VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Backdoor agent a vybraná hesla

https://forum.viry.cz:443/viewtopic.php?t=146811

Stránka 4 z 4

Re: Backdoor agent a vybraná hesla

Napsal: 12 lis 2015 20:22
od altrok
Omlouvam se, ale toto forum funguje na bazi dobrovolnosti. Az si zaplatite servis, ten vam vcas urcite vyhovi. #mig21 mi nedovoluji se Vam momentalne venovat.

Re: Backdoor agent a vybraná hesla

Napsal: 12 lis 2015 20:27
od maramerry
V pořádku :)

Re: Backdoor agent a vybraná hesla

Napsal: 13 lis 2015 14:59
od altrok
maramerry píše:Bohužel sem se z toho nic nedozvěděl, obsahuje jen čínské znaky, které mi nic neřekli :)
Otevrte ho treba ve Wordu/word padu nebo nejakem hexa editoru.



:arrow: Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Merry\AppData\Roaming\uRoQvn725F.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKU\S-1-5-21-4143623157-1891926486-680779960-1000\...\Run: [GalaxyClient] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://start.facemoods.com/?a=make
2015-11-12 16:48 - 2015-11-12 16:47 - 05903688 _____ (AVAST Software) C:\Users\Merry\Desktop\avastclear.exe
2015-11-12 16:47 - 2015-11-12 16:47 - 05903688 _____ (AVAST Software) C:\Users\Merry\Downloads\avastclear.exe
2015-11-12 15:18 - 2015-11-12 15:19 - 00000000 ____D C:\Users\Merry\Downloads\CrystalDiskInfo6_2_2
2015-11-12 15:17 - 2015-11-12 15:18 - 02817875 _____ C:\Users\Merry\Downloads\CrystalDiskInfo6_2_2.zip
2015-11-11 21:31 - 2015-11-11 21:34 - 00000000 ____D C:\AdwCleaner
2015-11-11 21:31 - 2015-11-11 21:30 - 01712128 _____ C:\Users\Merry\Desktop\adwcleaner_5.019.exe
2015-11-11 21:30 - 2015-11-11 21:30 - 01712128 _____ C:\Users\Merry\Downloads\adwcleaner_5.019.exe
2015-11-11 21:43 - 2015-11-12 17:01 - 00021564 _____ C:\Users\Merry\Desktop\FRST.txt
2015-11-11 21:41 - 2015-11-12 16:59 - 00000000 ____D C:\Users\Merry\Desktop\logy
2015-11-10 15:58 - 2015-11-10 15:58 - 05082360 _____ (AVAST Software) C:\Users\Merry\Downloads\avast_free_antivirus_setup_online.exe
2015-11-10 15:21 - 2015-11-10 17:29 - 00000000 ____D C:\Users\Merry\AppData\Roaming\D2DEF210-01FF-43E9-934B-6C5F1E5E620E
2015-11-10 15:20 - 2015-11-10 15:21 - 01669126 _____ C:\Users\Merry\AppData\Roaming\uRoQvn725F.exe
2015-11-12 16:47 - 2011-04-01 10:24 - 00000000 ____D C:\ProgramData\Trend Micro
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

Re: Backdoor agent a vybraná hesla

Napsal: 13 lis 2015 17:15
od maramerry
Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Merry (2015-11-13 17:08:51) Run:2
Running from C:\Users\Merry\Desktop
Loaded Profiles: Merry (Available Profiles: Merry)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Merry\AppData\Roaming\uRoQvn725F.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKU\S-1-5-21-4143623157-1891926486-680779960-1000\...\Run: [GalaxyClient] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://start.facemoods.com/?a=make
2015-11-12 16:48 - 2015-11-12 16:47 - 05903688 _____ (AVAST Software) C:\Users\Merry\Desktop\avastclear.exe
2015-11-12 16:47 - 2015-11-12 16:47 - 05903688 _____ (AVAST Software) C:\Users\Merry\Downloads\avastclear.exe
2015-11-12 15:18 - 2015-11-12 15:19 - 00000000 ____D C:\Users\Merry\Downloads\CrystalDiskInfo6_2_2
2015-11-12 15:17 - 2015-11-12 15:18 - 02817875 _____ C:\Users\Merry\Downloads\CrystalDiskInfo6_2_2.zip
2015-11-11 21:31 - 2015-11-11 21:34 - 00000000 ____D C:\AdwCleaner
2015-11-11 21:31 - 2015-11-11 21:30 - 01712128 _____ C:\Users\Merry\Desktop\adwcleaner_5.019.exe
2015-11-11 21:30 - 2015-11-11 21:30 - 01712128 _____ C:\Users\Merry\Downloads\adwcleaner_5.019.exe
2015-11-11 21:43 - 2015-11-12 17:01 - 00021564 _____ C:\Users\Merry\Desktop\FRST.txt
2015-11-11 21:41 - 2015-11-12 16:59 - 00000000 ____D C:\Users\Merry\Desktop\logy
2015-11-10 15:58 - 2015-11-10 15:58 - 05082360 _____ (AVAST Software) C:\Users\Merry\Downloads\avast_free_antivirus_setup_online.exe
2015-11-10 15:21 - 2015-11-10 17:29 - 00000000 ____D C:\Users\Merry\AppData\Roaming\D2DEF210-01FF-43E9-934B-6C5F1E5E620E
2015-11-10 15:20 - 2015-11-10 15:21 - 01669126 _____ C:\Users\Merry\AppData\Roaming\uRoQvn725F.exe
2015-11-12 16:47 - 2011-04-01 10:24 - 00000000 ____D C:\ProgramData\Trend Micro
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\Merry\AppData\Roaming\uRoQvn725F.exe ========================

File not signed
MD5: 801B629F9CEA7C7F39E2D468AF69A6BF
Creation and modification date: 2015-11-10 15:20 - 2015-11-10 15:21
Size: 1669126
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateLBPShortCut => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GoShortCut => value removed successfully
HKU\S-1-5-21-4143623157-1891926486-680779960-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome HomePage => removed successfully
C:\Users\Merry\Desktop\avastclear.exe => moved successfully
C:\Users\Merry\Downloads\avastclear.exe => moved successfully
C:\Users\Merry\Downloads\CrystalDiskInfo6_2_2 => moved successfully
C:\Users\Merry\Downloads\CrystalDiskInfo6_2_2.zip => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Merry\Desktop\adwcleaner_5.019.exe => moved successfully
C:\Users\Merry\Downloads\adwcleaner_5.019.exe => moved successfully
C:\Users\Merry\Desktop\FRST.txt => moved successfully
C:\Users\Merry\Desktop\logy => moved successfully
C:\Users\Merry\Downloads\avast_free_antivirus_setup_online.exe => moved successfully
C:\Users\Merry\AppData\Roaming\D2DEF210-01FF-43E9-934B-6C5F1E5E620E => moved successfully
C:\Users\Merry\AppData\Roaming\uRoQvn725F.exe => moved successfully
C:\ProgramData\Trend Micro => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 4.7 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:09:58 ====

Re: Backdoor agent a vybraná hesla

Napsal: 13 lis 2015 17:59
od altrok
Takze jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Re: Backdoor agent a vybraná hesla

Napsal: 13 lis 2015 19:37
od maramerry
Děkuji mnohokrát za váš čas a ochotu a vyřešení mého problému. :)

Re: Backdoor agent a vybraná hesla

Napsal: 15 lis 2015 16:57
od altrok
Nemate zac, rad jsem pomohl :worship:


Mejte se krasne a treba zase nekdy :bye:
Všechny časy jsou v UTC+01:00
Stránka 4 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz