prosím o kontrolu logu Vyřešeno

[makojed]

analisis/fe0dcb728471465b39a42a7511f4133021fba5df88f88bcb5fe2ff34cfd713f9-1265901133
analisis/4d3b88054c20191d4326027720ab4e54a91b3a724f6b5a7f0908e41be3a6d9b5-1266119863
analisis/b2d9f11875b9523329eda61f95f9aba69c31d1cdf02950d634debdc93f72e75a-1266079753

raději i tak nejsem si jist jestli to podle toho nahoře pujde najít

http://www.virustotal.com/cs/analisis/f ... 1265901133
http://www.virustotal.com/cs/analisis/4 ... 1266119863
http://www.virustotal.com/cs/analisis/b ... 1266079753

[Reklama]

[jaro3]

Tak ta nákaza by měla být toto:
c:\windows\system32\w30Xnol32.exe
c:\windows\system32\s30Xn32.dll


Takže:
Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
Symantec Core LC

:Reg

:Files
c:\windows\system32\w30Xnol32.exe
c:\windows\system32\s30Xn32.dll
c:\program files\internet explorer\wmpscfgs.exe
c:\windows\Tasks\At*.job   

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
+nový log z HJT.

[makojed]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver Symantec Core LC deleted successfully.
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\w30Xnol32.exe moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\s30Xn32.dll
c:\windows\system32\s30Xn32.dll NOT unregistered.
c:\windows\system32\s30Xn32.dll moved successfully.
c:\program files\internet explorer\wmpscfgs.exe moved successfully.
c:\windows\Tasks\At1.job moved successfully.
c:\windows\Tasks\At10.job moved successfully.
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At2.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At73.job moved successfully.
c:\windows\Tasks\At74.job moved successfully.
c:\windows\Tasks\At75.job moved successfully.
c:\windows\Tasks\At76.job moved successfully.
c:\windows\Tasks\At77.job moved successfully.
c:\windows\Tasks\At78.job moved successfully.
c:\windows\Tasks\At79.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At80.job moved successfully.
c:\windows\Tasks\At81.job moved successfully.
c:\windows\Tasks\At82.job moved successfully.
c:\windows\Tasks\At83.job moved successfully.
c:\windows\Tasks\At84.job moved successfully.
c:\windows\Tasks\At85.job moved successfully.
c:\windows\Tasks\At86.job moved successfully.
c:\windows\Tasks\At87.job moved successfully.
c:\windows\Tasks\At88.job moved successfully.
c:\windows\Tasks\At89.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
c:\windows\Tasks\At90.job moved successfully.
c:\windows\Tasks\At91.job moved successfully.
c:\windows\Tasks\At92.job moved successfully.
c:\windows\Tasks\At93.job moved successfully.
c:\windows\Tasks\At94.job moved successfully.
c:\windows\Tasks\At95.job moved successfully.
c:\windows\Tasks\At96.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF74E4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF7526.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF7585.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF7612.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF77EF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF78BE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R0W7LLLT\st[6] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R0W7LLLT\st[7] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R0W7LLLT\st[8] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R0W7LLLT\st[9] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4XQ9DUB1\comp%201_7[1].flv scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1c8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 02152010_094041

Files moved on Reboot...
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF74E4.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF7526.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF7585.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF7612.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF77EF.tmp not found!
File C:\DOCUME~1\user\LOCALS~1\Temp\~DF78BE.tmp not found!
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R0W7LLLT\st[6] moved successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R0W7LLLT\st[7] moved successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R0W7LLLT\st[8] moved successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\R0W7LLLT\st[9] moved successfully.
File C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4XQ9DUB1\comp%201_7[1].flv not found!
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_1c8.dat not found!

Registry entries deleted on Reboot...

[makojed]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:29, on 15.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: app_dll.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98882f7af9498) (gupdate1c98882f7af9498) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7756 bytes

[makojed]

zrovna na mě vyskočilo okno z internet exloreru a začla hrát hudba , já používám firefox ,nemám nic spuštěného ale u kurzoru myši mě problikávají přesípací hodiny jako by se pořád něco spouštělo

ted budu muset odjet budu tu až tak kolem 18 00
zatím díky za pomoc

[jaro3]

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .


/////////////////

Stáhni si a spusť pod účtem administrátoraAvenger

Tlačítkem OK potvrď, že vše, co děláš v tomto programu, děláš na vlastní riziko
Zvol možnost "Load script from internet URL"
Do řádku pod tím zkopíruj následující adresu:

Kód: Vybrat vše

http://ne-e.eu/stration/script.txt

Klikni na Execute ke spuštění programu, nakonec klikni na OK a Tvůj počítač se restartuje

//////////////////////

Vlož sem ještě také log z LopFind
Stáhni, vybal a spusť LopFind - Po jeho spuštění se během chvíle zobrazí textový dokument, jinak také uložený na disku pod umístěním C:\lop.txt, zkopíruj celý jeho obsah sem.

[makojed]

Hlášení kontroly
Pondělí, Únor 15, 2010 18:56:30 - 20:29:23

Název počítače: P4
Typ kontroly: Kontrolovat systém na přítomnost malwaru, spywaru a programů rootkit
Cíl: C:\ D:\ E:\ H:\ I:\
Nalezený malware: 2
TrackingCookie.Yieldmanager (spyware)

* Systém (Vyléčeno)

Suspicious:W32/Malware!Gemini (virus)

* C:\_OTM\MOVEDFILES\02152010_094041\WINDOWS\SYSTEM32\W30XNOL32.EXE (Nevyčištěno)

Statistika
Kontrolováno:

* Soubory: 38403
* Systém: 3362
* Nekontrolováno: 8

Akce:

* Vyléčeno: 1
* Přejmenováno: 0
* Odstraněno: 0
* Nevyčištěno: 1
* Odesláno: 0

Nekontrolované soubory:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\2592
* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\5284

Možnosti
Moduly kontroly:

Možnosti kontroly:

* Kontrolovat určené soubory: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Používat pokročilou heuristiku

[Damned]

Zaskočím za jaro3.

Log z lopFindu?

[makojed]

LopFind v4 © Čas: 20:57:12,35 Datum: po 15.02.2010

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1

19.11.2008 16:09 <DIR> Help
19.11.2008 16:09 <DIR> Identities
19.11.2008 16:08 62 desktop.ini
19.11.2008 16:08 <DIR> ..
19.11.2008 16:08 <DIR> Microsoft
19.11.2008 16:08 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 5, Volněch bajt…: 11319316480
Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

15.02.2010 18:56 <DIR> F-Secure
13.02.2010 23:33 <DIR> MicroWorld
24.01.2010 16:41 <DIR> FLEXnet
16.09.2009 20:04 <DIR> McAfee
16.09.2009 20:03 <DIR> McAfee Security Scan
16.09.2009 20:02 <DIR> NOS
18.05.2009 20:28 <DIR> Phenomedia
01.04.2009 20:26 <DIR> Malwarebytes
21.02.2009 13:53 <DIR> MumboJumbo
23.01.2009 11:19 <DIR> HP
23.01.2009 11:13 6109 hpzinstall.log
08.01.2009 14:32 <DIR> hps
28.12.2008 16:23 <DIR> ICQ
28.12.2008 14:30 <DIR> ESET
20.12.2008 19:29 <DIR> Ahead
05.12.2008 11:48 <DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
05.12.2008 11:24 <DIR> Symantec
28.11.2008 18:15 <DIR> vsosdk
27.11.2008 16:39 <DIR> Creative
27.11.2008 12:00 <DIR> Lavasoft
24.11.2008 14:49 <DIR> Nero
21.11.2008 16:08 <DIR> Temp
21.11.2008 11:48 <DIR> CyberLink
20.11.2008 19:56 <DIR> Microsoft Help
20.11.2008 19:46 <DIR> ACD Systems
20.11.2008 19:31 <DIR> Avg8
20.11.2008 19:15 <DIR> Skype
19.11.2008 17:38 <DIR> Windows Genuine Advantage
19.11.2008 16:48 62 desktop.ini
19.11.2008 16:48 <DIR> Microsoft
19.11.2008 16:48 <DIR> ..
19.11.2008 16:48 <DIR> .
19.11.2008 16:24 <DIR> Adobe
19.11.2008 16:23 <DIR> ESTsoft
2 soubor…, 6171 bajt…
Adres ý…: 32, Volněch bajt…: 11319312384
Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

Věpis adres ýe C:\Documents and Settings\user\DATAAP~1

13.02.2010 23:25 <DIR> Download Manager
29.05.2009 09:38 <DIR> Command & Conquer 3 Tiberium Wars
01.04.2009 20:26 <DIR> Malwarebytes
30.03.2009 09:49 <DIR> Marine Aquarium 3
19.02.2009 13:34 <DIR> Winamp
07.02.2009 20:38 <DIR> SecuROM
26.01.2009 10:40 <DIR> Image Zone Express
23.01.2009 11:12 <DIR> HP
14.01.2009 20:32 <DIR> Happy Foto
09.01.2009 09:21 <DIR> Google
28.12.2008 16:22 <DIR> ICQ
28.12.2008 14:31 <DIR> ESET
28.12.2008 13:47 <DIR> Sun
20.12.2008 19:29 <DIR> Ahead
05.12.2008 11:29 <DIR> Symantec
28.11.2008 17:54 <DIR> Thinstall
28.11.2008 17:44 33 pcouffin.log
28.11.2008 17:44 7887 pcouffin.cat
28.11.2008 17:44 87608 inst.exe
28.11.2008 17:44 47360 pcouffin.sys
28.11.2008 17:44 1144 pcouffin.inf
28.11.2008 17:44 <DIR> Vso
27.11.2008 16:54 <DIR> Creative
27.11.2008 09:47 0 downloads.m3u
26.11.2008 17:52 165 default.rss
21.11.2008 11:48 <DIR> CyberLink
21.11.2008 11:24 <DIR> WinRAR
20.11.2008 20:53 <DIR> ACD Systems
20.11.2008 19:30 <DIR> Mozilla
20.11.2008 19:17 <DIR> skypePM
20.11.2008 19:15 <DIR> Skype
19.11.2008 16:46 <DIR> OpenOffice.org
19.11.2008 16:24 <DIR> Macromedia
19.11.2008 16:24 <DIR> Adobe
19.11.2008 16:23 <DIR> ESTsoft
19.11.2008 16:16 <DIR> Help
19.11.2008 16:16 <DIR> Identities
19.11.2008 16:16 62 desktop.ini
19.11.2008 16:16 <DIR> ..
19.11.2008 16:16 <DIR> .
19.11.2008 16:16 <DIR> Microsoft
8 soubor…, 144259 bajt…
Adres ý…: 33, Volněch bajt…: 11319308288
Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1

[makojed]

25.05.2009 11:48 <DIR> Macromedia
19.11.2008 16:48 62 desktop.ini
19.11.2008 16:48 <DIR> ..
19.11.2008 16:48 <DIR> Microsoft
19.11.2008 16:48 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 4, Volněch bajt…: 11319308288
Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

15.02.2010 17:21 <DIR> Macromedia
15.02.2010 17:21 <DIR> Adobe
19.11.2008 16:08 <DIR> ..
19.11.2008 16:08 <DIR> Microsoft
19.11.2008 16:08 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 5, Volněch bajt…: 11319308288
Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

19.11.2008 16:07 <DIR> ..
19.11.2008 16:07 <DIR> Microsoft
19.11.2008 16:07 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 11319308288

******************************************

2) Zjišťování přítomnosti ve složce Program Files:

a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:

Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

Věpis adres ýe C:\Program Files

15.02.2010 20:56 <DIR> .
15.02.2010 20:56 <DIR> ..
20.11.2008 19:46 <DIR> ACD Systems
15.02.2010 15:43 <DIR> Adobe
24.01.2010 16:16 <DIR> Adobe Media Player
19.11.2008 16:08 <DIR> ATI Technologies
27.11.2008 16:42 <DIR> Audible
23.06.2009 20:26 <DIR> AutoPlan
01.01.2009 15:15 <DIR> BitComet
05.08.2009 08:04 <DIR> CCleaner
19.11.2008 16:40 <DIR> Codec Pack - All In 1
14.02.2010 21:13 <DIR> Common Files
19.11.2008 16:03 <DIR> ComPlus Applications
27.11.2008 17:01 <DIR> Creative
27.11.2008 17:00 <DIR> Creative Installation Information
28.11.2008 18:00 <DIR> dvdfabplatinum
09.02.2009 11:29 <DIR> EA Games
29.05.2009 09:27 <DIR> Electronic Arts
14.02.2010 09:28 <DIR> ESET
08.02.2010 16:14 <DIR> Google
26.01.2009 10:40 <DIR> Hewlett-Packard
26.01.2009 10:48 <DIR> HP
16.03.2009 19:46 <DIR> ICQ6.5
28.12.2008 16:23 <DIR> ICQ6Toolbar
27.11.2009 21:19 <DIR> InstallShield Installation Information
15.02.2010 20:47 <DIR> Internet Explorer
21.11.2008 15:58 <DIR> IrfanView
04.11.2009 20:11 <DIR> Java
03.01.2009 13:07 <DIR> Lavalys
08.06.2009 19:13 <DIR> Lavasoft
14.02.2010 10:14 <DIR> Malwarebytes' Anti-Malware
19.11.2008 16:57 <DIR> Messenger
19.11.2008 16:38 <DIR> microsoft frontpage
30.10.2009 20:46 <DIR> Microsoft Office
30.10.2009 20:45 <DIR> Microsoft Visual Studio
30.10.2009 20:41 <DIR> Microsoft Visual Studio 8
31.10.2009 09:18 <DIR> Microsoft Works
30.10.2009 20:44 <DIR> Microsoft.NET
20.04.2009 17:05 <DIR> Mio Technology
19.11.2008 16:33 <DIR> Movie Maker
15.02.2010 20:47 <DIR> Mozilla Firefox
30.10.2009 20:06 <DIR> MSBuild
19.11.2008 16:03 <DIR> MSN Gaming Zone
25.11.2008 14:06 <DIR> MSXML 4.0
20.12.2008 19:26 <DIR> Nero
19.11.2008 16:32 <DIR> NetMeeting
19.11.2008 16:05 <DIR> Online Services
20.11.2008 19:54 <DIR> OpenOffice.org 3
14.08.2009 07:31 <DIR> Outlook Express
26.11.2008 17:36 <DIR> Reference Assemblies
17.11.2009 18:58 <DIR> Samsung
26.12.2008 11:46 <DIR> Seagate
08.12.2009 20:11 <DIR> Skype
28.12.2008 13:48 <DIR> Sun
01.12.2008 20:09 <DIR> The KMPlayer
21.11.2008 20:00 <DIR> totalcmd
23.11.2008 15:11 <DIR> TRANSLAT
28.10.2009 17:45 <DIR> Trend Micro
21.11.2008 11:35 <DIR> UltraISO
18.12.2008 15:08 <DIR> Uninstall Information
19.02.2009 13:35 <DIR> Winamp
27.11.2008 16:38 <DIR> Windows Media Player
19.11.2008 16:32 <DIR> Windows NT
19.11.2008 16:05 <DIR> WindowsUpdate
21.11.2008 11:24 <DIR> WinRAR
19.11.2008 16:38 <DIR> xerox
0 soubor…, 0 bajt…
Adres ý…: 66, Volněch bajt…: 11˙319˙304˙192

b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:

Nebyly nalezeny žádné podvodné programy.

******************************************

3) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

[makojed]

Věpis adres ýe C:\WINDOWS\Tasks

15.02.2010 20:48 354 At48.job
15.02.2010 20:48 354 At47.job
15.02.2010 20:48 354 At46.job
15.02.2010 20:48 354 At45.job
15.02.2010 20:48 354 At44.job
15.02.2010 20:48 354 At43.job
15.02.2010 20:48 354 At42.job
15.02.2010 20:48 354 At41.job
15.02.2010 20:48 354 At40.job
15.02.2010 20:48 354 At39.job
15.02.2010 20:48 354 At38.job
15.02.2010 20:48 354 At37.job
15.02.2010 20:48 354 At36.job
15.02.2010 20:48 354 At35.job
15.02.2010 20:48 354 At34.job
15.02.2010 20:48 354 At33.job
15.02.2010 20:48 354 At32.job
15.02.2010 20:48 354 At31.job
15.02.2010 20:48 354 At30.job
15.02.2010 20:48 354 At29.job
15.02.2010 20:48 354 At28.job
15.02.2010 20:48 354 At27.job
15.02.2010 20:48 354 At26.job
15.02.2010 20:48 354 At25.job
15.02.2010 09:55 376 At24.job
15.02.2010 09:55 376 At23.job
15.02.2010 09:55 376 At22.job
15.02.2010 09:55 376 At21.job
15.02.2010 09:55 376 At20.job
15.02.2010 09:55 376 At19.job
15.02.2010 09:55 376 At18.job
15.02.2010 09:55 376 At17.job
15.02.2010 09:55 376 At16.job
15.02.2010 09:55 376 At15.job
15.02.2010 09:55 376 At14.job
15.02.2010 09:55 376 At13.job
15.02.2010 09:55 376 At12.job
15.02.2010 09:55 376 At11.job
15.02.2010 09:55 376 At10.job
15.02.2010 09:55 376 At9.job
15.02.2010 09:55 376 At8.job
15.02.2010 09:55 376 At7.job
15.02.2010 09:55 376 At6.job
15.02.2010 09:55 376 At5.job
15.02.2010 09:55 376 At4.job
15.02.2010 09:55 376 At3.job
15.02.2010 09:55 376 At2.job
15.02.2010 09:55 376 At1.job
01.07.2009 16:59 940 GoogleUpdateTaskMachineUA.job
01.07.2009 16:59 936 GoogleUpdateTaskMachineCore.job
19.11.2008 16:08 6 SA.DAT
19.11.2008 16:04 65 desktop.ini
19.11.2008 16:04 <DIR> .
19.11.2008 16:04 <DIR> ..
52 soubor…, 19˙467 bajt…
Adres ý…: 2, Volněch bajt…: 11˙319˙300˙096

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:


––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C je SYSTEM.
S‚riov‚ źˇslo svazku je 2488-72EE.

Věpis adres ýe C:\WINDOWS\Tasks

15.02.2010 20:48 354 At48.job
15.02.2010 20:48 354 At47.job
15.02.2010 20:48 354 At46.job
15.02.2010 20:48 354 At45.job
15.02.2010 20:48 354 At44.job
15.02.2010 20:48 354 At43.job
15.02.2010 20:48 354 At42.job
15.02.2010 20:48 354 At41.job
15.02.2010 20:48 354 At40.job
15.02.2010 20:48 354 At39.job
15.02.2010 20:48 354 At38.job
15.02.2010 20:48 354 At37.job
15.02.2010 20:48 354 At36.job
15.02.2010 20:48 354 At35.job
15.02.2010 20:48 354 At34.job
15.02.2010 20:48 354 At33.job
15.02.2010 20:48 354 At32.job
15.02.2010 20:48 354 At31.job
15.02.2010 20:48 354 At30.job
15.02.2010 20:48 354 At29.job
15.02.2010 20:48 354 At28.job
15.02.2010 20:48 354 At27.job
15.02.2010 20:48 354 At26.job
15.02.2010 20:48 354 At25.job
15.02.2010 09:55 376 At24.job
15.02.2010 09:55 376 At23.job
15.02.2010 09:55 376 At22.job
15.02.2010 09:55 376 At21.job
15.02.2010 09:55 376 At20.job
15.02.2010 09:55 376 At19.job
15.02.2010 09:55 376 At18.job
15.02.2010 09:55 376 At17.job
15.02.2010 09:55 376 At16.job
15.02.2010 09:55 376 At15.job
15.02.2010 09:55 376 At14.job
15.02.2010 09:55 376 At13.job
15.02.2010 09:55 376 At12.job
15.02.2010 09:55 376 At11.job
15.02.2010 09:55 376 At10.job
15.02.2010 09:55 376 At9.job
15.02.2010 09:55 376 At8.job
15.02.2010 09:55 376 At7.job
15.02.2010 09:55 376 At6.job
15.02.2010 09:55 376 At5.job
15.02.2010 09:55 376 At4.job
15.02.2010 09:55 376 At3.job
15.02.2010 09:55 376 At2.job
15.02.2010 09:55 376 At1.job
01.07.2009 16:59 940 GoogleUpdateTaskMachineUA.job
01.07.2009 16:59 936 GoogleUpdateTaskMachineCore.job
19.11.2008 16:08 6 SA.DAT
19.11.2008 16:04 65 desktop.ini
19.11.2008 16:04 <DIR> .
19.11.2008 16:04 <DIR> ..
52 soubor…, 19˙467 bajt…
Adres ý…: 2, Volněch bajt…: 11˙319˙283˙712

******************************************

4) Zjišťování přítomnosti v registru:

a) Vyhledávání spouštěcích bodů v registru:

Nebyly nalezeny žádné spouštěcí body v registru.

b) Export výjimek IE pop-up blockeru:

c) Export povolení Windows firewallu:

»»»»»»»»»»»»» Konec výpisu «««««««««««««««

[makojed]

zase mě tam hodněkrát vyskočilo že správce zakázal úpravy registru musel jsem ten log rozdělit na tři části