WIN32: Trojan-gen

Zpráva

vlado82 · #1 Příspěvek od **vlado82** » 09 srp 2010 06:05

Zdravim,
Vcera som si asi sam svojou chybou nakazil pocitac virom WIN32: Trojan-gen a absolutne nemozem teraz v exploreri prezerat ziadne stranky, stale mi refreshuje explorer,mozillu,chorme a pise mi ze dana stranka neexistuje. Pomozete pls ako sa zbavit tohto trojana? Podla mna to robi on. Nasiel mi ho Avast. Dakujem.

vlado82 · #2 Příspěvek od **vlado82** » 09 srp 2010 06:16

Chytil som to z tejto stranky

http://nejaka_dementni_stranka

/EDIT: eda

ked som si stiahol keygen a pustil som exe subor. Mozno to zistite co tam je aj pred spustenim, bo fakt neviem ci mam len tento trojan-gen alebo aj nieco viac.

#3 Příspěvek od **vyosek** » 09 srp 2010 07:11

Zdravim a pekne rano preji

Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti, navic pri zatazenem pocasi jake ted v okrese Kromeriz panuje, neni nic videt

Ale dosti legracek, kouknem na to

Kliknete do meho podpisu na RSIT a dejte log z nej - navod Vas povede...

vlado82 · #4 Příspěvek od **vlado82** » 09 srp 2010 07:26

Dobre ranko prajem aj Vam, hned ako pridem domov pustim PC, spravim log a poslem na forum......

#5 Příspěvek od **vyosek** » 09 srp 2010 07:27

Dobra tedy, budu jej tu vyhlizet

vlado82 · #6 Příspěvek od **vlado82** » 09 srp 2010 15:17

Logfile of random's system information tool 1.08 (written by random/random)
Run by Vlado at 2010-08-09 16:10:17
Microsoft Windows 7 Ultimate
System drive C: has 41 GB (41%) free of 100 GB
Total RAM: 2046 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:11:12, on 9. 8. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\QIP 2010\qip.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Users\Vlado\Desktop\Antivir\RSIT.exe
C:\Program Files\trend micro\Vlado.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\Vlado\AppData\Local\Temp\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\Vlado\AppData\Local\Temp\Qkx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{26789241-AF4F-4CFC-9F0B-1CE67C4C2918}: NameServer = 195.146.132.58,195.146.128.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{26789241-AF4F-4CFC-9F0B-1CE67C4C2918}: NameServer = 195.146.132.58,195.146.128.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{26789241-AF4F-4CFC-9F0B-1CE67C4C2918}: NameServer = 195.146.132.58,195.146.128.62
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4971 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2005-09-25 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2010-05-14 5562832]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Metropolis"=C:\Users\Vlado\AppData\Local\Temp\sshnas21.dll [2010-08-08 222720]
"ZE18MW23GY"=C:\Users\Vlado\AppData\Local\Temp\Qkx.exe [2010-08-08 181248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI Wireless Utility.lnk - C:\Program Files\MSI\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-09 16:10:18 ----D---- C:\Program Files\trend micro
2010-08-09 16:10:17 ----D---- C:\rsit
2010-08-08 13:35:53 ----D---- C:\Program Files\CCleaner
2010-08-02 21:05:51 ----D---- C:\ProgramData\Trymedia
2010-07-30 09:27:42 ----D---- C:\Metro 2033
2010-07-30 09:22:31 ----D---- C:\Battlefield Bad company 2
2010-07-29 13:41:22 ----D---- C:\Sniper Ghost warrior
2010-07-29 13:36:07 ----D---- C:\Singularity
2010-07-25 13:07:16 ----D---- C:\Windows\Downloaded Installations
2010-07-20 19:20:34 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-07-20 19:20:33 ----A---- C:\Windows\system32\PresentationHost.exe
2010-07-20 19:20:33 ----A---- C:\Windows\system32\netfxperf.dll
2010-07-20 19:20:33 ----A---- C:\Windows\system32\mscoree.dll
2010-07-20 19:20:33 ----A---- C:\Windows\system32\dfshim.dll
2010-07-20 19:16:11 ----A---- C:\Windows\system32\CPFilters.dll
2010-07-20 19:16:10 ----A---- C:\Windows\system32\msdri.dll
2010-07-20 19:16:09 ----A---- C:\Windows\system32\ntdll.dll
2010-07-20 19:16:00 ----A---- C:\Windows\system32\kernel32.dll
2010-07-20 19:15:59 ----A---- C:\Windows\system32\apphelp.dll

======List of files/folders modified in the last 1 months======

2010-08-09 16:10:48 ----D---- C:\Windows\Temp
2010-08-09 16:10:44 ----D---- C:\Windows\Prefetch
2010-08-09 16:10:39 ----D---- C:\Windows\System32
2010-08-09 16:10:39 ----D---- C:\Windows\inf
2010-08-09 16:10:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-09 16:10:18 ----RD---- C:\Program Files
2010-08-09 16:09:20 ----D---- C:\Windows\system32\config
2010-08-09 15:50:45 ----D---- C:\ProgramData\NVIDIA
2010-08-08 21:41:06 ----D---- C:\Windows\system32\Tasks
2010-08-08 21:41:05 ----D---- C:\Windows\Tasks
2010-08-08 13:40:58 ----D---- C:\Windows
2010-08-08 13:39:43 ----D---- C:\Users\Vlado\AppData\Roaming\Skype
2010-08-08 13:37:55 ----D---- C:\Users\Vlado\AppData\Roaming\Media Player Classic
2010-08-08 13:37:40 ----D---- C:\Windows\debug
2010-08-08 11:08:30 ----D---- C:\Users\Vlado\AppData\Roaming\skypePM
2010-08-08 09:42:56 ----SHD---- C:\System Volume Information
2010-08-02 21:05:51 ----HD---- C:\ProgramData
2010-07-30 21:00:40 ----D---- C:\Windows\system32\NDF
2010-07-25 13:12:58 ----D---- C:\Windows\system32\catroot2
2010-07-25 13:10:11 ----SHD---- C:\Windows\Installer
2010-07-25 13:09:12 ----D---- C:\Windows\system32\drivers
2010-07-25 13:09:12 ----D---- C:\Users\Vlado\AppData\Roaming\Adobe
2010-07-25 13:09:12 ----D---- C:\Program Files\Adobe
2010-07-20 19:38:19 ----D---- C:\Windows\Microsoft.NET
2010-07-20 19:38:17 ----RSD---- C:\Windows\assembly
2010-07-20 19:28:16 ----D---- C:\Windows\winsxs
2010-07-20 19:26:49 ----D---- C:\Windows\ehome
2010-07-20 19:20:35 ----D---- C:\Windows\system32\catroot
2010-07-20 19:20:27 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-20 19:18:07 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-20 697328]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\Windows\system32\DRIVERS\AegisP.sys [2010-05-16 20747]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2004-04-01 10368]
R3 RT61;Ralink RT61 Wireless Driver; C:\Windows\system32\DRIVERS\RT61.sys [2006-01-19 363008]
S1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S4 InCDFs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-13 129640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-13 240232]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-16 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]

-----------------EOF-----------------

#7 Příspěvek od **vyosek** » 09 srp 2010 15:59

Odinstalujte jeden antivir - mate tam Microsoft Security Essentials a Avast. Doporucuji nechat Avasta

Jinak jste toho chytil povicero

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Je mozne, ze Vas CF bude informovat o pritomnosti virtualnich mechanik, odkliknete pomoci OK
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste - je nutne byt pripojen k netu
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

vlado82 · #8 Příspěvek od **vlado82** » 09 srp 2010 16:23

ComboFix 10-08-08.02 - Vlado . 08. 2010 17:12:47.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2046.1218 [GMT 2:00]
Running from: c:\users\Vlado\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-09 15:10 . 2010-08-09 15:10 -------- d-----w- C:\32788R22FWJFW
2010-08-09 14:10 . 2010-08-09 14:11 -------- d-----w- c:\program files\trend micro
2010-08-09 14:10 . 2010-08-09 14:11 -------- d-----w- C:\rsit
2010-08-08 11:35 . 2010-08-08 11:35 -------- d-----w- c:\program files\CCleaner
2010-08-02 19:05 . 2010-08-02 19:05 -------- d-----w- c:\programdata\Trymedia
2010-07-30 07:27 . 2010-07-30 13:35 -------- d-----w- C:\Metro 2033
2010-07-30 07:22 . 2010-07-30 13:37 -------- d-----w- C:\Battlefield Bad company 2
2010-07-29 11:41 . 2010-07-29 19:07 -------- d-----w- C:\Sniper Ghost warrior
2010-07-29 11:36 . 2010-07-29 19:07 -------- d-----w- C:\Singularity
2010-07-25 11:07 . 2010-07-25 11:07 -------- d-----w- c:\windows\Downloaded Installations
2010-07-20 17:20 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-20 17:20 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-20 17:20 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-20 17:20 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-20 17:20 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-20 17:16 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-07-20 17:16 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-07-20 17:16 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-07-20 17:15 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 15:11 . 2010-05-18 19:10 -------- d-----w- c:\programdata\NVIDIA
2010-08-08 11:39 . 2010-05-18 18:18 -------- d-----w- c:\users\Vlado\AppData\Roaming\Skype
2010-08-08 11:37 . 2010-05-18 18:07 -------- d-----w- c:\users\Vlado\AppData\Roaming\Media Player Classic
2010-08-08 09:08 . 2010-05-18 18:18 -------- d-----w- c:\users\Vlado\AppData\Roaming\skypePM
2010-06-28 20:57 . 2010-06-29 17:20 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-05-16 09:53 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-16 09:54 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-16 09:54 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-16 09:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-16 09:54 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-05-16 09:54 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 16:09 . 2010-05-21 19:42 -------- d-----w- c:\programdata\NOS
2010-06-12 07:30 . 2010-06-12 07:30 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-12 07:30 . 2010-06-12 07:30 -------- d-----w- c:\program files\Nero
2010-06-01 17:37 . 2010-05-16 09:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-31 14:11 . 2010-05-31 14:11 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-27 07:24 . 2010-06-20 07:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-20 07:56 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 06:46 . 2010-05-16 09:13 108824 ----a-w- c:\users\Vlado\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 19:42 . 2010-05-21 19:42 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-05-21 05:18 . 2010-06-20 07:57 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 16:25 . 2010-05-20 16:25 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-16 09:25 . 2010-05-16 09:25 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-05-14 5562832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MSI Wireless Utility.lnk - c:\program files\MSI\Common\RaUI.exe [2010-5-16 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 133104]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-20 697328]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-13 240232]

.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 09:54]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 09:54]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {26789241-AF4F-4CFC-9F0B-1CE67C4C2918} = 195.146.132.58,195.146.128.62
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343580136-1635817812-3585818759-1000\Software\SecuROM\License information*]
"datasecu"=hex:e4,55,2d,f6,64,29,b1,8c,49,30,dc,c2,34,89,e8,e3,be,ed,41,90,39,
37,ec,cc,e1,5f,1a,67,20,94,20,c8,f3,e7,39,32,f2,cc,9d,ea,21,66,50,1d,29,e0,\
"rkeysecu"=hex:61,28,e4,eb,d3,10,ab,55,9c,e6,d6,09,1a,de,da,7e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-09 17:19:21
ComboFix-quarantined-files.txt 2010-08-09 15:19

Pre-Run: 42 963 730 432 bytes free
Post-Run: 42 890 117 120 bytes free

- - End Of File - - 806743A66D44B0CD3880301BA55D47AA

#9 Příspěvek od **vyosek** » 09 srp 2010 16:40

Co na to PC, jak se chova

vlado82 · #10 Příspěvek od **vlado82** » 09 srp 2010 16:49

Zatial vyzera ze fachci v pohode. Vsetko ide uz ako ma.
Dakujem.

#11 Příspěvek od **vyosek** » 09 srp 2010 17:07

Jen pro jistotu:

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

vlado82 · #12 Příspěvek od **vlado82** » 09 srp 2010 18:04

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4411

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9. 8. 2010 19:04:35
mbam-log-2010-08-09 (19-04-35).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|F:\|L:\|)
Objektov kontrolovaných: 385470
Uplynulý čas: 51 min, 7 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 15

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Program Files\WinRAR\patch.exe (Trojan.Downloader) -> No action taken.
D:\Install\ABBYY.FineReader.Professional.v8.0\ABBYY.FineReader.Professional.v8.0.0.706.Incl.Keymaker-CORE\keygen.exe (Malware.Packer.Gen) -> No action taken.
D:\Install\WinRAR 3.60\patch.exe (Trojan.Downloader) -> No action taken.
D:\Install\WinZip Pro\WinZip.Pro.v10.0.6667.WinAll.Incl.Keygenerator-TMG\tmg-wz10.exe (Malware.NSPack) -> No action taken.
D:\Install\Xilisoft.3GP.Video.Converter.v2.1.50.728b.Incl.Keygen-UnderPl\File.DiZ\Installation\887\setup.exe (Trojan.Downloader) -> No action taken.
D:\Install\SP - WIN XP EN\WinXP SP1\WinXP Key Changer\WindowsXP Product Key Viewer.exe (Hacktool.KeySteal) -> No action taken.
D:\Install\SP - WIN XP EN\WinXP SP2\Windows_XP_KeyChanger_by_SweetX\WindowsXP Product Key Viewer.exe (Hacktool.KeySteal) -> No action taken.
D:\Install\SP - WIN XP EN\WinXP SP2\Windows_XP_KeyChanger_by_SweetX\XP Pro corp 640 PID KEYGEN.exe (Malware.Tool) -> No action taken.
D:\Install\SP - WIN XP EN\WinXP SP2\Windows_XP_KeyChanger_by_Unknown\WinXP Valid KeyGen.exe (Malware.Tool) -> No action taken.
D:\Install\Nero 6.6.0.5\Keygen.exe (Trojan.Agent) -> No action taken.
D:\Install\BlindWrite.Suite.v5.2.6.139\cr-bw450.exe (Malware.Packer.Gen) -> No action taken.
D:\Install\BSPlayer_2.12.941\KeyGen\keygen.exe (Trojan.Hacktool) -> No action taken.
D:\Mobil\Nokia 5800XM\Baliky aplikacii\nokia.tube.handy\handy\keygen.epocware.multi.exe (Trojan.Downloader) -> No action taken.
E:\wingames\Crimsonland\Crimsonland198.exe (Trojan.Bancos) -> No action taken.
L:\download\CorelDRAW X4 CZ\CorelDRAW Graphics Suite X4 Setup Files\keygen.exe (Trojan.Agent.CK) -> No action taken.

#13 Příspěvek od **vyosek** » 09 srp 2010 18:54

Zajimave veci to naslo, ze

Vse smazat

Hlavne tyhle radky jsou zajimave
D:\Install\SP - WIN XP EN\WinXP SP1\WinXP Key Changer\WindowsXP Product Key Viewer.exe (Hacktool.KeySteal) -> No action taken.
D:\Install\SP - WIN XP EN\WinXP SP2\Windows_XP_KeyChanger_by_SweetX\WindowsXP Product Key Viewer.exe (Hacktool.KeySteal) -> No action taken.
D:\Install\SP - WIN XP EN\WinXP SP2\Windows_XP_KeyChanger_by_SweetX\XP Pro corp 640 PID KEYGEN.exe (Malware.Tool) -> No action taken.
D:\Install\SP - WIN XP EN\WinXP SP2\Windows_XP_KeyChanger_by_Unknown\WinXP Valid KeyGen.exe (Malware.Tool) -> No action taken.
co mi k nim povite

vlado82 · #14 Příspěvek od **vlado82** » 09 srp 2010 19:48

Vsetko vymazane

Akcia uspesna

Tamtie riadky su vymazane aj s celymi priecinkami. To som od niekho stiahol v davnej minulosti a boli mi aj tak na nic.
Dikes

#15 Příspěvek od **vyosek** » 09 srp 2010 21:08

MBAM muzete odinstalovat nebo nechat na obcasny rucni sken

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Vlozte novy log z RSITu

VIRY.CZ

WIN32: Trojan-gen

WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen

Re: WIN32: Trojan-gen