Trojan.Agent, Registry Key

Zpráva

alldl · #1 Příspěvek od **alldl** » 14 lis 2010 09:06

Dobry den, prosim o kontrolu logu z RSIT. Sken programem IObit Security 360 odhalil Trojan.Agent, Registry Key, ktery neumi odstranit.
Na tomto skenovanem PC nefunguje jakekoliv prihlasovani v IE8 na jakekoliv ucty(mail, aukro...) pokud by byla tato informace uzitecna. Pres Firefox jde vse.
Predem dekuji za jakoukoliv pomoc.

Log z IObit Security 360:

OS:Windows XP
Version:1.5.0.13
Define Version:1927
Time Elapsed:00:08:00
Objects Scanned:50130
Threats Found:1

|Name|Type|Description|ID|
Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{22a6ff82-b3e0-94bb-5fcd-ea067b86810f}, 5-1630

_________________________

Logfile of random's system information tool 1.08 (written by random/random)
Run by Věra at 2010-11-09 17:05:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 255 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:06:27, on 9.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Věra.DENISA\Dokumenty\Stažené soubory\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Věra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunServices: [Service Monitor] javams64.exe
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comfor.cz
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4605 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{6107FDB0-D6D0-4D2E-82F4-7B1D02FDB339}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2009-01-16 1473536]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2003-10-15 77824]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras]
9xadiras.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Namedate]
C:\Program Files\Nezmeskej\nezmeskej.exe [2002-10-21 655872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Program Files\Eset\nod32kui.exe /WAITSERVICE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk,NvCplDaemon initialize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2003-10-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="

======List of files/folders created in the last 1 months======

2010-11-09 17:05:53 ----D---- C:\Program Files\trend micro
2010-11-09 17:05:48 ----D---- C:\rsit
2010-11-08 17:32:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-11-08 16:44:15 ----D---- C:\Program Files\Mozilla Firefox
2010-11-08 16:30:40 ----D---- C:\Program Files\CCleaner
2010-11-08 16:03:55 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-11-08 16:03:55 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-11-08 16:03:53 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-11-08 16:03:50 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-11-08 16:03:46 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-11-08 16:03:46 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-11-08 16:03:45 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-11-08 16:03:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-11-08 16:02:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-11-08 15:50:40 ----D---- C:\Documents and Settings\Věra.DENISA\Data aplikací\F-Secure
2010-10-24 12:03:44 ----SHD---- C:\FOUND.041
2010-10-23 13:14:20 ----SHD---- C:\FOUND.040
2010-10-21 09:41:00 ----SHD---- C:\FOUND.039
2010-10-17 14:58:14 ----SHD---- C:\FOUND.038
2010-10-15 15:10:10 ----SHD---- C:\FOUND.037
2010-10-13 14:35:39 ----HD---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-13 14:35:22 ----HD---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-13 14:34:48 ----HD---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-13 14:34:33 ----HD---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-13 14:34:06 ----HD---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-13 14:33:56 ----HD---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-13 14:33:39 ----HD---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-13 14:15:15 ----HD---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-13 14:10:51 ----HD---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-11 17:57:10 ----SHD---- C:\FOUND.036

======List of files/folders modified in the last 1 months======

2010-11-09 16:30:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-13 14:17:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys [2006-12-27 46080]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-07-16 981466]
R3 SiS7012;Service for AC'97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\sis7012.sys [2002-04-23 177280]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 FETNDIS;D-Link DFE-530TX PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys [2006-12-27 46080]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2001-11-29 172708]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2002-05-06 2383460]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-23 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-07-16 61440]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 AvgServ;AVG6 Service; C:\PROGRA~1\Grisoft\AVG6\avgserv.exe []

-----------------EOF-----------------

#2 Příspěvek od **stell** » 14 lis 2010 10:23

Zdravim

Odinstalovat vsetko od IOBIT-aj C:\Program Files\IObit\IObit Security 360,
nebezpecne programy.

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit RYCHLY skan, co najde daj zmazat,
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

alldl · #3 Příspěvek od **alldl** » 02 pro 2010 16:42

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5233

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.12.2010 15:50:12
mbam-log-2010-12-02 (15-50-12).txt

Typ kontroly: Rychlý test
Testované objekty: 145062
Uplynulý čas: 11 minut, 37 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{22A6FF82-B3E0-94BB-5FCD-EA067B86810F} (Backdoor.Sdbot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} (Backdoor.Sdbot) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\system32\sysmon.ocx (Backdoor.Sdbot) -> Quarantined and deleted successfully.

ComboFix 10-12-01.01 - Věra 02.12.2010 16:12:12.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.255.52 [GMT 1:00]
Spuštěný z: c:\documents and settings\Věra.DENISA\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\w.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MFM

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-02 do 2010-12-02 )))))))))))))))))))))))))))))))
.

2010-12-02 14:55 . 2010-12-02 15:20 1409 ----a-w- c:\windows\QTFont.for
2010-12-02 14:32 . 2010-12-02 14:32 -------- d-----w- c:\documents and settings\Věra.DENISA\Data aplikací\Malwarebytes
2010-12-02 14:31 . 2010-11-30 10:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 14:31 . 2010-12-02 14:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-02 14:31 . 2010-11-30 10:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 14:31 . 2010-12-02 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-02 14:28 . 2010-12-02 14:28 988 ----a-w- C:\cc_20101202_152824.reg
2010-11-21 06:28 . 2010-11-21 06:28 -------- d-----w- C:\FOUND.042
2010-11-09 16:05 . 2010-11-09 16:05 -------- d-----w- c:\program files\trend micro
2010-11-09 16:05 . 2010-11-09 16:05 -------- d-----w- C:\rsit
2010-11-08 16:32 . 2010-11-08 16:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-11-08 15:47 . 2010-11-08 15:47 -------- d-----w- c:\documents and settings\Věra.DENISA\Local Settings\Data aplikací\Mozilla
2010-11-08 15:41 . 2010-11-08 15:41 -------- d-----w- c:\windows\system32\drivers\etc\zaloha
2010-11-08 15:30 . 2010-11-08 15:30 -------- d-----w- c:\program files\CCleaner
2010-11-08 15:03 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-08 15:03 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-08 15:03 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-08 15:03 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-08 15:03 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-08 15:03 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-08 15:03 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-08 15:03 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-08 15:03 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-08 15:02 . 2010-11-08 15:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-08 14:50 . 2010-11-08 14:50 -------- d-----w- c:\documents and settings\Věra.DENISA\Data aplikací\F-Secure

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:53 . 1979-12-31 23:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 07:53 . 1979-12-31 23:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:53 . 1979-12-31 23:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 06:52 . 1979-12-31 23:00 916480 ----a-w- c:\windows\system32\WinInet.dll
2010-09-10 06:52 . 1979-12-31 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 06:52 . 1979-12-31 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2009-06-25 21:30 . 2009-06-25 21:30 874320 ----a-w- c:\program files\dfsetup111.exe
2009-06-19 21:33 . 2009-06-19 21:33 16409960 ----a-w- c:\program files\spybotsd162cz.exe
2006-01-20 21:25 . 2006-01-20 21:25 1112304 ----a-w- c:\program files\wrar351cz.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-10-15 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Namedate]
2002-10-21 15:53 655872 ----a-w- c:\program files\Nezmeskej\nezmeskej.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-07-16 11:16 372736 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2003-10-15 13:17 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.11.2010 16:03 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.11.2010 16:03 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [8.11.2008 10:23 222456]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [1.1.1980 177280]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.12.2010 15:31 38224]
S4 AvgServ;AVG6 Service;c:\progra~1\Grisoft\AVG6\avgserv.exe --> c:\progra~1\Grisoft\AVG6\avgserv.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-02 c:\windows\Tasks\User_Feed_Synchronization-{6107FDB0-D6D0-4D2E-82F4-7B1D02FDB339}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Věra.DENISA\Data aplikací\Mozilla\Firefox\Profiles\ivrwt019.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
HKU-Default-Run-diskchk - diskmon32.exe
MSConfigStartUp-9xadiras - 9xadiras.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-BrainWave Generator - c:\bwgen\Uninst.isu
AddRemove-DPS AVI Codec - c:\program files\DPS\DPS AVI Codec\Uninst.isu
AddRemove-SiS7012 - c:\progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-02 16:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2060)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast5\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2010-12-02 16:27:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-02 15:27

Před spuštěním: Volných bajtů: 28 159 868 928
Po spuštění: Volných bajtů: 28 079 521 792

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - B8D0E080ACF654714823D4195F50D0A6

#4 Příspěvek od **stell** » 03 pro 2010 08:17

odinstalovat
c:\progra~1\Grisoft\AVG6
log vyzera ok,

#5 Příspěvek od **cernohous13** » 03 pro 2010 08:24

proč jsi nepokračoval zde http://www.viry.cz/forum/viewtopic.php? ... 35#p928835 ?

stell - omluva za spam

alldl · #6 Příspěvek od **alldl** » 03 pro 2010 10:07

"stell hned jak se k tomu PC dostanu, odinstaluji... (ikdyz myslim, ze jsem uz prve odinstalovaval vsechny ostatni antiviry, asi to bude nejaky pozustatek) Dekuji velmi za pomoc

Stale na PC nejde prihlasovani na seznam, nebo aukro pres IE, pres firefox to jde... Pise to, ze stranka nemuze byt zobrazena, nebo tak neco... Zrejme bude IE nejaky nakopnuty, zkusim nejak fixnout, nebo ho reinstalovat(respektive raci odinstalovat, fixnout a nainstalovat), snad to pomuze, jinak zkusim jeste neco. Jeste jednou dekuji velmi...

"cernohous13 Omlouvam se Vam, budu tam pokracovat hned jak to bude mozne, bohuzel jsem posledni dobou docela casove vytizeny, jeste jsem se k tomu pc nedostal... Dekuji za zminku, nebojte, vase rady v prispevku viewtopic.php?f=13&t=106990&p=928835#p928835 vyuziji... Jeste jednou dekuji velmi za pomoc

#7 Příspěvek od **cernohous13** » 03 pro 2010 10:11

OK, omluvám se, nevšiml jsem si, že to je jiná mašina

#8 Příspěvek od **stell** » 03 pro 2010 13:54

v pohode

VIRY.CZ

Trojan.Agent, Registry Key

Trojan.Agent, Registry Key

Re: Trojan.Agent, Registry Key

Re: Trojan.Agent, Registry Key

Re: Trojan.Agent, Registry Key

Re: Trojan.Agent, Registry Key

Re: Trojan.Agent, Registry Key

Re: Trojan.Agent, Registry Key

Re: Trojan.Agent, Registry Key