klavesnica virus rozne znaky

Zpráva

pedrodes · #1 Příspěvek od **pedrodes** » 21 črc 2010 08:28

Dobry den,
kolega ma problem, ze mu klavesnica pise ine znaky ako su napr. ked stlaci A vypisu sa 4 znaky. asi to bude virus ale ani NOD ani spyware nic nenasiel.
prikladam log HJT
dakujem za odpoved

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:10:43, on 21.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\S4TSR.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gis/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7431 bytes

#2 Příspěvek od **JaRon** » 21 črc 2010 08:36

ahoj,
je tam

stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim

akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

pedrodes · #3 Příspěvek od **pedrodes** » 21 črc 2010 09:09

Ahoj prikladam ten combofix log:

ComboFix 10-07-20.03 - Peto Lapin 21.07.2010 9:49.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1503.943 [GMT 2:00]
Running from: c:\documents and settings\Peto Lapin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\B32.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\B64.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 07:10 . 2010-07-21 07:10 388096 ----a-r- c:\documents and settings\Peto Lapin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-21 07:10 . 2010-07-21 07:10 -------- d-----w- c:\program files\Trend Micro
2010-07-20 13:51 . 2010-07-20 13:51 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-14 13:18 . 2010-07-14 13:18 -------- d-----w- c:\program files\Aide PDF to DXF Converter
2010-07-14 05:32 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-01 12:58 . 2010-07-01 12:58 -------- d-----w- c:\program files\Windows Live
2010-07-01 12:54 . 2010-07-01 12:54 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 07:11 . 2010-01-08 07:28 1 ----a-w- c:\documents and settings\Peto Lapin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-21 06:44 . 2010-01-07 14:04 -------- d-----w- c:\documents and settings\Peto Lapin\Application Data\Spyware Terminator
2010-07-21 06:41 . 2010-02-04 14:43 -------- d-----w- c:\program files\Crawler
2010-07-20 13:55 . 2010-01-07 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-07-20 13:51 . 2010-04-13 05:49 -------- d-----w- c:\documents and settings\Peto Lapin\Application Data\Audacity
2010-07-20 12:29 . 2010-01-07 09:07 -------- d-----w- c:\program files\Advanced PC Tweaker
2010-07-14 13:17 . 2010-01-07 09:04 -------- d-----w- c:\documents and settings\Peto Lapin\Application Data\XnView
2010-07-14 06:49 . 2009-12-31 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-08 10:22 . 2010-01-07 14:04 -------- d-----w- c:\program files\Spyware Terminator
2010-06-28 07:05 . 2009-12-31 08:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-17 12:59 . 2010-06-17 12:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-14 14:31 . 2009-12-29 13:05 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-25 06:26 . 2010-05-21 08:37 -------- d-----w- c:\program files\DivX
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-07 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisableEHCI"="c:\windows\S4TSR.EXE" [2004-05-05 28672]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SiSPower"="SiSPower.dll" [2004-09-02 49152]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-09-06 487424]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-07 2166784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2010-1-7 331776]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 15:24 93336]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7.1.2010 16:05 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 15:23 727720]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [7.1.2010 13:25 90112]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6.5.2008 16:06 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2010-01-07 16:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gis/
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
.
.
------- File Associations -------
.
.scr=MicroStation Resource
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 09:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&61aaa01&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-21 10:04:19
ComboFix-quarantined-files.txt 2010-07-21 08:04

Pre-Run: 4 599 189 504 bytes free
Post-Run: 6 815 797 248 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 40ECA155F0FF1A4DFEEAF0B3422BF7CA

pedrodes · #4 Příspěvek od **pedrodes** » 21 črc 2010 09:16

restartli sme pocitac a problem stale pretrvava...

#5 Příspěvek od **JaRon** » 21 črc 2010 09:19

prescanuj PC s MBAM - log vloz + aktualny log RSIT

pedrodes · #6 Příspěvek od **pedrodes** » 21 črc 2010 10:30

MBAB nenasiel nic tu je log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.7.2010 11:24:33
mbam-log-2010-07-21 (11-24-33).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 172910
Uplynulý čas: 41 min, 25 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

a log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Peto Lapin at 2010-07-21 11:26:27
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (17%) free of 38 GB
Total RAM: 1503 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\One-Click Tweak.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-06-23 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2010-06-23 1241448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DisableEHCI"=C:\WINDOWS\S4TSR.EXE [2004-05-05 28672]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"SiSPower"=SiSPower.dll,ModeAgent []
"PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008]
"DT ACR"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2008-06-06 81920]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2005-09-06 487424]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-07 2166784]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-11 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-01-07 3037696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-12-11 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Google\Google SketchUp 7\SketchUp.exe"="C:\Program Files\Google\Google SketchUp 7\SketchUp.exe:*:Enabled:SketchUp Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\Temp\alg.exe"="C:\WINDOWS\Temp\alg.exe:*:Enabled:Application Layer Gateway Service"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell"

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-07-21 10:35:12 ----D---- C:\Documents and Settings\Peto Lapin\Application Data\Malwarebytes
2010-07-21 10:34:03 ----D---- C:\rsit
2010-07-21 10:31:47 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-21 10:31:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-21 10:31:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-21 10:31:44 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-21 10:04:22 ----D---- C:\WINDOWS\temp
2010-07-21 10:04:20 ----A---- C:\ComboFix.txt
2010-07-21 09:48:14 ----A---- C:\Boot.bak
2010-07-21 09:48:08 ----RASHD---- C:\cmdcons
2010-07-21 09:46:26 ----A---- C:\WINDOWS\zip.exe
2010-07-21 09:46:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-21 09:46:26 ----A---- C:\WINDOWS\SWSC.exe
2010-07-21 09:46:26 ----A---- C:\WINDOWS\SWREG.exe
2010-07-21 09:46:26 ----A---- C:\WINDOWS\sed.exe
2010-07-21 09:46:26 ----A---- C:\WINDOWS\PEV.exe
2010-07-21 09:46:26 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-21 09:46:26 ----A---- C:\WINDOWS\MBR.exe
2010-07-21 09:46:26 ----A---- C:\WINDOWS\grep.exe
2010-07-21 09:46:19 ----D---- C:\WINDOWS\ERDNT
2010-07-21 09:42:40 ----D---- C:\Qoobox
2010-07-21 09:10:00 ----D---- C:\Program Files\Trend Micro
2010-07-14 15:18:32 ----D---- C:\Program Files\Aide PDF to DXF Converter
2010-07-14 08:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-01 14:58:08 ----D---- C:\Program Files\Windows Live
2010-07-01 14:54:00 ----D---- C:\Program Files\Common Files\Windows Live

======List of files/folders modified in the last 1 months======

2010-07-21 10:35:07 ----A---- C:\WINDOWS\wincmd.ini
2010-07-21 10:31:47 ----D---- C:\WINDOWS\system32\drivers
2010-07-21 10:31:44 ----RD---- C:\Program Files
2010-07-21 10:31:05 ----D---- C:\WINDOWS\Prefetch
2010-07-21 10:12:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-21 10:04:22 ----D---- C:\WINDOWS
2010-07-21 09:58:51 ----A---- C:\WINDOWS\system.ini
2010-07-21 09:58:39 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-21 09:53:59 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2010-07-21 09:52:08 ----D---- C:\WINDOWS\system32
2010-07-21 09:52:08 ----D---- C:\WINDOWS\AppPatch
2010-07-21 09:52:05 ----D---- C:\Program Files\Common Files
2010-07-21 09:48:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-21 09:48:14 ----RASH---- C:\boot.ini
2010-07-21 09:10:04 ----SHD---- C:\WINDOWS\Installer
2010-07-21 08:44:54 ----D---- C:\Documents and Settings\Peto Lapin\Application Data\Spyware Terminator
2010-07-21 08:44:36 ----A---- C:\WINDOWS\setuplog.txt
2010-07-21 08:44:30 ----A---- C:\WINDOWS\system32\wpa.bak
2010-07-21 08:41:15 ----D---- C:\Program Files\Crawler
2010-07-21 08:33:27 ----D---- C:\Install
2010-07-20 15:55:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-07-20 15:52:13 ----D---- C:\WINDOWS\system32\config
2010-07-20 15:51:56 ----D---- C:\WINDOWS\system32\wbem
2010-07-20 15:51:55 ----D---- C:\WINDOWS\Registration
2010-07-20 15:51:44 ----D---- C:\Documents and Settings\Peto Lapin\Application Data\Audacity
2010-07-20 15:51:20 ----D---- C:\WINDOWS\system32\Restore
2010-07-20 14:29:27 ----D---- C:\Program Files\Advanced PC Tweaker
2010-07-14 15:17:30 ----D---- C:\Documents and Settings\Peto Lapin\Application Data\XnView
2010-07-14 08:49:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-14 08:45:53 ----HD---- C:\WINDOWS\inf
2010-07-14 08:45:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 08:45:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-08 12:22:44 ----D---- C:\Program Files\Spyware Terminator
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-01 14:53:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-06-29 08:17:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-28 09:05:33 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-28 09:04:20 ----D---- C:\WINDOWS\network diagnostic
2010-06-28 08:36:18 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-28 08:36:11 ----RSD---- C:\WINDOWS\assembly
2010-06-25 16:28:28 ----D---- C:\WINDOWS\WinSxS
2010-06-23 14:52:59 ----D---- C:\Dokumenty

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R0 SiSide;SiSide; C:\WINDOWS\system32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sisidex;sisidex; C:\WINDOWS\system32\drivers\sisidex.sys [2002-10-17 49024]
R0 sisperf;Add Performance Filter Driver; C:\WINDOWS\system32\drivers\sisperf.sys [2002-08-20 9472]
R0 SiSRaid;SiSRaid; C:\WINDOWS\system32\DRIVERS\SiSRaid.sys [2001-03-30 45568]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2009-06-05 19200]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2008-06-04 17064]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2009-06-05 323584]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-06-30 32768]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-12-11 4525056]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\PETOLA~1\LOCALS~1\Temp\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Asset Management Daemon;Asset Management Daemon; C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [2008-06-06 114688]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2008-06-06 69632]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-04 90112]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-07 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-12-11 602112]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#7 Příspěvek od **JaRon** » 21 črc 2010 10:44

pouzi este SDFix - v nudzovom rezime - log vloz http://www.viry.cz/forum/viewtopic.php?t=40395

pedrodes · #8 Příspěvek od **pedrodes** » 21 črc 2010 11:23

ahoj a kde najdem link na SDFix?

#9 Příspěvek od **JaRon** » 21 črc 2010 11:46

http://www.bleepingcomputer.com/resources/link252.html

pedrodes · #10 Příspěvek od **pedrodes** » 21 črc 2010 13:01

Inac dakujeme velmi pekne,
SDFix tam nasiel trojan-downloader.murlo a vymenili sme klavesnicu a uz to slape
dakujem este raz

Murlo.JPG: (15.31 KiB) Staženo 193 x

#11 Příspěvek od **JaRon** » 22 črc 2010 06:27

super - som vedel, ze na SDFix sa da spolahnut

pedrodes · #12 Příspěvek od **pedrodes** » 23 črc 2010 07:22

este jedna otazka- dali sme tu klavesnicu na iny pocitac a ona robi to iste.... stlacis A a napise GAY* je to vobec mozne? ZEBY BOLA NAKAZENA? NEJDE MI TO DO HLAVY

#13 Příspěvek od **JaRon** » 23 črc 2010 08:27

neviem o aku klavesnicu ide, nakazena urcite nebude - iba ak by bola u nej moznost naprogramovat priradenie slov ku klavesam ,,,

VIRY.CZ

klavesnica virus rozne znaky

klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky

Re: klavesnica virus rozne znaky