Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Trojan.Win32.Zmunik.vf nejde internet

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
gabber
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 22 zář 2008 21:35
Kontaktovat uživatele:
Kontaktovat uživatele gabber

Trojan.Win32.Zmunik.vf nejde internet

#1 Příspěvek od gabber »

Dobrý deň z ničoho nič prestal ísť internet tak som dal skenovať v kaspersky internet security a ten mi našiel trojana Trojan.Win32.Zmunik.vf tak vraj ho odstránil ale stále mi nejde ten internet mal som pomenenú ip adresu a dns servery ako ho udajne kaspersky odstránil ip aj dns servery sedia tak ako majú byť ale stále mi nejde internet takže asi tam stale je tu je cesta čo údajne kaspersky odstránil Detected: Trojan.Win32.Zmunik.vf C:\System Volume Information\_restore{5654FA73-DAE9-4353-966E-F6F87F153618}\RP140\A0083042.dll/ASPack prikladám log z risitu

Logfile of random's system information tool 1.06 (written by random/random)
Run by Taro at 2010-04-20 15:16:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (46%) free of 30 GB
Total RAM: 1023 MB (62% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-10 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-04-10 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-10 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-09 65024]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe"="D:\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cfeb552-409a-11de-843a-000c76eebcce}]
shell\autoPlAy\command - G:\igkyc.exe
shell\AutoRun\command - G:\igkyc.exe
shell\expLoRE\command - G:\igkyc.exe
shell\OPEn\command - G:\igkyc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e799a5-ecad-11de-924f-000c76eebcce}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f68dec32-fa31-11de-9281-000c76eebcce}]
shell\AutoRun\command - G:\Launcher.exe


======List of files/folders created in the last 1 months======

2010-04-20 15:16:27 ----D---- C:\Program Files\trend micro
2010-04-20 15:16:26 ----D---- C:\rsit
2010-04-19 22:19:47 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-15 17:16:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-14 19:24:44 ----D---- C:\Kaspersky Activation Key File 09 April, 2010, 2009 With 2010
2010-04-01 22:36:42 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-04-20 15:16:27 ----D---- C:\Program Files
2010-04-20 15:14:42 ----D---- C:\WINDOWS\Temp
2010-04-20 15:14:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2010-04-19 22:27:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-19 22:20:04 ----D---- C:\Documents and Settings
2010-04-19 22:19:47 ----D---- C:\WINDOWS
2010-04-19 21:57:21 ----D---- C:\WINDOWS\Prefetch
2010-04-19 21:21:49 ----D---- C:\WINDOWS\system32
2010-04-19 20:49:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-19 13:37:35 ----D---- C:\Documents and Settings\Taro\Data aplikací\Skype
2010-04-17 12:44:00 ----D---- C:\Documents and Settings\Taro\Data aplikací\skypePM
2010-04-16 16:57:41 ----D---- C:\WINDOWS\system32\drivers
2010-04-16 16:57:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-04-16 16:57:34 ----SD---- C:\WINDOWS\Tasks
2010-04-15 17:16:13 ----D---- C:\Program Files\Common Files
2010-04-14 19:25:01 ----D---- C:\Documents and Settings\Taro\Data aplikací\uTorrent
2010-04-13 22:16:31 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-12 15:33:25 ----D---- C:\WINDOWS\system32\Macromed
2010-04-12 11:16:50 ----D---- C:\Program Files\Lineage II
2010-04-11 18:23:22 ----SHD---- C:\WINDOWS\CSC
2010-04-11 16:11:50 ----D---- C:\Program Files\CCleaner
2010-04-11 16:08:49 ----SHD---- C:\WINDOWS\Installer
2010-04-07 13:32:09 ----D---- C:\Documents and Settings\Taro\Data aplikací\BSplayer PRO
2010-04-06 15:53:25 ----D---- C:\Program Files\uTorrent
2010-04-02 20:26:51 ----D---- C:\Program Files\Mozilla Firefox
2010-03-28 09:22:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-25 20:26:55 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-05-11 226832]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-18 610988]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-05-21 25280]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-17 31744]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-12 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1ca14f7e99ab1ec;Služba Google Update (gupdate1ca14f7e99ab1ec); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------








info.txt logfile of random's system information tool 1.06 2010-04-20 15:16:32

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent CZ 1.8.1 (build 12639)-->"C:\Program Files\uTorrent\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A70000000000}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
BS.Player PRO-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DeepBurner Pro v1.9.0.228-->"C:\Program Files\Astonsoft\DeepBurner Pro\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner Pro\install.log" -u
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1045\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
High Quality Photo Resizer 1.60-->"C:\Program Files\High Quality Photo Resizer\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
K-Lite Mega Codec Pack 4.1.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lineage II-->C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Opera 10.51-->MsiExec.exe /X{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}
Oprava Hotfix systému Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

216.107.250.194 nprotect.lineage2.com

======Security center information======

AV: Kaspersky Internet Security (outdated)
FW: Kaspersky Internet Security

======System event log======

Computer Name: TAROXXXXXXX
Event Code: 26
Message: Místní nabídka aplikace: : Machine Check: Regs

Record Number: 25525
Source Name: Application Popup
Time Written: 20100328143933.000000+120
Event Type: Informace
User:

Computer Name: TAROXXXXXXX
Event Code: 26
Message: Místní nabídka aplikace: : Machine Check:

Record Number: 25524
Source Name: Application Popup
Time Written: 20100328143933.000000+120
Event Type: Informace
User:

Computer Name: TAROXXXXXXX
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 25523
Source Name: EventLog
Time Written: 20100328143906.000000+120
Event Type: Informace
User:

Computer Name: TAROXXXXXXX
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 25522
Source Name: EventLog
Time Written: 20100328143906.000000+120
Event Type: Informace
User:

Computer Name: TAROXXXXXXX
Event Code: 6006
Message: Služba Event Log byla zastavena.

Record Number: 25521
Source Name: EventLog
Time Written: 20100328131443.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: TAROXXXXXXX
Event Code: 102
Message: wuaueng.dll (1636) SUS20ClientDataStore: Databázový stroj spustil novou instanci (0).

Record Number: 5258
Source Name: ESENT
Time Written: 20091226115204.000000+060
Event Type: Informace
User:

Computer Name: TAROXXXXXXX
Event Code: 100
Message: wuauclt (1636) Databázový stroj 5.01.2600.2180 byl spuštěn.

Record Number: 5257
Source Name: ESENT
Time Written: 20091226115204.000000+060
Event Type: Informace
User:

Computer Name: TAROXXXXXXX
Event Code: 0
Message:
Record Number: 5256
Source Name: gupdate1ca14f7e99ab1ec
Time Written: 20091226115138.000000+060
Event Type: Informace
User:

Computer Name: TAROXXXXXXX
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 5255
Source Name: SecurityCenter
Time Written: 20091226115110.000000+060
Event Type: Informace
User:

Computer Name: TAROXXXXXXX
Event Code: 0
Message:
Record Number: 5254
Source Name: gupdate1ca14f7e99ab1ec
Time Written: 20091226115103.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Trojan.Win32.Zmunik.vf nejde internet

#2 Příspěvek od Caroprd111 »

Zdravím :)


Obrázek Vložte do PC všechny flash disky, které používáte.

Obrázek Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
  • Spusťte, poté zvolte jazyk E - Enter
  • Zvolte 2 - Enter (je možný restart PC)
  • Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
  • Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
  • Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:
  • Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
  • Během skenování může být počítač restartován.


Obrázek Doporučuji odinstalovat µTorrent

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.
Obrázek
Nahoru
gabber
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 22 zář 2008 21:35
Kontaktovat uživatele:
Kontaktovat uživatele gabber

Re: Trojan.Win32.Zmunik.vf nejde internet

#3 Příspěvek od gabber »

no takže internet už ide ale ako som daval combofix tak sa reštartol pc a zasek sa mi spustil kaspersky tak začal vyhadzovat nejake subory že či chcem povoliť tak som dal všetko zakázať a terza mi nejde aktualizovat a ešte pri combofixe spustení chcel nainštalovať tu obnovovaciu konzolu tak som musel dať nie lebo by to stahoval z internetu a ten mi ešte nešiel



ComboFix 10-04-19.07 - Taro 20.04.2010 17:11:56.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.740 [GMT 2:00]
Spuštěný z: c:\documents and settings\Taro\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-20 do 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 15:05 . 2010-04-20 15:05 2609 ----a-w- C:\UsbFix_Upload_Me_TAROXXXXXXX.zip
2010-04-20 14:54 . 2010-04-20 15:05 -------- d-----w- C:\UsbFix
2010-04-20 13:16 . 2010-04-20 13:16 -------- d-----w- c:\program files\trend micro
2010-04-20 13:16 . 2010-04-20 13:16 -------- d-----w- C:\rsit
2010-04-15 15:16 . 2010-04-16 14:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-14 17:24 . 2010-04-14 17:25 -------- d-----w- C:\Kaspersky Activation Key File 09 April, 2010, 2009 With 2010
2010-04-01 20:36 . 2010-04-01 20:36 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 15:15 . 2009-05-11 18:14 409632 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-20 15:15 . 2009-05-11 18:14 3528 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-20 15:15 . 2009-05-11 18:14 1734688 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-20 15:15 . 2009-05-11 18:14 15680 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-12 09:16 . 2010-02-13 10:09 -------- d-----w- c:\program files\Lineage II
2010-04-11 14:11 . 2009-05-14 12:01 -------- d-----w- c:\program files\CCleaner
2010-04-06 13:53 . 2009-05-15 17:09 -------- d-----w- c:\program files\uTorrent
2010-03-28 07:22 . 2001-10-25 12:00 78716 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:22 . 2001-10-25 12:00 431654 ----a-w- c:\windows\system32\perfh005.dat
2010-03-25 18:26 . 2009-05-14 11:47 -------- d-----w- c:\program files\Opera
2010-03-12 09:37 . 2010-03-12 09:37 -------- d-----w- c:\program files\Common Files\Java
2010-03-12 09:36 . 2009-08-27 15:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-12 09:36 . 2010-03-12 09:36 -------- d-----w- c:\program files\Java
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 17:29 33808]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11.5.2009 20:07 77312]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.3.2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.4.2008 17:06 24592]
S2 gupdate1ca14f7e99ab1ec;Služba Google Update (gupdate1ca14f7e99ab1ec);c:\program files\Google\Update\GoogleUpdate.exe [4.8.2009 13:37 133104]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [30.5.2009 18:16 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [30.5.2009 18:16 53312]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [19.12.2009 17:03 89256]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 11:37]

2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 11:37]
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Taro\Data aplikací\Mozilla\Firefox\Profiles\y58snwtx.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Atualizacao - d:\la\1k pvp\Uninstal.exe
AddRemove-L2Rox - d:\la\server rox 6k\Uninstal.exe
AddRemove-System - d:\la\1k pvp\Uninstal.exe
AddRemove-Tex - d:\la\1k pvp\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 17:23
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(516)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-20 17:25:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-20 15:25

Před spuštěním: Volných bajtů: 14 404 182 016
Po spuštění: Volných bajtů: 14 329 401 344

- - End Of File - - 50E35D914EC3A0758ABD1F17F1EEA761
















############################## | UsbFix V6.106 |

User : Taro (Administrators) # TAROXXXXXXX
Update on 19/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:58:38 | 20.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) XP 2400+
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Kaspersky Internet Security 8.0.0.506 [ Enabled | (!) Outdated ]
FW : Kaspersky Internet Security[ Enabled ]8.0.0.506

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 29,29 Go (13,44 Go free) # NTFS
D:\ -> Místní pevný disk # 47,39 Go (14,44 Go free) # NTFS
E:\ -> Disk CD-ROM
F:\ -> Disk CD-ROM
G:\ -> Vyměnitelný disk # 3,76 Go (2,4 Go free) [YXO USB] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-1715567821-1965331169-839522115-1003
Deleted ! D:\Recycler\S-1-5-21-1715567821-1965331169-839522115-1003
Deleted ! D:\Recycler\S-1-5-21-220523388-1979792683-725345543-1003
Deleted ! D:\Recycler\S-1-5-21-220523388-1979792683-725345543-500
Deleted ! G:\winamp_cache_0001.xml

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{5cfeb552-409a-11de-843a-000c76eebcce}\Shell\autoPlAy\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{e4e799a5-ecad-11de-924f-000c76eebcce}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f68dec32-fa31-11de-9281-000c76eebcce}\Shell\AutoRun\Command

################## | Listing of the present files |

[24.05.2009 19:55|--a------|1270] C:\001-0040.bmp
[24.05.2009 20:44|--a------|1270] C:\14600000.bmp
[11.05.2009 19:53|--a------|0] C:\AUTOEXEC.BAT
[24.05.2009 19:52|--a------|1270] C:\bm-a5600.bmp
[11.05.2009 19:43|---hs----|211] C:\boot.ini
[25.10.2001 14:00|-rahs----|4952] C:\Bootfont.bin
[11.05.2009 19:53|--a------|0] C:\CONFIG.SYS
[14.03.2010 02:19|--a------|190] C:\drwtsn32.log
[31.05.2009 02:54|--a------|2332] C:\hGuard.txt
[?|?|?] C:\hiberfil.sys
[11.05.2009 19:53|-rahs----|0] C:\IO.SYS
[11.05.2009 19:53|-rahs----|0] C:\MSDOS.SYS
[03.08.2004 22:38|-rahs----|47564] C:\NTDETECT.COM
[03.08.2004 22:59|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[24.05.2009 19:37|--a------|630] C:\pk.bmp
[20.04.2010 17:05|--a------|2396] C:\UsbFix.txt
[24.10.2008 12:15|--a------|48493] D:\23102008-sasinkovo.png
[12.12.2006 09:26|--a------|733247488] D:\Baraka.avi
[04.08.2009 13:35|--a------|21133528] D:\DivXInstaller.exe
[19.03.2009 20:44|--a------|3341] D:\hc.txt
[06.09.2008 12:03|--a------|32] D:\live.m3u
[16.11.2008 13:58|--a------|30720] D:\opera odkazy.doc
[06.09.2009 23:31|--a------|9089880] D:\Opera_1000_int_Setup.exe
[09.11.2009 20:51|--a------|472411] D:\P1010363.jpg
[12.12.2009 15:55|--a------|5851303] D:\P1020090.JPG
[12.12.2009 15:55|--a------|5724300] D:\P1020091.JPG
[15.12.2009 17:18|--a------|1000071] D:\P1020096.JPG
[09.09.2008 18:28|--a------|88379] D:\PBT_2bc_den taro rozvrh.pdf
[30.08.2008 14:27|--a------|2986038] D:\plocha.bmp
[28.08.2009 21:12|--a------|19968] D:\SF.doc
[06.01.2010 15:41|--ahs----|29696] D:\Thumbs.db
[16.02.2010 20:07|---h-----|30607] D:\treeinfo.wc
[11.04.2010 17:12|--a------|3006557] D:\Video069.3gp
[13.03.2009 13:34|--a------|30208] D:\vypracovan‚ ot zky.doc
[01.04.2010 13:56|--a------|41] G:\pmp_usb.ini
[15.12.2007 23:16|--a------|7569963] G:\Lubricants and Lubrication, 2nd Ed, Wiley (2007), 3527314970.pdf
[17.04.2010 15:13|--a------|35328] G:\Kopie - modern‚ sp“soby skŁçania olejov.doc
[13.04.2010 15:53|--a------|40448] G:\modern‚ sp“soby skŁçania olejov.doc
[15.04.2010 16:19|--a------|159232] G:\Sablona_ZP SPU_5.dot

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# G:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_TAROXXXXXXX.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.106 ! |
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Trojan.Win32.Zmunik.vf nejde internet

#4 Příspěvek od Caroprd111 »

Obrázek Soubor C:\UsbFix_Upload_Me_TAROXXXXXXX.zip prosím uložte na http://chiquitine.changelog.fr/Sample/Upload.php


Jak to vypadá s PC :???:
Obrázek
Nahoru
gabber
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 22 zář 2008 21:35
Kontaktovat uživatele:
Kontaktovat uživatele gabber

Re: Trojan.Win32.Zmunik.vf nejde internet

#5 Příspěvek od gabber »

hotovo ten subor odoslany no pc už ide ale vždy musím vypnúť kasperskyho inak nejde internet asi to bude tým že som nepovolil nejaké tie súbory pri combofixe ked sa reštartol pc a znovu sa spustil a chcel povoliť tie súbory
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Trojan.Win32.Zmunik.vf nejde internet

#6 Příspěvek od Caroprd111 »

KIS přeinstalujte a dejte nový log z rSIT.
Obrázek
Nahoru
gabber
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 22 zář 2008 21:35
Kontaktovat uživatele:
Kontaktovat uživatele gabber

Re: Trojan.Win32.Zmunik.vf nejde internet

#7 Příspěvek od gabber »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Taro at 2010-04-20 18:31:59
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (49%) free of 30 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:27, on 20.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Taro\Plocha\RSIT.exe
C:\Program Files\trend micro\Taro.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: &Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Služba Google Update (gupdate1ca14f7e99ab1ec) (gupdate1ca14f7e99ab1ec) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4678 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-10 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-04-10 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-10 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-09 65024]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe"="D:\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-20 18:14:38 ----D---- C:\Program Files\Kaspersky Lab
2010-04-20 18:14:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2010-04-20 18:14:34 ----D---- C:\WINDOWS\LastGood
2010-04-20 17:25:49 ----A---- C:\ComboFix.txt
2010-04-20 17:10:52 ----A---- C:\WINDOWS\zip.exe
2010-04-20 17:10:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-20 17:10:52 ----A---- C:\WINDOWS\SWSC.exe
2010-04-20 17:10:52 ----A---- C:\WINDOWS\SWREG.exe
2010-04-20 17:10:52 ----A---- C:\WINDOWS\sed.exe
2010-04-20 17:10:52 ----A---- C:\WINDOWS\PEV.exe
2010-04-20 17:10:52 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-20 17:10:52 ----A---- C:\WINDOWS\MBR.exe
2010-04-20 17:10:52 ----A---- C:\WINDOWS\grep.exe
2010-04-20 17:10:46 ----D---- C:\WINDOWS\ERDNT
2010-04-20 17:10:40 ----D---- C:\Qoobox
2010-04-20 17:05:32 ----RAD---- C:\autorun.inf
2010-04-20 16:57:33 ----A---- C:\UsbFix.txt
2010-04-20 16:54:11 ----D---- C:\UsbFix
2010-04-20 15:16:27 ----D---- C:\Program Files\trend micro
2010-04-20 15:16:26 ----D---- C:\rsit
2010-04-19 22:19:47 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-15 17:16:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-01 22:36:42 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-04-20 18:18:37 ----D---- C:\WINDOWS\Temp
2010-04-20 18:16:36 ----D---- C:\WINDOWS
2010-04-20 18:15:39 ----SHD---- C:\WINDOWS\Installer
2010-04-20 18:15:30 ----D---- C:\WINDOWS\system32\drivers
2010-04-20 18:15:16 ----HD---- C:\WINDOWS\inf
2010-04-20 18:15:08 ----D---- C:\WINDOWS\system32
2010-04-20 18:14:38 ----D---- C:\Program Files
2010-04-20 18:14:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-20 18:10:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-20 17:17:57 ----A---- C:\WINDOWS\system.ini
2010-04-20 17:15:03 ----D---- C:\WINDOWS\system32\config
2010-04-20 17:13:48 ----D---- C:\WINDOWS\AppPatch
2010-04-20 17:13:43 ----D---- C:\Program Files\Common Files
2010-04-20 16:54:21 ----D---- C:\WINDOWS\Prefetch
2010-04-19 22:20:04 ----D---- C:\Documents and Settings
2010-04-19 13:37:35 ----D---- C:\Documents and Settings\Taro\Data aplikací\Skype
2010-04-17 12:44:00 ----D---- C:\Documents and Settings\Taro\Data aplikací\skypePM
2010-04-16 16:57:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-04-16 16:57:34 ----SD---- C:\WINDOWS\Tasks
2010-04-14 19:25:01 ----D---- C:\Documents and Settings\Taro\Data aplikací\uTorrent
2010-04-13 22:16:31 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-12 15:33:25 ----D---- C:\WINDOWS\system32\Macromed
2010-04-12 11:16:50 ----D---- C:\Program Files\Lineage II
2010-04-11 18:23:22 ----SHD---- C:\WINDOWS\CSC
2010-04-11 16:11:50 ----D---- C:\Program Files\CCleaner
2010-04-07 13:32:09 ----D---- C:\Documents and Settings\Taro\Data aplikací\BSplayer PRO
2010-04-06 15:53:25 ----D---- C:\Program Files\uTorrent
2010-04-02 20:26:51 ----D---- C:\Program Files\Mozilla Firefox
2010-03-28 09:22:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-25 20:26:55 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-04-20 315408]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-18 610988]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-17 31744]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-05-21 25280]
S3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-12 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1ca14f7e99ab1ec;Služba Google Update (gupdate1ca14f7e99ab1ec); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Trojan.Win32.Zmunik.vf nejde internet

#8 Příspěvek od Caroprd111 »

Obrázek Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter



Obrázek Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
  • Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
  • Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Obrázek Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
  • Spusťte.
  • Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Obrázek Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
  • Spusťte.
  • Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)


Obrázek Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
  • Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

    Obrázek Záložka Čistič
  • Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

    Obrázek Záložka Registry
  • Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
    Obrázek OK Obrázek Zavřít


Obrázek Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100
Obrázek
Nahoru
gabber
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 22 zář 2008 21:35
Kontaktovat uživatele:
Kontaktovat uživatele gabber

Re: Trojan.Win32.Zmunik.vf nejde internet

#9 Příspěvek od gabber »

ďakujem velmi pekne za vašu námahu a chcel by som sa ešte spýtať či môžem použiť TFC aj niekedy inokedy lebo to vymazáva tempary internet files čo su tie nepotrebne internetove subory ako napr. ccleaner
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Trojan.Win32.Zmunik.vf nejde internet

#10 Příspěvek od Caroprd111 »

TFC můžete používat, není to problém. :)
Obrázek
Nahoru
gabber
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 22 zář 2008 21:35
Kontaktovat uživatele:
Kontaktovat uživatele gabber

Re: Trojan.Win32.Zmunik.vf nejde internet

#11 Příspěvek od gabber »

ešte raz ďakujem velmi pekne pc ide ako hodinky prajem vela uspechov pri dalšom bojovaní s virmy :lol:
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Trojan.Win32.Zmunik.vf nejde internet

#12 Příspěvek od Caroprd111 »

Nemáte zač :)
Obrázek
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“