boo/tdss

[ajdus]

MLWbytes - log je cisty,

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
ajdus :: SKN11005 [administrator]

Protection: Disabled

9. 2. 2012 21:58:15
mbam-log-2012-02-09 (21-58-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 625739
Time elapsed: 1 hour(s), 40 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

pokracujem zas zajtra

[ajdus]

Z combofixu sa mi log nezobrazil, nenasiel som novy log ani na c: (mam tam len stary z pred 4 dni)
OTL log->

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ajdus\Downloads\cmd.bat deleted successfully.
C:\Users\ajdus\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ajdus
->Temp folder emptied: 302923 bytes
->Temporary Internet Files folder emptied: 234012367 bytes
->Java cache emptied: 2455540 bytes
->Google Chrome cache emptied: 162679670 bytes
->Flash cache emptied: 93900 bytes

User: Public
->Temp folder emptied: 0 bytes

User: VisAdmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1534004 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7260 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 6675906 bytes

Total Files Cleaned = 389,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02122012_231415

Files\Folders moved on Reboot...
File\Folder C:\Users\ajdus\AppData\Local\Temp\hsperfdata_ajdus\6992 not found!
C:\Users\ajdus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SILJMMV4\mail[1].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SILJMMV4\videoplayback[2] moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LODEP5F9\afr[2].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LODEP5F9\viewtopic[1].htm moved successfully.
File\Folder C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ7G348J\OTL[1].exe not found!
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ7G348J\render[1].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKJ4MR1S\ads[1].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKJ4MR1S\mail[3].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY5F6TG2\bind[1].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY5F6TG2\bind[2].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7HK8FAR\mail[1].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OI22R5I\240_nhl[2].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OI22R5I\afr[1].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OI22R5I\afr[2].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OI22R5I\comment[2].htm moved successfully.
C:\Users\ajdus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OI22R5I\honeypot_export[1].htm moved successfully.

Registry entries deleted on Reboot...

[stell]

ok ..ak vsetko funguje tak ako ma tak to je vsetko,.

[ajdus]

Tak este raz vdaka, comp ide v pohode rychlo, jedine co som stratil je zoznam vsetkych programov v start menu, to uz si doriesim.

[stell]

No, mozno,, pretoze infekcia bola zlozita,,
Skus to takto>.pravy klik na start>>vlastnosti>>Start menu, >.a tu to nastav.
ak nepojde pozri sa aj sem.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
a tu by si mal mat kluc, a cestu tuto cestu, alk nemas opravit.
kluc>>Programs Cesta>>>%USERPROFILE%\Start Menu\Programs

Nemas zaco, aj za kolegov.