VIRY.CZ

Hlasi sa mi Antvirus, teda antivirus software alert. Je to zo softwaru ktory som si ja neinstalovala,nejako sa mi dostal do pc.stale mi to hlasi, ze pc bol napadnuty, details:
Attack from: 107.10.189.53,port 1619
Attacked port: 31658
Threat: BankerFox.A
toto mi stale vybehuje aj este jedno okno s varovanim, potom internet explorer s nejakou porno strankou a potom mi zas ten antivirovy program da moznost, ze mi ich odstrani ale samozrejme, ze si ho najskor musim zakupit.Nemozem okrem
fire fox nic otvorit ani avast, ani cc cleaner, neviem vytvorit ani log z RSIT.
ďakujem

Zdsravim

Restart do nudzoveho rezimu s pracou v sieti:
Restartujte pocitac do nouzoveho rezimu (pri restartu mackejte klavesu F8, pote zvolte z nabidky Stav nouze-s pracou v siti; pote chvili vyckejte, otevre se vam potvrzovaci okno s nabidkou spusteni zvlastniho diagnostickeho rezimu, ktere potvrdte OK),

stiahni na plochu a spust
rkill.src
nechaj program prebehnut,,

Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-NERESTARTOVAT PC
sprav komplet skan,co najde ZMAZAT,log vloz sem,

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4308

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2010-07-13 09:18:50
mbam-log-2010-07-13 (09-18-50).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 205917
Uplynulý èas: 33 minuta(y), 50 sekunda(y)

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 2
Infikované hodnoty registru: 4
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované klíèe registru:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxomgxfu (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxomgxfu (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bwmavmnf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bwmavmnf (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)

Infikované soubory:
C:\Documents and Settings\Lucia Rusnakova\Local Settings\Application Data\urrunaiwe\uwkerpdtssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucia Rusnakova\Local Settings\Application Data\jtrsovksp\uddxsnqtssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucia Rusnakova\Desktop\Adobe Photoshop CS3\Adobe_Photoshop_CS3_Me_Serial_Keygen_Help\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2709719071-1385655763-2205556798-1006\Dc722.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Ďakujem

Stiahnite si prosím DeFogger na váš desktop.
http://www.jpshortstuff.247fixes.com/Defogger.exe
Dvojitým kliknutím DeFogger spustiť nástroj.
aplikácie sa objaví okno
kliknite na tlačidlo Zakázať zakázať vaše CD emulácia ovládače
Kliknutím na tlačidlo Áno, aby pokračovali
'Hotovo!' 'Finished!' zobrazí sa správa
Kliknite na tlačidlo OK
DeFogger môže požiadať vás o reštart, keď to robí - kliknite na tlačidlo OK

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

ComboFix 10-07-12.03 - Administrator 2010-07-13 9:56.14.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.194 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-08-11 17:29 . 2010-08-11 17:30 26682864 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-08-11 17:29 . 2010-08-11 17:29 220272 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-11 17:29 . 2010-08-11 17:29 149000 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-11 17:29 . 2010-08-11 17:29 13407072 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-11 17:28 . 2010-08-11 17:28 79368 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-08-11 17:28 . 2010-08-11 17:28 73344 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-11 17:28 . 2010-08-11 17:28 64000 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-11 17:28 . 2010-08-11 17:28 52288 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-11 17:28 . 2010-08-11 17:28 122880 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-08 07:12 . 2010-08-08 07:12 452104 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\setup.exe
2010-07-13 08:47 . 2010-07-13 08:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-12 15:16 . 2010-07-13 08:18 -------- d-----w- c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\jtrsovksp
2010-07-12 15:16 . 2010-07-13 08:18 -------- d-----w- c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\urrunaiwe
2010-07-04 08:09 . 2010-07-04 08:09 439816 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.10\setup.exe
2010-06-14 20:45 . 2010-06-14 20:45 503808 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cc70812-n\msvcp71.dll
2010-06-14 20:45 . 2010-06-14 20:45 499712 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cc70812-n\jmc.dll
2010-06-14 20:45 . 2010-06-14 20:45 348160 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cc70812-n\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 07:36 . 2008-12-25 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 07:20 . 2006-04-21 23:26 -------- d-----w- c:\documents and settings\Lucia Rusnakova\Application Data\Skype
2010-07-12 15:05 . 2008-09-24 22:53 -------- d-----w- c:\documents and settings\Lucia Rusnakova\Application Data\skypePM
2010-07-04 20:22 . 2006-07-08 23:12 1660 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\wklnhst.dat
2010-06-01 19:34 . 2009-10-12 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-05-10 08:27 . 2006-04-20 20:17 55680 ----a-w- c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 14:39 . 2008-12-25 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2008-12-25 12:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-08-25 08:50 . 2008-08-25 08:50 16 ---ha-w- c:\program files\mxfilerelatedcache.mxc2
2009-07-07 00:14 . 2009-07-05 07:55 28565536 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2005-04-07 . 45757077A47C68A603A79B03A1A836AB . 1032192 . . [6.00.2900.2649] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB884883$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-10-14 53248]
"VTTrayp"="VTtrayp.exe" [2005-10-14 167936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-17 729178]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"OlStatusMon"="c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-06-28 106496]
"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-23 185896]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"WireLessMouse "="c:\program files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 503808]
"WireLessKeyboard "="c:\program files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Lucia Rusnakova\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-8-18 21504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RecordingManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 133104]
S2 olMntrService;olMntrService;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [2006-06-28 86016]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-12-08 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-26 c:\windows\Tasks\avast! Antivirus.job
- c:\progra~1\ALWILS~1\Avast4\ashAvast.exe [2010-04-17 09:59]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 08:40]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 08:40]

2010-08-08 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2006-04-21 10:43]
.
.
------- Supplementary Scan -------
.
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://213.151.230.2:2222/Ctl/WinWebPush.cab
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - hxxp://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w1f1ogvf.default\
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 10:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\DivXa32.acm
.
Completion time: 2010-07-13 10:05:07
ComboFix-quarantined-files.txt 2010-07-13 09:05

Pre-Run: 25,142,267,904 bytes free
Post-Run: 25,271,349,248 bytes free

- - End Of File - - F075A0E4EA3FAE716AF4ECD5158DEA7A

Ďakujem

stiahnes na plochu>Download>spustis>>vloz zeleny text a klik >look,,log vloz sem.

Kód: Vybrat vše

:filefind
c:\windows\system32\user32.dll
c:\windows\explorer.exe

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 12:12 on 13/07/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "c:\windows\system32\user32.dll"
No files found.

Searching for "c:\windows\explorer.exe"
No files found.

-=End Of File=-

Ďakujem

este raz:

Kód: Vybrat vše

:filefind
user32.dll
explorer.exe

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:09 on 13/07/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "user32.dll"
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll ------ 577024 bytes [10:21 10/03/2006] [18:19 02/03/2005] 1800F293BCCC8EDE8A70E12B88D80036
C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll --a--- 578048 bytes [15:48 08/03/2007] [15:48 08/03/2007] 7AA4F6C00405DFC4B70ED4214E7D687B
C:\WINDOWS\$NtServicePackUninstall$\user32.dll -----c 577536 bytes [10:36 04/01/2009] [15:36 08/03/2007] B409909F6E2E8A7067076ED748ABF1E7
C:\WINDOWS\$NtUninstallKB890859$\user32.dll --a--c 577024 bytes [10:21 10/03/2006] [12:00 04/08/2004] C72661F8552ACE7C5C85E16A3CF505C4
C:\WINDOWS\$NtUninstallKB925902$\user32.dll --a--c 577024 bytes [14:35 04/04/2007] [18:19 02/03/2005] 1800F293BCCC8EDE8A70E12B88D80036
C:\WINDOWS\ServicePackFiles\i386\user32.dll --a--- 577024 bytes [00:12 14/04/2008] [18:19 02/03/2005] 1800F293BCCC8EDE8A70E12B88D80036
C:\WINDOWS\system32\user32.dll --a--- 577024 bytes [04:03 13/02/2000] [18:19 02/03/2005] 1800F293BCCC8EDE8A70E12B88D80036

Searching for "explorer.exe"
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c 1033216 bytes [10:37 04/01/2009] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtUninstallKB884883$\explorer.exe --a--c 1032192 bytes [10:13 10/03/2006] [12:00 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c 1032192 bytes [23:55 14/08/2007] [09:33 07/04/2005] 45757077A47C68A603A79B03A1A836AB
C:\WINDOWS\explorer.exe --a--- 1033216 bytes [04:03 13/02/2000] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\ServicePackFiles\i386\explorer.exe --a--- 1033216 bytes [00:12 14/04/2008] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658

-=End Of File=-

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Folder::
c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\jtrsovksp
c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\urrunaiwe
FCOPY::
c:\windows\$NtUninstallKB890859$\user32.dll | c:\windows\system32\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll | c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll | c:\windows\$NtServicePackUninstall$\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll | c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll | c:\windows\$NtUninstallKB925902$\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll | c:\windows\ServicePackFiles\i386\user32.dll
c:\windows\$NtUninstallKB884883$\explorer.exe | c:\windows\$NtUninstallKB938828$\explorer.exe
c:\windows\$NtUninstallKB884883$\explorer.exe | c:\windows\ServicePackFiles\i386\explorer.exe
c:\windows\$NtUninstallKB884883$\explorer.exe | c:\windows\$NtServicePackUninstall$\explorer.exe
c:\windows\$NtUninstallKB884883$\explorer.exe | c:\windows\explorer.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-
"Malwarebytes Anti-Malware (reboot)"=-
File::
c:\documents and settings\Lucia Rusnakova\Start Menu\Programs\Startup\WKCALREM.LNK
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
c:\windows\Tasks\Spybot - Search & Destroy.job

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

ComboFix 10-07-12.03 - Administrator 2010-07-13 13:47:36.15.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.110 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"
"c:\documents and settings\Lucia Rusnakova\Start Menu\Programs\Startup\WKCALREM.LNK"
"c:\windows\Tasks\Spybot - Search & Destroy.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\jtrsovksp
c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\urrunaiwe
c:\documents and settings\Lucia Rusnakova\Start Menu\Programs\Startup\WKCALREM.LNK
c:\windows\Tasks\Spybot - Search & Destroy.job

.
--------------- FCopy ---------------

c:\windows\$NtUninstallKB890859$\user32.dll --> c:\windows\system32\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll --> c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll --> c:\windows\$NtServicePackUninstall$\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll --> c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll --> c:\windows\$NtUninstallKB925902$\user32.dll
c:\windows\$NtUninstallKB890859$\user32.dll --> c:\windows\ServicePackFiles\i386\user32.dll
c:\windows\$NtUninstallKB884883$\explorer.exe --> c:\windows\$NtUninstallKB938828$\explorer.exe
c:\windows\$NtUninstallKB884883$\explorer.exe --> c:\windows\ServicePackFiles\i386\explorer.exe
c:\windows\$NtUninstallKB884883$\explorer.exe --> c:\windows\$NtServicePackUninstall$\explorer.exe
c:\windows\$NtUninstallKB884883$\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-08-11 17:29 . 2010-08-11 17:30 26682864 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-08-11 17:29 . 2010-08-11 17:29 220272 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-11 17:29 . 2010-08-11 17:29 149000 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-11 17:29 . 2010-08-11 17:29 13407072 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-11 17:28 . 2010-08-11 17:28 79368 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-08-11 17:28 . 2010-08-11 17:28 73344 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-11 17:28 . 2010-08-11 17:28 64000 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-11 17:28 . 2010-08-11 17:28 52288 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-11 17:28 . 2010-08-11 17:28 122880 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-08 07:12 . 2010-08-08 07:12 452104 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.12\setup.exe
2010-07-13 08:47 . 2010-07-13 08:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-04 08:09 . 2010-07-04 08:09 439816 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Real\Update\setup3.10\setup.exe
2010-06-14 20:45 . 2010-06-14 20:45 503808 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cc70812-n\msvcp71.dll
2010-06-14 20:45 . 2010-06-14 20:45 499712 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cc70812-n\jmc.dll
2010-06-14 20:45 . 2010-06-14 20:45 348160 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6cc70812-n\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 12:59 . 2006-04-21 23:26 -------- d-----w- c:\documents and settings\Lucia Rusnakova\Application Data\Skype
2010-07-13 12:58 . 2008-09-24 22:53 -------- d-----w- c:\documents and settings\Lucia Rusnakova\Application Data\skypePM
2010-07-13 07:36 . 2008-12-25 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 20:22 . 2006-07-08 23:12 1660 ----a-w- c:\documents and settings\Lucia Rusnakova\Application Data\wklnhst.dat
2010-06-01 19:34 . 2009-10-12 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-05-10 08:27 . 2006-04-20 20:17 55680 ----a-w- c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 14:39 . 2008-12-25 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2008-12-25 12:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-08-25 08:50 . 2008-08-25 08:50 16 ---ha-w- c:\program files\mxfilerelatedcache.mxc2
2009-07-07 00:14 . 2009-07-05 07:55 28565536 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"DeskSpace"="c:\documents and settings\Lucia Rusnakova\Desktop\3D_Cube_DeskSpace_v1.5.1\DeskSpace v1.5.1\deskspace.exe" [2007-09-18 1066496]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-10-14 53248]
"VTTrayp"="VTtrayp.exe" [2005-10-14 167936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-17 729178]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"OlStatusMon"="c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-06-28 106496]
"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"WireLessMouse "="c:\program files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 503808]
"WireLessKeyboard "="c:\program files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 233472]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-23 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2006-05-31 108160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RecordingManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-12-08 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7acc5102-c738-11de-a7ee-00c0a8b00f43}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-26 c:\windows\Tasks\avast! Antivirus.job
- c:\progra~1\ALWILS~1\Avast4\ashAvast.exe [2010-04-17 09:59]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 08:40]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 08:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.centrum.sk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://213.151.230.2:2222/Ctl/WinWebPush.cab
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - hxxp://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
FF - ProfilePath - c:\documents and settings\Lucia Rusnakova\Application Data\Mozilla\Firefox\Profiles\51uh23wh.default\
FF - component: c:\documents and settings\Lucia Rusnakova\Application Data\Mozilla\Firefox\Profiles\51uh23wh.default\extensions\LAILoader@liveblockauctions.com\components\np_laiLoader.dll
FF - plugin: c:\documents and settings\Lucia Rusnakova\Application Data\Mozilla\Firefox\Profiles\51uh23wh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-yxomgxfu - c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\urrunaiwe\uwkerpdtssd.exe
HKCU-Run-bwmavmnf - c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\jtrsovksp\uddxsnqtssd.exe
HKLM-Run-yxomgxfu - c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\urrunaiwe\uwkerpdtssd.exe
HKLM-Run-bwmavmnf - c:\documents and settings\Lucia Rusnakova\Local Settings\Application Data\jtrsovksp\uddxsnqtssd.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 13:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2292)
c:\documents and settings\Lucia Rusnakova\Desktop\3D_Cube_DeskSpace_v1.5.1\DeskSpace v1.5.1\deskspace151.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Olivetti\ANY_WAY\olMntrService.exe
c:\windows\system32\slmdmsr.exe
c:\windows\system32\VTTimer.exe
Dufam, ze to bude O K. spravila som vsetko podla navodu a musela som ist prec na par minut. PC sa asi restartoval a spustil sa v normalnom rezime. este pred tym ako dopracoval Combofix sa vsak spustilo niekolko programov ako napr. skype

c:\windows\system32\VTtrayp.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-07-13 14:06:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-13 13:06
ComboFix2.txt 2010-07-13 09:05

Pre-Run: 25,234,935,808 bytes free
Post-Run: 24,739,397,632 bytes free

- - End Of File - - 590740D7FFD409E22E5D893FC3DFE9F0

no vidim ze skype je spustene,,to pravdepodobne tam dal spybot-Teatimer..
1:odinstaluj spybot
2:1. Je potřeba vypnout nástroj obnova systému - Ovládací panely>systém>obnovení systému>vypnout nástroj obnovení systému>OK nebo použít a nyní jen restartovat PC
2. Po restartu je tento adresář kompletně smazán, obnovu opět zapnout.http://www.viry.cz/forum/viewtopic.php?f=11&t=47040
3:Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,:
4:Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart

Stiahnite si MBRCheck.exe na plochu
XP> dvojklikom na MBRCheck.exe ho spustiť
Vista a Windows 7 užívateľov> kliknite pravým tlačidlom myši na MBRCheck.exe a zvoľte Spustiť ako administrátor
To ukáže čierna obrazovka s niektorými údajmi o to
Keď sa to urobí> Stlačte Enter pre ukončenie programu
Súbor s názvom MBRCheck_ sa objaví na ploche
Prosím, skopírujte do vašej ďalšej odpoveďi

bootkit_remover
stiahni na plochu a spust,otvori sa ti okno.
klikni pravym tlacitkom mys do cierného okna,zvolit Vybrat vse, stisknout CTRL+C a tu na foru CTRL+V. takto vloz do svojho prispevku log.

MBRCheck, version 1.0.3

(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected

Done! Press ENTER to exit...

a tu je druhy

MBRCheck, version 1.0.3

(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected

Done! Press ENTER to exit...

hovori ti nieco,, ProxyServer??

ospravedlnujem sa ale nie

VIRY.CZ

antivirus hlasi napadnuty počitač,nic nefunguje

antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje

Re: antivirus hlasi napadnuty počitač,nic nefunguje