VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

antivirus hlasi napadnuty počitač,nic nefunguje

https://forum.viry.cz:443/viewtopic.php?t=102658

Stránka 2 z 2

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Napsal: 13 črc 2010 21:20
od stell
ok,
klik-start-ovladacie panely-2x-klik-moznosti internetu-zalozka-pripojenie-nastavenie mistni site-VYBRAt fajku-pouzit proxy,pre mistni sit lan-ok-pouzit-
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
DDS::
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = http=127.0.0.1:5577
File::
c:\documents and settings\Lucia Rusnakova\Application Data\wklnhst.dat
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=-
"Adobe Photo Downloader"=-
"TkBellExe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
"Skype"=-
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Napsal: 13 črc 2010 22:06
od bramo26
ComboFix 10-07-12.03 - Lucia Rusnakova 2010-07-13 21:50:04.16.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.206 [GMT 1:00]
Running from: c:\documents and settings\Lucia Rusnakova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lucia Rusnakova\Desktop\CFScript.txt.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\documents and settings\Lucia Rusnakova\Application Data\wklnhst.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lucia Rusnakova\Application Data\wklnhst.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-08-11 17:29 . 2010-08-11 17:30 26682864 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-08-11 17:29 . 2010-08-11 17:29 220272 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-11 17:29 . 2010-08-11 17:29 149000 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-11 17:29 . 2010-08-11 17:29 13407072 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-11 17:28 . 2010-08-11 17:28 79368 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-08-11 17:28 . 2010-08-11 17:28 73344 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-11 17:28 . 2010-08-11 17:28 64000 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-11 17:28 . 2010-08-11 17:28 52288 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-11 17:28 . 2010-08-11 17:28 122880 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-08 07:12 . 2010-08-08 07:12 452104 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\setup.exe
2010-07-13 08:47 . 2010-07-13 08:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-04 08:09 . 2010-07-04 08:09 439816 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.10\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 20:50 . 2006-04-21 23:26 -------- d-----w- c:\documents and settings\Lucia Rusnakova\Application Data\Skype
2010-07-13 19:36 . 2009-07-01 22:19 -------- d-----w- c:\program files\CCleaner
2010-07-13 19:17 . 2006-04-21 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-13 19:15 . 2006-04-21 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-13 12:58 . 2008-09-24 22:53 -------- d-----w- c:\documents and settings\Lucia Rusnakova\Application Data\skypePM
2010-07-13 07:36 . 2008-12-25 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 19:34 . 2009-10-12 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-05-10 08:27 . 2006-04-20 20:17 55680 ----a-w- c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 14:39 . 2008-12-25 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2008-12-25 12:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-08-25 08:50 . 2008-08-25 08:50 16 ---ha-w- c:\program files\mxfilerelatedcache.mxc2
2009-07-07 00:14 . 2009-07-05 07:55 28565536 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeskSpace"="c:\documents and settings\Lucia Rusnakova\Desktop\3D_Cube_DeskSpace_v1.5.1\DeskSpace v1.5.1\deskspace.exe" [2007-09-18 1066496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-10-14 53248]
"VTTrayp"="VTtrayp.exe" [2005-10-14 167936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-17 729178]
"OlStatusMon"="c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-06-28 106496]
"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"WireLessMouse "="c:\program files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 503808]
"WireLessKeyboard "="c:\program files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 233472]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RecordingManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 olMntrService;olMntrService;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [2006-06-28 86016]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-12-08 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-26 c:\windows\Tasks\avast! Antivirus.job
- c:\progra~1\ALWILS~1\Avast4\ashAvast.exe [2010-04-17 09:59]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 08:40]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 08:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.centrum.sk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://213.151.230.2:2222/Ctl/WinWebPush.cab
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - hxxp://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
FF - ProfilePath - c:\documents and settings\Lucia Rusnakova\Application Data\Mozilla\Firefox\Profiles\51uh23wh.default\
FF - component: c:\documents and settings\Lucia Rusnakova\Application Data\Mozilla\Firefox\Profiles\51uh23wh.default\extensions\LAILoader@liveblockauctions.com\components\np_laiLoader.dll
FF - plugin: c:\documents and settings\Lucia Rusnakova\Application Data\Mozilla\Firefox\Profiles\51uh23wh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 21:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3616)
c:\documents and settings\Lucia Rusnakova\Desktop\3D_Cube_DeskSpace_v1.5.1\DeskSpace v1.5.1\deskspace151.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\slmdmsr.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-13 22:04:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-13 21:04
ComboFix2.txt 2010-07-13 13:06
ComboFix3.txt 2010-07-13 09:05

Pre-Run: 26,515,451,904 bytes free
Post-Run: 26,507,358,208 bytes free

- - End Of File - - 8EA5F14EA6B740AED38B697FEF3E7C50

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Napsal: 13 črc 2010 22:49
od stell
ok,odinstaluj combofix-start-spustit-vloz prikaz combofix /uninstall
odskusaj pocitac a zajtra napis ako sa chova,,dnes koncim. :wink:
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz