VIRY.CZ

Dobrý den snad je to vše co jste potřeboval

SystemLook 30.07.11 by jpshortstuff
Log created at 12:20 on 31/01/2015 by Radek
Administrator - Elevation successful

========== filefind ==========

Searching for "*JobupOkulu*"
No files found.

========== folderfind ==========

Searching for "*JobupOkulu*"
C:\Documents and Settings\All Users\Data aplikací\JobupOkulu d------ [19:58 30/01/2015]
C:\FRST\Quarantine\C\Documents and Settings\All Users\Data aplikací\JobupOkulu d------ [17:55 13/01/2015]
C:\FRST\Quarantine\C\Documents and Settings\All Users\Data aplikací\JobupOkulu\JobupOkulu d------ [15:53 30/01/2015]

========== regfind ==========

Searching for "JobupOkulu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"JobupOkulu"="regsvr32.exe "C:\Documents and Settings\All Users\Data aplikací\JobupOkulu\NegpiBoziy.qae""
[HKEY_USERS\S-1-5-21-790525478-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"JobupOkulu"="regsvr32.exe "C:\Documents and Settings\All Users\Data aplikací\JobupOkulu\NegpiBoziy.qae""

-= EOF =-

Hlaska o zablokovane haveti vyskakuje jen kdyz je otevrenej Chrome nebo ikdyz jsou vsechny aplikace ukoncene?

Drzte se presne navodu! Win XP neni podporovan novou verzi 2.0

• Stahnete a nainstalujte MBAM 1.75 http://www.bleepingcomputer.com/downloa ... i-malware/
• na konci instalace zruste zatrzitko u polozky Povolit bezplatnou zkusebni verzi Malwarebytes Anti-Malware PRO
• ted je dulezity krok - stahuje se aktualizace celeho programu a na konci vyskoci hlaska - zvolte Cancel, pripadne Storno
• jako dalsi se sama stahla aktualizace virove databaze a dava Vam jedinou moznost -> OK
• opet je Vam nabizena aktualizace celeho programu -> zvolte opet Cancel
• v zalozce Kontrolor vyberte moznost Kompletni kontrola a kliknete na Prohledat
• po dokonceni skenovani, ktere se muze protahnout az na nekolik hodin, na Vas vyskoci log, ktery mi zkopirujte do pristi odpovedi... pripadne jej najdete v karte Slozka protokolu

Okno avastu s hlaskou viru vyskakuje kři každém novém načtení webové založky u chrome prohlížece nebo nacteni stranky

zdel og z malwarebytu

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2015.02.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Radek :: RADEKK [administrátor]

2.2.2015 16:04:41
MBAM-log-2015-02-02 (17-55-18).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 523623
Uplynulý čas: 1 hodin, 48 minut, 26 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCR\Typelib\{157B1AA6-3E5C-404A-9118-C1D91F537040} (PUP.Optional.Multiplug) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|JobupOkulu (Trojan.MSIL.SA) -> Data: -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 26
c:\documents and settings\all users\data aplikací\jobupokulu\negpiboziy.qae (Trojan.MSIL.SA) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgArchive.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgFlashPlayer.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQAuto.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mglogger.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMediaPlayer.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnAuto.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgSweetIM.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooAuto.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe.vir (PUP.Optional.AudioToAudioToolBar.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL.vir (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL.vir (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Radek\Dokumenty\Downloads\Download.exe (PUP.Optional.InstalRex) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Radek\Plocha\rcpsetup_9809.exe (PUP.Optional.RegCleanerPro) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Radek\Plocha\keygen.exe (Malware.Gen) -> Nebyla provedena žádná instrukce.
c:\frst\quarantine\c\documents and settings\all users\data aplikací\jobupokulu\jobupokulu\negpiboziy.qae (Trojan.MSIL.SA) -> Nebyla provedena žádná instrukce.
C:\Program Files\ICQ7.2\upgrade\2dcd1d63cb45e6613582211c3d5f4b23 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\Installer\9b59b7.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
D:\install\Sony Vegas\SV7\Sony.Software.v1.7.Keygen-SSG.zip (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
D:\install\Sony Vegas\SV7\Sony.Software.v1.7.Keygen-SSG\Sony.Vegas.v7.0c.Incl.Keygen-SSG\keygen.rar (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
D:\install\Sony Vegas\SV7\Sony.Software.v1.7.Keygen-SSG\Sony.Vegas.v7.0c.Incl.Keygen-SSG\keygen\keygen.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.

(konec)

Vsechny nalezy smazte/presunte do karanteny.

• Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
• ukoncete vsechny programy
• kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
• po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

  Kód: Vybrat vše

  :commands
  [Purity]
  [EmptyTemp]
  [EmptyFlash]
  [EmptyJava]
  
  :services
  trufos
  tizekdrv
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  C:\Documents and Settings\All Users\Data aplikací\JobupOkulu
  C:\Documents and Settings\Radek\Data aplikací\TZAC
  
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "JobupOkulu"=-
  [HKEY_USERS\S-1-5-21-790525478-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
  "JobupOkulu"=-

Dobrý den,
program OTM nelze spustit , nenabehne komplet. Zde screen

Zkuste to provest v nouzovem rezimu - stejny postup.

Dobře povedlo se v nouzovém režimu. Zde log a hlašky virů už nevyskakují .

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Intel

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Radek
->Temp folder emptied: 17223380 bytes
->Temporary Internet Files folder emptied: 32559627 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10495442 bytes
->Google Chrome cache emptied: 235949046 bytes
->Flash cache emptied: 58667 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 30680681 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90999235 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 399,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Intel

User: LocalService

User: NetworkService

User: Radek
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Intel

User: LocalService

User: NetworkService

User: Radek
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Service trufos stopped successfully!
Service trufos deleted successfully!
Error: No service named tizekdrv was found to stop!
Service\Driver key tizekdrv not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP193F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A1E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B81.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP258A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2784.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C2A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP45C9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP53E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP56F2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP70F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP759.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP788.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP810.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAFE.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI234F.tmp moved successfully.
C:\WINDOWS\Installer\MSI2512.tmp moved successfully.
C:\WINDOWS\Installer\MSI2F10.tmp moved successfully.
C:\WINDOWS\Installer\MSI2F13.tmp moved successfully.
C:\WINDOWS\Installer\MSI39A.tmp moved successfully.
C:\WINDOWS\Installer\MSI9F7.tmp moved successfully.
C:\Documents and Settings\All Users\Data aplikací\JobupOkulu folder moved successfully.
C:\Documents and Settings\Radek\Data aplikací\TZAC folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JobupOkulu deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\JobupOkulu not found.

OTM by OldTimer - Version 3.1.21.0 log created on 02032015_205948

Files moved on Reboot...
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WLU44GKL\desktop.ini not found!
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WFXUBE9B\desktop.ini not found!
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8NO67COL\desktop.ini not found!
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6P6MAJU3\desktop.ini not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y2EWX7GP\desktop.ini not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VENQ9WFT\desktop.ini not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F57Z6WBL\desktop.ini not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DTL35F4P\desktop.ini not found!

Registry entries deleted on Reboot...

OK, to rad slysim... jak se dostanete k tomuto PC, udelejte mi jeste jednou stejny postup, ktery jste uz jednou delal

Uložte na plochu http://jpshortstuff.247fixes.com/SystemLook.exe nebo http://images.malwareremoval.com/jpshor ... emLook.exe

• Dvojklikem na ikonu program spusťte.
• Do bílého okénka zkopírujte text z následujícího bílého pole.

• Klikněte na Look, po dokončení skenu na Vás vyskočí log, zkopírujte ho sem.
• Log se také bude nacházet na ploše v souboru SystemLook.txt

log

SystemLook 30.07.11 by jpshortstuff
Log created at 16:22 on 04/02/2015 by Radek
Administrator - Elevation successful

========== filefind ==========

Searching for "*JobupOkulu*"
No files found.

========== folderfind ==========

Searching for "*JobupOkulu*"
C:\FRST\Quarantine\C\Documents and Settings\All Users\Data aplikací\JobupOkulu d------ [17:55 13/01/2015]
C:\FRST\Quarantine\C\Documents and Settings\All Users\Data aplikací\JobupOkulu\JobupOkulu d------ [15:53 30/01/2015]
C:\_OTM\MovedFiles\02032015_205948\C_Documents and Settings\All Users\Data aplikací\JobupOkulu d------ [19:58 30/01/2015]

========== regfind ==========

Searching for "JobupOkulu"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d03ef9dd48daa4"="|C:\Documents and Settings\All Users\Data aplikací\JobupOkulu\NegpiBoziy.qae"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d03efd37fdefc2"="|C:\FRST\Quarantine\C\Documents and Settings\All Users\Data aplikací\JobupOkulu\JobupOkulu\NegpiBoziy.qae"

-= EOF =-

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Super tak ja vam moc děkuji, byla to fuška. takže to muzeme uzavřít jestě jednou díky

Nemate zac, rad jsem pomohl


Kdyby se to vratilo, dejte vedet na mail a budeme patrat dal