Prosim o kontrolu logu - online eset nasel 4 infikace

[Leelaa]

Mam CFScript.txt na ploche, ale kedze su ikony blokovane, nemozem ho spustit do ComboFix

[Reklama]

[jaro3]

Co ty porty?

Combofix--normální režim.

Stáhni si rkill
a spusť ho . Spustí se sken .Po skenu se program sám ukončí.
Pozn.: NERESTARTUJ PC !

Pak udělej ten script v Combofixu.

[Leelaa]

Bohuzial vobec netusim co porty ake porty. Som uzivatelska lama. Sken rkill hotovy, ale plocha stale zablokovana.

[Leelaa]

Mozem ten CFScript spustit cez okno explorera alebo nie?

[Žbeky]

Zkus to v nouzovém režimu

[Leelaa]

Script z nudzoveho rezimu:

ComboFix 13-03-16.02 - admin 17.03.2013 7:05.5.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.792 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET
c:\program files\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files\ESET\ESET Online Scanner\log.txt
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\continuous\nod32F5.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\continuous\nod58F9.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod00C4.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0410.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0E7C.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod1299.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod168B.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod1D22.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2246.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod248F.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2F0E.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2F29.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod39D2.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3C1F.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4486.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod544E.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5754.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod57F0.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5AD6.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5E28.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod60BA.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6159.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod70EB.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\oldfiles\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\oldfiles\em023_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em023_32.dat
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files\ESET\ESET Online Scanner\OnlineScanner.cab
c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files\ESET\ESET Online Scanner\unicows.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-17 do 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-15 11:43 . 2013-03-15 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-15 11:43 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-15 09:13 . 2013-03-15 09:16 -------- d-----w- c:\documents and settings\admin\Data aplikací\Wise Registry Cleaner
2013-03-15 09:02 . 2013-03-17 06:16 -------- d-----w- c:\documents and settings\admin\Data aplikací\Wise Care 365
2013-03-15 08:59 . 2013-03-15 09:01 -------- d-----w- c:\program files\Wise
2013-03-12 09:43 . 2013-03-12 09:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2013-03-12 09:33 . 2013-03-12 09:33 -------- d-----r- c:\program files\Skype
2013-03-12 09:33 . 2013-03-12 09:33 -------- d-----w- c:\program files\Common Files\Skype
2013-03-12 06:19 . 2013-03-12 06:19 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Sun
2013-03-11 10:59 . 2013-03-11 10:59 -------- d-----w- c:\program files\Common Files\Java
2013-03-11 10:59 . 2013-03-11 10:58 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-11 10:59 . 2013-03-11 10:58 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-11 10:58 . 2013-03-11 10:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-11 10:22 . 2013-03-14 12:36 -------- d--h--w- c:\windows\$hf_mig$
2013-03-10 16:21 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-10 16:21 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-10 16:21 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 09:59 . 2012-05-14 22:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 09:59 . 2012-05-14 22:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-11 10:58 . 2011-01-15 09:03 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2011-11-10 18:02 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-11-10 18:02 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-11-10 18:02 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-11-10 18:02 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2011-11-10 18:02 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2011-11-10 18:02 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-11-10 18:02 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-06 00:46 . 2003-04-16 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2013-02-06 00:46 . 2003-04-16 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-06 00:46 . 2009-07-18 17:56 78336 ------w- c:\windows\system32\ieencode.dll
2013-02-06 00:46 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2013-01-26 03:55 . 2003-04-16 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2002-09-20 17:12 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:26 . 2003-04-16 12:00 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:10 . 2003-04-16 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-04-16 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2003-04-16 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2013-03-14 06:12 . 2013-02-09 16:20 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\documents and settings\admin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\documents and settings\admin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\documents and settings\admin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\documents and settings\admin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-23 61440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Paradox Interactive\\Elven Legacy\\magic.exe"=
"c:\\Program Files\\Paradox Interactive\\Elven Legacy\\siege.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\admin\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"21476:UDP"= 21476:UDP:UDP 21476
"13451:TCP"= 13451:TCP:TCP 13451
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [10.3.2013 17:21 49248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.9.2009 11:44 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.11.2011 19:02 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.11.2011 19:02 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.11.2011 19:02 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.3.2013 17:21 66336]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [15.3.2013 9:59 580648]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [10.3.2013 17:21 164736]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [22.6.2010 13:00 583552]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 09:59]
.
2013-03-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 23:32]
.
2013-03-17 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-03-15 08:35]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: Interfaces\{6FE06E8E-B82F-4B1D-81CE-45C854AD0C18}: NameServer = 10.132.76.1
TCP: Interfaces\{B37F82F5-E35E-48BE-B0F8-0D37369E17DD}: NameServer = 213.211.50.1,213.211.50.2
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\e7r6i5in.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-17 07:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2013-03-17 07:21:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-17 06:21
ComboFix2.txt 2013-03-16 10:20
ComboFix3.txt 2013-03-15 15:32
ComboFix4.txt 2011-11-09 23:31
.
Před spuštěním: Volných bajtů: 26 142 748 672
Po spuštění: Volných bajtů: 26 073 493 504
.
- - End Of File - - 184B6597DBCB84466123C4F69470D5C2

[jaro3]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21476:UDP"= 21476:UDP:UDP 21476
"13451:TCP"= 13451:TCP:TCP 13451

Ty porty sis povolovala ve firewallu sama?

[Leelaa]

O portoch naizaj nic neviem, do firewallu nezasahujem.

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21476:UDP"=-
"13451:TCP"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Leelaa]

ComboFix 13-03-17.01 - admin 17.03.2013 17:53:23.6.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.803 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-17 do 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-15 11:43 . 2013-03-15 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-15 11:43 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-15 09:13 . 2013-03-15 09:16 -------- d-----w- c:\documents and settings\admin\Data aplikací\Wise Registry Cleaner
2013-03-15 09:02 . 2013-03-17 17:18 -------- d-----w- c:\documents and settings\admin\Data aplikací\Wise Care 365
2013-03-15 08:59 . 2013-03-15 09:01 -------- d-----w- c:\program files\Wise
2013-03-12 09:43 . 2013-03-12 09:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2013-03-12 09:33 . 2013-03-12 09:33 -------- d-----r- c:\program files\Skype
2013-03-12 09:33 . 2013-03-12 09:33 -------- d-----w- c:\program files\Common Files\Skype
2013-03-12 06:19 . 2013-03-12 06:19 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Sun
2013-03-11 10:59 . 2013-03-11 10:59 -------- d-----w- c:\program files\Common Files\Java
2013-03-11 10:59 . 2013-03-11 10:58 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-11 10:59 . 2013-03-11 10:58 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-11 10:58 . 2013-03-11 10:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-11 10:22 . 2013-03-14 12:36 -------- d--h--w- c:\windows\$hf_mig$
2013-03-10 16:21 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-10 16:21 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-10 16:21 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 09:59 . 2012-05-14 22:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 09:59 . 2012-05-14 22:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-11 10:58 . 2011-01-15 09:03 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2011-11-10 18:02 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-11-10 18:02 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-11-10 18:02 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-11-10 18:02 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2011-11-10 18:02 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2011-11-10 18:02 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-11-10 18:02 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-06 00:46 . 2003-04-16 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2013-02-06 00:46 . 2003-04-16 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-06 00:46 . 2009-07-18 17:56 78336 ------w- c:\windows\system32\ieencode.dll
2013-02-06 00:46 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2013-01-26 03:55 . 2003-04-16 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2002-09-20 17:12 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:26 . 2003-04-16 12:00 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:10 . 2003-04-16 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-04-16 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2003-04-16 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2013-03-14 06:12 . 2013-02-09 16:20 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\documents and settings\admin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\documents and settings\admin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\documents and settings\admin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52 94208 ----a-w- c:\documents and settings\admin\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-23 61440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Paradox Interactive\\Elven Legacy\\magic.exe"=
"c:\\Program Files\\Paradox Interactive\\Elven Legacy\\siege.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\admin\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [10.3.2013 17:21 49248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.9.2009 11:44 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.11.2011 19:02 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.11.2011 19:02 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.11.2011 19:02 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.3.2013 17:21 66336]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [15.3.2013 9:59 580648]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [10.3.2013 17:21 164736]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [22.6.2010 13:00 583552]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 09:59]
.
2013-03-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 23:32]
.
2013-03-17 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-03-15 08:35]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: Interfaces\{6FE06E8E-B82F-4B1D-81CE-45C854AD0C18}: NameServer = 10.132.76.1
TCP: Interfaces\{B37F82F5-E35E-48BE-B0F8-0D37369E17DD}: NameServer = 213.211.50.1,213.211.50.2
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\e7r6i5in.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-17 18:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2013-03-17 18:23:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-17 17:22
ComboFix2.txt 2013-03-17 06:22
ComboFix3.txt 2013-03-16 10:20
ComboFix4.txt 2013-03-15 15:32
ComboFix5.txt 2013-03-17 16:52
.
Před spuštěním: Volných bajtů: 26 100 097 024
Po spuštění: Volných bajtů: 26 089 500 672


Je OK, ze mi ComboFix pri spusteni tvrdil, ze mi bezia rezidentne stity Avastu aj ked boli 100% vypnute?
.

[jaro3]

Občas se to stane.

Co RogueKiller?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Leelaa]

rkill:

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/16/2013 11:03:09 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures: