Pravdepodobne zavireny

[atuterix]

vo Firefoxe mi to vyhadzuje, iny tam tusim ani neni nainstalovany, teda okrem ie, samozrejme. Tuto hlasku mi to vyhadzuje: http://forum.mozilla.cz/viewtopic.php?f=3&t=8436 divne, ze to robi prave pri google.

[Rudy]

Zkuste možnosti>soukromí a vymažte cookies a historii.

[atuterix]

Uz som na to prisiel, kedze som odpojil kabel zo zastrcky tak sa vymazal datum a cas (zrejme by trebalo baterku vymenit na doske). No a som to nechal tak, ze naco budem nastavovat datumy ked netreba, bolo tam 2003. A zistil som ze tie certifikaty na niektorych strankach platia az od roku 2013 Cize som nastavil datum na atualny a uz mi to nevyhadzuje
Som sa chcel este spytat, ze dal mi k tomu aj USB. A ze co mam spravit aby bolo stopercentne ciste? Nie ze ho pichnem do pc a daco sa mi tam nakopiruje.

[Rudy]

Projeďte USB flešku pomocí USBFix: http://forum.viry.cz/viewtopic.php?f=24&t=140144 .

[atuterix]

tak som dal clean a naslo toho celkom dost

############################## | UsbFix V 7.804 | [Clean]

User: Roman (Administrator) # ROMANPC
Updated 24/11/2014 by El Desaparecido - SosVirus
Started at 18:16:17 | 26/11/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Live detection : http://how-to-remove.us/
Contact : http://www.en.usbfix.net/contact/

################## | System information |

CPU: AMD Athlon(tm) XP 2200+
RAM -> [Total : 255 Mo | Free : 89 Mo]
Boot: Normal boot

OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
WB: Internet Explorer : 6.00.2900.5512
WB: Mozilla Firefox : 33.1.1

################## | Security Information |

FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [(!) Disabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 244 Gb (227 Gb free - 93%) [System] # NTFS
D:\ -> Removable disk # 7 Gb (7 Gb free - 99%) [FLASH DRIVE] # NTFS

################## | Generic Research |

Deleted! C:\Documents and Settings\Roman\Application Data\c731200
Deleted! C:\Documents and Settings\Roman\Application Data\Update\Explorer.exe
Deleted! C:\Documents and Settings\Roman\Application Data\Update\MSupdate.exe
Deleted! C:\DOCUME~1\Roman\LOCALS~1\Temp\c731200
Deleted! D:\10-03DB2A7F-2168419-960.jpg.lnk
Deleted! D:\10-25421F3F-877713-960.jpg.lnk
Deleted! D:\10-26C086DA-1460338-960.jpg.lnk
Deleted! D:\10-26F6F7DE-1585973-960.jpg.lnk
Deleted! D:\10-2A60A91C-833304-960.jpg.lnk
Deleted! D:\10-3C095337-1922318-960.jpg.lnk
Deleted! D:\10-3F494BDF-2192505-960.jpg.lnk
Deleted! D:\10-4FEB46C6-1351807-960.jpg.lnk
Deleted! D:\10-76814F78-905689-960.jpg.lnk
Deleted! D:\10-7F8599FC-1416700-960.jpg.lnk
Deleted! D:\10-883B3345-1783306-960.jpg.lnk
Deleted! D:\10-9C6D8101-1833598-960.jpg.lnk
Deleted! C:\Documents and Settings\Roman\Local Settings\Application Data\dt.dat
Deleted! C:\Documents and Settings\Roman\Local Settings\Temp\anpeg.exe
Deleted! C:\Documents and Settings\Roman\Local Settings\Temp\fpeqb.exe
Deleted! D:\pTRvwnW.exe

(!) Temporary files deleted. (8.09532260894775 MB)

################## | Registry |

Repaired ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman ("")
Deleted! HKU\S-1-5-21-842925246-2052111302-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Run|Windows Explorer Manager
Deleted! HKU\S-1-5-21-842925246-2052111302-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Run|Windows Update Manager

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [TaskMan]
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

################## | UsbFix - Information |

UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.

Info : How to remove shortcut virus on flash disk (Video)
Info : Shortcut virus on flash disk, What is it ?

################## | Hijack |

Restored! [N] D:\10-03DB2A7F-2168419-960.jpg
Restored! [N] D:\10-25421F3F-877713-960.jpg
Restored! [N] D:\10-26C086DA-1460338-960.jpg
Restored! [N] D:\10-26F6F7DE-1585973-960.jpg
Restored! [N] D:\10-2A60A91C-833304-960.jpg
Restored! [N] D:\10-3C095337-1922318-960.jpg
Restored! [N] D:\10-3F494BDF-2192505-960.jpg
Restored! [N] D:\10-4FEB46C6-1351807-960.jpg
Restored! [N] D:\10-76814F78-905689-960.jpg
Restored! [N] D:\10-7F8599FC-1416700-960.jpg
Restored! [N] D:\10-883B3345-1783306-960.jpg
Restored! [N] D:\10-9C6D8101-1833598-960.jpg

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[08/05/2012 - 21:15:24 | RASH | 0 Ko] - C:\MSDOS.SYS
[08/05/2012 - 21:15:24 | A | 0 Ko] - C:\CONFIG.SYS
[08/05/2012 - 21:15:24 | RASH | 0 Ko] - C:\IO.SYS
[26/11/2014 - 18:05:44 | ASH | 392424 Ko] - C:\pagefile.sys
[26/11/2014 - 18:05:46 | ASH | 261684 Ko] - C:\hiberfil.sys
[06/02/2013 - 14:50:53 | D] - C:\Config.Msi
[22/06/2012 - 18:22:51 | A | 0 Ko] - C:\GuardMailRu.log
[19/06/2012 - 15:45:48 | A | 0 Ko] - C:\user.js
[22/06/2012 - 18:40:53 | SH | 0 Ko] - C:\boot.ini
[13/04/2008 - 21:13:04 | N | 46 Ko] - C:\NTDETECT.COM
[08/05/2012 - 21:15:24 | A | 0 Ko] - C:\AUTOEXEC.BAT
[01/01/2003 - 00:04:35 | RD] - C:\Dokumenty
[01/01/2003 - 06:29:22 | D] - C:\WINDOWS
[01/01/2003 - 06:29:23 | D] - C:\meuhampxq
[01/01/2003 - 07:59:28 | D] - C:\mcmkydylt
[02/01/2003 - 00:49:38 | D] - C:\gqigiluea
[13/04/2008 - 23:01:44 | RASH | 244 Ko] - C:\ntldr
[08/05/2012 - 21:19:33 | SHD] - C:\System Volume Information
[08/05/2012 - 21:23:38 | D] - C:\Documents and Settings
[08/05/2012 - 22:32:51 | D] - C:\Stary
[08/05/2012 - 23:01:56 | D] - C:\Programy
[11/05/2012 - 18:47:09 | D] - C:\bin
[16/05/2012 - 17:12:27 | D] - C:\install
[07/12/2012 - 20:55:58 | D] - C:\temp
[23/11/2014 - 17:56:02 | RD] - C:\Program Files
[23/11/2014 - 19:29:01 | D] - C:\AdwCleaner
[26/11/2014 - 18:12:39 | D] - C:\UsbFix
[26/11/2014 - 18:17:05 | SHD] - C:\RECYCLER

################## | D:\ - Removable drive (NTFS) |

[08/08/2013 - 12:00:16 | N | 10 Ko] - D:\10-3C095337-1922318-960.jpg
[06/04/2014 - 12:27:42 | N | 12 Ko] - D:\10-26F6F7DE-1585973-960.jpg
[06/04/2014 - 12:27:42 | N | 12 Ko] - D:\10-25421F3F-877713-960.jpg
[07/04/2014 - 11:37:04 | N | 10 Ko] - D:\10-2A60A91C-833304-960.jpg
[10/04/2014 - 16:10:34 | N | 9 Ko] - D:\10-4FEB46C6-1351807-960.jpg
[12/04/2014 - 10:34:08 | N | 9 Ko] - D:\10-76814F78-905689-960.jpg
[25/07/2014 - 12:25:32 | N | 14 Ko] - D:\10-883B3345-1783306-960.jpg
[02/08/2014 - 15:58:08 | N | 13 Ko] - D:\10-7F8599FC-1416700-960.jpg
[13/08/2014 - 12:30:08 | N | 12 Ko] - D:\10-3F494BDF-2192505-960.jpg
[13/08/2014 - 12:30:36 | N | 12 Ko] - D:\10-03DB2A7F-2168419-960.jpg
[06/09/2014 - 20:29:54 | N | 13 Ko] - D:\10-9C6D8101-1833598-960.jpg
[07/09/2014 - 20:37:08 | N | 12 Ko] - D:\10-26C086DA-1460338-960.jpg

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |

a este ked som spustil PC tak sa mi po chvili sam od seba spustil Internet explorer aj s nejakou otravnou vyskakovacou reklamou typu: "vyhral si iphone, klikni sem", cize nejaky bordel tam zrejme este zostal.

[Rudy]

Fleška už bude čistá. Spusťte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[atuterix]

Nechce mi otvorit tu stranku malwarebytes.org. Vyskoci mi iba hlaska, ze server sa nenasiel. Je nejaka alternativa odkial by som to stiahol?

[Rudy]

http://download.cnet.com/Malwarebytes-A ... 04572.html , nebo http://www.bleepingcomputer.com/downloa ... i-malware/ .

[atuterix]

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 26. 11. 2014
Scan Time: 21:15:07
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.26.07
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Roman

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 284940
Time Elapsed: 14 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.StartNow.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StartNow Toolbar, , [bda2f84884f83ff784d8bc00867e8779],

Registry Values: 1
Hijack.Shell.Gen, HKU\S-1-5-21-842925246-2052111302-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, explorer.exe,C:\Documents and Settings\Roman\Application Data\Update\MSupdate.exe, , [c9968ab60478af8744c818068d7708f8]

Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[fc63152ba9d35adcea2e6ee4be47be42]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[5c035ce4ef8d4beb27f263ef5baab64a]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[89d699a75c207cba08120c466a9b0cf4]

Folders: 0
(No malicious items detected)

Files: 4
Trojan.Agent, C:\Documents and Settings\Roman\Application Data\c731200, , [411e79c7bdbf2214038de5d46c95b947],
Trojan.Agent, c:\documents and settings\roman\application data\microsoft\windows\kllqla.exe, , [035cbb855b21df57b8d8c1f8f110d12f],
PUP.RiskwareTool.CK, C:\Dokumenty\Downloads\everest_ult530.rar, , [8ed117292e4ea591d8c65617936e9b65],
PUP.Optional.Softonic.A, C:\Dokumenty\Downloads\SoftonicDownloader_for_everest.exe, , [a0bf6dd380fc171ff94574c74db4b749],

Physical Sectors: 0
(No malicious items detected)


(end)

[Rudy]

Vše, co MBAM nalezl smažte.

[atuterix]

Dal som to zmazat a spustil som este raz mbam, a znovu to naslo nejake problemove subory

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 27. 11. 2014
Scan Time: 8:38:09
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.27.03
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Roman

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288679
Time Elapsed: 32 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.StartNow.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StartNow Toolbar, Quarantined, [9441201e34480d29a6dfbb0113f150b0],

Registry Values: 1
Hijack.Shell.Gen, HKU\S-1-5-21-842925246-2052111302-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, explorer.exe,C:\Documents and Settings\Roman\Application Data\Update\MSupdate.exe, Quarantined, [983d65d95329171f62d36faf61a3f60a]

Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[4f86ac922f4de74f52fcf65ce91c40c0]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[ba1b3b0337450036ca8560f25fa6e51b]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[1abbbd8188f4ec4a3d13ff5309fc8779]

Folders: 0
(No malicious items detected)

Files: 3
Trojan.Agent, C:\Documents and Settings\Roman\Application Data\c731200, Quarantined, [a92ca09e94e8fe3898fb526753ae817f],
PUP.RiskwareTool.CK, C:\Dokumenty\Downloads\everest_ult530.rar, Quarantined, [468f94aa92ea3501bde4006db1508a76],
PUP.Optional.Softonic.A, C:\Dokumenty\Downloads\SoftonicDownloader_for_everest.exe, Quarantined, [e2f3a896a0dc51e52d14a7945aa717e9],

Physical Sectors: 0
(No malicious items detected)


(end)

[Rudy]

Opět smažte a provedte kontrolní sken.

[atuterix]

tak som to dal znovu a zase naslo este viac

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 27. 11. 2014
Scan Time: 19:14:01
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.27.03
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Roman

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 310779
Time Elapsed: 51 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 22
PUP.Optional.BabylonToolBar.A, C:\AdwCleaner\Quarantine\C\Documents and Settings\Roman\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe.vir, , [0dc81826afcd1b1bae0b4fe3728fe61a],
Rootkit.Agent, C:\install\Foxconn mainboard\Fxdrv.sys, , [2fa62519b4c8aa8cdd73a7c110f060a0],
Rootkit.Agent, C:\install\Foxconn mainboard\Acrobat\Fxdrv.sys, , [973e1c22df9df93d99b7afb95da3ed13],
Rootkit.Agent, C:\install\Foxconn mainboard\Chipdrv\EXERUN\Fxdrv.sys, , [6d68e25cd0acd264ada3c1a729d75ea2],
Rootkit.Agent, C:\install\Foxconn mainboard\DevDrv\Audio\Fxdrv.sys, , [1fb64ef0e29abf77311fda8ea25eb050],
Rootkit.Agent, C:\install\Foxconn mainboard\DevDrv\Audio\Audio-a3.49\Fxdrv.sys, , [00d583bb33495cda430dadbbbc440ef2],
Rootkit.Agent, C:\install\Foxconn mainboard\DevDrv\IR\EXERUN\Fxdrv.sys, , [8b4a3707b4c8e05677d96503e61ada26],
Rootkit.Agent, C:\install\Foxconn mainboard\DevDrv\LAN\Fxdrv.sys, , [b520003e4b3167cf4d03b4b4956bb54b],
Rootkit.Agent, C:\install\Foxconn mainboard\DevDrv\USB2.0\Fxdrv.sys, , [6273b48add9f350118380f599868f60a],
Rootkit.Agent, C:\install\Foxconn mainboard\DevDrv\VGA\EXERUN\Fxdrv.sys, , [a530f44a48346fc72a26da8e06fad828],
Rootkit.Agent, C:\install\Foxconn mainboard\DevDrv\viaraid\8237\Fxdrv.sys, , [07ce65d9027a37ffbf91e781e31d20e0],
Rootkit.Agent, C:\install\Foxconn mainboard\DirectX\Fxdrv.sys, , [d7fe3b03d4a8f0464907a4c4cc344cb4],
Rootkit.Agent, C:\install\Foxconn mainboard\Norton\EXERUN\Fxdrv.sys, , [9540003e6b1139fdba96b9af916fd12f],
Rootkit.Agent, C:\install\Foxconn mainboard\Utilities\Fxdrv.sys, , [1fb6ce70ceae1b1b0a46571113ed6e92],
Trojan.Agent.DED, C:\UsbFix\Quarantine\C\Documents and Settings\Roman\Application Data\c731200.vir, , [f2e316285b21989e9405cc191fe2e11f],
Trojan.Agent.DED, C:\UsbFix\Quarantine\C\Documents and Settings\Roman\Application Data\Update\Explorer.exe.vir, , [d9fca19d94e8f6403564af363fc244bc],
Trojan.Agent.DED, C:\UsbFix\Quarantine\C\Documents and Settings\Roman\Application Data\Update\MSupdate.exe.vir, , [20b5d86627555ed8019708dd3cc57b85],
Trojan.Agent.DED, C:\UsbFix\Quarantine\C\Documents and Settings\Roman\Local Settings\Temp\anpeg.exe.vir, , [716459e5631985b13a5e3aab46bb768a],
Trojan.Agent.DED, C:\UsbFix\Quarantine\C\Documents and Settings\Roman\Local Settings\Temp\fpeqb.exe.vir, , [09ccf846b7c5191d1287588d867b24dc],
Trojan.Agent.DED, C:\UsbFix\Quarantine\D\pTRvwnW.exe.vir, , [a62fdd614b31ae885445f8edb24f39c7],
Trojan.Agent.DED, C:\UsbFix\Tools\UpMalware, , [7e574df149334de984152fb6eb1613ed],
Trojan.Agent, D:\pTRvwnW.exe, , [1eb751ed473549edfe9505b416eb05fb],

Physical Sectors: 0
(No malicious items detected)


(end)

[Rudy]

Stále se tam něco vrací. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[atuterix]

Spustil som ComboFix, bezi to uz vyse 2 hodin ale nic sa nedeje, tych prvych par veci prebehlo podla tohto navodu: http://www.bleepingcomputer.com/combofi ... e-combofix ale zastalo to na tomto bode: http://www.bleepstatic.com/combofix/en/autoscan.jpg a nehne sa to dalej, vobec nic. Tak neviem no, co dalej...
Najradsej by som len povyberal z tohto PC tie fotky co na nom su a nechal ho tak. Dalo by sa to nejak spravit bezpecne, aby som nepreniesol daku haved na USB a potom do dalsieho kompu?