Vir
Vir
Mám problém s jedním virem. Nevim jak se jmenuje, ale neustále mi naskakuje na spodní liště ïkona s textem "You have a security problem!". Občas mi naskočí internetové okno s nabídkou na kontrolu počítače na viry. Proto se ptám jestli někdo neměl podobný problém a jak ho vyřešil, protože AVG 8,0 si s nim neporadí.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir
vlož sem log z HijackThis (návod v podpisu)
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir
vlož sem ten log
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir
udělej log z programu HijackThis. návod na vytvoření logu z tohoto programu mám v podpise
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Vir
Ok tady to je
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:52, on 13.1.2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\QuickTime\QTTask.exe
C:\PROGRAM FILES\RISING\RAV\RavMon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\BRANDE~1.BRA\LOCALS~1\Temp\ert53621.exe
C:\DOCUME~1\BRANDE~1.BRA\LOCALS~1\Temp\~tmpe.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.10:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {1BFB720F-B45D-43FF-8AE1-54C86718DE99} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\smssl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\BRANDE~1.BRA\LOCALS~1\Temp\ert53621.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\smssl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Vyhledat - file://C:\Program Files\Dynamic Toolbar\VOLNY\najdito.htm
O9 - Extra button: VOLNÝ - {5A19F1FE-2A05-438c-BE6E-7D23266193E8} - http://web.volny.cz/ (file missing)
O9 - Extra 'Tools' menuitem: VOLNÝ - {5A19F1FE-2A05-438c-BE6E-7D23266193E8} - http://web.volny.cz/ (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4600643F-FE15-4F71-9BC0-5EA811D5A2AE}: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{4600643F-FE15-4F71-9BC0-5EA811D5A2AE}: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{4600643F-FE15-4F71-9BC0-5EA811D5A2AE}: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.110,85.255.112.113
O20 - AppInit_DLLs: C:\WINDOWS\System32\moriyons.dll
O20 - Winlogon Notify: yayxxvsq - yayxxvsq.dll (file missing)
O21 - SSODL: WinMon - {edeacceb-d480-4675-aa9a-7f15780e50fe} - (no file)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5765 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:52, on 13.1.2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\QuickTime\QTTask.exe
C:\PROGRAM FILES\RISING\RAV\RavMon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\BRANDE~1.BRA\LOCALS~1\Temp\ert53621.exe
C:\DOCUME~1\BRANDE~1.BRA\LOCALS~1\Temp\~tmpe.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.10:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {1BFB720F-B45D-43FF-8AE1-54C86718DE99} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\smssl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\BRANDE~1.BRA\LOCALS~1\Temp\ert53621.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\smssl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Vyhledat - file://C:\Program Files\Dynamic Toolbar\VOLNY\najdito.htm
O9 - Extra button: VOLNÝ - {5A19F1FE-2A05-438c-BE6E-7D23266193E8} - http://web.volny.cz/ (file missing)
O9 - Extra 'Tools' menuitem: VOLNÝ - {5A19F1FE-2A05-438c-BE6E-7D23266193E8} - http://web.volny.cz/ (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4600643F-FE15-4F71-9BC0-5EA811D5A2AE}: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{4600643F-FE15-4F71-9BC0-5EA811D5A2AE}: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{4600643F-FE15-4F71-9BC0-5EA811D5A2AE}: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.110,85.255.112.113
O20 - AppInit_DLLs: C:\WINDOWS\System32\moriyons.dll
O20 - Winlogon Notify: yayxxvsq - yayxxvsq.dll (file missing)
O21 - SSODL: WinMon - {edeacceb-d480-4675-aa9a-7f15780e50fe} - (no file)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5765 bytes
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Vir
Malwarebytes' Anti-Malware 1.32
Verze databáze: 1648
Windows 5.1.2600
13.1.2009 21:11:41
mbam-log-2009-01-13 (21-11-33).txt
Typ skenu: Rychlý sken
Objektu skenováno: 60942
Uplynulý cas: 5 minute(s), 47 second(s)
Infikované procesy pameti: 1
Infikované pametové moduly: 0
Infikované klíce registru: 13
Infikované hodnoty registru: 8
Infikované položky dat registru: 7
Infikované složky: 3
Infikované soubory: 24
Infikované procesy pameti:
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> No action taken.
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\f406.f406mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\f406.f406mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1b12f639-cba9-45dd-89fe-9fa7d4340716} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> No action taken.
Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
Infikované složky:
C:\resycled (Trojan.DNSChanger) -> No action taken.
C:\Program Files\Web Technologies (Trojan.Zlob) -> No action taken.
C:\WINDOWS\SYSTEM32\778670 (Trojan.BHO) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpf.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpg.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpi.exe (Trojan.FakeAlert) -> No action taken.
C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\browserui.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\mshtmllib.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\msqpdxskwnswwp.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxqjwfvxtq.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxtyxjlklo.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\ert53621.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\TEMP\tempo-59.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-009.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-DFF.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-69D.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-1CF.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-B1D.tmp (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmph.exe (Trojan.FakeAlert) -> No action taken.
Verze databáze: 1648
Windows 5.1.2600
13.1.2009 21:11:41
mbam-log-2009-01-13 (21-11-33).txt
Typ skenu: Rychlý sken
Objektu skenováno: 60942
Uplynulý cas: 5 minute(s), 47 second(s)
Infikované procesy pameti: 1
Infikované pametové moduly: 0
Infikované klíce registru: 13
Infikované hodnoty registru: 8
Infikované položky dat registru: 7
Infikované složky: 3
Infikované soubory: 24
Infikované procesy pameti:
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> No action taken.
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\f406.f406mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\f406.f406mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1b12f639-cba9-45dd-89fe-9fa7d4340716} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> No action taken.
Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> No action taken.
Infikované složky:
C:\resycled (Trojan.DNSChanger) -> No action taken.
C:\Program Files\Web Technologies (Trojan.Zlob) -> No action taken.
C:\WINDOWS\SYSTEM32\778670 (Trojan.BHO) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpf.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpg.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpi.exe (Trojan.FakeAlert) -> No action taken.
C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\browserui.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\mshtmllib.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\msqpdxskwnswwp.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxqjwfvxtq.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxtyxjlklo.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\ert53621.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\TEMP\tempo-59.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-009.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-DFF.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-69D.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-1CF.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\TEMP\tempo-B1D.tmp (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmph.exe (Trojan.FakeAlert) -> No action taken.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Vir
Malwarebytes' Anti-Malware 1.32
Verze databáze: 1648
Windows 5.1.2600
13.1.2009 21:47:26
mbam-log-2009-01-13 (21-47-26).txt
Typ skenu: Rychlý sken
Objektu skenováno: 61187
Uplynulý cas: 8 minute(s), 48 second(s)
Infikované procesy pameti: 1
Infikované pametové moduly: 0
Infikované klíce registru: 13
Infikované hodnoty registru: 8
Infikované položky dat registru: 7
Infikované složky: 3
Infikované soubory: 24
Infikované procesy pameti:
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\f406.f406mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\f406.f406mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1b12f639-cba9-45dd-89fe-9fa7d4340716} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
Infikované složky:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\778670 (Trojan.BHO) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\browserui.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mshtmllib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msqpdxskwnswwp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxqjwfvxtq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxtyxjlklo.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\ert53621.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\TEMP\tempo-59.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-009.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-DFF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-69D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-1CF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-B1D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmph.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Verze databáze: 1648
Windows 5.1.2600
13.1.2009 21:47:26
mbam-log-2009-01-13 (21-47-26).txt
Typ skenu: Rychlý sken
Objektu skenováno: 61187
Uplynulý cas: 8 minute(s), 48 second(s)
Infikované procesy pameti: 1
Infikované pametové moduly: 0
Infikované klíce registru: 13
Infikované hodnoty registru: 8
Infikované položky dat registru: 7
Infikované složky: 3
Infikované soubory: 24
Infikované procesy pameti:
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\f406.f406mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\f406.f406mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1b12f639-cba9-45dd-89fe-9fa7d4340716} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4600643f-fe15-4f71-9bc0-5ea811d5a2ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.110,85.255.112.113 -> Quarantined and deleted successfully.
Infikované složky:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\778670 (Trojan.BHO) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\browserui.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mshtmllib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msqpdxskwnswwp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxqjwfvxtq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\msqpdxtyxjlklo.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\ert53621.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\TEMP\tempo-59.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-009.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-DFF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-69D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-1CF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tempo-B1D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandejs.BRANDEJS\Local Settings\Temp\~tmph.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti