytuhl) a od té doby jsem to nezkoušel.
Re: Prosím o kontrolu logu - zavirovaný NTB
Uvidime co najde druhy (hlavni) sken gmeru...bohuzel musim zmizet na fakultu - prednasky a cvika - budu tu az v noci...
Pripadne muzete provest sken AVPToolem dle tohoto navodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179
Pripadne muzete provest sken AVPToolem dle tohoto navodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - zavirovaný NTB
OK. Mimochodem hlavní scan Gmeru se opět tak nějak zasekl v
SYSTEM\WPA\SigningHash-V44.........
no nechám to ještě běžet, ale nějak se tomu nechce no
SYSTEM\WPA\SigningHash-V44.........
no nechám to ještě běžet, ale nějak se tomu nechce no
Re: Prosím o kontrolu logu - zavirovaný NTB
No uvidime, kdyby se nerozsekl, tak udelejte ten AVPTool a log sem dejte...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - zavirovaný NTB
Tak po dlouhým boji aspoň malý vítězství Taky je log z AVPTool
Automatická kontrola: zastaveno před 1 hod. (události: 3, objekty: 1014, čas: 00:07:14)
18.11.2010 18:07:38 Úloha byla zastavena
18.11.2010 18:07:24 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:00:24 Úloha byla spuštěna
Dezinfikovat aktivní hrozby: dokončeno před 1 hod. (události: 4, objekty: 3567, čas: 00:03:22)
18.11.2010 18:11:00 Úloha byla dokončena
18.11.2010 18:07:44 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:07:39 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:07:38 Úloha byla spuštěna
Antivirová kontrola: dokončeno před 1 hod. (události: 2, objekty: 4604, čas: 00:02:29)
18.11.2010 18:17:55 Úloha byla dokončena
18.11.2010 18:15:26 Úloha byla spuštěna
Automatická kontrola: dokončeno před 4 min. (události: 86, objekty: 193210, čas: 01:06:13)
18.11.2010 18:18:14 Úloha byla spuštěna
18.11.2010 19:06:03 Zjištěno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:03 Zjištěno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:03 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002447.exe
18.11.2010 19:06:05 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:09 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002447.exe
18.11.2010 19:06:11 Zjištěno: Backdoor.Win32.Bifrose.dgqi C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\wuaucldt.exe.vir
18.11.2010 19:06:11 Zjištěno: Backdoor.Win32.Inject.gpm C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\qihtsu.exe .vir/UPX
18.11.2010 19:06:22 Odstraněno: Backdoor.Win32.Bifrose.dgqi C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\wuaucldt.exe.vir
18.11.2010 19:06:25 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\034.exe.vir
18.11.2010 19:06:28 Odstraněno: Backdoor.Win32.Inject.gpm C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\qihtsu.exe .vir
18.11.2010 19:06:28 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1224515.exe.vir
18.11.2010 19:06:32 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1251803.exe.vir
18.11.2010 19:06:35 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\034.exe.vir
18.11.2010 19:06:35 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\183.exe.vir
18.11.2010 19:06:42 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1224515.exe.vir
18.11.2010 19:06:42 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\2237.exe.vir
18.11.2010 19:06:50 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1251803.exe.vir
18.11.2010 19:06:54 Zjištěno: Trojan-Downloader.Win32.Refroso.bsv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\282.exe.vir
18.11.2010 19:06:54 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\183.exe.vir
18.11.2010 19:06:58 Zjištěno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\308.exe.vir
18.11.2010 19:07:01 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\2237.exe.vir
18.11.2010 19:07:01 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\319788.exe.vir
18.11.2010 19:07:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bsv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\282.exe.vir
18.11.2010 19:07:11 Zjištěno: Trojan-Downloader.Win32.Refroso.btw C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\378.exe.vir
18.11.2010 19:07:13 Odstraněno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\308.exe.vir
18.11.2010 19:07:16 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\42945.exe.vir
18.11.2010 19:07:21 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\319788.exe.vir
18.11.2010 19:07:25 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\435.exe.vir
18.11.2010 19:07:26 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\378.exe.vir
18.11.2010 19:07:27 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\442.exe.vir
18.11.2010 19:07:34 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\42945.exe.vir
18.11.2010 19:07:34 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\472256.exe.vir
18.11.2010 19:07:38 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\435.exe.vir
18.11.2010 19:07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\473.exe.vir
18.11.2010 19:07:46 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\442.exe.vir
18.11.2010 19:07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\523.exe.vir
18.11.2010 19:07:52 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\472256.exe.vir
18.11.2010 19:07:56 Odstraněno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\473.exe.vir
18.11.2010 19:07:56 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\552.exe.vir
18.11.2010 19:07:59 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\577.exe.vir
18.11.2010 19:08:02 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\523.exe.vir
18.11.2010 19:08:08 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\552.exe.vir
18.11.2010 19:08:09 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\61032.exe.vir
18.11.2010 19:08:15 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\577.exe.vir
18.11.2010 19:08:18 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\634.exe.vir
18.11.2010 19:08:23 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\61032.exe.vir
18.11.2010 19:08:26 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\634.exe.vir
18.11.2010 19:08:26 Zjištěno: Trojan-Downloader.Win32.Refroso.buf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\656.exe.vir
18.11.2010 19:08:29 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\673.exe.vir
18.11.2010 19:08:33 Odstraněno: Trojan-Downloader.Win32.Refroso.buf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\656.exe.vir
18.11.2010 19:08:37 Zjištěno: Trojan-Downloader.Win32.Refroso.btu C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\684.exe.vir
18.11.2010 19:08:40 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\673.exe.vir
18.11.2010 19:08:40 Zjištěno: HEUR:Trojan.Win32.Generic C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\70685.exe.vir/UPX
18.11.2010 19:08:47 Odstraněno: Trojan-Downloader.Win32.Refroso.btu C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\684.exe.vir
18.11.2010 19:08:51 Zjištěno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\71952.exe.vir
18.11.2010 19:08:59 Odstraněno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\71952.exe.vir
18.11.2010 19:08:59 Zjištěno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\784.exe.vir
18.11.2010 19:09:00 Zjištěno: HEUR:Trojan.Win32.Generic C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8323.exe.vir/UPX
18.11.2010 19:09:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\784.exe.vir
18.11.2010 19:09:11 Zjištěno: Trojan-Downloader.Win32.Refroso.bsr C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\882.exe.vir
18.11.2010 19:09:18 Odstraněno: Trojan-Downloader.Win32.Refroso.bsr C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\882.exe.vir
18.11.2010 19:09:19 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\883.exe.vir
18.11.2010 19:09:19 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8929.exe.vir
18.11.2010 19:09:33 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\905.exe.vir
18.11.2010 19:09:37 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\883.exe.vir
18.11.2010 19:09:39 Zjištěno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\925.exe.vir
18.11.2010 19:09:44 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8929.exe.vir
18.11.2010 19:09:45 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\955.exe.vir
18.11.2010 19:09:51 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\905.exe.vir
18.11.2010 19:09:51 Zjištěno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\9831.exe.vir
18.11.2010 19:09:56 Odstraněno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\925.exe.vir
18.11.2010 19:10:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\955.exe.vir
18.11.2010 19:10:21 Odstraněno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\9831.exe.vir
18.11.2010 19:23:08 Zjištěno: Rootkit.Win32.Pakes.zo C:\WINDOWS\system32\drivers\cjtwhlhu.sys
18.11.2010 19:23:09 Odstraněno: Rootkit.Win32.Pakes.zo C:\WINDOWS\system32\drivers\cjtwhlhu.sys
18.11.2010 19:23:11 Zjištěno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\khtad6a.sys
18.11.2010 19:23:15 Zjištěno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\phe3943.sys
18.11.2010 19:23:23 Zjištěno: Trojan.Win32.Qhost.myc C:\WINDOWS\system32\drivers\etc\hosts.new
18.11.2010 19:23:45 Odstraněno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\khtad6a.sys
18.11.2010 19:23:53 Odstraněno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\phe3943.sys
18.11.2010 19:23:57 Odstraněno: Trojan.Win32.Qhost.myc C:\WINDOWS\system32\drivers\etc\hosts.new
18.11.2010 19:24:27 Úloha byla dokončena
Teď to nechávám scanovat GMERem, tak snad už to půjde líp, po tom co toho AVPTool tolik sundal
Taky je log z AVPToolAutomatická kontrola: zastaveno před 1 hod. (události: 3, objekty: 1014, čas: 00:07:14)
18.11.2010 18:07:38 Úloha byla zastavena
18.11.2010 18:07:24 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:00:24 Úloha byla spuštěna
Dezinfikovat aktivní hrozby: dokončeno před 1 hod. (události: 4, objekty: 3567, čas: 00:03:22)
18.11.2010 18:11:00 Úloha byla dokončena
18.11.2010 18:07:44 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:07:39 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:07:38 Úloha byla spuštěna
Antivirová kontrola: dokončeno před 1 hod. (události: 2, objekty: 4604, čas: 00:02:29)
18.11.2010 18:17:55 Úloha byla dokončena
18.11.2010 18:15:26 Úloha byla spuštěna
Automatická kontrola: dokončeno před 4 min. (události: 86, objekty: 193210, čas: 01:06:13)
18.11.2010 18:18:14 Úloha byla spuštěna
18.11.2010 19:06:03 Zjištěno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:03 Zjištěno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:03 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002447.exe
18.11.2010 19:06:05 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:09 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002447.exe
18.11.2010 19:06:11 Zjištěno: Backdoor.Win32.Bifrose.dgqi C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\wuaucldt.exe.vir
18.11.2010 19:06:11 Zjištěno: Backdoor.Win32.Inject.gpm C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\qihtsu.exe .vir/UPX
18.11.2010 19:06:22 Odstraněno: Backdoor.Win32.Bifrose.dgqi C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\wuaucldt.exe.vir
18.11.2010 19:06:25 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\034.exe.vir
18.11.2010 19:06:28 Odstraněno: Backdoor.Win32.Inject.gpm C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\qihtsu.exe .vir
18.11.2010 19:06:28 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1224515.exe.vir
18.11.2010 19:06:32 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1251803.exe.vir
18.11.2010 19:06:35 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\034.exe.vir
18.11.2010 19:06:35 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\183.exe.vir
18.11.2010 19:06:42 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1224515.exe.vir
18.11.2010 19:06:42 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\2237.exe.vir
18.11.2010 19:06:50 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1251803.exe.vir
18.11.2010 19:06:54 Zjištěno: Trojan-Downloader.Win32.Refroso.bsv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\282.exe.vir
18.11.2010 19:06:54 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\183.exe.vir
18.11.2010 19:06:58 Zjištěno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\308.exe.vir
18.11.2010 19:07:01 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\2237.exe.vir
18.11.2010 19:07:01 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\319788.exe.vir
18.11.2010 19:07:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bsv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\282.exe.vir
18.11.2010 19:07:11 Zjištěno: Trojan-Downloader.Win32.Refroso.btw C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\378.exe.vir
18.11.2010 19:07:13 Odstraněno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\308.exe.vir
18.11.2010 19:07:16 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\42945.exe.vir
18.11.2010 19:07:21 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\319788.exe.vir
18.11.2010 19:07:25 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\435.exe.vir
18.11.2010 19:07:26 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\378.exe.vir
18.11.2010 19:07:27 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\442.exe.vir
18.11.2010 19:07:34 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\42945.exe.vir
18.11.2010 19:07:34 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\472256.exe.vir
18.11.2010 19:07:38 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\435.exe.vir
18.11.2010 19:07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\473.exe.vir
18.11.2010 19:07:46 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\442.exe.vir
18.11.2010 19:07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\523.exe.vir
18.11.2010 19:07:52 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\472256.exe.vir
18.11.2010 19:07:56 Odstraněno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\473.exe.vir
18.11.2010 19:07:56 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\552.exe.vir
18.11.2010 19:07:59 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\577.exe.vir
18.11.2010 19:08:02 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\523.exe.vir
18.11.2010 19:08:08 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\552.exe.vir
18.11.2010 19:08:09 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\61032.exe.vir
18.11.2010 19:08:15 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\577.exe.vir
18.11.2010 19:08:18 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\634.exe.vir
18.11.2010 19:08:23 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\61032.exe.vir
18.11.2010 19:08:26 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\634.exe.vir
18.11.2010 19:08:26 Zjištěno: Trojan-Downloader.Win32.Refroso.buf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\656.exe.vir
18.11.2010 19:08:29 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\673.exe.vir
18.11.2010 19:08:33 Odstraněno: Trojan-Downloader.Win32.Refroso.buf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\656.exe.vir
18.11.2010 19:08:37 Zjištěno: Trojan-Downloader.Win32.Refroso.btu C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\684.exe.vir
18.11.2010 19:08:40 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\673.exe.vir
18.11.2010 19:08:40 Zjištěno: HEUR:Trojan.Win32.Generic C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\70685.exe.vir/UPX
18.11.2010 19:08:47 Odstraněno: Trojan-Downloader.Win32.Refroso.btu C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\684.exe.vir
18.11.2010 19:08:51 Zjištěno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\71952.exe.vir
18.11.2010 19:08:59 Odstraněno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\71952.exe.vir
18.11.2010 19:08:59 Zjištěno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\784.exe.vir
18.11.2010 19:09:00 Zjištěno: HEUR:Trojan.Win32.Generic C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8323.exe.vir/UPX
18.11.2010 19:09:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\784.exe.vir
18.11.2010 19:09:11 Zjištěno: Trojan-Downloader.Win32.Refroso.bsr C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\882.exe.vir
18.11.2010 19:09:18 Odstraněno: Trojan-Downloader.Win32.Refroso.bsr C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\882.exe.vir
18.11.2010 19:09:19 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\883.exe.vir
18.11.2010 19:09:19 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8929.exe.vir
18.11.2010 19:09:33 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\905.exe.vir
18.11.2010 19:09:37 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\883.exe.vir
18.11.2010 19:09:39 Zjištěno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\925.exe.vir
18.11.2010 19:09:44 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8929.exe.vir
18.11.2010 19:09:45 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\955.exe.vir
18.11.2010 19:09:51 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\905.exe.vir
18.11.2010 19:09:51 Zjištěno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\9831.exe.vir
18.11.2010 19:09:56 Odstraněno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\925.exe.vir
18.11.2010 19:10:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\955.exe.vir
18.11.2010 19:10:21 Odstraněno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\9831.exe.vir
18.11.2010 19:23:08 Zjištěno: Rootkit.Win32.Pakes.zo C:\WINDOWS\system32\drivers\cjtwhlhu.sys
18.11.2010 19:23:09 Odstraněno: Rootkit.Win32.Pakes.zo C:\WINDOWS\system32\drivers\cjtwhlhu.sys
18.11.2010 19:23:11 Zjištěno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\khtad6a.sys
18.11.2010 19:23:15 Zjištěno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\phe3943.sys
18.11.2010 19:23:23 Zjištěno: Trojan.Win32.Qhost.myc C:\WINDOWS\system32\drivers\etc\hosts.new
18.11.2010 19:23:45 Odstraněno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\khtad6a.sys
18.11.2010 19:23:53 Odstraněno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\phe3943.sys
18.11.2010 19:23:57 Odstraněno: Trojan.Win32.Qhost.myc C:\WINDOWS\system32\drivers\etc\hosts.new
18.11.2010 19:24:27 Úloha byla dokončena
Teď to nechávám scanovat GMERem, tak snad už to půjde líp, po tom co toho AVPTool tolik sundal
Přispějete na provoz fóra?