VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojan-BNK.Win32.Keylogger.gen

https://forum.viry.cz:443/viewtopic.php?t=110264

Stránka 1 z 2

Trojan-BNK.Win32.Keylogger.gen

Napsal: 14 bře 2011 19:55
od nickname4
Mám v počítači tuhle potvoru a vůbec nevím co s ní. Zkoušela jsem stáhnout program co by ji měl ubezdušit, ale nefunguje asi proto, že počítač je odříznutý od netu. Už si vůbec nevím rady. Prosím pomozte. Díky

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 14 bře 2011 19:58
od vyosek
Zdravim, pekny vecer preji a vitam Vas u nas na foru :welcome:

:arrow: Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti, navic je tma a tak neni nic videt :o

:arrow: Ale dosti legracek, kouknem na to :wink: Kliknete do meho podpisu na RSIT a dejte log z nej - navod Vas povede...

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 06:21
od nickname4
Ahoj, děkuji za přivítání :)
a omlouvám se, chtěla jsem sem log vložit už včera, ale vypadl mi net...

Logfile of random's system information tool 1.08 (written by random/random)
Run by petr.vondrak at 2011-03-14 20:05:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (48%) free of 38 GB
Total RAM: 247 MB (33% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BB3E2E65-FD0E-4F32-B16D-5E591D8013D4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11D54ACE-09A9-11D4-8ACE-00C04F542830}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-26 298160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-02-26 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC7D27FB-CA10-4CE3-B312-8A164671FD03}]
Turbo BHO Class - C:\Program Files\NetCentrum\Turbo\bho.dll [2007-11-24 82432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]
{A6890AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-26 298160]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
"snpstd"=C:\WINDOWS\vsnpstd.exe []
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-10-21 39408]
"Spyware Doctor with AntiVirus"=C:\Documents and Settings\petr.vondrak\Plocha\sdasetup_aff.exe [2011-03-14 513032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [2004-12-09 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-10-21 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-16 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-16 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Documents and Settings\petr.vondrak\Nabídka Start\Programy\Po spuštění
ACSnews.lnk - C:\Auto-diagnostika B\ADnews.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ASUS\WL-330gE Wireless AP Utilities\Discovery.exe"="C:\Program Files\ASUS\WL-330gE Wireless AP Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-03-14 20:05:31 ----D---- C:\Program Files\trend micro
2011-03-14 20:05:26 ----D---- C:\rsit
2011-03-14 19:10:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2011-03-11 18:26:09 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-03-11 18:26:08 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-03-11 18:26:01 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-03-11 18:26:00 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-03-11 18:25:59 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-03-11 18:25:58 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-03-11 18:25:58 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-03-11 18:25:57 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-03-11 18:24:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-03-11 18:24:17 ----D---- C:\Program Files\AVAST Software
2011-03-11 18:24:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-03-04 14:52:13 ----D---- C:\Multi Protocol Programming System

======List of files/folders modified in the last 1 months======

2011-03-14 20:05:31 ----RAD---- C:\Program Files
2011-03-14 19:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-14 19:08:33 ----D---- C:\WINDOWS\temp
2011-03-14 18:52:17 ----D---- C:\Program Files\Common Files
2011-03-14 18:51:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-14 18:50:49 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-03-14 18:50:14 ----D---- C:\WINDOWS\system32\drivers
2011-03-14 18:49:53 ----D---- C:\WINDOWS
2011-03-14 18:13:13 ----SHD---- C:\WINDOWS\Installer
2011-03-14 18:13:13 ----HD---- C:\Config.Msi
2011-03-14 18:12:56 ----D---- C:\WINDOWS\WinSxS
2011-03-14 18:12:43 ----D---- C:\WINDOWS\Prefetch
2011-03-14 18:09:30 ----HD---- C:\WINDOWS\inf
2011-03-11 18:24:57 ----D---- C:\WINDOWS\system32
2011-03-10 22:08:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-10 22:02:42 ----A---- C:\WINDOWS\imsins.BAK
2011-03-09 12:37:03 ----D---- C:\WINDOWS\Help
2011-03-06 07:25:48 ----D---- C:\Program Files\WinRAR
2011-02-24 13:05:45 ----D---- C:\Documents and Settings\petr.vondrak\Data aplikací\WinRAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-08-02 20576]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-12 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-06-14 21361]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-07-29 619136]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-01 272568]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-16 182688]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2005-04-06 39904]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2007-06-27 53184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2007-06-27 71488]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-18 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-18 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-18 21744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTLWUSB;11g Wireless USB Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys []
S3 Ser2pl;SIEMENS Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-05-07 41472]
S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd;VideoCAM Eye; C:\WINDOWS\system32\DRIVERS\snpstd.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-18 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\APPLIC\FIREBIRD\bin\fbguard.exe [2007-01-31 65536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe [2008-05-12 69632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\APPLIC\FIREBIRD\bin\fbserver.exe [2007-01-31 1527893]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-21 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-21 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2000-08-06 7442493]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2000-08-06 303170]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Díky moc

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 07:31
od vyosek
:arrow: Zustante v nouzovem rezimu

:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
  • Provedte aktualizaci - treti zalozka
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 08:13
od nickname4
log z MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15.3.2011 8:12:03
mbam-log-2011-03-15 (08-11-35).txt

Typ kontroly: Rychlý test
Testované objekty: 145176
Uplynulý čas: 16 minut, 7 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{C4494903-B885-4cd1-9989-086D42C2F612} (Rogue.SpyRemover) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C4494900-B885-4cd1-9989-086D42C2F612} (Rogue.SpyRemover) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{980702E1-0AB6-41B1-9B85-F8755A697255} (Rogue.SpyRemover) -> No action taken.
HKEY_CLASSES_ROOT\SftTreeOCX50.SftTree.1 (Rogue.SpyRemover) -> No action taken.
HKEY_CLASSES_ROOT\SftTreeOCX50.SftTree (Rogue.SpyRemover) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\spyremover pro (Rogue.SpyRemover) -> No action taken.

Infikované soubory:
c:\documents and settings\petr.vondrak\Plocha\bmw525edc16c31ori_157.exe (Trojan.Backdoor) -> No action taken.
c:\program files\zivot33.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\spyremover pro\news.html (Rogue.SpyRemover) -> No action taken.
c:\program files\spyremover pro\scanhistory.ini (Rogue.SpyRemover) -> No action taken.
c:\program files\spyremover pro\sfttree_ix86_u_50.ocx (Rogue.SpyRemover) -> No action taken.
c:\program files\spyremover pro\spyremover pro_startup.txt (Rogue.SpyRemover) -> No action taken.
c:\program files\spyremover pro\SS_BHR.ini (Rogue.SpyRemover) -> No action taken.

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 08:17
od vyosek
:arrow: nalezy MBAMu smazte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako Spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 09:44
od nickname4
ComboFix 11-03-14.05 - petr.vondrak 15.03.2011 9:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1029.18.247.122 [GMT 1:00]
Running from: c:\documents and settings\petr.vondrak\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Panda Titanium 2006 Antivirus + Antispyware *Disabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Titanium 2006 Personal Firewall *Enabled* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_004623_.tmp.dll
c:\windows\system32\_004624_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004626_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004634_.tmp.dll
c:\windows\system32\_004635_.tmp.dll
c:\windows\system32\_004636_.tmp.dll
c:\windows\system32\_004638_.tmp.dll
c:\windows\system32\_004639_.tmp.dll
c:\windows\system32\_004640_.tmp.dll
c:\windows\system32\_004641_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_004643_.tmp.dll
c:\windows\system32\_004644_.tmp.dll
c:\windows\system32\_004645_.tmp.dll
c:\windows\system32\_004646_.tmp.dll
c:\windows\system32\_004647_.tmp.dll
c:\windows\system32\_004648_.tmp.dll
c:\windows\system32\_004649_.tmp.dll
c:\windows\system32\_004650_.tmp.dll
c:\windows\system32\_004651_.tmp.dll
c:\windows\system32\_004652_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004654_.tmp.dll
c:\windows\system32\_004655_.tmp.dll
c:\windows\system32\_004656_.tmp.dll
c:\windows\system32\_004657_.tmp.dll
c:\windows\system32\_004658_.tmp.dll
c:\windows\system32\_004659_.tmp.dll
c:\windows\system32\_004660_.tmp.dll
c:\windows\system32\_004661_.tmp.dll
c:\windows\system32\_004662_.tmp.dll
c:\windows\system32\_004663_.tmp.dll
c:\windows\system32\_004664_.tmp.dll
c:\windows\system32\_004665_.tmp.dll
c:\windows\system32\_004666_.tmp.dll
c:\windows\system32\_004667_.tmp.dll
c:\windows\system32\_004668_.tmp.dll
c:\windows\system32\_004669_.tmp.dll
c:\windows\system32\_004670_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004672_.tmp.dll
c:\windows\system32\_004673_.tmp.dll
c:\windows\system32\_004674_.tmp.dll
c:\windows\system32\_004675_.tmp.dll
c:\windows\system32\_004676_.tmp.dll
c:\windows\system32\_004677_.tmp.dll
c:\windows\system32\_004678_.tmp.dll
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004682_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004686_.tmp.dll
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004693_.tmp.dll
c:\windows\system32\_004694_.tmp.dll
c:\windows\system32\_004696_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004699_.tmp.dll
c:\windows\system32\_004701_.tmp.dll
c:\windows\system32\_004703_.tmp.dll
c:\windows\system32\_004704_.tmp.dll
c:\windows\system32\_004705_.tmp.dll
c:\windows\system32\_004706_.tmp.dll
c:\windows\system32\_004707_.tmp.dll
c:\windows\system32\_004708_.tmp.dll
c:\windows\system32\_004709_.tmp.dll
c:\windows\system32\_004710_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004715_.tmp.dll
c:\windows\system32\_004716_.tmp.dll
c:\windows\system32\_004717_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004722_.tmp.dll
c:\windows\system32\_004723_.tmp.dll
c:\windows\system32\_004724_.tmp.dll
c:\windows\system32\_004725_.tmp.dll
c:\windows\system32\_004726_.tmp.dll
c:\windows\system32\_004727_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004730_.tmp.dll
c:\windows\system32\_004731_.tmp.dll
c:\windows\system32\_004732_.tmp.dll
c:\windows\system32\_004734_.tmp.dll
c:\windows\system32\_004736_.tmp.dll
c:\windows\system32\_004737_.tmp.dll
c:\windows\system32\_004738_.tmp.dll
c:\windows\system32\_004739_.tmp.dll
c:\windows\system32\_004740_.tmp.dll
c:\windows\system32\_004741_.tmp.dll
c:\windows\system32\_004742_.tmp.dll
c:\windows\system32\_004743_.tmp.dll
c:\windows\system32\_004745_.tmp.dll
c:\windows\system32\_004746_.tmp.dll
c:\windows\system32\_004747_.tmp.dll
c:\windows\system32\_004748_.tmp.dll
c:\windows\system32\_004749_.tmp.dll
c:\windows\system32\_004750_.tmp.dll
c:\windows\system32\_004751_.tmp.dll
c:\windows\system32\_004752_.tmp.dll
c:\windows\system32\_004754_.tmp.dll
c:\windows\system32\_004755_.tmp.dll
c:\windows\system32\_004756_.tmp.dll
c:\windows\system32\_004759_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004765_.tmp.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004769_.tmp.dll
c:\windows\system32\_004770_.tmp.dll
c:\windows\system32\_004772_.tmp.dll
c:\windows\system32\_004773_.tmp.dll
c:\windows\system32\_004774_.tmp.dll
c:\windows\system32\_004775_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004780_.tmp.dll
c:\windows\system32\_004781_.tmp.dll
c:\windows\system32\_004782_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-15 06:53 . 2011-03-15 06:53 -------- d-----w- c:\documents and settings\petr.vondrak\Data aplikací\Malwarebytes
2011-03-15 06:53 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 06:53 . 2011-03-15 06:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-15 06:52 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 06:52 . 2011-03-15 06:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 06:34 . 2011-03-15 08:00 -------- d-----w- c:\program files\Trojan Remover
2011-03-14 19:05 . 2011-03-14 19:05 -------- d-----w- c:\program files\trend micro
2011-03-14 19:05 . 2011-03-14 19:05 -------- d-----w- C:\rsit
2011-03-14 18:10 . 2011-03-14 18:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-03-11 17:26 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-11 17:26 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-11 17:26 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-11 17:26 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-11 17:25 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-11 17:25 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-11 17:25 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-11 17:25 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-11 17:24 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-11 17:24 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-11 17:24 . 2011-03-11 17:24 -------- d-----w- c:\program files\AVAST Software
2011-03-11 17:24 . 2011-03-11 17:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-03-09 20:35 . 2011-03-09 20:35 319488 --sha-w- c:\documents and settings\petr.vondrak\Local Settings\Data aplikací\spf.exe
2011-03-04 13:52 . 2011-03-04 13:52 -------- d-----w- C:\Multi Protocol Programming System
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-18 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-05-22 07:14 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2009-05-22 07:14 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2007-11-19 20:40 . 2007-11-19 20:40 2082304 ----a-w- c:\program files\winpos.exe
2007-01-10 08:28 . 2007-01-10 08:28 541184 ----a-w- c:\program files\CALC.exe
2005-02-21 10:18 . 2005-02-21 10:18 1057792 ----a-w- c:\program files\UNINST.exe
1999-06-23 08:06 . 1999-06-23 08:06 126976 ----a-w- c:\program files\dzip32.dll
1999-06-23 08:06 . 1999-06-23 08:06 110592 ----a-w- c:\program files\DUNZIP32.DLL
2007-05-15 19:47 . 2007-08-14 13:30 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-15 19:47 . 2007-08-14 13:30 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-15 19:47 . 2007-08-14 13:30 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-05-15 19:47 . 2007-08-14 13:30 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-05-15 19:47 . 2007-08-14 13:30 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7D27FB-CA10-4CE3-B312-8A164671FD03}]
2007-11-24 14:52 82432 ----a-w- c:\program files\NetCentrum\Turbo\bho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-21 39408]
"Spyware Doctor with AntiVirus"="c:\documents and settings\petr.vondrak\Plocha\sdasetup_aff.exe" [2011-03-14 513032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
c:\documents and settings\petr.vondrak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ACSnews.lnk - c:\auto-diagnostika b\ADnews.exe [2010-12-26 733184]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-9 24576]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2010-6-12 1601536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
2004-12-09 12:58 86016 ----a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-10-21 06:39 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-11-16 16:11 536576 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-11-16 16:11 98304 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.3.2011 18:25 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.3.2011 18:26 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.3.2011 18:26 19544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [14.10.2009 13:09 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [14.10.2009 13:09 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [14.10.2009 13:09 38784]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15.3.2011 7:53 38224]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 06:40]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 06:40]
.
2011-03-15 c:\windows\Tasks\User_Feed_Synchronization-{BB3E2E65-FD0E-4F32-B16D-5E591D8013D4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz
IE: {{2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz
IE: {{2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz
IE: {{309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz
IE: {{49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/
IE: {{8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz
IE: {{8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz
IE: {{A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz
IE: {{BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\petr.vondrak\Data aplikací\Mozilla\Firefox\Profiles\freo347o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://www.centrum.cz/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11D54ACE-09A9-11D4-8ACE-00C04F542830} - (no file)
WebBrowser-{015407A9-D183-4379-8452-DFD7C2297902} - (no file)
HKLM-Run-snpstd - c:\windows\vsnpstd.exe
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Samsung PanelMgr - c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 09:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{155D7918-A08E-BBD4-39E6-CB9A486B6D7D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"cbppndlabgificbfgnfgfoegdgpollnhklphld"=hex:6a,61,63,62,6b,70,68,67,6a,66,62,
62,65,6e,70,69,62,62,64,61,00,00
"bbfplknlgfopnipnojpaakgdbccjfomeimbl"=hex:6a,61,63,62,6b,70,68,67,6a,66,62,62,
65,6e,70,69,62,62,64,61,00,00
"iappndlabgificbfgn"=hex:61,61,00,7f
"hafplknlgfopnipn"=hex:61,61,00,7f
"iadpfifcjlkidbmkbf"=hex:61,61,00,7f
.
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7678CED7-A910-74B8-45C4-715440CC6670}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbcllbblegcnakhiejngjeanlpacpaoakaehjcgf"=hex:69,61,62,6e,64,69,67,6f,62,66,
67,61,65,62,6b,66,63,69,00,00
"cbikbhdmncjchcidfodekcogjnpapngnfdjebc"=hex:69,61,62,6e,64,69,67,6f,62,66,67,
61,65,62,6b,66,63,69,00,00
.
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{774311BE-CDA0-C376-91BD-012A1B39287B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbkedcnliiombbbblbpgfimpigaioaiehnhpbdea"=hex:6a,61,6f,70,65,64,70,67,69,6f,
62,66,6a,6a,67,70,68,65,66,66,00,16
"cbefjncmiodnhgdcimfongfgjemdjfmopkjknc"=hex:6a,61,6f,70,64,64,6d,67,64,67,6e,
66,6e,64,67,6a,67,61,6d,6d,00,16
"iakedcnliiombbbblb"=hex:61,61,00,00
"haefjncmiodnhgdc"=hex:61,61,00,00
"iaoflmkdaddgjbgelm"=hex:61,61,00,00
.
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D09D58F2-F5D7-F7F2-B969-FD4AC48032AD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbehnpkiecengjfhlilmoijalebophleamebadim"=hex:6a,61,61,70,6c,62,70,6e,63,67,
63,63,67,70,6f,65,6c,63,66,61,00,dd
"cbkhkeinjhdomgoegeebnjomommldfliglamco"=hex:6a,61,61,70,69,62,63,6f,62,67,62,
65,68,6d,70,6a,70,63,68,6e,00,dd
"iaehnpkiecengjfhli"=hex:61,61,00,00
"hakhkeinjhdomgoe"=hex:61,61,00,00
"iaafedolcbcbjnhial"=hex:61,61,00,00
.
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F99519FF-8CF8-4ED6-3C94-C48C2C68A5C0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbpdpgjnifokebaencdiflgkmdgmckjlhlgnkkkg"=hex:69,61,6a,67,68,6f,6f,67,68,61,
69,6f,6f,65,70,65,6c,6a,00,00
"cbfdndfnpaddhihoodplinjidnnhbkeeoiccjf"=hex:69,61,6a,67,68,6f,6f,67,68,61,69,
6f,6f,65,70,65,6c,6a,00,00
"dbpdpgjnifokebaencdiflgkmdgmckjlhlgnomoh"=hex:69,61,6a,67,68,6f,6f,67,68,61,
69,6f,6f,65,70,65,6c,6a,00,00
"cbfdndfnpaddhihoodplinjidnnhbkeeoiobmg"=hex:6a,61,64,67,66,69,69,63,66,68,62,
66,64,68,6f,6d,6c,69,6d,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,80,bd,80,d9,b9,5e,d0,d8,67,0c,1a,9b,3f,78,82,db,0e,46,3b,ae,
bb,7e,39,8e,da,65,c6,4f,52,85,69,52,6d,48,8b,7e,d0,d2,8d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e5461ba5-a8b2-4460-b838-4532f7f12e20}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ab,9e,50,1b,eb,77,d1,ab,fc,6c,7d,0c,e4,64,14,e0,75,31,85,e2,32,10,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-15 09:41:38
ComboFix-quarantined-files.txt 2011-03-15 08:41
.
Pre-Run: Volných bajtů: 19 258 753 024
Post-Run: Volných bajtů: 19 627 823 104
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - A7A26BCB1B3CDC420DEFBEB403977286

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 10:04
od vyosek
:arrow: Odinstalujte c:\program files\Trojan Remover a taktez Panda Titanium 2006 - jako ochranu mate Avast coz je plne dostacujici, navic vice antiviru v systemu zpusobuje jeho nestabilitu a zpomaleni

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=-
"swg"=-
"Spyware Doctor with AntiVirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]

File::
c:\documents and settings\petr.vondrak\Plocha\sdasetup_aff.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{BB3E2E65-FD0E-4F32-B16D-5E591D8013D4}.job

DDS::
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

Firefox::
FF - ProfilePath - c:\documents and settings\petr.vondrak\Data aplikací\Mozilla\Firefox\Profiles\freo347o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage| ... entrum.cz/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search

RegLock::
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{155D7918-A08E-BBD4-39E6-CB9A486B6D7D}*]
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7678CED7-A910-74B8-45C4-715440CC6670}*]
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{774311BE-CDA0-C376-91BD-012A1B39287B}*]
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D09D58F2-F5D7-F7F2-B969-FD4AC48032AD}*]
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F99519FF-8CF8-4ED6-3C94-C48C2C68A5C0}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e5461ba5-a8b2-4460-b838-4532f7f12e20}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

RegNull::
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{155D7918-A08E-BBD4-39E6-CB9A486B6D7D}*]
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7678CED7-A910-74B8-45C4-715440CC6670}*]
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{774311BE-CDA0-C376-91BD-012A1B39287B}*]
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D09D58F2-F5D7-F7F2-B969-FD4AC48032AD}*]
[HKEY_USERS\S-1-5-21-3921266920-1397699539-1127604013-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F99519FF-8CF8-4ED6-3C94-C48C2C68A5C0}*]

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 13:19
od nickname4
tak ComboFix provedl operace podle konfigurace a počítač se restartoval...po restartu se znovu objevilo okno ComboFixu a teď se zhruba čtvrt hodiny nic neděje. Mám počkat nebo ComboFix ukončit?

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 13:27
od vyosek
Dejte mu 10 minut, pokud nic, tak restart do nouzoveho rezimu (mackat F8, zvolit Stav nouze s praci v siti) a opakovat krok se skriptem

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 13:32
od nickname4
ComboFix 11-03-14.05 - petr.vondrak 15.03.2011 12:42:50.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1029.18.247.103 [GMT 1:00]
Running from: c:\documents and settings\petr.vondrak\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\petr.vondrak\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Panda Titanium 2006 Antivirus + Antispyware *Disabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Titanium 2006 Personal Firewall *Enabled* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\documents and settings\petr.vondrak\Plocha\sdasetup_aff.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{BB3E2E65-FD0E-4F32-B16D-5E591D8013D4}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\petr.vondrak\Plocha\sdasetup_aff.exe
c:\windows\system\oeminfo.ini
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{BB3E2E65-FD0E-4F32-B16D-5E591D8013D4}.job
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-15 06:53 . 2011-03-15 06:53 -------- d-----w- c:\documents and settings\petr.vondrak\Data aplikací\Malwarebytes
2011-03-15 06:53 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 06:53 . 2011-03-15 06:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-15 06:52 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 06:52 . 2011-03-15 06:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-14 19:05 . 2011-03-14 19:05 -------- d-----w- c:\program files\trend micro
2011-03-14 19:05 . 2011-03-14 19:05 -------- d-----w- C:\rsit
2011-03-14 18:10 . 2011-03-14 18:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-03-11 17:26 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-11 17:26 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-11 17:26 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-11 17:26 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-11 17:25 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-11 17:25 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-11 17:25 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-11 17:25 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-11 17:24 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-11 17:24 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-11 17:24 . 2011-03-11 17:24 -------- d-----w- c:\program files\AVAST Software
2011-03-11 17:24 . 2011-03-11 17:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-03-09 20:35 . 2011-03-09 20:35 319488 --sha-w- c:\documents and settings\petr.vondrak\Local Settings\Data aplikací\spf.exe
2011-03-04 13:52 . 2011-03-04 13:52 -------- d-----w- C:\Multi Protocol Programming System
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-18 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-05-22 07:14 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2009-05-22 07:14 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2007-11-19 20:40 . 2007-11-19 20:40 2082304 ----a-w- c:\program files\winpos.exe
2007-01-10 08:28 . 2007-01-10 08:28 541184 ----a-w- c:\program files\CALC.exe
2005-02-21 10:18 . 2005-02-21 10:18 1057792 ----a-w- c:\program files\UNINST.exe
1999-06-23 08:06 . 1999-06-23 08:06 126976 ----a-w- c:\program files\dzip32.dll
1999-06-23 08:06 . 1999-06-23 08:06 110592 ----a-w- c:\program files\DUNZIP32.DLL
2007-05-15 19:47 . 2007-08-14 13:30 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-15 19:47 . 2007-08-14 13:30 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-15 19:47 . 2007-08-14 13:30 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-05-15 19:47 . 2007-08-14 13:30 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-05-15 19:47 . 2007-08-14 13:30 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7D27FB-CA10-4CE3-B312-8A164671FD03}]
2007-11-24 14:52 82432 ----a-w- c:\program files\NetCentrum\Turbo\bho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
c:\documents and settings\petr.vondrak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ACSnews.lnk - c:\auto-diagnostika b\ADnews.exe [2010-12-26 733184]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-9 24576]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2010-6-12 1601536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
2004-12-09 12:58 86016 ----a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-11-16 16:11 536576 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-11-16 16:11 98304 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 135664]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 RTLWUSB;11g Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-12 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\applic\FIREBIRD\bin\fbguard.exe [2007-01-30 65536]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\applic\FIREBIRD\bin\fbserver.exe [2007-01-30 1527893]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz
IE: {{2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz
IE: {{2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz
IE: {{309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz
IE: {{49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/
IE: {{8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz
IE: {{8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz
IE: {{A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz
IE: {{BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\petr.vondrak\Data aplikací\Mozilla\Firefox\Profiles\freo347o.default\
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 12:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\EDIMAX\Common\RalinkRegistryWriter.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-15 13:30:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-15 12:29
ComboFix2.txt 2011-03-15 11:33
ComboFix3.txt 2011-03-15 08:41
.
Pre-Run: Volných bajtů: 19 634 114 560
Post-Run: Volných bajtů: 19 606 216 704
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - 0E539A0BFB5C3177BD87223A9C980B47

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 13:33
od nickname4
tohle je log po restartu a aplikaci skriptu

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 13:36
od vyosek
Jak se chova PC :???:

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 13:38
od nickname4
je vcelku hodný :) už na mě neskáčou žádné chybové hlášky a okna. Mám zkusit spustit nějaký program?

Re: Trojan-BNK.Win32.Keylogger.gen

Napsal: 15 bře 2011 13:44
od vyosek
nickname4 píše:Mám zkusit spustit nějaký program?
Tim mate na mysli co, jaky program :???:
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz