Problem s viry!:(

Zpráva

wolfito · #1 Příspěvek od **wolfito** » 25 črc 2011 20:25

Zdravim.. Mam problem z virama. Jinak pocituju u nich ze me casto pada internet a třeba se nedostanu na stranky klasicky microsoft atd..
Konkretne se 4: ADSPY/Agent.8239400
ADSPY/Agent.663832
TR/Dropper.Gen Trojan
TR/Agent.35136 Trojan
A to jsem nedavno formatoval pc. Děkuju za pomoc

Hazu sem log z Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:23:54, on 25.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Internet\refreshlock\RefreshLock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\Alesek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alesek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\Alesek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Documents and Settings\Alesek\Dokumenty\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RefreshLock] D:\Internet\refreshlock\RefreshLock.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpnclient.exe" /tryauto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

#2 Příspěvek od **Rudy** » 25 črc 2011 20:40

Také zdravím!
Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 . Je podrobnější, než HijackThis.

wolfito · #3 Příspěvek od **wolfito** » 25 črc 2011 21:01

log z MBAM
Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

25.7.2011 22:00:02
mbam-log-2011-07-25 (21-58-49).txt

Typ: Rychlá kontrola
Kontrolované objekty: 136022
Uplynulý čas: 4 minut, 6 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Alesek\dokumenty\downloads\ciim1003.exe (Adware.Agent) -> No action taken.
c:\documents and settings\Alesek\dokumenty\downloads\ventrilo-2.1.4.exe (Trojan.Dropper) -> No action taken.

#4 Příspěvek od **Rudy** » 25 črc 2011 21:18

Vše, co MBAM nalezl, smažte.

wolfito · #5 Příspěvek od **wolfito** » 25 črc 2011 21:19

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

25.7.2011 22:18:16
mbam-log-2011-07-25 (22-18-16).txt

Typ: Rychlá kontrola
Kontrolované objekty: 136022
Uplynulý čas: 4 minut, 6 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Alesek\dokumenty\downloads\ciim1003.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Alesek\dokumenty\downloads\ventrilo-2.1.4.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

wolfito · #6 Příspěvek od **wolfito** » 25 črc 2011 21:20

Mam restartovat ?

#7 Příspěvek od **Rudy** » 25 črc 2011 21:28

Restartujte a zkuste, zda se něco změnilo.

wolfito · #8 Příspěvek od **wolfito** » 25 črc 2011 21:39

Avira AntiVir Personal
Report file date: 25. července 2011 20:44

Scanning for 2789985 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Alesek
Computer name : ALES

Version information:
BUILD.DAT : 10.0.0.650 31822 Bytes 17.6.2011 15:43:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 17.6.2011 10:36:21
AVSCAN.DLL : 10.0.3.0 46440 Bytes 17.6.2011 10:37:04
LUKE.DLL : 10.0.3.2 104296 Bytes 17.6.2011 10:36:49
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.2.2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9.2.2011 05:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 7.4.2011 10:36:57
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.5.2011 10:18:22
VBASE005.VDF : 7.11.8.179 2048 Bytes 31.5.2011 10:18:22
VBASE006.VDF : 7.11.8.180 2048 Bytes 31.5.2011 10:18:22
VBASE007.VDF : 7.11.8.181 2048 Bytes 31.5.2011 10:18:23
VBASE008.VDF : 7.11.8.182 2048 Bytes 31.5.2011 10:18:23
VBASE009.VDF : 7.11.8.183 2048 Bytes 31.5.2011 10:18:23
VBASE010.VDF : 7.11.8.184 2048 Bytes 31.5.2011 10:18:23
VBASE011.VDF : 7.11.8.185 2048 Bytes 31.5.2011 10:18:23
VBASE012.VDF : 7.11.8.186 2048 Bytes 31.5.2011 10:18:23
VBASE013.VDF : 7.11.8.222 121856 Bytes 2.6.2011 23:49:15
VBASE014.VDF : 7.11.9.7 134656 Bytes 4.6.2011 13:10:35
VBASE015.VDF : 7.11.9.42 136192 Bytes 6.6.2011 13:39:56
VBASE016.VDF : 7.11.9.72 117248 Bytes 7.6.2011 12:44:57
VBASE017.VDF : 7.11.9.107 130560 Bytes 9.6.2011 05:03:40
VBASE018.VDF : 7.11.9.143 132096 Bytes 10.6.2011 14:53:41
VBASE019.VDF : 7.11.9.172 141824 Bytes 14.6.2011 04:29:55
VBASE020.VDF : 7.11.9.214 144896 Bytes 15.6.2011 14:32:34
VBASE021.VDF : 7.11.9.244 196608 Bytes 16.6.2011 15:51:31
VBASE022.VDF : 7.11.9.245 2048 Bytes 16.6.2011 15:51:31
VBASE023.VDF : 7.11.9.246 2048 Bytes 16.6.2011 15:51:31
VBASE024.VDF : 7.11.9.247 2048 Bytes 16.6.2011 15:51:31
VBASE025.VDF : 7.11.9.248 2048 Bytes 16.6.2011 15:51:31
VBASE026.VDF : 7.11.9.249 2048 Bytes 16.6.2011 15:51:31
VBASE027.VDF : 7.11.9.250 2048 Bytes 16.6.2011 15:51:31
VBASE028.VDF : 7.11.9.251 2048 Bytes 16.6.2011 15:51:31
VBASE029.VDF : 7.11.9.252 2048 Bytes 16.6.2011 15:51:31
VBASE030.VDF : 7.11.9.253 2048 Bytes 16.6.2011 15:51:31
VBASE031.VDF : 7.11.10.5 45056 Bytes 17.6.2011 10:49:39
Engineversion : 8.2.5.20
AEVDF.DLL : 8.1.2.1 106868 Bytes 21.4.2011 05:53:28
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 15.6.2011 22:54:00
AESCN.DLL : 8.1.7.2 127349 Bytes 21.4.2011 05:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 15.6.2011 22:54:00
AERDL.DLL : 8.1.9.9 639347 Bytes 17.6.2011 10:36:10
AEPACK.DLL : 8.2.6.9 557429 Bytes 15.6.2011 22:54:00
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 15.6.2011 22:54:00
AEHEUR.DLL : 8.1.2.128 3547512 Bytes 15.6.2011 22:54:00
AEHELP.DLL : 8.1.17.2 246135 Bytes 15.6.2011 22:54:00
AEGEN.DLL : 8.1.5.6 401780 Bytes 15.6.2011 22:54:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 21.4.2011 05:53:14
AECORE.DLL : 8.1.21.1 196983 Bytes 15.6.2011 22:54:00
AEBB.DLL : 8.1.1.0 53618 Bytes 21.4.2011 05:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.4.2011 05:53:36
AVPREF.DLL : 10.0.0.0 44904 Bytes 17.6.2011 10:36:20
AVREP.DLL : 10.0.0.8 62209 Bytes 17.6.2011 10:36:20
AVREG.DLL : 10.0.3.2 53096 Bytes 17.6.2011 10:36:20
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 17.6.2011 10:36:21
AVARKT.DLL : 10.0.22.6 231784 Bytes 17.6.2011 10:36:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 17.6.2011 10:36:18
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.6.2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.4.2011 05:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21.4.2011 05:53:46
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 17.6.2011 10:37:06
RCTEXT.DLL : 10.0.58.0 97128 Bytes 17.6.2011 10:37:06

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:, G:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 25. července 2011 20:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'ts3client_win32.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'SbPFLnch.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RefreshLock.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1042' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Alesek\Dokumenty\Downloads\DivXWebPlayerInstaller.exe
[DETECTION] Contains recognition pattern of the ADSPY/Agent.8239400 adware or spyware
C:\WINDOWS\system32\dhlwuv.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'D:\'
D:\Internet\gamingharbor_installer.exe
[DETECTION] Contains recognition pattern of the ADSPY/Agent.663832 adware or spyware
D:\Internet\Taroky\Taroky - keygen.exe
[DETECTION] Is the TR/Agent.35136 Trojan
Begin scan in 'F:\' <My Disc>
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Zařízení není připraveno.

Beginning disinfection:
D:\Internet\Taroky\Taroky - keygen.exe
[DETECTION] Is the TR/Agent.35136 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d9565e2.qua'.
D:\Internet\gamingharbor_installer.exe
[DETECTION] Contains recognition pattern of the ADSPY/Agent.663832 adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '55074a45.qua'.
C:\WINDOWS\system32\dhlwuv.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '075b1b1d.qua'.
C:\Documents and Settings\Alesek\Dokumenty\Downloads\DivXWebPlayerInstaller.exe
[DETECTION] Contains recognition pattern of the ADSPY/Agent.8239400 adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '61565f7e.qua'.

End of the scan: 25. července 2011 21:16
Used time: 31:00 Minute(s)

The scan has been done completely.

6149 Scanned directories
165814 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
165810 Files not concerned
3440 Archives were scanned
0 Warnings
4 Notes

#9 Příspěvek od **Rudy** » 25 črc 2011 21:59

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

wolfito · #10 Příspěvek od **wolfito** » 25 črc 2011 23:19

Kdyz jsem delal ComboFix tak me to hodilo v 50 fazy asi modrou chybu a pocitalo tam asi nejakou pamet. potom RR pc a ted nevim co dal

wolfito · #11 Příspěvek od **wolfito** » 26 črc 2011 00:02

Sice jsem to udelal po druhy a modra chyba se ukazala zase ale stihlo se to nejak udelat. (hazelo to neco s cacheNECO.sys)

ComboFix 11-07-25.03 - Alesek 26.07.2011 0:40:27.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.225 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Alesek\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))

2011-07-25 19:49:51 . 2011-07-25 20:30:31 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-07-09 19:00:22 . 2011-07-18 10:48:53 -------- d-----w- C:\totalcmd
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-06-02 17:53:02 . 2011-06-02 17:53:02 94208 ----a-w- C:\WINDOWS\system32\dpl100.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 13:08:36 577536]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 19:05:00 7557120]
"nwiz"="nwiz.exe" [2006-02-13 19:05:00 1519616]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 19:05:00 86016]
"RefreshLock"="D:\Internet\refreshlock\RefreshLock.exe" [2003-10-15 19:53:50 193536]
"Kerio VPN Client"="C:\Program Files\Kerio\VPN Client\kvpnclient.exe" [2008-01-16 08:38:44 2646016]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 05:53:33 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:49:24 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-01-08 07:55:56 98304 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20:12 1305408 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56:16 1230704 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-09 19:04:51 136176 ----atw- C:\Documents and Settings\Alesek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51:12 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Games\\Steam\\Steam.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\Programy\\BIT\\BitTorrent.exe"=
"D:\\Games\\H3\\HEROES3.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"D:\\Games\\Steam\\steamapps\\cheif775\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8165:TCP"= 8165:TCP:bnyoew

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [25.7.2011 16:15:48 64512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [14.7.2011 11:53:53 218688]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [25.7.2011 16:38:45 270888]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [21.6.2008 4:54:54 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [25.7.2011 20:40:59 136360]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [19.7.2011 19:23:35 233472]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24:28 95528]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [19.7.2011 19:23:35 36608]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\drivers\SbFwIm.sys [25.7.2011 16:38:45 65576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [26.4.2011 2:00:18 2151640]
S2 msaux;gxpqategf;C:\WINDOWS\system32\svchost.exe -k netsvcs [17.8.2004 15:49:28 14336]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24:28 1365288]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\drivers\kvpndrv.sys [16.1.2008 9:58:58 65024]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [25.7.2011 21:49:56 38224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
msaux

Obsah adresáře 'Naplánované úlohy'

2011-07-25 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 00:00:18 . 2011-06-28 11:19:45]

2011-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57:16 . 2011-06-01 15:57:16]

------- Doplňkový sken -------

uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254 83.240.0.214 83.240.0.215

#12 Příspěvek od **Rudy** » 26 črc 2011 08:04

Otevřte poznámkový blok a zkopírujte do něj:

Driver::
msaux

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8165:TCP"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

wolfito · #13 Příspěvek od **wolfito** » 26 črc 2011 11:45

ComboFix 11-07-25.03 - Alesek 26.07.2011 12:11:24.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.188 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Alesek\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Alesek\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSAUX
-------\Service_msaux

((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))

2011-07-25 19:49:51 . 2011-07-25 20:30:31 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-07-09 19:00:22 . 2011-07-18 10:48:53 -------- d-----w- C:\totalcmd
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-06-02 17:53:02 . 2011-06-02 17:53:02 94208 ----a-w- C:\WINDOWS\system32\dpl100.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 13:08:36 577536]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 19:05:00 7557120]
"nwiz"="nwiz.exe" [2006-02-13 19:05:00 1519616]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 19:05:00 86016]
"RefreshLock"="D:\Internet\refreshlock\RefreshLock.exe" [2003-10-15 19:53:50 193536]
"Kerio VPN Client"="C:\Program Files\Kerio\VPN Client\kvpnclient.exe" [2008-01-16 08:38:44 2646016]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 05:53:33 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:49:24 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-01-08 07:55:56 98304 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20:12 1305408 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56:16 1230704 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-09 19:04:51 136176 ----atw- C:\Documents and Settings\Alesek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51:12 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Games\\Steam\\Steam.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\Programy\\BIT\\BitTorrent.exe"=
"D:\\Games\\H3\\HEROES3.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"D:\\Games\\Steam\\steamapps\\cheif775\\counter-strike\\hl.exe"=

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [25.7.2011 16:15:48 64512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [14.7.2011 11:53:53 218688]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [25.7.2011 16:38:45 270888]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [21.6.2008 4:54:54 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [25.7.2011 20:40:59 136360]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [19.7.2011 19:23:35 233472]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24:28 95528]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [19.7.2011 19:23:35 36608]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\drivers\SbFwIm.sys [25.7.2011 16:38:45 65576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [26.4.2011 2:00:18 2151640]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24:28 1365288]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\drivers\kvpndrv.sys [16.1.2008 9:58:58 65024]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [25.7.2011 21:49:56 38224]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK

Obsah adresáře 'Naplánované úlohy'

2011-07-26 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 00:00:18 . 2011-06-28 11:19:45]

2011-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57:16 . 2011-06-01 15:57:16]

------- Doplňkový sken -------

uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254 83.240.0.214 83.240.0.215

**************************************************************************

#14 Příspěvek od **Rudy** » 26 črc 2011 12:27

Smazáno, log již vypadá čistý. Nastala nějaká změna?

wolfito · #15 Příspěvek od **wolfito** » 26 črc 2011 12:34

Takhle asi zmenu nepoznam. Každopadně je to rychlejší všechno. To je vše?

VIRY.CZ

Problem s viry!:(

Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(

Re: Problem s viry!:(