Vírus v Operačnej pamäti !

Zpráva

Leo151Cole · #16 Příspěvek od **Leo151Cole** » 19 pro 2010 23:12

Počitač sa chová normálne

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-00JHC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x86306AB8]
3 CLASSPNP[0xF761D05B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\0000006b[0x86388F18]
5 ACPI[0xF74B3620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Ide\IdeDeviceP0T0L0-4[0x86314D98]
kernel: MBR read successfully
user & kernel MBR OK

#17 Příspěvek od **motji** » 19 pro 2010 23:26

Otestujte na www.virustotal.com

C:\WINDOWS\system32\comsvcs.dll
C:\Documents and Settings\karkas\Data aplikací\U3\temp\cleanup.exe
C:\Documents and Settings\karkas\Data aplikací\U3\temp\Launchpad Removal.exe
C:\WINDOWS\System32\sysogg.dll
C:\WINDOWS\System32\dllcache\pintlcsa.dll
C:\WINDOWS\System32\dllcache\korwbrkr.lex
C:\Documents and Settings\karkas\Dokumenty\ggg.xml

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Leo151Cole · #18 Příspěvek od **Leo151Cole** » 19 pro 2010 23:40

Davam postupne ...

http://www.virustotal.com/file-scan/rep ... 1292798025

http://www.virustotal.com/file-scan/rep ... 1292798000

http://www.virustotal.com/file-scan/rep ... 1292798223

http://www.virustotal.com/file-scan/rep ... 1292798253

http://www.virustotal.com/file-scan/rep ... 1292798128

http://www.virustotal.com/file-scan/rep ... 1292798228

http://www.virustotal.com/file-scan/rep ... 1292798153

#19 Příspěvek od **motji** » 19 pro 2010 23:57

Soubory jsou ok. Počítač pozorujte a zítra dejte vědět, jak to vypadá

Leo151Cole · #20 Příspěvek od **Leo151Cole** » 19 pro 2010 23:58

Ďakujem a zajtra napísem ....

Leo151Cole · #21 Příspěvek od **Leo151Cole** » 20 pro 2010 00:06

Ešte by som sa chcel spytat ze tie .txt a ComboFix, tssdkiller, atd mozem vymazat ? (ikony na ploche)

#22 Příspěvek od **motji** » 20 pro 2010 00:38

To pak kolega všechno odstraní, nebojte

#23 Příspěvek od **stell** » 20 pro 2010 08:24

Spust OTL=do okna skopiruj zeleny text-a klikni na gombik OPRAVIT
log po restarte vloz sem

Kód: Vybrat vše

OTL:
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva347.sys -- (XDva347)
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKU\S-1-5-21-1123561945-1177238915-725345543-1004..\Run: [AdobeBridge] File not found
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010.11.18 21:00:14 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\karkas\Plocha\tdsskiller.exe
[2010.11.18 20:30:16 | 004,502,408 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\karkas\Dokumenty\avg_free_stb_eu_2011_1170_free.exe
:Files
ipconfig /flushdns /c
C:\Documents and Settings\karkas\Plocha\tdsskiller.exe
:Commands
[resethosts]
[emptytemp]
[clearallrestorepoints]
[start explorer]
[EMPTYFLASH]
[Reboot]

Leo151Cole · #24 Příspěvek od **Leo151Cole** » 20 pro 2010 14:21

Prosím v tom OTL je kde opraviť ? (mám to v EN) jediné čo asi je tak CleanUp ale bojím sa prosím ake je tam tlačidlo ? mam RunScan QuickScan RunFix None a CleanUp ... a mam tam zasktrnut ze aj pre vsetkych userov a aj to LOP a purity ?

#25 Příspěvek od **stell** » 20 pro 2010 14:27

RunFix

Leo151Cole · #26 Příspěvek od **Leo151Cole** » 20 pro 2010 14:35

Nech sa páči :

All processes killed
Error: Unable to interpret <OTL:> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva347.sys -- (XDva347)> in the current context!
Error: Unable to interpret <IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "ICQ Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "ICQ Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-1123561945-1177238915-725345543-1004..\Run: [AdobeBridge] File not found> in the current context!
Error: Unable to interpret <[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2010.11.18 21:00:14 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\karkas\Plocha\tdsskiller.exe> in the current context!
Error: Unable to interpret <[2010.11.18 20:30:16 | 004,502,408 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\karkas\Dokumenty\avg_free_stb_eu_2011_1170_free.exe> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
C:\Documents and Settings\karkas\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\karkas\Plocha\cmd.txt deleted successfully.
C:\Documents and Settings\karkas\Plocha\tdsskiller.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Home
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294884 bytes
->FireFox cache emptied: 43301769 bytes
->Opera cache emptied: 14179133 bytes
->Flash cache emptied: 31831 bytes

User: karkas
->Temp folder emptied: 805133 bytes
->Temporary Internet Files folder emptied: 3422416 bytes
->Java cache emptied: 1114707 bytes
->FireFox cache emptied: 224290121 bytes
->Opera cache emptied: 1657799 bytes
->Flash cache emptied: 237739 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4268306 bytes
%systemroot%\System32 .tmp files removed: 2675656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90112 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 283,00 mb

Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: Home
->Flash cache emptied: 0 bytes

User: karkas
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11192010_143008

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6c.dat not found!

Registry entries deleted on Reboot...

#27 Příspěvek od **stell** » 20 pro 2010 14:48

zopakuj akciu, a daj tento script:

Kód: Vybrat vše

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva347.sys -- (XDva347)
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1123561945-1177238915-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKU\S-1-5-21-1123561945-1177238915-725345543-1004..\Run: [AdobeBridge] File not found
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010.11.18 21:00:14 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\karkas\Plocha\tdsskiller.exe
[2010.11.18 20:30:16 | 004,502,408 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\karkas\Dokumenty\avg_free_stb_eu_2011_1170_free.exe
:Files
ipconfig /flushdns /c
C:\Documents and Settings\karkas\Plocha\tdsskiller.exe
:Commands
[resethosts]
[emptytemp]
[clearallrestorepoints]
[start explorer]
[EMPTYFLASH]
[Reboot]

Leo151Cole · #28 Příspěvek od **Leo151Cole** » 20 pro 2010 14:57

Tuto to je :

All processes killed
========== OTL ==========
Service XDva347 stopped successfully!
Service XDva347 deleted successfully!
File C:\WINDOWS\System32\XDva347.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1123561945-1177238915-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1123561945-1177238915-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1123561945-1177238915-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKU\S-1-5-21-1123561945-1177238915-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://start.icq.com/" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1123561945-1177238915-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File C:\Documents and Settings\karkas\Plocha\tdsskiller.exe not found.
C:\Documents and Settings\karkas\Dokumenty\avg_free_stb_eu_2011_1170_free.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
C:\Documents and Settings\karkas\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\karkas\Plocha\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\karkas\Plocha\tdsskiller.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: karkas
->Temp folder emptied: 3691829 bytes
->Temporary Internet Files folder emptied: 134626 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56695029 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 743 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57344 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58,00 mb

Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: Home
->Flash cache emptied: 0 bytes

User: karkas
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11192010_145420

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_378.dat not found!

Registry entries deleted on Reboot...

#29 Příspěvek od **stell** » 20 pro 2010 15:01

ok
Este spust Malwarebytes Uplny skan,

Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit UPLNY skan, co najde daj zmazat,
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Leo151Cole · #30 Příspěvek od **Leo151Cole** » 20 pro 2010 18:17

Phuj Konečne ...

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5360

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19. 11. 2010 18:11:57
mbam-log-2010-11-19 (18-11-57).txt

Typ kontroly: Úplný test (C:\|E:\|)
Testované objekty: 332607
Uplynulý čas: 2 hodin, 55 minut, 10 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\system volume information\_restore{2ba17c79-fcd4-46ac-a87b-6c0aa992779b}\RP39\A0011061.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
e:\system volume information\_restore{2ba17c79-fcd4-46ac-a87b-6c0aa992779b}\RP39\A0011204.exe (Trojan.Armin) -> Quarantined and deleted successfully.
e:\system volume information\_restore{2ba17c79-fcd4-46ac-a87b-6c0aa992779b}\RP50\A0016099.exe (Trojan.Armin) -> Quarantined and deleted successfully.
e:\system volume information\_restore{2ba17c79-fcd4-46ac-a87b-6c0aa992779b}\RP50\A0016107.exe (Trojan.Armin) -> Quarantined and deleted successfully.
e:\system volume information\_restore{2ba17c79-fcd4-46ac-a87b-6c0aa992779b}\RP50\A0016113.exe (Trojan.Armin) -> Quarantined and deleted successfully.
e:\system volume information\_restore{2ba17c79-fcd4-46ac-a87b-6c0aa992779b}\RP50\A0016137.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

VIRY.CZ

Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !

Re: Vírus v Operačnej pamäti !