Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Mam podozrenie na Trojana

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Mam podozrenie na Trojana

#31 Příspěvek od vyosek »

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: Poprosim jeste o novy log z RSIT a napiste co PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Martin1982
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 12 pro 2008 13:18

Re: Mam podozrenie na Trojana

#32 Příspěvek od Martin1982 »

Cistenie cez T-Cleaner uz prebehlo, posielam LOG.

Logfile of random's system information tool 1.09 (written by random/random)
Run by OFFICE at 2011-10-12 18:26:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (46%) free of 18 GB
Total RAM: 1503 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:26:17, on 12.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programy instalacie\Winamp\winamp.exe
D:\Programy instalacie\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\OFFICE\Desktop\RSIT.exe
C:\Program Files\trend micro\OFFICE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cas.sk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe

--
End of file - 4597 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\OFFICE\Application Data\Mozilla\Firefox\Profiles\jk1lnkpq.default

prefs.js - "browser.startup.homepage" - "google.sk"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

D:\Programy instalacie\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

D:\Programy instalacie\components\
binary.manifest
browsercomps.dll

D:\Programy instalacie\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2008-04-14 208896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^OFFICE^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"D:\Programy instalacie\Winamp\winamp.exe"="D:\Programy instalacie\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-10-12 18:26:11 ----D---- C:\rsit
2011-10-12 14:04:01 ----D---- C:\Program Files\Defraggler
2011-10-08 15:58:01 ----RD---- C:\Program Files\Skype
2011-10-07 16:36:33 ----D---- C:\Program Files\Common Files\Adobe
2011-10-07 16:07:03 ----D---- C:\Documents and Settings\OFFICE\Application Data\Winamp
2011-10-03 20:00:03 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2011-10-03 19:59:55 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2011-10-03 19:59:22 ----D---- C:\WINDOWS\Logs
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\vxblock.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxwma.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxsfs.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxdrv.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011-10-03 19:58:29 ----N---- C:\WINDOWS\system32\pxwave.dll
2011-10-03 19:58:29 ----N---- C:\WINDOWS\system32\pxmas.dll
2011-10-03 19:58:29 ----N---- C:\WINDOWS\system32\px.dll
2011-10-03 19:58:24 ----D---- C:\Program Files\Winamp
2011-10-03 19:56:41 ----A---- C:\Program Files\winamp5621_full_emusic-7plus_all.exe
2011-10-01 14:20:03 ----A---- C:\Program Files\iTunesSetup.exe
2011-09-30 19:22:39 ----A---- C:\Program Files\Adobe Reader X.lnk
2011-09-30 17:22:05 ----D---- C:\Program Files\AVAST Software
2011-09-30 17:22:05 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-09-30 17:13:15 ----A---- C:\Program Files\dfsetup207.exe
2011-09-30 16:51:26 ----A---- C:\Program Files\Firefox Setup 7.0.exe
2011-09-30 13:24:49 ----D---- C:\Documents and Settings\OFFICE\Application Data\Malwarebytes
2011-09-30 13:24:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-09-30 13:24:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-09-29 17:19:16 ----D---- C:\Program Files\trend micro
2011-09-27 22:53:24 ----A---- C:\Program Files\ccsetup311.exe
2011-09-22 15:29:57 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-09-22 15:29:55 ----A---- C:\WINDOWS\system32\ptpusd.dll
2011-09-22 15:29:53 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-09-20 22:52:07 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

======List of files/folders modified in the last 1 month======

2011-10-12 18:25:50 ----D---- C:\WINDOWS\Prefetch
2011-10-12 18:25:23 ----SHD---- C:\System Volume Information
2011-10-12 18:25:23 ----D---- C:\WINDOWS\system32\Restore
2011-10-12 18:24:18 ----D---- C:\WINDOWS\Temp
2011-10-12 18:21:55 ----D---- C:\WINDOWS\system32
2011-10-12 18:21:55 ----D---- C:\WINDOWS
2011-10-12 14:08:03 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-10-12 14:06:08 ----RD---- C:\Program Files
2011-10-12 14:06:04 ----SD---- C:\WINDOWS\Tasks
2011-10-12 14:06:03 ----SHD---- C:\WINDOWS\Installer
2011-10-12 14:01:59 ----SD---- C:\Documents and Settings\OFFICE\Application Data\Microsoft
2011-10-12 13:54:16 ----D---- C:\Documents and Settings\OFFICE\Application Data\Skype
2011-10-09 11:14:37 ----D---- C:\WINDOWS\system32\drivers
2011-10-08 15:58:00 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-10-08 15:56:28 ----A---- C:\Program Files\SkypeSetup.exe
2011-10-07 17:29:09 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-07 17:03:56 ----D---- C:\Program Files\Windows Media Player
2011-10-07 16:59:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-07 16:59:22 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-10-07 16:59:20 ----HD---- C:\WINDOWS\inf
2011-10-07 16:40:20 ----A---- C:\WINDOWS\win.ini
2011-10-07 16:40:05 ----D---- C:\Program Files\WinRAR
2011-10-07 16:36:33 ----D---- C:\Program Files\Adobe
2011-10-07 16:32:42 ----D---- C:\WINDOWS\pss
2011-10-07 16:23:22 ----D---- C:\Program Files\CCleaner
2011-10-07 16:21:46 ----D---- C:\WINDOWS\Help
2011-10-07 16:21:45 ----D---- C:\Program Files\Windows Media Connect 2
2011-10-07 16:18:22 ----D---- C:\Program Files\Common Files
2011-10-07 16:18:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-10-07 16:15:26 ----D---- C:\Program Files\Mozilla Firefox
2011-10-07 16:01:15 ----D---- C:\Program Files\QuickTime
2011-10-07 16:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2011-10-03 20:00:06 ----D---- C:\WINDOWS\system32\DirectX
2011-10-03 11:00:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-03 10:01:44 ----D---- C:\Program Files\iTunes
2011-10-02 09:47:31 ----D---- C:\WINDOWS\WinSxS
2011-10-01 14:26:37 ----D---- C:\WINDOWS\system32\CatRoot
2011-09-30 20:19:44 ----D---- C:\Program Files\Google
2011-09-30 20:05:53 ----D---- C:\Documents and Settings\OFFICE\Application Data\Adobe
2011-09-30 17:17:44 ----D---- C:\Documents and Settings\OFFICE\Application Data\Mozilla
2011-09-29 21:22:49 ----D---- C:\WINDOWS\Debug
2011-09-29 08:34:20 ----A---- C:\WINDOWS\system32\MRT.exe
2011-09-16 10:30:30 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-01-13 30720]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2003-10-03 11264]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-09 4027840]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-01-07 432384]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys []
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LGScsiCommandService;LG SCSI command service; C:\WINDOWS\system32\LGScsiCommandService.exe [2010-04-12 47616]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Martin1982
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 12 pro 2008 13:18

Re: Mam podozrenie na Trojana

#33 Příspěvek od Martin1982 »

PC sa trochu zrychlilo..

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Mam podozrenie na Trojana

#34 Příspěvek od vyosek »

Log jiz OK, tam uz nic nevymyslime :?:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Martin1982
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 12 pro 2008 13:18

Re: Mam podozrenie na Trojana

#35 Příspěvek od Martin1982 »

Dakujem pekne za pomoc :-)

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Mam podozrenie na Trojana

#36 Příspěvek od vyosek »

I za kolegu, nemate zac :worship:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Martin1982
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 12 pro 2008 13:18

Re: Mam podozrenie na Trojana

#37 Příspěvek od Martin1982 »

Zdravim :-),
pisem odstupom par dni a PC sa opat vyrazne spomalilo, zda sa mi ze sa tak stalo po cisteni T-Cleaner-om..
Mozte sa mi nato prosim este raz pozriet?? Prikladam LOG.
Dakujem pekne


Logfile of random's system information tool 1.09 (written by random/random)
Run by OFFICE at 2011-10-16 10:14:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (28%) free of 18 GB
Total RAM: 1503 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:44, on 16.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programy instalacie\firefox.exe
D:\Programy instalacie\plugin-container.exe
C:\Documents and Settings\OFFICE\Desktop\RSIT.exe
C:\Program Files\trend micro\OFFICE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cas.sk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe

--
End of file - 4931 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\OFFICE\Application Data\Mozilla\Firefox\Profiles\jk1lnkpq.default

prefs.js - "browser.startup.homepage" - "google.sk"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

D:\Programy instalacie\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

D:\Programy instalacie\components\
binary.manifest
browsercomps.dll

D:\Programy instalacie\plugins\
npwachk.dll

D:\Programy instalacie\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\OFFICE\Application Data\Mozilla\Firefox\Profiles\jk1lnkpq.default\extensions\
toolbar@ask.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2008-04-14 208896]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-08-23 887976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^OFFICE^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"D:\Programy instalacie\Winamp\winamp.exe"="D:\Programy instalacie\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-10-15 08:23:38 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2011-10-14 11:28:10 ----D---- C:\Documents and Settings\OFFICE\Application Data\vlc
2011-10-13 11:33:57 ----D---- C:\WINDOWS\RegisteredPackages
2011-10-13 11:23:48 ----D---- C:\Program Files\Ask.com
2011-10-12 18:26:11 ----D---- C:\rsit
2011-10-12 14:04:01 ----D---- C:\Program Files\Defraggler
2011-10-08 15:58:01 ----RD---- C:\Program Files\Skype
2011-10-07 16:36:33 ----D---- C:\Program Files\Common Files\Adobe
2011-10-07 16:07:03 ----D---- C:\Documents and Settings\OFFICE\Application Data\Winamp
2011-10-03 20:00:03 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2011-10-03 19:59:55 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2011-10-03 19:59:22 ----D---- C:\WINDOWS\Logs
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\vxblock.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxwma.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxsfs.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxdrv.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2011-10-03 19:58:30 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011-10-03 19:58:29 ----N---- C:\WINDOWS\system32\pxwave.dll
2011-10-03 19:58:29 ----N---- C:\WINDOWS\system32\pxmas.dll
2011-10-03 19:58:29 ----N---- C:\WINDOWS\system32\px.dll
2011-10-03 19:58:24 ----D---- C:\Program Files\Winamp
2011-10-03 19:56:41 ----A---- C:\Program Files\winamp5621_full_emusic-7plus_all.exe
2011-10-01 14:20:03 ----A---- C:\Program Files\iTunesSetup.exe
2011-09-30 19:22:39 ----A---- C:\Program Files\Adobe Reader X.lnk
2011-09-30 17:22:05 ----D---- C:\Program Files\AVAST Software
2011-09-30 17:22:05 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-09-30 17:13:15 ----A---- C:\Program Files\dfsetup207.exe
2011-09-30 16:51:26 ----A---- C:\Program Files\Firefox Setup 7.0.exe
2011-09-30 13:24:49 ----D---- C:\Documents and Settings\OFFICE\Application Data\Malwarebytes
2011-09-30 13:24:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-09-30 13:24:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-09-29 17:19:16 ----D---- C:\Program Files\trend micro
2011-09-27 22:53:24 ----A---- C:\Program Files\ccsetup311.exe
2011-09-22 15:29:57 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-09-22 15:29:55 ----A---- C:\WINDOWS\system32\ptpusd.dll
2011-09-22 15:29:53 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-09-20 22:52:07 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

======List of files/folders modified in the last 1 month======

2011-10-16 10:03:42 ----D---- C:\WINDOWS\Temp
2011-10-16 09:58:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-16 09:57:59 ----D---- C:\WINDOWS\Prefetch
2011-10-15 08:24:03 ----D---- C:\WINDOWS
2011-10-15 08:23:38 ----D---- C:\WINDOWS\system32
2011-10-14 18:33:36 ----D---- C:\Documents and Settings\OFFICE\Application Data\Skype
2011-10-14 10:46:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-14 10:46:27 ----HD---- C:\WINDOWS\inf
2011-10-14 10:46:26 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-14 10:45:32 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-13 11:42:19 ----D---- C:\WINDOWS\security
2011-10-13 11:41:15 ----D---- C:\WINDOWS\Debug
2011-10-13 11:36:17 ----D---- C:\Program Files\Windows Media Player
2011-10-13 11:36:09 ----D---- C:\WINDOWS\system32\drivers
2011-10-13 11:25:08 ----D---- C:\Program Files\Mozilla Firefox
2011-10-13 11:24:08 ----SHD---- C:\WINDOWS\Installer
2011-10-13 11:24:04 ----SD---- C:\WINDOWS\Tasks
2011-10-13 11:23:48 ----RD---- C:\Program Files
2011-10-13 08:15:15 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 08:14:08 ----RSD---- C:\WINDOWS\assembly
2011-10-13 07:26:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-13 07:25:12 ----D---- C:\WINDOWS\WinSxS
2011-10-13 07:17:02 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-13 07:16:14 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-13 07:15:43 ----D---- C:\Program Files\Internet Explorer
2011-10-12 18:25:23 ----SHD---- C:\System Volume Information
2011-10-12 18:25:23 ----D---- C:\WINDOWS\system32\Restore
2011-10-12 14:01:59 ----SD---- C:\Documents and Settings\OFFICE\Application Data\Microsoft
2011-10-08 15:58:00 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-10-08 15:56:28 ----A---- C:\Program Files\SkypeSetup.exe
2011-10-07 16:59:22 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-10-07 16:40:20 ----A---- C:\WINDOWS\win.ini
2011-10-07 16:40:05 ----D---- C:\Program Files\WinRAR
2011-10-07 16:36:33 ----D---- C:\Program Files\Adobe
2011-10-07 16:32:42 ----D---- C:\WINDOWS\pss
2011-10-07 16:23:22 ----D---- C:\Program Files\CCleaner
2011-10-07 16:21:46 ----D---- C:\WINDOWS\Help
2011-10-07 16:21:45 ----D---- C:\Program Files\Windows Media Connect 2
2011-10-07 16:18:22 ----D---- C:\Program Files\Common Files
2011-10-07 16:18:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-10-07 16:01:15 ----D---- C:\Program Files\QuickTime
2011-10-07 16:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2011-10-03 20:00:06 ----D---- C:\WINDOWS\system32\DirectX
2011-10-03 11:00:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-03 10:35:11 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-10-03 10:01:44 ----D---- C:\Program Files\iTunes
2011-09-30 20:19:44 ----D---- C:\Program Files\Google
2011-09-30 20:05:53 ----D---- C:\Documents and Settings\OFFICE\Application Data\Adobe
2011-09-30 17:17:44 ----D---- C:\Documents and Settings\OFFICE\Application Data\Mozilla
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\oleacc.dll
2011-09-26 11:41:14 ----A---- C:\WINDOWS\system32\oleaccrc.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-01-13 30720]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2003-10-03 11264]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-09 4027840]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-01-07 432384]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys []
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LGScsiCommandService;LG SCSI command service; C:\WINDOWS\system32\LGScsiCommandService.exe [2010-04-12 47616]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Mam podozrenie na Trojana

#38 Příspěvek od vyosek »

:arrow: T-Cleaner to urcite nezpusobil, ten cisti po pouzitych utilitach

:arrow: Odinstalujte Ask.com, to je uzasne zpomalovadlo

:arrow: Jinak havet nevidno a nevidno i antivir :?:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

tuvok07
Přítel fóra
Přítel fóra
Příspěvky: 1198
Registrován: 07 bře 2007 17:10
Kontaktovat uživatele:

Re: Mam podozrenie na Trojana

#39 Příspěvek od tuvok07 »

To je úžasný. My tu lidem radíme a oni na naše rady dlabou.
Jestli vám tam antivir tak vadí, tak víte co? Odstřihněte PC od netu, zalijte betonem všechny zdířky na USB či externí disky - a pak ho fakt nebudete muset mít. :evil: Hlavně, že je tam na**aný ask.com.
Albert Einstein: Jen dvě věci jsou nekonečné - vesmír a lidská hloupost. Tím prvním si ovšem nejsem tak jist.

Martin1982
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 12 pro 2008 13:18

Re: Mam podozrenie na Trojana

#40 Příspěvek od Martin1982 »

Zdravim,

nejak ste sa nam tu rozohnil..Co sa tyka ASK tak to v systeme nevidim, keby som ho nasiel, odinstalujem ho.
Co sa tyka antiviru, mal som naistalovany Avast, a kedze som sa nebedel vo free verzii zorientovat odinstaloval som si ho, a som si plne vedomi, ze tu hrozi velke riziko nakazy.
Asi nie je vhodne, riesit probôematiku takymto navonok drsnym inak intelektualne PC naladenym stylom..
Navstevujem tuto stranku rad, vzdy ked som potreboval cpkolvek riesit ste mi mnohy ustretovo pomohli a vzdy som bol spokojni..Preto beriem Vas predosli mail ako ulet, a aj napriek tomu som rad, ze tu medzi nam,i ziju aj ludia, ktory bezystne poradia a pomozu a ze su vo svojom premesle profikmy..
Nach sa dari Martin

tuvok07
Přítel fóra
Přítel fóra
Příspěvky: 1198
Registrován: 07 bře 2007 17:10
Kontaktovat uživatele:

Re: Mam podozrenie na Trojana

#41 Příspěvek od tuvok07 »

Ask toolbar tam máte. Dokonce běží jeho updater.
C:\Program Files\Ask.com\Updater\Updater.exe
Omlouvám se za svůj sarkasmus - ale nedalo mi to. Pokud vám Avast nevyhovuje, jsou i jiná free řešení - Avira například. Pokud vám nevadí angličtina.
Přehled máte zde
http://www.viry.cz/forum/viewtopic.php?f=29&t=6152
Tak si vyberte. Všechny antiviry v tomto seznamu jsou námi vřele doporučovány. Po pravdě, běhat dnes po netu bez antiviru je velké riziko.
BTW co je ve free verzi Avastu tak těžkého na zorientování?
Albert Einstein: Jen dvě věci jsou nekonečné - vesmír a lidská hloupost. Tím prvním si ovšem nejsem tak jist.

Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:

Re: Mam podozrenie na Trojana

#42 Příspěvek od cernohous13 »

Pánové promiňte, že se vetřu - Ask nevidíš, tak ho zlikviduje OTM :wink:
Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\
Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]

:Files
C:\Program Files\Ask.com
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"ApnUpdater"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
Jinak v tvém posledním RSIT nic zlého nevidím - dáš nám současný?
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Mam podozrenie na Trojana

#43 Příspěvek od vyosek »

cernohous13 píše:Pánové promiňte, že se vetřu - Ask nevidíš, tak ho zlikviduje OTM
Thx kolego :thumbsup:
A pockame na soucastny RSIT

Jinak tez ovsem nevim co je na rozhrani Avastu neprehledneho, bezny user jej ani moc nepotrebuje. Ja mam na Avastu zapnuty jeste ten tichy rezim, takze o nem skoro ani nevim, kdyby se netocil ten oranzovej pomeranc dole..
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Odpovědět