VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu - zavirovaný NTB

https://forum.viry.cz:443/viewtopic.php?t=106659

Stránka 2 z 5

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 00:28
od Kolcek93
Ke konci UsbFixu jsem dostal hlášku
Probíhá vypnutí systému. Uložte všechny rozpracované soubory a odhlaste se. Neuložené změny budou ztraceny. Vypnutí vyvolal NT AUTHORITY\SYSTEM
Čas do vypnutí 00:00:30
Zpráva
Systémový proces C:\WINDOWS\system32\lsass.exe neočekávaně skončil se stavovým kódem 0. Systém bude nyní ukončem a restartován.
Jinak tady je z něj log
############################## | UsbFix 7.014 | [Deletion]

User: Terulee (Administrator) # UZIVATEL-7DCD8A [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 23:58:07 | 17/11/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) M processor 1.70GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Enabled
Antivirus: ESET NOD32 Antivirus 4.2 4.2 [Enabled | (!) Outdated]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 56 Gb (20 Mb free - 35%) [] # NTFS
D:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 100%) [] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Documents and Settings\Terulee\qihtsu.exe
Deleted ! C:\Documents and Settings\Terulee\wuaucldt.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\034.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\183.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\282.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\308.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\378.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\435.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\442.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\473.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\523.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\552.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\577.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\634.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\656.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\673.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\684.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\784.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\882.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\883.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\905.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\925.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\955.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\1224515.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\1251803.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\2237.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\319788.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\42945.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\472256.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\5D6843~1.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\61032.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\70685.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\71952.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\8323.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\8929.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\9831.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\AutoRun.exe
Deleted ! C:\DOCUME~1\Terulee\LOCALS~1\Temp\lsass.exe
Deleted ! C:\WINDOWS\regedit.com
Deleted ! C:\WINDOWS\rundl132.exe
Deleted ! C:\log.txt
Deleted ! F:\log.txt

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[17/11/2010 - 14:13:32 | A | 0] C:\$$TEMP$$.~~~
[27/11/2009 - 14:07:34 | D ] C:\84180e2e932956edb553445f2b
[21/11/2009 - 14:27:33 | N | 0] C:\AUTOEXEC.BAT
[26/02/2010 - 19:25:40 | SH | 211] C:\boot.ini
[14/04/2008 - 13:00:00 | RASH | 4952] C:\Bootfont.bin
[17/11/2010 - 15:26:42 | SD ] C:\ComboFix
[21/11/2009 - 14:27:33 | A | 0] C:\CONFIG.SYS
[24/12/2009 - 20:05:29 | D ] C:\Documents and Settings
[23/11/2009 - 09:43:19 | D ] C:\DRIVERS
[21/11/2009 - 14:27:33 | RASH | 0] C:\IO.SYS
[01/04/2010 - 08:06:53 | A | 103] C:\mbam-error.txt
[21/11/2009 - 14:27:33 | RASH | 0] C:\MSDOS.SYS
[27/11/2009 - 12:44:24 | RD ] C:\MSOCache
[14/04/2008 - 13:00:00 | RASH | 47564] C:\NTDETECT.COM
[14/04/2008 - 13:00:00 | RASH | 250576] C:\ntldr
[17/11/2010 - 23:56:40 | ASH | 1610612736] C:\pagefile.sys
[17/11/2010 - 14:19:13 | RD ] C:\Program Files
[17/11/2010 - 14:43:01 | D ] C:\Qoobox
[18/11/2010 - 00:05:26 | SHD ] C:\RECYCLER
[17/11/2010 - 15:22:28 | A | 395] C:\rkill.log
[26/02/2010 - 19:29:49 | D ] C:\rsit
[27/02/2010 - 20:52:58 | SHD ] C:\System Volume Information
[18/11/2010 - 00:05:26 | D ] C:\UsbFix
[18/11/2010 - 00:05:30 | A | 3239] C:\UsbFix.txt
[18/11/2010 - 00:04:53 | D ] C:\WINDOWS
[16/11/2010 - 20:57:35 | A | 193024] C:\winn27.exe
[16/11/2010 - 05:58:16 | A | 91136] C:\winnt7.exe
[17/11/2010 - 23:54:22 | A | 1224471] F:\UsbFix.exe
[17/11/2010 - 23:56:40 | A | 1306] F:\BOOTEX.LOG
[17/11/2010 - 15:38:48 | A | 6153352] F:\mbam-setup-1.46.exe
[03/03/2010 - 11:20:02 | SHD ] F:\FOUND.000

################## | Vaccin |

A log ze SystemLook

SystemLook 04.09.10 by jpshortstuff
Log created at 00:16 on 18/11/2010 by Terulee
Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"
C:\WINDOWS\system32\dllcache\cdrom.sys --a--c- 98240 bytes [04:59 16/11/2010] [09:37 17/11/2010] 512D1E14138FDE84E86665CFCF911A96
C:\WINDOWS\system32\drivers\cdrom.sys --a---- 98240 bytes [12:00 14/04/2008] [09:37 17/11/2010] 512D1E14138FDE84E86665CFCF911A96

-= EOF =-

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 00:29
od Kolcek93
Log z OTM
All processes killed
========== FILES ==========
C:\Documents and Settings\Terulee\Data aplikací\Security Antivirus folder moved successfully.
File/Folder C:\Documents and Settings\Terulee\wuaucldt.exe not found.
C:\Documents and Settings\Terulee\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk moved successfully.
C:\Documents and Settings\Terulee\Nabídka Start\Security Antivirus.lnk moved successfully.
C:\Documents and Settings\Terulee\Nabídka Start\Programy\Security Antivirus.lnk moved successfully.
C:\WINDOWS\system32\secupdat.dat moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDCC8EEF-407E-449B-BE00-8E77F198F3C4}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDCC8EEF-407E-449B-BE00-8E77F198F3C4} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDAE7CFB-2CD4-4236-8F5D-40E1469DC459}\Disk1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{DDAE7CFB-2CD4-4236-8F5D-40E1469DC459} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{A7CFD024-4E29-4FC8-AD91-407D7177A209}\Disk1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{A7CFD024-4E29-4FC8-AD91-407D7177A209} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{781D5E0F-51A8-4304-90F0-B952DD87F6BC}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{781D5E0F-51A8-4304-90F0-B952DD87F6BC} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{75E117BA-1BDC-4695-8774-4F3BA77012CF}\en-us folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{75E117BA-1BDC-4695-8774-4F3BA77012CF} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{6466C259-AFA8-42AB-9C5F-306A845C727A}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{6466C259-AFA8-42AB-9C5F-306A845C727A} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{4585A9A6-601D-4C09-A14D-024DDE6DD4D2}\{71BFC818-0CED-42D6-9C87-5142918957EE} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{4585A9A6-601D-4C09-A14D-024DDE6DD4D2} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{206E7874-328E-4A4A-B276-BB507B703F91}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{206E7874-328E-4A4A-B276-BB507B703F91} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{19C2EE5F-D1C9-4A95-BC6E-DE6989ED6940}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\{19C2EE5F-D1C9-4A95-BC6E-DE6989ED6940} folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\SnameMenu folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\GIF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\__SkypeIEToolbar_Cache folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WPDNSE folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Word8.0 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WER11d9.dir00 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\WER0c17.dir00 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\VBE folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\6648 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\3560 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb\280 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\rb folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\plugins folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\outlook logging folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\nodtmpb folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml1\01 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\msohtml folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\winnt folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\vista folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\VSO folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\VSO folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\MSAD folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo\MPF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain\subinfo folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\oemmain folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MSC\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MSC folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\msad folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\winnt folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\vista folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MPF folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps\MMI folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\Apps folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee\1033 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\McAfee folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Low\ICQToolbar folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Low folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\ispC88.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\hsperfdata_Terulee folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Google Toolbar folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 2 pro Titulky07b.zip\setup folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 2 pro Titulky07b.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Vampires-Suck(0000157869).zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Titulky07b.zip\setup folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro Titulky07b.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Dočasný adresář 1 pro SubtitleToolCZ.zip folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\BTN%Copy%1\BTN%Copy%2 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\BTN%Copy%1 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\AutoRun folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe\Acrobat folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\Adobe folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\15.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\14.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp\1.tmp folder moved successfully.
C:\Documents and Settings\Terulee\Local Settings\temp folder moved successfully.
C:\WINDOWS\system32\wuaucldt.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP175.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP263.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP385.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEBC3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF3.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d68f0c0920f4d1175ea577db54d63033\BIT6.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\PerfStringBackup.TMP moved successfully.
C:\WINDOWS\Temp\exp13.tmp moved successfully.
C:\WINDOWS\Temp\exp13B3.tmp moved successfully.
C:\WINDOWS\Temp\exp16.tmp moved successfully.
C:\WINDOWS\Temp\exp1B3.tmp moved successfully.
C:\WINDOWS\Temp\exp1D1.tmp moved successfully.
C:\WINDOWS\Temp\exp2245.tmp moved successfully.
C:\WINDOWS\Temp\exp31D6.tmp moved successfully.
C:\WINDOWS\Temp\exp350A.tmp moved successfully.
C:\WINDOWS\Temp\exp399E.tmp moved successfully.
C:\WINDOWS\Temp\exp3ACD.tmp moved successfully.
C:\WINDOWS\Temp\exp5479.tmp moved successfully.
C:\WINDOWS\Temp\exp5A3D.tmp moved successfully.
C:\WINDOWS\Temp\exp60BF.tmp moved successfully.
C:\WINDOWS\Temp\exp6FC7.tmp moved successfully.
C:\WINDOWS\Temp\exp7A9B.tmp moved successfully.
C:\WINDOWS\Temp\exp7F22.tmp moved successfully.
C:\WINDOWS\Temp\exp8655.tmp moved successfully.
C:\WINDOWS\Temp\exp8706.tmp moved successfully.
C:\WINDOWS\Temp\exp9746.tmp moved successfully.
C:\WINDOWS\Temp\expAF5B.tmp moved successfully.
C:\WINDOWS\Temp\expB73F.tmp moved successfully.
C:\WINDOWS\Temp\expDE7E.tmp moved successfully.
C:\WINDOWS\Temp\GUR1.tmp moved successfully.
C:\WINDOWS\Temp\GUR2.tmp moved successfully.
C:\WINDOWS\Temp\GUR3.tmp moved successfully.
C:\WINDOWS\Temp\GUR4.tmp moved successfully.
C:\WINDOWS\Temp\GUR5.tmp moved successfully.
C:\WINDOWS\Temp\GUR6.tmp moved successfully.
C:\WINDOWS\Temp\GUR7.tmp moved successfully.
C:\WINDOWS\Temp\GUR8.tmp moved successfully.
C:\WINDOWS\Temp\GUR9.tmp moved successfully.
C:\WINDOWS\Temp\GURA.tmp moved successfully.
C:\WINDOWS\Temp\GURB.tmp moved successfully.
C:\WINDOWS\Temp\GURC.tmp moved successfully.
C:\WINDOWS\Temp\GURD.tmp moved successfully.
C:\WINDOWS\Temp\IHD.tmp moved successfully.
C:\WINDOWS\Temp\SEP9.tmp moved successfully.
C:\WINDOWS\Temp\SEPA.tmp moved successfully.
C:\WINDOWS\Temp\wfpdawg5F5B9489.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Terulee
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4600908 bytes
->Java cache emptied: 48680525 bytes
->Flash cache emptied: 134251 bytes

User: Uzivatel

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3559954 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67295024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119,00 mb


Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.17.2 log created on 11182010_001858

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 00:42
od vyosek
Fajn, zkuste nyni spustit ComboFix v nouzovem rezimu...

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 01:16
od Kolcek93
Tak ComboFix skončil s tím, že vytvořil bod obnovení, odmítl jsem stáhnout konzoli a dostal jsem hlášku
Systém nemůže spustit určený program.

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 10:01
od vyosek
:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • C:\WINDOWS\system32\dllcache\cdrom.sys
    C:\WINDOWS\system32\drivers\cdrom.sys
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Send File
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC
:arrow: Znovu provedte mbam a nic nemazte - log sem

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 10:44
od Kolcek93
Ten soubor z DLLCACHE
http://www.virustotal.com/file-scan/rep ... 1290073333
a ten z drivers
http://www.virustotal.com/file-scan/rep ... 1290073354

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 11:03
od Kolcek93
Log z MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

18.11.2010 10:59:28
mbam-log-2010-11-18 (10-59-28).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 112776
Uplynulý čas: 6 minuta(y), 30 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové polo·ky registru: 0
Infikované slo·ky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)

Infikované moduly v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.

Infikované hodnoty registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)

Infikované datové polo·ky registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)

Infikované slo·ky:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)

Infikované soubory:
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.
C:\Documents and Settings\Terulee\secupdat.dat (Worm.Autorun) -> No action taken.



A link na test toho souboru secupdat
http://www.virustotal.com/file-scan/rep ... 1290074565

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 12:37
od vyosek
:arrow: Blby je ze nemame CF - ten by to pekne opravil..

:arrow: Je tam napadeny systemovy soubor - nejdrive odsranime havet a pak jej opravime

:arrow: Stahnete SPTD http://www.duplexsecure.com/en/downloads
  • Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
  • Ulozte na plochu a spustte
  • Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
  • Ulozte na plochu a spustte
  • Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    "%userprofile%\plocha\mbr" -t
  • Kliknete na OK
  • Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
:arrow: Dejte logy z Gmeru - viz muj podpis

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 14:28
od Kolcek93
Takže Gmer mi vyhodil hlášku
C:\Windows\system32\config\software: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
a od te doby je ntb takový zasekaný. Nicméně nechám to ještě běžet - třeba ten druhej log dostanu.
SPTD volba uninstall nebyla, tka jsem krok přeskočil
Defogger dal jsem disable a "něco" se udělalo
log z mbr
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541060G9AT00 rev.MB3OA61A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
error: Read K dokončení po·adované slu·by není k dispozici dostatek prostředků.

První log z Gmer
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-18 14:18:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541060G9AT00 rev.MB3OA61A
Running: gmer.exe; Driver: C:\DOCUME~1\Terulee\LOCALS~1\Temp\pgairaog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 40480

---- EOF - GMER 1.0.15 ----

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 14:34
od vyosek
Nejaky ten rootkit tam bude, zkuste nechat dobehnout hlavni skne gmeru - pokud by se sekal, tak provedte v nouzovem rezimu - PC moc pouzivat pri skenu gmerem nepujde, jelikoz ten jej vytezuje radne...

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 14:40
od Kolcek93
Při prvním scanu co jsem dělal ntb vytuhl tak, že se nedalo ani hnout myší - následoval restart a teď pracuju na druhým scanu. Jen se mi zdá, že tu chybí červenej řádek s
Process hidden process (*** hidden *** ) 40480
tak snad se tím restartem nic nepokazilo. A všechny scany co dělám jsou v nouzovém režimu - do normálního se mi nedařilo přihlásit(po přihlášení ntb vytuhl) a od té doby jsem to nezkoušel.

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 14:42
od vyosek
Uvidime co najde druhy (hlavni) sken gmeru...bohuzel musim zmizet na fakultu - prednasky a cvika - budu tu az v noci...

Pripadne muzete provest sken AVPToolem dle tohoto navodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 14:44
od Kolcek93
OK. Mimochodem hlavní scan Gmeru se opět tak nějak zasekl v
SYSTEM\WPA\SigningHash-V44.........
no nechám to ještě běžet, ale nějak se tomu nechce no :D

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 14:53
od vyosek
No uvidime, kdyby se nerozsekl, tak udelejte ten AVPTool a log sem dejte...

Re: Prosím o kontrolu logu - zavirovaný NTB

Napsal: 18 lis 2010 19:32
od Kolcek93
Tak po dlouhým boji aspoň malý vítězství :D Taky je log z AVPTool
Automatická kontrola: zastaveno před 1 hod. (události: 3, objekty: 1014, čas: 00:07:14)
18.11.2010 18:07:38 Úloha byla zastavena
18.11.2010 18:07:24 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:00:24 Úloha byla spuštěna
Dezinfikovat aktivní hrozby: dokončeno před 1 hod. (události: 4, objekty: 3567, čas: 00:03:22)
18.11.2010 18:11:00 Úloha byla dokončena
18.11.2010 18:07:44 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:07:39 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\system32\souzovadequ.exe
18.11.2010 18:07:38 Úloha byla spuštěna
Antivirová kontrola: dokončeno před 1 hod. (události: 2, objekty: 4604, čas: 00:02:29)
18.11.2010 18:17:55 Úloha byla dokončena
18.11.2010 18:15:26 Úloha byla spuštěna
Automatická kontrola: dokončeno před 4 min. (události: 86, objekty: 193210, čas: 01:06:13)
18.11.2010 18:18:14 Úloha byla spuštěna
18.11.2010 19:06:03 Zjištěno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:03 Zjištěno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:03 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002447.exe
18.11.2010 19:06:05 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002444.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:08 Dezinfikováno: Virus.Win32.Protector.h C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002443.sys
18.11.2010 19:06:09 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\System Volume Information\_restore{A85FBFD5-26FA-4813-A987-FC6E19F63DC4}\RP0\A0002447.exe
18.11.2010 19:06:11 Zjištěno: Backdoor.Win32.Bifrose.dgqi C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\wuaucldt.exe.vir
18.11.2010 19:06:11 Zjištěno: Backdoor.Win32.Inject.gpm C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\qihtsu.exe .vir/UPX
18.11.2010 19:06:22 Odstraněno: Backdoor.Win32.Bifrose.dgqi C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\wuaucldt.exe.vir
18.11.2010 19:06:25 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\034.exe.vir
18.11.2010 19:06:28 Odstraněno: Backdoor.Win32.Inject.gpm C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\qihtsu.exe .vir
18.11.2010 19:06:28 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1224515.exe.vir
18.11.2010 19:06:32 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1251803.exe.vir
18.11.2010 19:06:35 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\034.exe.vir
18.11.2010 19:06:35 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\183.exe.vir
18.11.2010 19:06:42 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1224515.exe.vir
18.11.2010 19:06:42 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\2237.exe.vir
18.11.2010 19:06:50 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\1251803.exe.vir
18.11.2010 19:06:54 Zjištěno: Trojan-Downloader.Win32.Refroso.bsv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\282.exe.vir
18.11.2010 19:06:54 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\183.exe.vir
18.11.2010 19:06:58 Zjištěno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\308.exe.vir
18.11.2010 19:07:01 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\2237.exe.vir
18.11.2010 19:07:01 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\319788.exe.vir
18.11.2010 19:07:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bsv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\282.exe.vir
18.11.2010 19:07:11 Zjištěno: Trojan-Downloader.Win32.Refroso.btw C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\378.exe.vir
18.11.2010 19:07:13 Odstraněno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\308.exe.vir
18.11.2010 19:07:16 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\42945.exe.vir
18.11.2010 19:07:21 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\319788.exe.vir
18.11.2010 19:07:25 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\435.exe.vir
18.11.2010 19:07:26 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\378.exe.vir
18.11.2010 19:07:27 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\442.exe.vir
18.11.2010 19:07:34 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\42945.exe.vir
18.11.2010 19:07:34 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\472256.exe.vir
18.11.2010 19:07:38 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\435.exe.vir
18.11.2010 19:07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\473.exe.vir
18.11.2010 19:07:46 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\442.exe.vir
18.11.2010 19:07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\523.exe.vir
18.11.2010 19:07:52 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\472256.exe.vir
18.11.2010 19:07:56 Odstraněno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\473.exe.vir
18.11.2010 19:07:56 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\552.exe.vir
18.11.2010 19:07:59 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\577.exe.vir
18.11.2010 19:08:02 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\523.exe.vir
18.11.2010 19:08:08 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\552.exe.vir
18.11.2010 19:08:09 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\61032.exe.vir
18.11.2010 19:08:15 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\577.exe.vir
18.11.2010 19:08:18 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\634.exe.vir
18.11.2010 19:08:23 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\61032.exe.vir
18.11.2010 19:08:26 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\634.exe.vir
18.11.2010 19:08:26 Zjištěno: Trojan-Downloader.Win32.Refroso.buf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\656.exe.vir
18.11.2010 19:08:29 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\673.exe.vir
18.11.2010 19:08:33 Odstraněno: Trojan-Downloader.Win32.Refroso.buf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\656.exe.vir
18.11.2010 19:08:37 Zjištěno: Trojan-Downloader.Win32.Refroso.btu C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\684.exe.vir
18.11.2010 19:08:40 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\673.exe.vir
18.11.2010 19:08:40 Zjištěno: HEUR:Trojan.Win32.Generic C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\70685.exe.vir/UPX
18.11.2010 19:08:47 Odstraněno: Trojan-Downloader.Win32.Refroso.btu C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\684.exe.vir
18.11.2010 19:08:51 Zjištěno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\71952.exe.vir
18.11.2010 19:08:59 Odstraněno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\71952.exe.vir
18.11.2010 19:08:59 Zjištěno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\784.exe.vir
18.11.2010 19:09:00 Zjištěno: HEUR:Trojan.Win32.Generic C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8323.exe.vir/UPX
18.11.2010 19:09:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bud C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\784.exe.vir
18.11.2010 19:09:11 Zjištěno: Trojan-Downloader.Win32.Refroso.bsr C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\882.exe.vir
18.11.2010 19:09:18 Odstraněno: Trojan-Downloader.Win32.Refroso.bsr C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\882.exe.vir
18.11.2010 19:09:19 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\883.exe.vir
18.11.2010 19:09:19 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8929.exe.vir
18.11.2010 19:09:33 Zjištěno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\905.exe.vir
18.11.2010 19:09:37 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\883.exe.vir
18.11.2010 19:09:39 Zjištěno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\925.exe.vir
18.11.2010 19:09:44 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\8929.exe.vir
18.11.2010 19:09:45 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\955.exe.vir
18.11.2010 19:09:51 Odstraněno: Trojan.Win32.VBKrypt.unf C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\905.exe.vir
18.11.2010 19:09:51 Zjištěno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\9831.exe.vir
18.11.2010 19:09:56 Odstraněno: Trojan-Downloader.Win32.Refroso.bug C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\925.exe.vir
18.11.2010 19:10:07 Odstraněno: Trojan-Downloader.Win32.Refroso.bss C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\955.exe.vir
18.11.2010 19:10:21 Odstraněno: Trojan-Dropper.Win32.Agent.btzb C:\UsbFix\Quarantine\C\Documents and Settings\Terulee\LOCALS~1\Temp\9831.exe.vir
18.11.2010 19:23:08 Zjištěno: Rootkit.Win32.Pakes.zo C:\WINDOWS\system32\drivers\cjtwhlhu.sys
18.11.2010 19:23:09 Odstraněno: Rootkit.Win32.Pakes.zo C:\WINDOWS\system32\drivers\cjtwhlhu.sys
18.11.2010 19:23:11 Zjištěno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\khtad6a.sys
18.11.2010 19:23:15 Zjištěno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\phe3943.sys
18.11.2010 19:23:23 Zjištěno: Trojan.Win32.Qhost.myc C:\WINDOWS\system32\drivers\etc\hosts.new
18.11.2010 19:23:45 Odstraněno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\khtad6a.sys
18.11.2010 19:23:53 Odstraněno: Rootkit.Win32.Agent.bivz C:\WINDOWS\system32\drivers\phe3943.sys
18.11.2010 19:23:57 Odstraněno: Trojan.Win32.Qhost.myc C:\WINDOWS\system32\drivers\etc\hosts.new
18.11.2010 19:24:27 Úloha byla dokončena


Teď to nechávám scanovat GMERem, tak snad už to půjde líp, po tom co toho AVPTool tolik sundal :D
Všechny časy jsou v UTC+01:00
Stránka 2 z 5

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz