VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Win32: Neshta

https://forum.viry.cz:443/viewtopic.php?t=122587

Stránka 1 z 1

Win32: Neshta

Napsal: 28 čer 2012 08:30
od Lanys
Zdravím,
mám problém virem win32:Neshta.
Prosím o pomoc, předem děkuji.

ComboFix 12-06-26.02 - Luboš 27.06.2012 12:02:59.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3951.2322 [GMT 2:00]
Spuštěný z: c:\users\LuboÜ\Desktop\Beruska.com
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\settings.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-27 do 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 10:09 . 2012-06-27 10:09 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-06-27 10:09 . 2012-06-27 10:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 10:07 . 2012-06-27 10:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BFC0AB1-3B61-40FC-8CE3-1742A8408D3B}\offreg.dll
2012-06-27 08:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BFC0AB1-3B61-40FC-8CE3-1742A8408D3B}\mpengine.dll
2012-06-21 16:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:30 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:30 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 07:05 . 2012-06-19 07:05 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 07:05 . 2012-06-19 07:05 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 14:37 . 2012-06-17 17:33 -------- d-----w- c:\users\Luboš\AppData\Roaming\ZoomBrowser EX
2012-06-17 14:34 . 2012-06-17 14:34 -------- d-----w- c:\users\Luboš\AppData\Roaming\CANON INC
2012-06-17 14:11 . 2012-06-17 14:11 -------- d-----w- c:\programdata\ZoomBrowser
2012-06-17 14:10 . 2012-06-17 14:10 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-06-17 14:10 . 2012-06-17 14:11 -------- d-----w- c:\program files (x86)\Canon
2012-06-17 14:08 . 2012-06-17 14:08 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-06-15 07:15 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\Oracle
2012-06-13 19:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 19:50 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 19:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 19:50 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 19:50 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 19:50 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 19:50 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 19:50 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:50 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 19:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 19:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:49 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:49 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 19:49 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 19:49 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 19:49 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 19:54 . 2012-06-11 19:54 -------- d-----w- c:\users\Luboš\AppData\Local\Macromedia
2012-05-30 10:25 . 2012-05-30 10:38 -------- d-----w- c:\windows\system32\appmgmt
2012-05-29 12:03 . 2012-05-29 12:04 -------- d-----w- C:\Ubisoft Game Launcher
2012-05-29 12:03 . 2012-06-24 12:24 -------- d-----w- c:\users\Luboš\AppData\Roaming\Might & Magic Heroes VI
2012-05-29 10:38 . 2012-05-29 10:38 -------- d-----w- c:\users\Luboš\AppData\Local\Ubisoft Game Launcher
2012-05-29 09:56 . 2012-05-29 10:08 -------- d-----w- c:\program files (x86)\Ubisoft
2012-05-28 11:12 . 2012-05-28 11:13 -------- d-----w- c:\users\Luboš\pdfscissors
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 19:54 . 2012-04-03 05:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 19:54 . 2012-03-04 15:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-05-07 12:50 . 2012-05-07 12:50 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 17:29 . 2012-03-06 17:52 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 17:29 . 2012-03-06 17:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-10 12:17 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-16 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Luboš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-06-30 52736]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-16 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-07-16 679176]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-09-12 142904]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-16 6862848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-16 264192]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-10-25 4150864]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-07-15 1188616]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-10-26 484096]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-04 1028096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-04 1041760]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 14:19]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 14:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-08 489472]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-10-25 21705296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AutoKMS"="c:\windows\AutoKMS.exe" [2012-03-06 615936]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\268v1xif.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-06-27 12:12:31
ComboFix-quarantined-files.txt 2012-06-27 10:12
.
Před spuštěním: Volných bajtů: 17 600 479 232
Po spuštění: Volných bajtů: 17 422 655 488
.
- - End Of File - - 6D9031EB51DCB03E4F6652AA03868495

Re: Win32: Neshta

Napsal: 28 čer 2012 17:43
od Rudy
Také zdravím!
Dříve, než budeme cokoli řešit, odinstalujte cracklé Office. V souladu s pravidly toto fórum nepodporuje pirátský software. Pak dejte nový log RSIT.

Re: Win32: Neshta

Napsal: 29 čer 2012 09:03
od Lanys
Omlouvám se

ComboFix 12-06-28.03 - Luboš 29.06.2012 9:50.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3951.2455 [GMT 2:00]
Spuštěný z: c:\beruska\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-28 do 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 07:58 . 2012-06-29 07:58 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-06-29 07:58 . 2012-06-29 07:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 07:51 . 2012-06-29 07:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA088657-604A-4498-8AB8-8E803479986B}\offreg.dll
2012-06-29 07:46 . 2012-06-29 07:49 -------- d-----w- C:\Beruska
2012-06-29 06:27 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA088657-604A-4498-8AB8-8E803479986B}\mpengine.dll
2012-06-21 16:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:30 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:30 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 07:05 . 2012-06-19 07:05 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 07:05 . 2012-06-19 07:05 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 14:37 . 2012-06-17 17:33 -------- d-----w- c:\users\Luboš\AppData\Roaming\ZoomBrowser EX
2012-06-17 14:34 . 2012-06-17 14:34 -------- d-----w- c:\users\Luboš\AppData\Roaming\CANON INC
2012-06-17 14:11 . 2012-06-17 14:11 -------- d-----w- c:\programdata\ZoomBrowser
2012-06-17 14:10 . 2012-06-17 14:10 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-06-17 14:10 . 2012-06-17 14:11 -------- d-----w- c:\program files (x86)\Canon
2012-06-17 14:08 . 2012-06-17 14:08 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-06-15 07:15 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\Oracle
2012-06-13 19:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 19:50 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 19:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 19:50 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 19:50 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 19:50 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 19:50 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 19:50 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:50 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 19:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 19:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:49 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:49 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 19:49 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 19:49 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 19:49 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 19:54 . 2012-06-11 19:54 -------- d-----w- c:\users\Luboš\AppData\Local\Macromedia
2012-05-30 10:25 . 2012-05-30 10:38 -------- d-----w- c:\windows\system32\appmgmt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 19:54 . 2012-04-03 05:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 19:54 . 2012-03-04 15:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-05-07 12:50 . 2012-05-07 12:50 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 17:29 . 2012-03-06 17:52 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 17:29 . 2012-03-06 17:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_10.09.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-29 07:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-27 08:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-27 08:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-29 07:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-27 08:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-29 07:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-04 14:06 . 2012-06-29 07:42 36458 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-29 07:42 31850 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-04 14:06 . 2012-06-29 07:42 10332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3768270499-4037451880-4164488921-1001_UserData.bin
+ 2012-03-04 14:00 . 2012-06-28 06:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-04 14:00 . 2012-06-27 09:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-04 14:00 . 2012-06-27 09:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-04 14:00 . 2012-06-28 06:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-27 09:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-28 06:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-11 09:08 . 2012-06-28 14:13 49152 c:\windows\assembly\temp\XA9NMYBRYZ\EasyHook.dll
+ 2012-04-11 09:08 . 2012-06-29 07:16 49152 c:\windows\assembly\GAC_MSIL\EasyHook\2.5.0.0__4b580fca19d0b0c5\EasyHook.dll
- 2012-04-11 09:08 . 2012-06-27 08:29 49152 c:\windows\assembly\GAC_MSIL\EasyHook\2.5.0.0__4b580fca19d0b0c5\EasyHook.dll
+ 2012-06-29 07:39 . 2012-06-29 07:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 08:12 . 2012-06-27 08:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 08:12 . 2012-06-27 08:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-29 07:39 . 2012-06-29 07:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-27 08:29 . 2012-06-27 08:29 9728 c:\windows\assembly\GAC_32\StarsInject2\1.0.0.18__f01c362950277d7e\StarsInject2.dll
+ 2012-06-29 07:16 . 2012-06-29 07:16 9728 c:\windows\assembly\GAC_32\StarsInject2\1.0.0.18__f01c362950277d7e\StarsInject2.dll
- 2009-07-14 02:36 . 2012-06-26 17:37 652148 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-28 06:31 652148 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2012-06-26 17:37 666444 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2012-06-28 06:31 666444 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-06-26 17:37 121080 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-28 06:31 121080 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-06-26 17:37 140108 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-06-28 06:31 140108 c:\windows\system32\perfc005.dat
+ 2009-07-14 04:45 . 2012-06-29 07:39 410088 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:46 . 2012-06-29 07:43 108288 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-06-29 07:38 399504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-06-27 08:29 . 2012-06-27 08:29 204800 c:\windows\assembly\GAC_32\TableScannerDllLoader\1.0.0.18__29926ebfc40981e9\TableScannerDllLoader.exe
+ 2012-06-29 07:16 . 2012-06-29 07:16 204800 c:\windows\assembly\GAC_32\TableScannerDllLoader\1.0.0.18__29926ebfc40981e9\TableScannerDllLoader.exe
- 2009-07-14 04:45 . 2012-06-22 06:33 7401034 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-29 07:43 7401034 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-04 15:22 . 2012-06-29 07:38 2254688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-04 15:22 . 2012-06-26 22:14 2254688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-04 15:22 . 2012-06-29 07:38 3567040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3768270499-4037451880-4164488921-1001-12288.dat
+ 2012-03-04 14:53 . 2012-06-29 07:38 11853520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3768270499-4037451880-4164488921-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-16 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-06-30 52736]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-10-26 484096]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-16 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-07-16 679176]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-09-12 142904]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-16 6862848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-16 264192]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-10-25 4150864]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-07-15 1188616]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-04 1028096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-04 1041760]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 14:19]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 14:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-08 489472]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-10-25 21705296]
"AutoKMS"="c:\windows\AutoKMS.exe" [2012-03-06 615936]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Luboš\AppData\Roaming\Mozilla\Firefox\Profiles\268v1xif.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-06-29 10:00:16
ComboFix-quarantined-files.txt 2012-06-29 08:00
ComboFix2.txt 2012-06-27 10:12
.
Před spuštěním: Volných bajtů: 21 795 905 536
Po spuštění: Volných bajtů: 21 617 799 168
.
- - End Of File - - 37B24EE4EFD3D2DBBA834E64DC241686

Re: Win32: Neshta

Napsal: 29 čer 2012 18:03
od Rudy
Virus Neshta je virem souborovým a navíc problematicky odstranitelným. Je možné že nepůjde zcela odstranit systém bude muset být reinstalován.

1. Dočistíme ComboFix. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\windows\AutoKMS.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoKMS"=-

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]

Reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

2. Po akci stáhněte AVPTool: http://forum.viry.cz/viewtopic.php?f=29&t=58179 , spusťte a nechte pracovat. Co najde, smažte, nebo nechte opravit. Na konci skenu dejte log.

Re: Win32: Neshta

Napsal: 30 čer 2012 07:58
od Lanys
Log z AVP Tool

Status: Disinfected (events: 163)
29.6.2012 22:41:22 Disinfected virus Virus.Win32.Neshta.a C:\Users\Luboš\Documents\demo kulivočko\Options.exe High
29.6.2012 22:41:27 Disinfected virus Virus.Win32.Neshta.a C:\Users\Luboš\Documents\demo kulivočko\Kulivočko.exe High
29.6.2012 22:42:41 Disinfected virus Virus.Win32.Neshta.a C:\AMD\Catalyst_Mobility_64-Bit_Util\CatalystMobility.exe High
29.6.2012 22:42:44 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.0\10445\AcrobatUpdater.exe High
29.6.2012 22:42:49 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.0\10445\AdobeARM.exe High
29.6.2012 22:42:50 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.0\10445\AdobeARMHelper.exe High
29.6.2012 22:42:51 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.0\10445\ReaderUpdater.exe High
29.6.2012 22:42:52 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.0\15588\AcrobatUpdater.exe High
29.6.2012 22:42:52 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.0\15588\AdobeARMHelper.exe High
29.6.2012 22:42:55 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.0\15588\AdobeARM.exe High
29.6.2012 22:42:56 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.0\15588\ReaderUpdater.exe High
29.6.2012 23:08:29 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Luboš\Downloads\SwissManagerHelpCZESetup.exe High
29.6.2012 23:08:31 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Luboš\Downloads\SwissManagerUniCodeSetup.exe High
29.6.2012 23:08:32 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Luboš\Downloads\TeamViewer_Setup_cs.exe High
29.6.2012 23:11:23 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\clusterdb.exe High
29.6.2012 23:11:24 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\createdb.exe High
29.6.2012 23:11:25 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\createlang.exe High
29.6.2012 23:11:26 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\createuser.exe High
29.6.2012 23:11:26 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\dropdb.exe High
29.6.2012 23:11:27 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\droplang.exe High
29.6.2012 23:11:28 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\dropuser.exe High
29.6.2012 23:11:30 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\initdb.exe High
29.6.2012 23:11:31 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\ecpg.exe High
29.6.2012 23:11:31 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\oid2name.exe High
29.6.2012 23:11:32 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pgbench.exe High
29.6.2012 23:11:32 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pg_config.exe High
29.6.2012 23:11:32 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pg_controldata.exe High
29.6.2012 23:11:34 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\uninstall-postgresql.exe High
29.6.2012 23:11:34 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pg_dump.exe High
29.6.2012 23:11:35 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pg_dumpall.exe High
29.6.2012 23:11:35 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pg_regress.exe High
29.6.2012 23:11:35 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pg_regress_ecpg.exe High
29.6.2012 23:11:36 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pg_resetxlog.exe High
29.6.2012 23:11:36 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\pg_restore.exe High
29.6.2012 23:11:36 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\reindexdb.exe High
29.6.2012 23:11:37 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\psql.exe High
29.6.2012 23:11:37 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\vacuumdb.exe High
29.6.2012 23:11:38 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\zic.exe High
29.6.2012 23:11:44 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\bin\stackbuilder.exe High
29.6.2012 23:12:05 Disinfected virus Virus.Win32.Neshta.a C:\postgreSQL\installer\vcredist_x86.exe High
29.6.2012 23:18:17 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\ESTsoft\ALUpdate\ALUpExt.exe High
29.6.2012 23:18:17 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\ESTsoft\ALUpdate\unins000.exe High
29.6.2012 23:23:40 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\amd64\accelerometerST.exe High
29.6.2012 23:23:43 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\amd64\hpcplapp.exe High
29.6.2012 23:23:45 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\amd64\HpTile2.exe High
29.6.2012 23:23:46 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\amd64\InstHPMDP64.exe High
29.6.2012 23:23:46 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\x86\accelerometerST.exe High
29.6.2012 23:23:47 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\x86\HpTile2.exe High
29.6.2012 23:23:48 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\x86\hpcplapp.exe High
29.6.2012 23:23:48 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\x86\InstHPMDP.exe High
29.6.2012 23:23:49 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\agrset64.exe High
29.6.2012 23:23:49 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\agrsmdel.exe High
29.6.2012 23:23:50 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\setup.exe High
29.6.2012 23:23:50 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Vista32\agrsmdel.exe High
29.6.2012 23:23:51 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Vista32\setup.exe High
29.6.2012 23:23:51 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Vista64\agrset64.exe High
29.6.2012 23:23:52 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Vista64\agrsmdel.exe High
29.6.2012 23:23:52 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Vista64\setup.exe High
29.6.2012 23:23:53 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Win732\agrsmdel.exe High
29.6.2012 23:23:56 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP45248\Setup.exe High
29.6.2012 23:23:57 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Win732\setup.exe High
29.6.2012 23:23:58 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Win764\agrset64.exe High
29.6.2012 23:23:58 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Win764\agrsmdel.exe High
29.6.2012 23:23:59 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\Win764\setup.exe High
29.6.2012 23:23:59 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\XP32\agrsmdel.exe High
29.6.2012 23:24:00 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\XP32\setup.exe High
29.6.2012 23:24:00 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\XP64\agrset64.exe High
29.6.2012 23:24:01 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\XP64\agrsmdel.exe High
29.6.2012 23:24:01 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP47185\flat\XP64\setup.exe High
29.6.2012 23:24:01 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\Setup.exe High
29.6.2012 23:24:02 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x64\InstNT.exe High
29.6.2012 23:24:03 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x64\setup.exe High
29.6.2012 23:24:05 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x64\dpinst.exe High
29.6.2012 23:24:05 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x64\SynMood.exe High
29.6.2012 23:24:06 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x64\SynTPHelper.exe High
29.6.2012 23:24:07 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x64\SynZMetr.exe High
29.6.2012 23:24:08 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x64\Tutorial.exe High
29.6.2012 23:24:09 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x64\SynTPEnh.exe High
29.6.2012 23:24:10 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x86\dpinst.exe High
29.6.2012 23:24:10 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x86\InstNT.exe High
29.6.2012 23:24:10 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x86\setup.exe High
29.6.2012 23:24:12 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x86\SynMood.exe High
29.6.2012 23:24:13 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x86\SynTPHelper.exe High
29.6.2012 23:24:14 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x86\SynZMetr.exe High
29.6.2012 23:24:15 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x86\SynTPEnh.exe High
29.6.2012 23:24:15 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP49415\WinWDF\x86\Tutorial.exe High
29.6.2012 23:24:20 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51059\setup.exe High
29.6.2012 23:24:28 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51096\DPInst32.exe High
29.6.2012 23:24:29 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51096\DPInst64.exe High
29.6.2012 23:24:32 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51096\iProdifx.exe High
29.6.2012 23:24:35 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\setup.exe High
29.6.2012 23:24:36 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\HDAQFE\srvrtm\us\kb888111srvrtm.exe High
29.6.2012 23:24:37 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\HDAQFE\srvsp1\us\KB901105.exe High
29.6.2012 23:24:37 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\HDAQFE\win2k3\jpn\KB901105.exe High
29.6.2012 23:24:38 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\HDAQFE\win2k3\us\kb901105.exe High
29.6.2012 23:24:39 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\HDAQFE\win2ksp4\us\kb888111w2ksp4.exe High
29.6.2012 23:24:39 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\HDAQFE\win2k_xp\us\kb835221.exe High
29.6.2012 23:24:40 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\HDAQFE\xpsp1\us\kb888111xpsp1.exe High
29.6.2012 23:24:41 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\Vista\AESTSr64.exe High
29.6.2012 23:24:41 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\Vista\AESTSrv.exe High
29.6.2012 23:24:42 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\HDAQFE\xpsp2\us\kb888111xpsp2.exe High
29.6.2012 23:24:43 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\Vista\IDTPIMA.exe High
29.6.2012 23:24:43 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\Vista\IDTPMA64.exe High
29.6.2012 23:24:44 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\Vista\stacsv.exe High
29.6.2012 23:24:45 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\Vista\stacsv64.exe High
29.6.2012 23:24:46 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\Vista\sttray.exe High
29.6.2012 23:24:47 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\Vista\sttray64.exe High
29.6.2012 23:24:48 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\WinXP\AESTFl64.exe High
29.6.2012 23:24:49 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\WinXP\AESTFltr.exe High
29.6.2012 23:24:49 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\WinXP\stacsv.exe High
29.6.2012 23:24:50 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP51129\WDM\WinXP\stacsv64.exe High
29.6.2012 23:24:52 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\sp52015\FirmwareUpdate.exe High
29.6.2012 23:24:53 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\sp52015\HPUSBFW.exe High
29.6.2012 23:24:53 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52131\Setup.exe High
29.6.2012 23:24:55 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\sp52015\HPQFlash.exe High
29.6.2012 23:24:57 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52131\Vista\Install_CD\setup.exe High
29.6.2012 23:24:58 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52131\Win7\Install_CD\setup.exe High
29.6.2012 23:25:08 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52131\XP\Install_CD\setup.exe High
29.6.2012 23:25:12 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52330\Install.exe High
29.6.2012 23:25:13 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52330\Setup.exe High
29.6.2012 23:25:14 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Setup.exe High
29.6.2012 23:25:16 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Bin\ATISetup.exe High
29.6.2012 23:25:17 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Bin\Setup.exe High
29.6.2012 23:25:18 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Bin64\ATISetup.exe High
29.6.2012 23:25:22 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Bin\InstallManagerApp.exe High
29.6.2012 23:25:25 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Bin64\Setup.exe High
29.6.2012 23:25:28 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Bin64\InstallManagerApp.exe High
29.6.2012 23:25:29 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Packages\Apps\VC8RTx64\vcredist_x64\install.exe High
29.6.2012 23:25:31 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP52818\Packages\Apps\VC8RTx86\vcredist_x86\install.exe High
29.6.2012 23:25:35 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\hpqRun.exe High
29.6.2012 23:25:37 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\HPUCDSilent.exe High
29.6.2012 23:25:38 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\CAptina\setup.exe High
29.6.2012 23:25:44 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Chicony\setup.exe High
29.6.2012 23:25:49 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\revcon.exe High
29.6.2012 23:25:49 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\revcon64.exe High
29.6.2012 23:25:50 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\setup.exe High
29.6.2012 23:25:51 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\DriverBin_32bit\RTSCM.exe High
29.6.2012 23:25:52 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\DriverBin_32bit\RTSUVCUninst.exe High
29.6.2012 23:25:53 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\DriverBin_64bit\RtsCM64.exe High
29.6.2012 23:25:54 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\DriverBin_64bit\RTSUVCUninst64.exe High
29.6.2012 23:25:56 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\DriverBin_32bit\RTFTrack.exe High
29.6.2012 23:25:58 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\FAptina\DriverBin_64bit\RTFTrack.exe High
29.6.2012 23:25:59 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\revcon.exe High
29.6.2012 23:25:59 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\revcon64.exe High
29.6.2012 23:26:00 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\setup.exe High
29.6.2012 23:26:01 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\DriverBin_32bit\RTSCM.exe High
29.6.2012 23:26:02 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\DriverBin_32bit\RTSUVCUninst.exe High
29.6.2012 23:26:03 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\DriverBin_64bit\RtsCM64.exe High
29.6.2012 23:26:05 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\DriverBin_32bit\RTFTrack.exe High
29.6.2012 23:26:06 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\DriverBin_64bit\RTSUVCUninst64.exe High
29.6.2012 23:26:08 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Foxlink\DriverBin_64bit\RTFTrack.exe High
29.6.2012 23:26:09 Disinfected virus Virus.Win32.Neshta.a C:\SWSetup\SP55126\Primax\setup.exe High
30.6.2012 7:43:02 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\cb10\Setup.exe High
30.6.2012 7:43:28 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\cb10\Setup\setup.exe High
30.6.2012 7:43:32 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\Critter_0.90\Critter_0.90_32bit.exe High
30.6.2012 7:43:34 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\Critter_0.90\Critter_0.90_64bit.exe High
30.6.2012 7:43:35 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\Critter_0.90\Critter_0.90_64bit_SSE4.exe High
30.6.2012 7:43:37 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\Houdini-2.0c-instalator-+-key\Keygen.exe High
30.6.2012 7:44:00 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\Houdini-2.0c-instalator-+-key\Houdini-20c-Aquarium-Pro-Setup.exe High
30.6.2012 7:44:20 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\Houdini_15a\Houdini_15a_w32.exe High
30.6.2012 7:44:36 Disinfected virus Virus.Win32.Neshta.a D:\Šachy\Houdini_15a\Houdini_15a_x64.exe High
30.6.2012 8:23:02 Disinfected virus Virus.Win32.Neshta.a E:\Hry\Diablo.II.by.Oxi\Diablo.II.Lord.Of.Destruction.by.Oxi.zip High
30.6.2012 8:22:51 Disinfected virus Virus.Win32.Neshta.a E:\Hry\Diablo.II.by.Oxi\Diablo.II.Lord.Of.Destruction.by.Oxi.zip/Diablo2 Lord of Destruction KeyGen.exe High
Status: Detected (events: 2)
30.6.2012 7:29:12 Detected Trojan program Trojan.Win32.Genome.xzql D:\ChessBase.11-RELOADED\rld-cb11.iso//Crack/Keygen.exe High
30.6.2012 8:37:53 Detected Trojan program Trojan.Win32.Genome.ypja G:\Crack\Keygen.exe High

Re: Win32: Neshta

Napsal: 30 čer 2012 12:03
od Rudy
Pokud AVP našel opravdu všechny infikované soubory, měl by být virus pryč. Jestli něco v PC zbylo, virus časem soubory znovu napadne. Bude to ctít občasný sken antivirem.

Re: Win32: Neshta

Napsal: 30 čer 2012 16:25
od Lanys
Děkuji

Re: Win32: Neshta

Napsal: 30 čer 2012 18:43
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz