VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pravdepodobne vírus

https://forum.viry.cz:443/viewtopic.php?t=123663

Stránka 2 z 2

Re: Pravdepodobne vírus

Napsal: 16 srp 2012 14:36
od BuXo
Tu sú odkazy:

https://www.virustotal.com/file/37757bc ... 345123580/
https://www.virustotal.com/file/d16c571 ... 345123722/
https://www.virustotal.com/file/662d185 ... 345123886/

A tu je log:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:33 on 16/08/2012 by Mato
Administrator - Elevation successful

========== folderfind ==========

Searching for "Akamai"
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai d------ [07:05 05/04/2012]

========== regfind ==========

Searching for "Akamai"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\020079C0CE4AC02EED1888A2AE8CE447]
"8189B9C5AD21C694D84D1384AA778EBA"="01:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Akamai NetSession Interface"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\0C42A6CD31370C8B4C429F1D10D847E7]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\admintool.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\18E8444AC870505B88DF1F2634E2B91E]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\accepteula.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\438DC116E50D44649EE9CD814DD086DB]
"8189B9C5AD21C694D84D1384AA778EBA"="01:\SOFTWARE\Akamai\client"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\580682D1C0159847CCEC037C03087E26]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\client.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\5B0A6CB367C495325A48DA1AB46E4E93]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\user.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\70F555577657DA47AE56C133D2D294E8]
"8189B9C5AD21C694D84D1384AA778EBA"="01:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Akamai\InstallLocation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\8D541BF13BA1EE09CD1F6EA7B1FBFC67]
"8189B9C5AD21C694D84D1384AA778EBA"="01:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Akamai\UninstallString"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\AFAF4DC50343A11A1551AF29AEA69F90]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\C5E5634748AA8DC5623BE48DDFCF8A04]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\rswinui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\DB748F92982DAED6D441C930AEC1DA8B]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\E1B47BBDD70D8978E1D52D309B624221]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\ControlPanel_Installer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\E34EEFC4F89581706B658D492BF98506]
"8189B9C5AD21C694D84D1384AA778EBA"="01:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Akamai\DisplayName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\E8B49D60B33C29DBB0BF46CF7F6AD30F]
"8189B9C5AD21C694D84D1384AA778EBA"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\installer_uploader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1960408961-1078145449-839522115-1006\Components\EACBC0EA4AB8DFC69FB2AD55A009EF37]
"8189B9C5AD21C694D84D1384AA778EBA"="01:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Akamai\Publisher"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3837:TCP"="3837:TCP:*:Enabled:Akamai NetSession Interface"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3837:TCP"="3837:TCP:*:Enabled:Akamai NetSession Interface"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3837:TCP"="3837:TCP:*:Enabled:Akamai NetSession Interface"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe"="Akamai NetSession Client"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe"="Akamai NetSession Client"

-= EOF =-

Re: Pravdepodobne vírus

Napsal: 16 srp 2012 21:33
od vyosek
:arrow: Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

  • Kód: Vybrat vše

    :reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3837:TCP"=-

:files
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai
c:\windows\Tasks\User_Feed_Synchronization-{C3F05B38-74F2-43F3-AC79-E2DA93584543}.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
  • Kliknete na cervene tlacitko MoveIt!
  • Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Re: Pravdepodobne vírus

Napsal: 18 srp 2012 10:55
od BuXo
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== FILES ==========
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Logs\dump folder moved successfully.
Folder move failed. C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Logs scheduled to be moved on reboot.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Languages folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache\csd.aeriagames.com\files\games\us\repulse\clients folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache\csd.aeriagames.com\files\games\us\repulse folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache\csd.aeriagames.com\files\games\us folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache\csd.aeriagames.com\files\games\aeria_ignite\clients folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache\csd.aeriagames.com\files\games\aeria_ignite folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache\csd.aeriagames.com\files\games folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache\csd.aeriagames.com\files folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache\csd.aeriagames.com folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Cache folder moved successfully.
Folder move failed. C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai scheduled to be moved on reboot.
c:\windows\Tasks\User_Feed_Synchronization-{C3F05B38-74F2-43F3-AC79-E2DA93584543}.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mamina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64905826 bytes
->Java cache emptied: 1304 bytes
->Flash cache emptied: 6559 bytes

User: Mato
->Temp folder emptied: 3400 bytes
->Temporary Internet Files folder emptied: 1336039 bytes
->Java cache emptied: 3045615 bytes
->FireFox cache emptied: 128323908 bytes
->Google Chrome cache emptied: 259981055 bytes
->Flash cache emptied: 210315 bytes

User: NetworkService
->Temp folder emptied: 19784 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ocino
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 172136751 bytes
->Flash cache emptied: 4616 bytes

User: Tomas
->Temp folder emptied: 3409590255 bytes
->Temporary Internet Files folder emptied: 113003185 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 785468654 bytes
->Flash cache emptied: 34914 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30886 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4 710,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Mamina
->Flash cache emptied: 0 bytes

User: Mato
->Flash cache emptied: 0 bytes

User: NetworkService

User: Ocino
->Flash cache emptied: 0 bytes

User: Tomas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: Mamina
->Java cache emptied: 0 bytes

User: Mato
->Java cache emptied: 0 bytes

User: NetworkService

User: Ocino
->Java cache emptied: 0 bytes

User: Tomas
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 08182012_114908

Files moved on Reboot...
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\Logs folder moved successfully.
C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai folder moved successfully.
File C:\Documents and Settings\Tomas\Local Settings\Temp\Perflib_Perfdata_f8.dat not found!

Registry entries deleted on Reboot...

Re: Pravdepodobne vírus

Napsal: 18 srp 2012 21:35
od vyosek
Jak se chova nas pacient :???:

Re: Pravdepodobne vírus

Napsal: 19 srp 2012 10:43
od BuXo
Všetko v poriadku, všetky príznaky zmizli, veľmi pekne Ďakujem za pomoc! :)

Re: Pravdepodobne vírus

Napsal: 19 srp 2012 19:45
od vyosek
Tak jeste uklidime :James008:

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Pravdepodobne vírus

Napsal: 22 srp 2012 15:06
od BuXo
Všetko v poriadku, ešte raz, veľmi pekne Ďakujem za pomoc! :thumbsup:

Re: Pravdepodobne vírus

Napsal: 22 srp 2012 20:46
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz