Trojan?

Zpráva

#16 Příspěvek od **vyosek** » 04 čer 2011 15:47

Asi jste me spatne pochopil...Vy jste tam ten skript neaplikoval = nevytvoril jste si jej a nepresunul nad ComboFix - tak jak je popsano v navodu

System souboru FAT32 mate umyslne, tradicnejsi je NTFS

Peelie · #17 Příspěvek od **Peelie** » 04 čer 2011 16:30

Tu je novy log po preneseni.

ComboFix 11-06-04.02 - xxx 04.06.2011 17:23:02.8.1 - FAT32x86
Running from: d:\backups\ComboFix.exe
Command switches used :: d:\backups\CFScript.txt.txt
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 14:32 . 2011-06-04 14:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-06-02 20:05 . 2010-04-20 14:31 -------- d-----w- C:\Half_Life_Episode_2
2011-06-02 13:03 . 2011-06-02 13:03 152576 ----a-w- c:\windows\Kzaraa.exe
2011-06-01 21:25 . 2011-06-01 21:25 -------- d-----w- c:\program files\www.programasfull.net
2011-05-29 13:18 . 2011-05-29 13:18 -------- d-----w- c:\documents and settings\xxx\Application Data\go
2011-05-29 13:18 . 2011-05-29 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
2011-05-28 19:25 . 2011-05-28 19:26 -------- d-----w- c:\documents and settings\xxx\Local Settings\Application Data\PackageAware
2011-05-14 19:06 . 2011-05-14 19:06 -------- d-----w- C:\Half-Life 2
2011-05-14 09:39 . 2011-05-14 09:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-28 20:53 . 2011-03-28 20:53 3050472 ----a-w- C:\ccsetup305.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"nwiz"="nwiz.exe" [2006-03-31 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 135664]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 135664]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-10-16 717296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
- c:\windows\Kzaraa.exe [2011-06-02 13:03]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 22:16]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 173.192.105.217 173.193.227.124
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-04 17:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ad,c0,3d,5f,d3,f0,e6,c5,9b,fa,75,7a,17,05,2f,7d,c7,63,ee,83,ec,
8d,26,39,db,83,a3,a8,8c,db,5e,a4,4a,48,e3,61,a4,6c,5a,4c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8ebef3bc-682b-429e-8d77-be37fb528915}]
@Denied: (Full) (Everyone)
"Model"=dword:000000dd
"Therad"=dword:00000003
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1532)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-04 17:28:16
ComboFix-quarantined-files.txt 2011-06-04 15:28
.
Pre-Run: 8 922 251 264 bytes free
Post-Run: 8 912 420 864 voľných bajtov
.
- - End Of File - - 7369E1A61140D7962F6448145AB86C09

#18 Příspěvek od **vyosek** » 04 čer 2011 16:31

A mel jste ten skript dobre vytvoreny - bylo jeho obsahem co melo byt - ten zeleny text - jelikoz se zadny prikaz neprovedl

Peelie · #19 Příspěvek od **Peelie** » 04 čer 2011 16:57

Ospravedlnujem sa nieco som prehliadol.Tu je to spravne.

ComboFix 11-06-04.02 - xxx 04.06.2011 17:48:31.9.1 - FAT32x86
Running from: d:\backups\ComboFix.exe
Command switches used :: e:\indeo system files\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\system32\sshnas21.dll"
"c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
"c:\windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\iMeshNAG.job"
.
file zipped: c:\windows\Kzaraa.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Kzaraa.exe
c:\windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 14:32 . 2011-06-04 14:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-06-02 20:05 . 2010-04-20 14:31 -------- d-----w- C:\Half_Life_Episode_2
2011-06-01 21:25 . 2011-06-01 21:25 -------- d-----w- c:\program files\www.programasfull.net
2011-05-29 13:18 . 2011-05-29 13:18 -------- d-----w- c:\documents and settings\xxx\Application Data\go
2011-05-29 13:18 . 2011-05-29 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
2011-05-28 19:25 . 2011-05-28 19:26 -------- d-----w- c:\documents and settings\xxx\Local Settings\Application Data\PackageAware
2011-05-14 19:06 . 2011-05-14 19:06 -------- d-----w- C:\Half-Life 2
2011-05-14 09:39 . 2011-05-14 09:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-28 20:53 . 2011-03-28 20:53 3050472 ----a-w- C:\ccsetup305.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"nwiz"="nwiz.exe" [2006-03-31 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-10-16 717296]
.
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 173.192.105.217 173.193.227.124
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-04 17:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(404)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-04 17:54:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-04 15:54
ComboFix2.txt 2011-06-04 12:49
.
Pre-Run: 8 912 584 704 bytes free
Post-Run: 8 903 327 744 voľných bajtov
.
- - End Of File - - 6540946BA165F090E9DC872F0C0D61CE
Upload was successful

#20 Příspěvek od **vyosek** » 04 čer 2011 17:18

Tohle uz vypada lepe, jak se chova PC

Peelie · #21 Příspěvek od **Peelie** » 04 čer 2011 17:30

Nepozorujem ziadny problem.pardon omylom som napisal ako nove tema.

Peelie · #22 Příspěvek od **Peelie** » 04 čer 2011 17:45

Diky moc za pomoc.

#23 Příspěvek od **vyosek** » 04 čer 2011 19:39

Tak jeste uklidime

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

¨

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Trojan?

Re: Trojan?

Re: Trojan?

Re: Trojan?

Re: Trojan?

Re: Trojan?

Re: Trojan?

Re: Trojan?

Re: Trojan?