Preventivni kontrola Diky moc

TTT_111 · Příspěvekod **TTT_111** » 25 kvě 2012 18:48

Priliz dlouhy da se poslat jako priloha ve formatu.doc ???

Reklama

Příspěvekod **jaro3** » 25 kvě 2012 22:57

Pošli to sem:
http://leteckaposta.cz/

TTT_111 · Příspěvekod **TTT_111** » 26 kvě 2012 05:09

posilam ve .rar formatu
link http://leteckaposta.cz/658367347

Příspěvekod **jaro3** » 26 kvě 2012 10:55

D:\setup\Vietkey 2000Full\Crack.rar---tu složku bys měl smazat..
Detected: Trojan-Spy.Win32.Montp.awt D:\System Volume Information\_restore{BE96934F-9C30-477C-AE55-A45B0F0BFC3D}\RP3\A0003270.EXE

Vypni si obnovu systému , restartuj PC , a po restartu si obnovu zase zapni.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::      
f:\FXDrv32.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

TTT_111 · Příspěvekod **TTT_111** » 27 kvě 2012 07:46

ComboFix 12-05-26.02 - admin 05/27/2012 12:31:37.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1346 [GMT 7:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"f:\FXDrv32.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\Application Data\IDM\idmmzcc3
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\components2\idmhelper.js
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\components2\idmmzcc.dll
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\admin\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-19 11:18 . 2012-05-24 11:21 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2012-05-19 11:17 . 2012-05-19 11:17 -------- d-----w- c:\program files\VideoLAN
2012-05-19 08:39 . 2012-05-19 08:39 -------- d--h--w- c:\windows\PIF
2012-05-16 15:44 . 2008-04-13 22:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-05-16 15:44 . 2001-08-17 15:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-05-16 15:44 . 2008-04-13 17:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-16 15:44 . 2008-04-13 17:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-03 05:12 . 2012-05-03 05:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 05:12 . 2012-05-03 05:12 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 05:12 . 2012-05-03 05:12 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-01 16:31 . 2012-05-01 16:31 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2012-05-01 16:31 . 2012-05-01 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 16:31 . 2012-05-01 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-01 16:31 . 2012-04-04 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 16:02 . 2012-04-05 11:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 16:02 . 2011-10-13 05:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 16:02 . 2012-04-05 12:01 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-03 05:12 . 2012-01-27 10:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-04-14 11:00 60416 -csha-w- c:\windows\system32\dllcache\msimn.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-09-22 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-02_02.22.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-27 05:35 . 2012-05-27 05:35 16384 c:\windows\temp\Perflib_Perfdata_a54.dat
+ 2012-05-06 16:02 . 2012-05-06 16:02 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-06 15:02 . 2012-05-06 15:02 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-06 15:02 . 2012-05-06 15:02 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-04-05 11:38 . 2012-05-06 16:02 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-06 16:02 . 2012-05-06 16:02 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniKey"="c:\program files\Unikey32\UniKeyNT.exe" [2009-11-01 261632]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-22 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-21 17:18 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 04:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2001-09-05 23:03 106544 ----a-w- c:\windows\system32\TWEAKUI.CPL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/13/2011 12:42 PM 136360]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [10/13/2011 12:34 PM 62576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 6:38 PM 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/13/2011 1:24 PM 1691480]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 12:12 PM 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.anninhthudo.vn/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
TCP: DhcpNameServer = 192.168.9.1
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\4tkxderh.default\
FF - prefs.js: browser.startup.homepage - hxxp://vietnamnet.vn/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-27 12:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ac,20,f1,ee,a5,89,79,0a,30,31,a1,f8,21,c4,08,31,c6,2c,95,b7,e2,
6d,2d,a0,39,90,04,e0,2b,77,14,9a,c3,7a,06,5c,f9,a1,a1,a5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0e32537-5674-4f1a-937a-3b8694112ef5}]
@Denied: (Full) (Everyone)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\idmmbc.dll
.
- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Unikey32\UKHook40.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-05-27 12:45:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 05:45
ComboFix2.txt 2012-05-02 15:52
ComboFix3.txt 2012-05-02 02:28
.
Pre-Run: 46,819,401,728 bytes free
Post-Run: 47,096,053,760 bytes free
.
- - End Of File - - CBD60D220AD07A8250774A5D7474981C

TTT_111 · Příspěvekod **TTT_111** » 27 kvě 2012 07:46

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:18 PM, on 5/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unikey32\UniKeyNT.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anninhthudo.vn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [UniKey] C:\Program Files\Unikey32\UniKeyNT.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5093 bytes

Příspěvekod **jaro3** » 27 kvě 2012 09:59

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Preventivni kontrola Diky moc

Re: Preventivni kontrola Diky moc

Re: Preventivni kontrola Diky moc

Re: Preventivni kontrola Diky moc

Re: Preventivni kontrola Diky moc

Re: Preventivni kontrola Diky moc

Re: Preventivni kontrola Diky moc

Re: Preventivni kontrola Diky moc

Kdo je online