Backdoor agent a vybraná hesla

[altrok]

Ve hre je HW zavada nebo se jeste muzete pokusit o fixnuti pomoci nastroje bootrec. Toto jsem ovsem nikdy nedelal - mate nainstalovany jeden OS, takze by zde nemel byt problem.
https://support.microsoft.com/cs-cz/kb/927392

[maramerry]

Dobře, zkusím to. Podle jakého příkazu mám pokračovat ? /fixmbr , /fixboot, /scanos či /rebuildbcd ?

[maramerry]

Někdo kdo má zkušenosti a poradil by?

[altrok]

MBR vypada v poradku, takze bych pouzil /fixboot

[maramerry]

Hotovo, operace uspěšně provedena, bohužel stále žádná změna.

[altrok]

Pred vstupem do nouzoveho rezimu mate v nabidce Pouzit posledni znamou funkcni konfiguraci. Vyzkousejte ji.

[maramerry]

Povedlo se, jsem normálně přihlášen. Bude chtít poslat nějaké logy nebo něco?

[altrok]

Provedte jeden testovaci restart PC a pokud vse probehne bez problemu, pokracujte AdwCleanerem.


Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Potom dejte nove logy z FRST (FRST.txt i Addition.txt).


Pokracovani zitra

[maramerry]

Restart proběhl v pořádku. Logy pošlu hned . Děkuji za váš čas

[maramerry]

AdwCleaner log .. V příloze logy z FRST

# AdwCleaner v5.019 - Logfile created 11/11/2015 at 21:34:00
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Merry - WIN-5OHI1PSTTME
# Running from : C:\Users\Merry\Desktop\adwcleaner_5.019.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Partner

***** [ Files ] *****

[-] File Deleted : C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Conduit

***** [ Web browsers ] *****

[-] [C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : facemoods.com
[-] [C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : happy-wheels.en.softonic.com
[-] [C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : yahoo.com
[-] [C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://start.facemoods.com/?a=make

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1708 bytes] ##########

[altrok]

• Stahnete Crystal Disk Info (CDI) http://sourceforge.jp/frs/redir.php?m=j ... o6_2_2.zip
• archiv extrahujte a spustte vyextrahovany soubor DiskInfo.exe
• ve spustenem programu kliknete nahore na Upravy -> Kopirovat (log mate nyni zkopirovany ve schrance)
• log vlozte do dalsi odpovedi (Ctrl + V)

[maramerry]

----------------------------------------------------------------------------
CrystalDiskInfo 6.2.2 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium SP1 [6.1 Build 7601] (x64)
Date : 2015/11/12 15:20:44

-- Controller Map ----------------------------------------------------------
+ Intel(R) Mobile Express Chipset SATA AHCI Controller [ATA]
- ST9750423AS
- Slimtype DVD A DS8A5SH

-- Disk List ---------------------------------------------------------------
(1) ST9750423AS : 750,1 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST9750423AS
----------------------------------------------------------------------------
Model : ST9750423AS
Firmware : 0001SDM1
Serial Number : 6WS0Q955
Disk Size : 750,1 GB (8,4/137,4/750,1/750,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 1465149168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : ---- | SATA/300
Power On Hours : 6328 hod.
Power On Count : 1393 krát
Temperature : 30 C (86 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 119 _99 __6 00000CBE6D88 Počet chyb čtení
03 _98 _98 _85 000000000000 Čas na roztočení ploten
04 _37 _37 _20 00000000FFFF Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _83 _60 _30 00000C5B9778 Počet chybných hledání
09 _93 _93 __0 0000000018B8 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 _20 000000000571 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 _98 __0 000A00150024 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _70 _50 _45 00001E18001E Teplota toku vzduchu
BF 100 100 __0 000000000019 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000003F Počet vypnutí disku
C1 _91 _91 __0 000000004A68 Počet cyklů načítání/vymazání
C2 _30 _50 __0 000B0000001E Teplota
C3 119 _99 __0 00000CBE6D88 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
F0 100 253 __0 400B00001864 Čas nastavování hlaviček - v hodinách
F1 100 253 __0 0000E63A563D Total Host Writes
F2 100 253 __0 0000C490442E Total Host Reads
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 3657 5330 5139 3535
020: 0000 8000 0004 3030 3031 5344 4D31 5354 3937 3530
030: 3432 3341 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0F06 0000 0048 0048
080: 01F0 0029 746B 7D09 61E3 7469 BC09 61E3 407F 0054
090: 0054 8080 FFFE 0000 D000 0000 0000 0000 0000 0000
100: 66F0 5754 0000 0000 0000 0000 6003 0000 5000 C500
110: 4656 02AB 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 66F0
130: 5754 66F0 5754 2020 0002 0140 0108 5000 3C06 3C0A
140: 0000 0078 0000 0008 0000 0000 01FF 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 5700 8060
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 303F 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 B4A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 77 63 88 6D BE 0C 00 00 00 03 03
010: 00 62 62 00 00 00 00 00 00 00 04 32 00 25 25 FF
020: FF 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 53 3C 78 97 5B 0C 00 00 00 09 32
040: 00 5D 5D B8 18 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 63 63 71 05 00 00 00
060: 00 00 B8 32 00 64 64 00 00 00 00 00 00 00 BB 32
070: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 62 24
080: 00 15 00 0A 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 46 32 1E 00 18 1E 00 00 00 BF 32
0A0: 00 64 64 19 00 00 00 00 00 00 C0 32 00 64 64 3F
0B0: 00 00 00 00 00 00 C1 32 00 5B 5B 68 4A 00 00 00
0C0: 00 00 C2 22 00 1E 32 1E 00 00 00 0B 00 00 C3 1A
0D0: 00 77 63 88 6D BE 0C 00 00 00 C5 12 00 64 64 00
0E0: 00 00 00 00 00 00 C6 10 00 64 64 00 00 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 00 00 00 00 00 00 00 F0 00
100: 00 64 FD 64 18 00 00 0B 40 0C F1 00 00 64 FD 3D
110: 56 3A E6 00 00 00 F2 00 00 64 FD 2E 44 90 C4 00
120: 00 00 FE 32 00 64 64 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73
170: 03 00 01 00 02 B4 03 00 00 00 FE CA FF FF A0 C7
180: 00 00 00 00 00 00 00 00 06 02 02 02 02 02 02 02
190: 02 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 19 00 00 00 E2 20 6E 38 B8 14 00 00
1B0: 00 00 00 00 01 00 B5 00 3D 56 3A E6 85 B3 03 00
1C0: 2E 44 90 C4 5A 73 0F 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 02 11 00 00 00 00 00 00
1E0: 00 00 00 00 D8 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 55
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 2D 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 F0 00
100: 00 00 00 00 00 00 00 00 00 00 F1 00 00 00 00 00
110: 00 00 00 00 00 00 F2 00 00 00 00 00 00 00 00 00
120: 00 00 FE 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84

[altrok]

V PC Vam bezi 2 antiviry - Trend Micro Titanium Internet Security a Avira Antivirus - jeden odinstalujte.


Pokud nepouzivate, odinstalujte Bing Bar. Dale byl pravdepodobne nedokonale odinstalovan Avast - pro docisteni zbytku pouzijte oficialni odinstalator https://www.avast.com/cs-cz/uninstall-utility


Pak dejte nove logy z FRST (FRST.txt i Addition.txt).


Zatim se muzete podivat do slozky (pokud je virus po sobe nesmazal)
C:\Users\Merry\AppData\Roaming\D2DEF210-01FF-43E9-934B-6C5F1E5E620E\Logs\Merry
co jste utocnikum odesilal. Pro tento ucel staci, kdyz soubory KB_xxxx.dat otevrete v poznamkovem bloku.

[maramerry]

Nové logy v příloze.
Bohužel sem se z toho nic nedozvěděl, obsahuje jen čínské znaky, které mi nic neřekli

[maramerry]

Nějaký další postup?