Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

pravdepodobne trojsky kon

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

pravdepodobne trojsky kon

#1 Příspěvek od QuickShare »

Zdravim.
moj problem je nasledovny:
vcera som dostal nejakeho trojskeho kona (niesom si isty odkial bol tu kamarat a prenasal si data cez usb tak bud to mam od neho alebo v noci mi ktosi poslal link na video kde pytalo stiahnut flash player ktory som stiahol s oficialnej stranky a nepomohlo tak som klikol na ten otkaz ktory mi to video ponukalo stiahol to volalo sa to flash player alee myslim ze to bol trojan)

neviem ako sa ten virus vola v Esete to bolo nieco ako Trojan-flash a nejake cisla.
po napadnuty mi spadol PC a nesiel nabootovat ani nudzovy ani normal rezim videl som tam nejaky loading neviem co to bolo ..po niekolkych pokusoch sa to podarilo vo wine sa zmenila farebna skala uvitanie a take srandy+v msconfigu som po starte nasiel nejake procesi ktore nepoznam to je vsetko co som si zatial vsimol..

ESS4 mi nejde preplo sa do modu vid screen
Bez názvu.png
Bez názvu.png (48.82 KiB) Zobrazeno 2018 x
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:53, on 18. 7. 2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Hacker\AppData\Roaming\dwm.exe
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Users\Hacker\AppData\Roaming\Microsoft\conhost.exe
C:\Users\Hacker\AppData\Local\Temp\csrss.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\update.tray-3-0-lnk\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49960
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Hacker\AppData\Local\Temp\csrss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [conhost] C:\Users\Hacker\AppData\Roaming\Microsoft\conhost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5633 bytes


vdaka za rady
Naposledy upravil(a) vyosek dne 18 črc 2011 19:57, celkem upraveno 1 x.
Důvod: Log odstranen z code - lepsi citelnost
Nahoru
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

Re: pravdepodobne trojsky kon

#2 Příspěvek od QuickShare »

po precitany par topicou tu na fore asi viem co to bude FB virus
Nahoru
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

Re: pravdepodobne trojsky kon

#3 Příspěvek od QuickShare »

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 7190

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

18. 7. 2011 16:36:44
mbam-log-2011-07-18 (16-36-44).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|F:\|)
Objektov kontrolovaných: 299263
Uplynutý čas: 18 min, 4 sek

Infikované služby pamäte: 2
Infikované moduly pamäte: 0
Infikované registračné kľúče: 15
Infikované registračné hodnoty: 6
Infikované položky registračných dát: 3
Infikované priečinky: 0
Infikované súbory: 24

Infikované služby pamäte:
c:\Users\Hacker\AppData\Roaming\dwm.exe (Backdoor.Cycbot) -> 1400 -> Unloaded process successfully.
c:\Users\Hacker\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 1460 -> Unloaded process successfully.

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{199C34A4-5436-403F-A250-219E16672570} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO.GamePlayLabsBHO.1 (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO.GamePlayLabsBHO (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\Users\Hacker\AppData\Roaming\dwm.exe (Backdoor.Cycbot) -> Quarantined and deleted successfully.
c:\Users\Hacker\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-3-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Users\Hacker\AppData\Local\Google\Chrome\user data\Default\Cache\f_000007 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\gbot111.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\doc so stareho xp\administrator\Desktop\programy\! office\office 2007 professional sk\office 2007 keygen\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\games\moh-crack\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully.
e:\games\moh.2010.crack.cz\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully.
e:\games\the chronicles of riddick - assault on dark athena\Riddick\patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
e:\programy\tuneup.utilities.2010.v9.0.3000.136.incl.keymaker-core+cz\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
e:\programy\tuneup.utilities.2010.v9.0.3000.136.incl.keymaker-core+cz\keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
e:\programy\yamicsoft windows 7 manager 1.2.5\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Hacker\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode with network support
User: Hacker [Admin rights]
Mode: Remove -- Date : 07/18/2011 17:25:27

Bad processes: 0

Registry Entries: 5
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:62061) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode with network support
User: Hacker [Admin rights]
Mode: HOSTSFix -- Date : 07/18/2011 17:26:07

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode with network support
User: Hacker [Admin rights]
Mode: ProxyFix -- Date : 07/18/2011 17:26:26

Bad processes: 0

Registry Entries: 2
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> REPLACED (0)
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:62061) -> DELETED

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Naposledy upravil(a) vyosek dne 18 črc 2011 19:56, celkem upraveno 1 x.
Důvod: Logy odstranen z code - lepsi citelnost
Nahoru
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

Re: pravdepodobne trojsky kon

#4 Příspěvek od QuickShare »

snazim sa to cistit postupoval som podla navodu tuna na fore ...
antivirus ESS4 neide pise zee mu chyba svchost.exe
internet ide len na IE a aj to nenacitava vsetko..

je tu niekto ochotny mi pomoct? poradit? sprtam sa v tom od vcera.
mal som spravit format bolo by to uz davno zamnou :o


edit: jj chapem ale myslel som ze cim viac informacii tym skor mi niekdo poradi
Naposledy upravil(a) QuickShare dne 18 črc 2011 18:15, celkem upraveno 1 x.
Nahoru
tuvok07
Přítel fóra
Přítel fóra
Příspěvky: 1198
Registrován: 07 bře 2007 17:10
Kontaktovat uživatele:
Kontaktovat uživatele tuvok07

Re: pravdepodobne trojsky kon

#5 Příspěvek od tuvok07 »

Promiňte, ale protože si tu sám odpovídáte, bylo téma přehlédnuté - rádci jdou primárně po příspěvcích bez odpovědí.
Dejte sem log z RSIT, je podrobnější - viz návod zde http://www.viry.cz/forum/viewtopic.php?f=13&t=105895
A nedávejte logy do code, bolí z toho oči.
Albert Einstein: Jen dvě věci jsou nekonečné - vesmír a lidská hloupost. Tím prvním si ovšem nejsem tak jist.
Nahoru
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

Re: pravdepodobne trojsky kon

#6 Příspěvek od QuickShare »

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hacker at 2011-07-18 19:21:58
Microsoft Windows 7 Ultimate
System drive C: has 17 GB (17%) free of 100 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:22:03, on 18. 7. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Users\Hacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4I70O4MD\RSIT[1].exe
C:\Program Files\trend micro\Hacker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5638 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-19 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-07-18 2216960]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-18 3318784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1975498.exe]
C:\Windows\Temp\1975498.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3166750.exe]
C:\Users\Hacker\AppData\Local\Temp\3166750.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3661150.exe]
C:\Windows\Temp\3661150.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6889135.exe]
C:\Windows\Temp\6889135.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CE8SIIFGSU]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conhost]
C:\Windows\system32\config\system [2011-07-18 15990784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l1rezerv.exe]
C:\Windows\l1rezerv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-03-16 718208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-06-17 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe]
C:\Windows\sysdriver32.exe rezerv []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe]
C:\Windows\sysdriver32_.exe rezerv []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systemup]
C:\Windows\systemup.exe stand []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
C:\Windows\update.tray-3-0\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\ADVANC~1\wh_exec.exe [2010-05-26 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wxpdrv]
C:\Windows\services32.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"VIDC.FPS1"=frapsvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-18 18:50:52 ----D---- C:\ProgramData\Kaspersky Lab
2011-07-18 18:49:03 ----A---- C:\TDSSKiller.2.5.11.0_18.07.2011_18.49.03_log.txt
2011-07-18 18:41:05 ----D---- C:\Program Files\CCleaner
2011-07-18 18:39:43 ----A---- C:\TDSSKiller.2.5.11.0_18.07.2011_18.39.43_log.txt
2011-07-18 18:39:29 ----A---- C:\TDSSKiller.2.5.11.0_18.07.2011_18.39.29_log.txt
2011-07-18 16:15:53 ----D---- C:\Users\Hacker\AppData\Roaming\Malwarebytes
2011-07-18 16:15:39 ----D---- C:\ProgramData\Malwarebytes
2011-07-18 16:15:39 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-18 16:15:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-18 16:15:36 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-18 12:10:28 ----D---- C:\Users\Hacker\AppData\Roaming\Spyware Terminator
2011-07-18 12:10:28 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2011-07-18 12:10:27 ----D---- C:\ProgramData\Spyware Terminator
2011-07-18 12:10:27 ----D---- C:\Program Files\Spyware Terminator
2011-07-18 12:05:48 ----D---- C:\Windows\pss
2011-07-18 00:57:54 ----D---- C:\Windows\ufa
2011-07-18 00:57:54 ----D---- C:\Windows\rpcminer
2011-07-18 00:57:54 ----D---- C:\Windows\phoenix
2011-07-18 00:57:44 ----A---- C:\Windows\unrar.exe
2011-07-18 00:56:05 ----A---- C:\Windows\ddh_iplist.txt
2011-07-18 00:55:57 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-18 00:55:37 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-18 00:55:29 ----HD---- C:\Windows\update.2
2011-07-18 00:55:17 ----HD---- C:\Windows\update.5.0
2011-07-18 00:54:59 ----A---- C:\Windows\iplist.txt
2011-07-18 00:54:35 ----A---- C:\Windows\front_ip_list.txt
2011-07-18 00:54:34 ----D---- C:\Windows\av_ico
2011-07-18 00:53:08 ----HD---- C:\Windows\update.1
2011-07-18 00:53:06 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-07-18 00:53:06 ----HD---- C:\Windows\update.tray-3-0
2011-07-18 00:41:33 ----A---- C:\Windows\winlog-ids.txt
2011-07-18 00:41:33 ----A---- C:\Windows\winlog-dirs.txt
2011-07-18 00:37:22 ----D---- C:\Program Files\Google
2011-06-26 21:29:56 ----D---- C:\Program Files\Elaborate Bytes
2011-06-26 21:14:25 ----D---- C:\Program Files\East Imperial Soft
2011-06-19 15:51:29 ----D---- C:\Program Files\Portrait Professional Studio 9
2011-06-19 15:22:29 ----D---- C:\Users\Hacker\AppData\Roaming\Anthropics

======List of files/folders modified in the last 1 month======

2011-07-18 19:22:00 ----D---- C:\Windows\Temp
2011-07-18 19:21:59 ----D---- C:\Program Files\trend micro
2011-07-18 19:21:57 ----D---- C:\Windows\Prefetch
2011-07-18 19:02:20 ----D---- C:\Windows\System32
2011-07-18 19:02:20 ----D---- C:\Windows\inf
2011-07-18 19:02:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-18 19:00:59 ----D---- C:\Windows\SoftwareDistribution
2011-07-18 19:00:13 ----D---- C:\Windows
2011-07-18 18:58:08 ----D---- C:\ProgramData\NVIDIA
2011-07-18 18:50:52 ----HD---- C:\ProgramData
2011-07-18 18:49:04 ----D---- C:\Windows\system32\drivers
2011-07-18 18:41:38 ----D---- C:\Users\Hacker\AppData\Roaming\Media Player Classic
2011-07-18 18:41:38 ----D---- C:\Users\Hacker\AppData\Roaming\DAEMON Tools Pro
2011-07-18 18:41:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-18 18:41:34 ----D---- C:\Windows\Minidump
2011-07-18 18:41:34 ----D---- C:\Windows\Logs
2011-07-18 18:41:34 ----D---- C:\Windows\debug
2011-07-18 18:41:05 ----RD---- C:\Program Files
2011-07-18 18:02:26 ----D---- C:\Windows\system32\config
2011-07-18 17:57:12 ----D---- C:\Windows\system32\catroot2
2011-07-18 17:35:29 ----SD---- C:\Users\Hacker\AppData\Roaming\Microsoft
2011-07-18 16:39:32 ----D---- C:\Windows\sk-SK
2011-07-18 12:53:46 ----SHD---- C:\System Volume Information
2011-07-18 01:53:39 ----D---- C:\Windows\system32\wdi
2011-07-18 01:42:02 ----SHD---- C:\Windows\Installer
2011-07-18 01:42:02 ----D---- C:\Windows\Tasks
2011-07-18 01:42:02 ----D---- C:\Windows\system32\Tasks
2011-07-18 00:55:58 ----D---- C:\Windows\system32\drivers\etc
2011-07-18 00:51:37 ----D---- C:\Users\Hacker\AppData\Roaming\ICQ
2011-07-15 18:57:05 ----D---- C:\Users\Hacker\AppData\Roaming\Skype
2011-07-15 16:04:08 ----D---- C:\Users\Hacker\AppData\Roaming\skypePM
2011-06-30 20:29:49 ----D---- C:\Program Files\ICQ7.5
2011-06-30 16:45:19 ----D---- C:\Program Files\Opera
2011-06-29 12:34:00 ----D---- C:\Hry
2011-06-29 12:11:53 ----D---- C:\Windows\Downloaded Program Files
2011-06-28 11:33:28 ----D---- C:\Shoty

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-06 691696]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-06-17 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 EIO;EIO Driver; C:\Windows\system32\DRIVERS\EIO.sys [2010-06-12 14336]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-07-18 142592]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-19 25888]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-07-14 47104]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-13 6504]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2009-09-17 7424]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-11-25 77248]
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2004-07-19 7040]
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-11-25 54368]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-21 279712]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 a003iipv;a003iipv; C:\Windows\system32\drivers\a003iipv.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 615528]
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-07-18 496128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-06-17 13080]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: pravdepodobne trojsky kon

#7 Příspěvek od vyosek »

Zdravim a pekny vecer preji :)

:arrow: Nize uvedene logy mi prosim uploadnete sem http://vyosek.ic.cz/havet/uploader.php
logy pro upload píše: C:\TDSSKiller.2.5.11.0_18.07.2011_18.49.03_log.txt
C:\TDSSKiller.2.5.11.0_18.07.2011_18.39.43_log.txt
C:\TDSSKiller.2.5.11.0_18.07.2011_18.39.29_log.txt
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

Re: pravdepodobne trojsky kon

#8 Příspěvek od QuickShare »

ComboFix 11-07-19.01 - Hacker . 07. 2011 12:14:17.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1302 [GMT 2:00]
Running from: c:\users\Hacker\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\32 bit 64 bit w7lxe.exe
c:\32 bit 64 bit w7lxe.exe\32 bit 64 bit w7lxe.exe
c:\users\Hacker\AppData\Roaming\chrtmp
c:\users\Hacker\AppData\Roaming\install\explorer.exe
c:\users\Hacker\AppData\Roaming\SQLite3.dll
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\Ijl11.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wxpDrivers
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 10:18 . 2011-07-19 10:18 -------- d-----w- c:\users\Hacker\AppData\Local\temp
2011-07-19 10:18 . 2011-07-19 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-19 10:12 . 2011-07-19 10:12 -------- d-----w- C:\32788R22FWJFW
2011-07-19 10:03 . 2011-07-19 10:03 -------- d-----w- C:\Nový priečinok
2011-07-18 16:50 . 2011-07-18 16:50 -------- d-----w- c:\programdata\Kaspersky Lab
2011-07-18 16:41 . 2011-07-18 16:41 -------- d-----w- c:\program files\CCleaner
2011-07-18 14:15 . 2011-07-18 14:15 -------- d-----w- c:\users\Hacker\AppData\Roaming\Malwarebytes
2011-07-18 14:15 . 2011-07-18 14:15 -------- d-----w- c:\programdata\Malwarebytes
2011-07-18 14:15 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-18 14:15 . 2011-07-18 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-18 14:15 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-18 10:10 . 2011-07-18 10:32 -------- d-----w- c:\users\Hacker\AppData\Roaming\Spyware Terminator
2011-07-18 10:10 . 2011-07-18 10:10 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-18 10:10 . 2011-07-18 15:58 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-18 10:10 . 2011-07-18 10:53 -------- d-----w- c:\program files\Spyware Terminator
2011-07-17 22:57 . 2011-07-17 22:57 -------- d-----w- c:\windows\ufa
2011-07-17 22:57 . 2011-07-17 22:57 -------- d-----w- c:\windows\rpcminer
2011-07-17 22:57 . 2011-07-17 22:57 -------- d-----w- c:\windows\phoenix
2011-07-17 22:57 . 2011-07-17 22:57 246272 ----a-w- c:\windows\unrar.exe
2011-07-17 22:54 . 2011-07-17 22:54 -------- d-----w- c:\windows\av_ico
2011-07-17 22:53 . 2011-07-18 14:36 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-17 22:53 . 2011-07-18 14:36 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-17 22:37 . 2011-07-17 22:39 -------- d-----w- c:\users\Hacker\AppData\Local\Google
2011-07-17 22:37 . 2011-07-17 23:42 -------- d-----w- c:\program files\Google
2011-07-17 22:34 . 2011-07-17 22:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 19:29 . 2011-06-26 19:29 -------- d-----w- c:\program files\Elaborate Bytes
2011-06-26 19:14 . 2011-06-26 19:14 -------- d-----w- c:\program files\East Imperial Soft
2011-06-19 13:51 . 2011-06-20 08:42 -------- d-----w- c:\program files\Portrait Professional Studio 9
2011-06-19 13:22 . 2011-06-19 13:22 -------- d-----w- c:\users\Hacker\AppData\Roaming\Anthropics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 07:24 . 2011-04-07 20:43 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:24 . 2011-04-07 20:43 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-25 07:24 . 2011-04-07 20:43 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 07:24 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:24 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:24 . 2011-04-07 20:43 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:24 . 2011-04-07 20:43 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-05-25 07:24 . 2011-06-11 14:21 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:24 . 2011-06-11 14:21 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-25 07:24 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-25 07:24 . 2011-06-11 14:21 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 07:24 . 2011-06-11 14:21 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 07:24 . 2011-06-11 14:21 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-25 07:24 . 2011-06-11 14:21 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 07:24 . 2011-06-11 14:21 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:24 . 2011-06-11 14:21 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:24 . 2011-06-11 14:21 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:24 . 2011-06-11 14:21 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:24 . 2011-06-11 14:21 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 07:24 . 2009-12-25 12:22 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-09-21 . 9BD70CAF1C4B297A73D0BFA0B0C9A9F5 . 811520 . . [6.1.7600.16529] . . c:\windows\System32\user32.dll
[7] 2010-06-17 . A59E558BEA7D9607E86E8BDE68E2488F . 811520 . . [6.1.7600.16529] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16529_none_cd53a6e0ce7bcca7\user32.dll
[7] 2010-06-17 . 109A1C1E7315CC2DC048EA4028A59563 . 811520 . . [6.1.7600.20645] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.20645_none_cdc3a2abe7ad3ef7\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-18 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-18 2216960]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CE8SIIFGSU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 06:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 23:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-06-17 11:56 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --s-a-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2010-05-26 19:47 147456 ----a-w- c:\advanc~1\wh_exec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-06 691696]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-18 142592]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-06-17 13080]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-17 7424]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 62.168.65.19 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
MSConfigStartUp-1975498 - c:\windows\Temp\1975498.exe
MSConfigStartUp-3166750 - c:\users\Hacker\AppData\Local\Temp\3166750.exe
MSConfigStartUp-3661150 - c:\windows\Temp\3661150.exe
MSConfigStartUp-6889135 - c:\windows\Temp\6889135.exe
MSConfigStartUp-conhost - c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\conhost.exe
MSConfigStartUp-l1rezerv - c:\windows\l1rezerv.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
MSConfigStartUp-systemup - c:\windows\systemup.exe
MSConfigStartUp-tray_ico0 - c:\windows\update.tray-3-0\svchost.exe
MSConfigStartUp-wxpdrv - c:\windows\services32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1714108043-953005013-203788322-1000\Software\SecuROM\License information*]
"datasecu"=hex:96,4b,c1,40,fe,27,e9,04,3f,82,92,9c,44,69,3a,f1,98,a1,ed,92,f7,
ef,2f,6a,56,cb,f2,b6,e9,ab,8e,5e,62,5a,66,78,b5,15,f9,a3,a8,27,98,6a,96,ba,\
"rkeysecu"=hex:6a,bb,8b,85,49,12,e9,82,46,7d,c3,e3,9a,61,bb,4d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2011-07-19 12:21:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 10:21
.
Pre-Run: 17 906 180 096 bytes free
Post-Run: 17 644 421 120 bytes free
.
- - End Of File - - CB512D8A77A5C1CEDC3690EC170FEA26


Ahoj :) vdaka za ochotu..

tie logy mi asi neuplo vsetky neviem preco ale siel len jeden..robil som to zle? upnem to inde?

combofix som nehal prebehnut v safe mode ked skoncil restartol win a nic nefungovalo ziadna aplikacia..neviem ci to je normalne tak vam to pisem ,ked som ho restartol znova tak uz vsetko slo.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: pravdepodobne trojsky kon

#9 Příspěvek od vyosek »

:arrow: Logy mi prosim uploadnete sem http://leteckaposta.cz/

:arrow: Tohle je naposledy co resime nelegalni system, priste bude pomoc odmitnuta :!:

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

RegLock::
[HKEY_USERS\S-1-5-21-1714108043-953005013-203788322-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

DDS::
uStart Page = hxxp://start.icq.com/

File::
c:\windows\unrar.exe

Folder::
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
c:\windows\av_ico
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"=-
"Adobe Reader Speed Launcher"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"=-
"Malwarebytes' Anti-Malware (reboot)"=-

Restore::
c:\windows\System32\user32.dll

AtJob::

Driver::
Nero BackItUp Scheduler 3

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

Re: pravdepodobne trojsky kon

#10 Příspěvek od QuickShare »

http://leteckaposta.cz/128933447

ComboFix 11-07-19.03 - Hacker . 07. 2011 20:50:02.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1405 [GMT 2:00]
Running from: c:\users\Hacker\Desktop\ComboFix.exe
Command switches used :: c:\users\Hacker\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
.
Infected copy of c:\windows\System32\user32.dll was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!winsxs!x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16529_none_cd53a6e0ce7bcca7!user32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Nero BackItUp Scheduler 3
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 18:53 . 2011-07-19 18:55 -------- d-----w- c:\users\Hacker\AppData\Local\temp
2011-07-19 18:53 . 2011-07-19 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-19 10:03 . 2011-07-19 10:03 -------- d-----w- C:\Nový priečinok
2011-07-18 16:50 . 2011-07-19 14:22 -------- d-----w- c:\programdata\Kaspersky Lab
2011-07-18 16:41 . 2011-07-18 16:41 -------- d-----w- c:\program files\CCleaner
2011-07-18 14:15 . 2011-07-18 14:15 -------- d-----w- c:\users\Hacker\AppData\Roaming\Malwarebytes
2011-07-18 14:15 . 2011-07-18 14:15 -------- d-----w- c:\programdata\Malwarebytes
2011-07-18 14:15 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-18 14:15 . 2011-07-18 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-18 14:15 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-18 10:10 . 2011-07-19 14:36 -------- d-----w- c:\users\Hacker\AppData\Roaming\Spyware Terminator
2011-07-18 10:10 . 2011-07-18 10:10 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-18 10:10 . 2011-07-19 11:22 -------- d-----w- c:\program files\Spyware Terminator
2011-07-18 10:10 . 2011-07-18 15:58 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-17 22:37 . 2011-07-17 22:39 -------- d-----w- c:\users\Hacker\AppData\Local\Google
2011-07-17 22:34 . 2011-07-17 22:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 19:29 . 2011-06-26 19:29 -------- d-----w- c:\program files\Elaborate Bytes
2011-06-26 19:14 . 2011-06-26 19:14 -------- d-----w- c:\program files\East Imperial Soft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 07:24 . 2011-04-07 20:43 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:24 . 2011-04-07 20:43 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-25 07:24 . 2011-04-07 20:43 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 07:24 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:24 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:24 . 2011-04-07 20:43 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:24 . 2011-04-07 20:43 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-05-25 07:24 . 2011-06-11 14:21 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:24 . 2011-06-11 14:21 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-25 07:24 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-25 07:24 . 2011-06-11 14:21 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 07:24 . 2011-06-11 14:21 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 07:24 . 2011-06-11 14:21 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-25 07:24 . 2011-06-11 14:21 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 07:24 . 2011-06-11 14:21 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:24 . 2011-06-11 14:21 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:24 . 2011-06-11 14:21 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:24 . 2011-06-11 14:21 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:24 . 2011-06-11 14:21 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 07:24 . 2009-12-25 12:22 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 23:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-06-17 11:56 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2010-05-26 19:47 147456 ----a-w- c:\advanc~1\wh_exec.exe
.
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-06-17 13080]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-06 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-18 142592]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-17 7424]
.
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 62.168.65.19 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1714108043-953005013-203788322-1000\Software\SecuROM\License information*]
"datasecu"=hex:96,4b,c1,40,fe,27,e9,04,3f,82,92,9c,44,69,3a,f1,98,a1,ed,92,f7,
ef,2f,6a,56,cb,f2,b6,e9,ab,8e,5e,62,5a,66,78,b5,15,f9,a3,a8,27,98,6a,96,ba,\
"rkeysecu"=hex:6a,bb,8b,85,49,12,e9,82,46,7d,c3,e3,9a,61,bb,4d
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\ASUS\EPU-6 Engine\SixEngine.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2011-07-19 20:57:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 18:57
ComboFix2.txt 2011-07-19 10:21
.
Pre-Run: 16 137 355 264 bytes free
Post-Run: 16 589 660 160 bytes free
.
- - End Of File - - E4E5CE649C8F68EA916129E47011F391
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: pravdepodobne trojsky kon

#11 Příspěvek od vyosek »

Jak se chova PC :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

Re: pravdepodobne trojsky kon

#12 Příspěvek od QuickShare »

diky moc za cas :!:
pocitac sa sprava lepsie opera neide eset neide..IE uz bezi asi normalnee nacitava kompletne stranky..
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: pravdepodobne trojsky kon

#13 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: Odinstalujte Combofix
  • Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
  • Napiste ComboFix /UninstallA
  • Stisknete Enter
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :turned:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
QuickShare
Návštěvník
Návštěvník
Příspěvky: 136
Registrován: 18 črc 2011 10:35

Re: pravdepodobne trojsky kon

#14 Příspěvek od QuickShare »

log uz je cisty? no hlavne ten ESS4 ma zaujima ako ho rozbehnem? potom vire ostal nefunkcni..noo a opera tie neslape.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: pravdepodobne trojsky kon

#15 Příspěvek od vyosek »

:arrow: ESS je legalni = zakoupena licence :???: Dost o tom pochybuji kdyz i samotne windows byly cracknute :boxed:

:arrow: V Opere odstrante proxy server
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“