Dobry den, dnes jsem narazil na nekolik PC s win xp napadenych pravdepodobne neidentifikovanym virem, ktery sifruje dokumenty, archivy, obrazky dokonce i zastupce a napada i soubory na siti. Pri pokusu o pristup k souboru se zobrazi dialog pro zadani hesla (popisy tlacitek rozsypany caj).
Google mlci, nod32 celou dobu spokojene zeleny combofix toho odstranil hodne viz log nize. Hledám hlavne neco cim ty soubory obnovym.
Diky za pomoc
Rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by uzivatel at 2010-01-26 10:52:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (54%) free of 51 GB
Total RAM: 1014 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:06, on 26.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
F:\avir\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\uzivatel.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.150.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7307907238
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rumpolduhb.local
O17 - HKLM\Software\..\Telephony: DomainName = rumpolduhb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rumpolduhb.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rumpolduhb.local
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5382 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\PCConfidential.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-11 149280]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3
"NBService"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Documents and Settings\baierova\Local Settings\Temporary Internet Files\Content.IE5\ABORQJ29\incredimail_install[1].exe"="C:\Documents and Settings\baierova\Local Settings\Temporary Internet Files\Content.IE5\ABORQJ29\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\baierova\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe"="C:\Documents and Settings\baierova\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
======List of files/folders created in the last 1 months======
2010-01-26 10:52:02 ----D---- C:\rsit
2010-01-26 10:34:31 ----D---- C:\Program Files\Trend Micro
2010-01-26 09:49:38 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-26 09:06:02 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Macromedia
2010-01-26 09:06:01 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Adobe
2010-01-26 09:04:40 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-26 08:55:39 ----A---- C:\ComboFix.txt
2010-01-26 08:39:42 ----A---- C:\WINDOWS\MBR.exe
2010-01-26 08:39:41 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-26 08:39:39 ----A---- C:\WINDOWS\PEV.exe
2010-01-26 08:39:38 ----A---- C:\WINDOWS\zip.exe
2010-01-26 08:39:38 ----A---- C:\WINDOWS\SWREG.exe
2010-01-26 08:39:38 ----A---- C:\WINDOWS\sed.exe
2010-01-26 08:39:38 ----A---- C:\WINDOWS\grep.exe
2010-01-26 08:39:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-26 08:39:37 ----A---- C:\WINDOWS\SWSC.exe
2010-01-26 08:39:29 ----D---- C:\WINDOWS\ERDNT
2010-01-26 08:25:52 ----D---- C:\Qoobox
2010-01-26 07:11:17 ----A---- C:\ĘŔĘ ĐŔŃŘČÔĐÎÂŔŇÜ ÔŔÉËŰ.txt
2010-01-26 06:40:11 ----A---- C:\WINDOWS\system32\YUMBLURV.exe
2010-01-26 06:40:11 ----A---- C:\WINDOWS\new_2.exe
2010-01-26 06:40:10 ----A---- C:\WINDOWS\new_1.exe
2010-01-26 06:39:45 ----A---- C:\WINDOWS\infinum.exe
2010-01-11 11:37:31 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 11:37:31 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 11:37:31 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 11:37:31 ----A---- C:\WINDOWS\system32\deploytk.dll
======List of files/folders modified in the last 1 months======
2010-01-26 10:45:15 ----D---- C:\WINDOWS\Temp
2010-01-26 10:34:31 ----RD---- C:\Program Files
2010-01-26 10:33:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 09:49:38 ----D---- C:\WINDOWS
2010-01-26 09:48:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 09:05:22 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2010-01-26 09:04:02 ----D---- C:\Program Files\Winferno
2010-01-26 09:04:02 ----D---- C:\Program Files\Common Files
2010-01-26 08:59:45 ----D---- C:\WINDOWS\system32
2010-01-26 08:54:57 ----SD---- C:\WINDOWS\Tasks
2010-01-26 08:53:55 ----A---- C:\WINDOWS\system.ini
2010-01-26 08:50:55 ----D---- C:\Program Files\ICQ6.5
2010-01-26 08:44:49 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 08:44:49 ----D---- C:\WINDOWS\AppPatch
2010-01-26 08:39:36 ----SHD---- C:\System Volume Information
2010-01-26 08:39:36 ----D---- C:\WINDOWS\system32\Restore
2010-01-26 08:35:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-26 08:24:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-26 07:09:54 ----D---- C:\Zmolik
2010-01-26 07:09:43 ----RD---- C:\WINDOWS\Web
2010-01-26 07:09:40 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-26 07:09:40 ----D---- C:\WINDOWS\system32\wbem
2010-01-26 07:09:40 ----D---- C:\WINDOWS\system32\tnrtmwuk
2010-01-26 07:09:40 ----AS---- C:\WINDOWS\system32\Vfpodbc.txt.crypted
2010-01-26 07:09:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-01-26 07:09:38 ----D---- C:\WINDOWS\system32\icsxml
2010-01-26 07:09:38 ----A---- C:\WINDOWS\system32\eula.txt.crypted
2010-01-26 07:09:27 ----D---- C:\WINDOWS\ShellNew
2010-01-26 07:09:27 ----A---- C:\WINDOWS\setuplog.txt.crypted
2010-01-26 07:09:21 ----D---- C:\WINDOWS\Resources
2010-01-26 07:09:14 ----A---- C:\WINDOWS\OEWABLog.txt.crypted
2010-01-26 07:09:14 ----A---- C:\WINDOWS\ntbtlog.txt.crypted
2010-01-26 07:09:10 ----SHD---- C:\WINDOWS\Installer
2010-01-26 07:09:08 ----D---- C:\WINDOWS\I386
2010-01-26 07:08:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-01-26 07:08:47 ----D---- C:\Temp
2010-01-26 07:08:45 ----D---- C:\Program Files\Windows Media Player
2010-01-26 07:08:44 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-26 07:08:43 ----D---- C:\Program Files\totalcmd
2010-01-26 07:07:01 ----D---- C:\Program Files\Outlook Express
2010-01-26 07:07:01 ----D---- C:\Program Files\Online Services
2010-01-26 07:06:47 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-26 07:06:47 ----D---- C:\Program Files\Messenger
2010-01-26 07:06:38 ----D---- C:\Program Files\ICQToolbar2003
2010-01-26 07:06:38 ----D---- C:\Program Files\ICQToolbar
2010-01-26 07:06:37 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-26 07:06:15 ----D---- C:\Program Files\Free Offers from Freeze.com
2010-01-26 07:06:13 ----D---- C:\Program Files\DVD Shrink
2010-01-26 07:06:13 ----D---- C:\Program Files\Common Files\Services
2010-01-26 07:05:49 ----D---- C:\OEMDRV
2010-01-26 07:05:47 ----A---- C:\lang.txt
2010-01-26 06:54:40 ----D---- C:\WINDOWS\Prefetch
2010-01-26 06:12:03 ----D---- C:\WINDOWS\security
2010-01-22 13:20:56 ----A---- C:\WINDOWS\BYZNYS.INI
2010-01-12 13:53:04 ----D---- C:\Program Files\Freeze.com
2010-01-11 11:37:15 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-31 81280]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\baierova\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2006-05-11 247808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-11 153376]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
-----------------EOF-----------------
combofix:
ComboFix 10-01-25.05 - Baierova 26.01.2010 8:40.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.626 [GMT 1:00]
Spuštěný z: d:\!inst\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\baierova\PlochaEditorFKWP1.5.exe
c:\documents and settings\baierova\PlochaEditorFKWP2.0.exe
c:\documents and settings\baierova\Plochafilemanagerclient.exe
c:\documents and settings\baierova\Plochafkwp1.5.exe
c:\documents and settings\baierova\Plochafkwp2.0.exe
c:\documents and settings\baierova\Plochafwebd.exe
c:\documents and settings\baierova\PlochaFWebdEditor.exe
c:\documents and settings\baierova\PlochaTrojan.Win32.BlackBird.exe
c:\documents and settings\baierova\Plochavirii
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.bl.exe
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.p.exe
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.r.exe
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.t.exe
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.v.exe
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\PC-Cleaner
c:\program files\SecCenter
c:\recycler\S-1-5-21-2505506699-2594242424-1360413524-500
c:\windows\a.bat
c:\windows\base64.tmp
c:\windows\bdn.com
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\mssecu.exe
c:\windows\system32akttzn.exe
c:\windows\system32anticipator.dll
c:\windows\system32awtoolb.dll
c:\windows\system32bdn.com
c:\windows\system32bsva-egihsg52.exe
c:\windows\system32dpcproxy.exe
c:\windows\system32emesx.dll
c:\windows\system32h@tkeysh@@k.dll
c:\windows\system32hoproxy.dll
c:\windows\system32hxiwlgpm.dat
c:\windows\system32hxiwlgpm.exe
c:\windows\system32medup012.dll
c:\windows\system32medup020.dll
c:\windows\system32msgp.exe
c:\windows\system32msnbho.dll
c:\windows\system32mssecu.exe
c:\windows\system32msvchost.exe
c:\windows\system32mtr2.exe
c:\windows\system32mwin32.exe
c:\windows\system32netode.exe
c:\windows\system32newsd32.exe
c:\windows\system32ps1.exe
c:\windows\system32psof1.exe
c:\windows\system32psoft1.exe
c:\windows\system32regc64.dll
c:\windows\system32regm64.dll
c:\windows\system32Rundl1.exe
c:\windows\system32smp
c:\windows\system32smp\msrc.exe
c:\windows\system32sncntr.exe
c:\windows\system32ssurf022.dll
c:\windows\system32ssvchost.com
c:\windows\system32ssvchost.exe
c:\windows\system32sysreq.exe
c:\windows\system32taack.dat
c:\windows\system32taack.exe
c:\windows\system32temp#01.exe
c:\windows\system32thun.dll
c:\windows\system32thun32.dll
c:\windows\system32VBIEWER.OCX
c:\windows\system32vbsys2.dll
c:\windows\system32vcatchpi.dll
c:\windows\system32winlogonpc.exe
c:\windows\system32winsystem.exe
c:\windows\system32WINWGPX.EXE
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-26 do 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 05:40 . 2010-01-26 05:40 38912 ----a-w- c:\windows\new_2.exe
2010-01-26 05:40 . 2010-01-26 05:40 57344 ----a-w- c:\windows\system32\YUMBLURV.exe
2010-01-26 05:40 . 2010-01-26 05:40 57344 ----a-w- c:\windows\new_1.exe
2010-01-26 05:39 . 2010-01-26 05:39 41984 ----a-w- c:\windows\infinum.exe
2010-01-12 12:53 . 2005-09-12 08:14 593920 ----a-w- c:\windows\Snowy Scenes Full.scr
2010-01-12 12:52 . 2010-01-12 12:52 -------- d-----w- c:\program files\Common Files\Winferno
2010-01-12 12:51 . 2006-10-09 12:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL
2010-01-12 12:51 . 2006-05-17 07:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL
2010-01-11 10:37 . 2010-01-11 10:37 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 07:50 . 2009-03-19 05:15 -------- d-----w- c:\program files\ICQ6.5
2010-01-26 07:35 . 2008-03-26 08:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 07:31 . 2008-07-28 05:38 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-26 06:09 . 2004-09-08 14:27 646 ----a-w- c:\windows\system32\drivers\gmreadme.txt.crypted
2010-01-26 06:08 . 2009-03-17 15:58 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-26 06:08 . 2007-04-24 11:34 -------- d-----w- c:\program files\totalcmd
2010-01-26 06:06 . 2009-03-17 17:50 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-26 06:06 . 2008-01-15 08:20 -------- d-----w- c:\program files\ICQToolbar2003
2010-01-26 06:06 . 2007-04-25 06:22 -------- d-----w- c:\program files\ICQToolbar
2010-01-26 06:06 . 2009-03-19 05:15 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-26 06:06 . 2009-12-14 11:22 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-01-26 06:06 . 2008-04-14 11:23 -------- d-----w- c:\program files\DVD Shrink
2010-01-13 05:17 . 2009-12-14 11:19 -------- d-----w- c:\program files\Winferno
2010-01-12 12:53 . 2008-10-09 11:35 -------- d-----w- c:\program files\Freeze.com
2010-01-11 10:37 . 2007-04-24 10:52 -------- d-----w- c:\program files\Java
2009-12-21 05:25 . 2009-12-21 05:25 120320 ----a-w- c:\windows\installers1.exe
2009-11-04 13:05 . 2004-09-08 14:27 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-11-04 13:05 . 2004-09-08 14:27 437832 ----a-w- c:\windows\system32\perfh005.dat
2008-10-09 11:37 . 2008-10-09 11:37 774144 ----a-w- c:\program files\RngInterstitial.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-11 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\baierova\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ikowin32.exe [2008-4-14 30720]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [6.11.2008 13:42 81920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [6.11.2008 13:42 2723840]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-26 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2010-01-12 13:10]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyServer = 192.168.150.1:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PowerDVD8 - c:\program files\CyberLink\PowerDVD8\PowerDVD8.exe
Notify-winblh32 - winblh32.dll
Notify-windex32 - windex32.dll
MSConfigStartUp-cioqskmt - c:\windows\system32\cioqskmt.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-xshifuru - c:\program files\xshifuru\pulkdiru.dll
AddRemove-ADRem2005 - c:\program files\ADRem2005\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 08:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-01-26 08:55:39
ComboFix-quarantined-files.txt 2010-01-26 07:55
Před spuštěním: Volných bajtů: 28 790 714 368
Po spuštění: Volných bajtů: 29 056 512 000
- - End Of File - - FEA7DC46589A8D8CE8926F2ED2D18330
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zasifrovane dokumenty, archivy, obrazky - crypted
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
- VIP
- Příspěvky: 331
- Registrován: 25 dub 2005 18:27
- Bydliště: Praha-Bubeneč
- Kontaktovat uživatele:
Re: Zasifrovane dokumenty, archivy, obrazky - crypted
Dobrý den, vy se zabýváte servisem pc, že hovoříte o "několika pc"?
Chcete se stát vzorným návštěvníkem? Podrobnosti naleznete ZDE.
VIRY řešte zde na fóru, pokud máte technický dotaz či dotaz související s chodem fóra, pište na iwi(zavináč)forum.viry.cz
pomohla Vám moje rada? podpořte fórum smskou, přes SuperCash nebo nově přes PayPal
__________________________________________
VIRY řešte zde na fóru, pokud máte technický dotaz či dotaz související s chodem fóra, pište na iwi(zavináč)forum.viry.cz
pomohla Vám moje rada? podpořte fórum smskou, přes SuperCash nebo nově přes PayPal
__________________________________________
Re: Zasifrovane dokumenty, archivy, obrazky - crypted
nuz uprimne - taku zbierku si musel doplnat dlhsiu dobu
najprv prescanuj/vycisti PC s CureIT - uplna kontrola
najprv prescanuj/vycisti PC s CureIT - uplna kontrola
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zasifrovane dokumenty, archivy, obrazky - crypted
Jedna se o PC je firme, modifikace souboru (pridani pripony .crypted) probehlo v rannich hodinach po prichodu do prace) zpusob nakazeni neznam, zrejme email, nebo icq, jedna se 3pc jeste vecer vse ok.
Re: Zasifrovane dokumenty, archivy, obrazky - crypted
no moznosti je viac - treba skusit, co prinesie ovocie
1. cistka s CureIT
2. obnova systemu k datumu, ked to bolo OK >> napr. vcera
3. kontrola s bootCD Avira
4. kontrola s MBAM
pisem viacero moznosti, pretoze "ukazkovy" log z PC bol doslova hrozny - slo o ZMES smejdov
1. cistka s CureIT
2. obnova systemu k datumu, ked to bolo OK >> napr. vcera
3. kontrola s bootCD Avira
4. kontrola s MBAM
pisem viacero moznosti, pretoze "ukazkovy" log z PC bol doslova hrozny - slo o ZMES smejdov
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zasifrovane dokumenty, archivy, obrazky - crypted
Tak k infiltraci doslo prostrednictvim ICQ, symantec virus identifikuje a odstraneni není problem, nic mene zasifrovana data zrejme uz nikdo zpet nevrati.
Re: Zasifrovane dokumenty, archivy, obrazky - crypted
otestuj jeden lubovolny zasifrovany subor na www.virustotal.com - vysledky vloz
metodu sifrovania totiz pouzivalo viacero smejdov, aby sme vedeli kto je kto
metodu sifrovania totiz pouzivalo viacero smejdov, aby sme vedeli kto je kto
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/