VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Infected by Trojan-Dropper.Win32.Injector.knn

https://forum.viry.cz:443/viewtopic.php?t=116244

Stránka 1 z 1

Infected by Trojan-Dropper.Win32.Injector.knn

Napsal: 20 říj 2011 22:35
od mav3r!ck
Zdravím, prosím o pomoc.
Svou hloupostí jsem si do počítače pustil trojského koně otevřením podezřelého souboru, který jsem pak oscanoval na virustotal a ten ho určil jako "Trojan-Dropper.Win32.Injector.knn". Vše se tváří v pořádku, jen při otevírání jakýchkoliv stránek občas naskočí jiná stránka, která se tváří jako nějaký vyhledávač a na pozadí má různé graficky vydařené obrázky na téma Pharmacy, Furniture, nějaká auta, apod. No a samozřejmě jsou blokovány všechny antiviry. MS Security Essentials tvrdí, že je služba vypnutá a nejde pustit. NOD32 Antivirus 4 hlásí chybu při komunikaci s jádrem. Mbam tvrdí, že nemám práva pro spuštění a už ani online scan Esetu nejde, píše že už byl spuštěn nebo chybu 101.. odolná potvora.

Po nakažení jsem pustil onlinescan od esetu (tehdy to ještě šlo) a ten naše následující:

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\iPod\bin\iPodService.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\OEM\OSD_1.16\OsdService.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\Spyware Terminator\sp_rsser.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe Win32/Patched.HN trojský kůň vyléčen - uložen do karantény
C:\Users\Maver!ck\AppData\Local\Opera\Opera\cache\g_0054\opr00XNX.tmp varianta infiltrace Win32/Kryptik.UEU trojský kůň vyléčen smazáním - uložen do karantény

Chtěl jsem spravovat karanténu toho online scanu, ale program vypsal pracuji.. a nic. Tak jsem pustil online scan Symantecu, ten našel následující soubor, který jsem pak vymazal:
C:\Windows\System32\IoctlSvc.exe is infected with Trojan.Paccyn!inf


V nouzovém režimu to nebylo o moc lepší, jen NOD pustil nějaký test v DOSu, ale když jsem se vrátil, okno bylo zavřené a žádný výsledek. To dělal třeba i mbam když jsem pustil test. Chvíli scanoval a pak se najednou zavřel, to samé Spyware Terminator. Chtěl jsem pustit test z live CD, ale Reatogo mi nenaběhlo, jen Knoppix, kde jsem sice pustil online test Esetu, ale ten nic nenašel. Ono asi testovat partition s Vistama z Linuxu není nic moc.


============================================================
RSIT se taky z ničehonic vypnul a log asi nebude kompletní:
============================================================

Logfile of random's system information tool 1.09 (written by random/random)
Run by Maver!ck at 2011-10-20 23:30:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 2 GB (2%) free of 94 GB
Total RAM: 3032 MB (40% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2753588128-4106196835-699413311-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2753588128-4106196835-699413311-1000UA.job
C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-06 1961240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2010-10-06 187672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-22 6139904]
"ECDeject"=C:\PROGRA~1\ECDeject\CDeject.exe [2008-07-01 371208]
"FSCRecovery"=c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe [2008-06-18 268096]
"OSD"=C:\Program Files\OEM\OSD_1.16\osd.exe [2008-06-18 376832]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-06-02 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-06-02 2184464]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-11-06 2216960]
"C:\Program Files\Free Video Zilla\FVZilla.exe"= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]
"ASUS Ai Charger"=C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe [2010-05-10 465536]
"NSU_agent"=C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2011-08-11 169264]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-02 203416]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-06 488728]
"Google Update"=C:\Users\Maver!ck\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 136176]
"HotSwap! Applet"=C:\Users\Maver!ck\AppData\Local\Temp\Rar$EX00.073\32bit\HotSwap!.EXE [2009-11-10 107520]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]
""= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Maver!ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll
"msacm.sl_anet"=sl_anet.acm
"msacm.divxa32"=divxa32.acm
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.l3codec"=l3codecp.acm
"vidc.dvsd"=pdvcodec.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-20 23:30:24 ----D---- C:\Program Files\trend micro
2011-10-20 23:30:23 ----D---- C:\rsit
2011-10-20 21:11:23 ----ASH---- C:\hiberfil.sys
2011-10-20 20:16:48 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-10-20 20:16:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-10-20 20:16:44 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-10-20 20:10:34 ----D---- C:\Program Files\Microsoft Security Client
2011-10-20 15:55:50 ----A---- C:\Windows\ntbtlog.txt
2011-10-20 15:38:04 ----A---- C:\Windows\system32\devil.dll
2011-10-20 15:38:04 ----A---- C:\Windows\system32\avisynth.dll
2011-10-20 13:55:42 ----A---- C:\Windows\umcat_01.db
2011-10-19 22:52:00 ----D---- C:\Program Files\WinPcap
2011-10-19 22:40:40 ----D---- C:\Program Files\WMR14
2011-10-19 12:49:41 ----D---- C:\Program Files\iPod
2011-10-19 12:49:35 ----D---- C:\Program Files\iTunes
2011-10-19 12:37:51 ----D---- C:\Program Files\Bonjour
2011-10-12 12:43:30 ----A---- C:\Windows\system32\wininet.dll
2011-10-12 12:43:30 ----A---- C:\Windows\system32\urlmon.dll
2011-10-12 12:43:29 ----A---- C:\Windows\system32\url.dll
2011-10-12 12:43:29 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-12 12:43:29 ----A---- C:\Windows\system32\iertutil.dll
2011-10-12 12:43:28 ----A---- C:\Windows\system32\mshtml.dll
2011-10-12 12:43:27 ----A---- C:\Windows\system32\ieframe.dll
2011-10-12 12:43:26 ----A---- C:\Windows\system32\occache.dll
2011-10-12 12:43:26 ----A---- C:\Windows\system32\mstime.dll
2011-10-12 12:43:26 ----A---- C:\Windows\system32\msfeeds.dll
2011-10-12 12:43:26 ----A---- C:\Windows\system32\iedkcs32.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\msfeedssync.exe
2011-10-12 12:43:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\licmgr10.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\ieUnatt.exe
2011-10-12 12:43:25 ----A---- C:\Windows\system32\ieui.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\iesysprep.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\iesetup.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\iernonce.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\iepeers.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\ie4uinit.exe
2011-10-12 12:42:34 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-12 12:42:32 ----A---- C:\Windows\system32\win32k.sys
2011-10-12 12:42:23 ----A---- C:\Windows\system32\UIAutomationCore.dll
2011-10-12 12:42:23 ----A---- C:\Windows\system32\oleacc.dll
2011-10-12 12:42:22 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-12 12:42:22 ----A---- C:\Windows\system32\oleaccrc.dll
2011-10-10 22:30:38 ----D---- C:\Program Files\ICQ7.6
2011-10-08 20:40:50 ----A---- C:\Windows\system32\drivers\ZTEusbser6k.sys
2011-10-08 20:40:50 ----A---- C:\Windows\system32\drivers\ZTEusbnmea.sys
2011-10-08 20:40:50 ----A---- C:\Windows\system32\drivers\ZTEusbmdm6k.sys
2011-10-08 20:40:50 ----A---- C:\Windows\system32\drivers\massfilter.sys
2011-10-08 20:40:24 ----D---- C:\Program Files\ZTE
2011-10-07 22:00:21 ----D---- C:\Program Files\Wireshark
2011-10-07 21:58:37 ----D---- C:\Users\Maver!ck\AppData\Roaming\Wireshark
2011-10-05 16:40:47 ----A---- C:\Windows\Replay Converter Setup Log.txt
2011-10-05 16:30:42 ----D---- C:\Windows\Replay AV
2011-10-05 16:29:49 ----D---- C:\Program Files\Replay AV 8
2011-09-29 14:30:11 ----D---- C:\Users\Maver!ck\AppData\Roaming\Canon
2011-09-29 14:08:39 ----A---- C:\Windows\system32\CNMLM88.DLL

======List of files/folders modified in the last 1 month======

2011-10-20 23:30:24 ----RD---- C:\Program Files
2011-10-20 23:29:27 ----D---- C:\Windows\inf
2011-10-20 22:51:05 ----D---- C:\Users\Maver!ck\AppData\Roaming\Skype
2011-10-20 22:22:35 ----D---- C:\Windows\Temp
2011-10-20 22:22:28 ----D---- C:\Program Files\Spyware Terminator
2011-10-20 22:19:19 ----D---- C:\Windows\system32\drivers
2011-10-20 21:16:57 ----D---- C:\Users\Maver!ck\AppData\Roaming\Spyware Terminator
2011-10-20 20:31:41 ----D---- C:\Windows\system32\catroot
2011-10-20 20:17:49 ----D---- C:\Windows\Prefetch
2011-10-20 20:11:08 ----SHD---- C:\Windows\Installer
2011-10-20 20:11:08 ----SHD---- C:\Config.Msi
2011-10-20 20:10:54 ----D---- C:\Windows\System32
2011-10-20 20:10:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-20 19:59:31 ----D---- C:\Windows
2011-10-20 15:32:24 ----D---- C:\Users\Maver!ck\AppData\Roaming\Media Player Classic
2011-10-20 15:32:09 ----D---- C:\Users\Maver!ck\AppData\Roaming\vlc
2011-10-20 15:29:33 ----D---- C:\Program Files\Opera
2011-10-20 14:26:02 ----SD---- C:\Windows\Downloaded Program Files
2011-10-20 12:19:15 ----SHD---- C:\System Volume Information
2011-10-20 12:11:00 ----D---- C:\Windows\system32\drivers\etc
2011-10-20 00:32:35 ----A---- C:\Windows\NeroDigital.ini
2011-10-19 23:53:41 ----D---- C:\Windows\Microsoft.NET
2011-10-19 23:45:14 ----D---- C:\Windows\twain_32
2011-10-19 23:45:14 ----D---- C:\Windows\system32\catroot2
2011-10-19 23:43:43 ----HD---- C:\ProgramData
2011-10-19 23:30:38 ----D---- C:\Program Files\ESET
2011-10-19 22:46:21 ----D---- C:\Program Files\WMR11
2011-10-19 22:20:56 ----RSD---- C:\Windows\assembly
2011-10-19 12:56:51 ----D---- C:\Users\Maver!ck\AppData\Roaming\Apple Computer
2011-10-19 12:53:11 ----D---- C:\Program Files\Common Files\Apple
2011-10-19 12:14:51 ----D---- C:\ProgramData\Spyware Terminator
2011-10-14 23:29:20 ----D---- C:\Users\Maver!ck\AppData\Roaming\ICQ
2011-10-14 23:24:51 ----D---- C:\Windows\rescache
2011-10-13 13:14:31 ----D---- C:\Windows\winsxs
2011-10-13 12:57:12 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-13 12:56:02 ----D---- C:\Windows\system32\migration
2011-10-13 12:56:02 ----D---- C:\Program Files\Windows Mail
2011-10-13 12:56:02 ----D---- C:\Program Files\Internet Explorer
2011-10-13 12:56:01 ----D---- C:\Windows\system32\cs-CZ
2011-10-13 12:34:23 ----D---- C:\Program Files\ABBYY FineReader 10
2011-10-13 11:34:46 ----A---- C:\Windows\system32\mrt.exe
2011-10-13 11:33:22 ----D---- C:\ProgramData\Microsoft Help
2011-10-10 22:31:41 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-08 20:46:48 ----D---- C:\Windows\ModemLogs
2011-10-05 16:41:37 ----D---- C:\Windows\Downloaded Installations
2011-10-02 15:47:59 ----D---- C:\Users\Maver!ck\AppData\Roaming\uTorrent
2011-09-29 14:13:30 ----RSD---- C:\Windows\Media
2011-09-23 23:42:21 ----SD---- C:\Users\Maver!ck\AppData\Roaming\Microsoft

Re: Infected by Trojan-Dropper.Win32.Injector.knn

Napsal: 21 říj 2011 12:22
od mav3r!ck
Combofix potvrdil pritomnost rootkitu, vypsal ze detekuje jeho aktivitu a vyzadal si restart. Po nem probehl chechkdisk, cf provedl scan, vymazal nekolik souboru, znovu restartoval PC a pak kdyz uz psal, ze je skoro hotovo a ze bude za par sekund pripraven log, vyskocil BSOD a restart..
Log se ulozit nestihl. Mam znovu pustit turbinu z plochy? Na cecku mam nejake pracovni adresare turbiny a cf, chcete poslat nejake castecne logy z tech adresaru nebo mam pustit neco uvnitr tech adresaru aby se vypis logu dokoncil? Radsi se ptam, abyc to zas nepo...

Re: Infected by Trojan-Dropper.Win32.Injector.knn

Napsal: 21 říj 2011 17:24
od mav3r!ck
==================================================
Dump File : Mini102111-01.dmp
Crash Time : 21.10.2011 12:07:15
Bug Check String : NO_MORE_IRP_STACK_LOCATIONS
Bug Check Code : 0x00000035
Parameter 1 : 0x86ceeb50
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : AiCharger.sys
Caused By Address : AiCharger.sys+3b9
File Description : ASUS Charger driver
Product Name : ASUS Ai Charger
Company : ASUSTek Computer Inc.
File Version : 1.00.00
Processor : 32-bit
Crash Address : ntoskrnl.exe+cdb3f
Stack Address 1 : ntoskrnl.exe+44942
Stack Address 2 : AiCharger.sys+3b9
Stack Address 3 : ntoskrnl.exe+44976
Computer Name :
Full Path : C:\Windows\Minidump\Mini102111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 179 123
==================================================

Pravdepodobne to zpusobila aplikace na nabijeni iPadu, pred dalsim spustenim turbiny ji vypnu.
Soubor C:\combofix.txt neexistuje, nestihl se ulozit.
Do zipu se nepodarilo (tvrdil winrar) pribalit soubor "Qoobox\Quarantine\C\Windows\$NtUninstallKB49652$\1553444196.vir", coz je asi pochopitelne. Zip mi neslo pridat jako prilohu, tak jsem ho hodil sem:
http://www.uloz.to/10708780/turbina-zip

Zatim poustim znovu turbinu..

Re: Infected by Trojan-Dropper.Win32.Injector.knn

Napsal: 21 říj 2011 17:56
od mav3r!ck
Tentokrát se to podařilo napoprvé i bez restartu:

ComboFix 11-10-20.08 - Maver!ck 21.10.2011 18:27:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3032.1656 [GMT 2:00]
Spuštěný z: c:\users\Maver!ck\Desktop\turbina\turbina.com
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Maver!ck\AppData\Roaming\inst.exe
c:\users\Maver!ck\Documents\Downloads\CT2776682_BrotherSoft_Extreme.exe
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\iun6002.exe
.
---- Předchozí spuštění -------
.
c:\users\Maver!ck\AppData\Local\8c24b22f\@
c:\users\Maver!ck\AppData\Local\8c24b22f\U\80000000.@
c:\users\Maver!ck\AppData\Local\8c24b22f\U\800000cb.@
c:\users\Maver!ck\AppData\Local\8c24b22f\X
c:\windows\$NtUninstallKB49652$\1553444196
c:\windows\$NtUninstallKB49652$\2351215151\@
c:\windows\$NtUninstallKB49652$\2351215151\L\qnbwvoto
c:\windows\$NtUninstallKB49652$\2351215151\loader.tlb
c:\windows\$NtUninstallKB49652$\2351215151\U\@00000001
c:\windows\$NtUninstallKB49652$\2351215151\U\@000000c0
c:\windows\$NtUninstallKB49652$\2351215151\U\@000000cb
c:\windows\$NtUninstallKB49652$\2351215151\U\@000000cf
c:\windows\$NtUninstallKB49652$\2351215151\U\@80000000
c:\windows\$NtUninstallKB49652$\2351215151\U\@800000c0
c:\windows\$NtUninstallKB49652$\2351215151\U\@800000cb
c:\windows\$NtUninstallKB49652$\2351215151\U\@800000cf
c:\windows\system32\
c:\windows\system32\c_16242.nls
c:\windows\system32\spool\prtprocs\w32x86\1_CNMPD88.DLL
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\drivers\tdx.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
Nakažená kopie c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\turbina\HarddiskVolumeShadowCopy1_!Windows!Microsoft.NET!Framework!v4.0.30319!mscorsvw.exe
.
Nakažená kopie c:\windows\system32\drivers\tdx.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
Nakažená kopie c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\turbina\HarddiskVolumeShadowCopy1_!Windows!Microsoft.NET!Framework!v4.0.30319!mscorsvw.exe
.
Nakažená kopie c:\program files\Spyware Terminator\sp_rsser.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\turbina\HarddiskVolumeShadowCopy1_!Program Files!Spyware Terminator!sp_rsser.exe
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_8c24b22f
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-21 do 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 16:36 . 2011-10-21 16:36 -------- d-----w- c:\users\Maver!ck\AppData\Local\temp
2011-10-21 16:36 . 2011-10-21 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-21 10:19 . 2009-04-11 04:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-20 21:30 . 2011-10-20 21:30 -------- d-----w- c:\program files\trend micro
2011-10-20 21:30 . 2011-10-20 21:30 -------- d-----w- C:\rsit
2011-10-20 18:17 . 2011-10-04 15:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A606580-0552-40A7-AE71-5AC96D10EFE1}\gapaengine.dll
2011-10-20 18:17 . 2011-10-20 18:17 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FAA417B-5DFA-455F-865C-24BCF417DFF0}\offreg.dll
2011-10-20 18:17 . 2011-10-18 00:28 6668624 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FAA417B-5DFA-455F-865C-24BCF417DFF0}\mpengine.dll
2011-10-20 18:16 . 2011-10-20 18:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-20 18:16 . 2011-10-20 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-20 18:16 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-20 18:10 . 2011-10-20 18:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-20 13:38 . 2007-03-04 11:55 719872 ----a-w- c:\windows\system32\devil.dll
2011-10-20 13:38 . 2007-03-04 11:55 308224 ----a-w- c:\windows\system32\avisynth.dll
2011-10-20 10:19 . 2011-09-21 07:00 7269712 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83D2300F-8F92-4BE1-932C-01018A41235F}\mpengine.dll
2011-10-19 20:52 . 2011-10-19 21:27 -------- d-----w- c:\program files\WinPcap
2011-10-19 20:40 . 2011-10-20 10:12 -------- d-----w- c:\program files\WMR14
2011-10-19 10:49 . 2011-10-19 10:49 -------- d-----w- c:\program files\iPod
2011-10-19 10:49 . 2011-10-19 10:51 -------- d-----w- c:\program files\iTunes
2011-10-19 10:37 . 2011-10-19 23:00 -------- d-----w- c:\program files\Bonjour
2011-10-12 10:42 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 10:42 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 10:42 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 10:42 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 10:42 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 10:42 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 10:42 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 10:42 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 10:42 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 10:42 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-10 20:30 . 2011-10-10 20:33 -------- d-----w- c:\program files\ICQ7.6
2011-10-08 18:40 . 2010-03-02 12:54 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-10-08 18:40 . 2010-03-02 12:54 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-10-08 18:40 . 2010-03-02 12:54 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-10-08 18:40 . 2010-02-22 08:06 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-10-08 18:40 . 2011-10-08 18:40 -------- d-----w- c:\program files\ZTE
2011-10-07 20:00 . 2011-10-07 20:00 -------- d-----w- c:\program files\Wireshark
2011-10-07 19:58 . 2011-10-07 19:58 -------- d-----w- c:\users\Maver!ck\AppData\Roaming\Wireshark
2011-10-05 14:30 . 2011-10-05 14:30 -------- d-----w- c:\windows\Replay AV
2011-10-05 14:29 . 2011-10-20 13:55 -------- d-----w- c:\program files\Replay AV 8
2011-09-29 12:30 . 2011-10-19 21:45 -------- d-----w- c:\users\Maver!ck\AppData\Roaming\Canon
2011-09-29 12:11 . 2006-09-12 18:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP88.DLL
2011-09-29 12:11 . 2006-09-12 18:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD88.DLL
2011-09-29 12:08 . 2006-09-12 18:00 197632 ----a-w- c:\windows\system32\CNMLM88.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 13:54 . 2011-05-25 21:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-06 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-06 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Maver!ck\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Maver!ck\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Maver!ck\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Maver!ck\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-02 203416]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-06 488728]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-22 6139904]
"ECDeject"="c:\progra~1\ECDeject\CDeject.exe" [2008-07-01 371208]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"OSD"="c:\program files\OEM\OSD_1.16\osd.exe" [2008-06-18 376832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-06-02 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-06-02 2184464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-11-05 2216960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-08-11 169264]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [BU]
.
c:\users\Maver!ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-6 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2753588128-4106196835-699413311-1000]
"EnableNotificationsRef"=dword:00000003
.
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-21 808960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-02 9216]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-12-17 13224]
R3 IBG_gds_db;InterBase 2009 Guardian gds_db;c:\codegear\InterBase\bin\ibguard.exe [2009-08-12 36864]
R3 IBS_gds_db;InterBase 2009 Server gds_db;c:\codegear\InterBase\bin\ibserver.exe [2009-08-12 2887680]
R3 ipw_bus;IPWireless;c:\windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
R3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
R3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-22 9216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-01-28 47360]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-05 13224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-22 717296]
S1 ECDejectPortIO;ECS ECDeject Port I/O;c:\progra~1\ECDeject\ECDejectIO.sys [2008-06-30 20104]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-17 142592]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 59392]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 OsdService;OSD Service;c:\program files\OEM\OSD_1.16\OsdService.exe [2008-02-22 94208]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-04-15 224384]
S3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-06-17 7168]
S3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2008-03-31 8192]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETwNv32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2011-01-19 6923264]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2753588128-4106196835-699413311-1000Core.job
- c:\users\Maver!ck\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 13:59]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2753588128-4106196835-699413311-1000UA.job
- c:\users\Maver!ck\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 13:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 18:36
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.apd"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-2753588128-4106196835-699413311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-10-21 18:39:05
ComboFix-quarantined-files.txt 2011-10-21 16:39
.
Před spuštěním: 3 592 003 584
Po spuštění: 3 541 344 256
.
- - End Of File - - 06FF273B1964BFF0A8917A702ADE9220

Re: Infected by Trojan-Dropper.Win32.Injector.knn

Napsal: 21 říj 2011 20:41
od mav3r!ck
To teda, odolná havěť. Samotného mě překvapilo, že jsem měl ještě v registrech po spuštění ten crack NODa, ten jsem zkoušel před několika lety. Od té doby co byl uvolněn MS Security Essentials, jsem nepoužíval nic jiného. Až včera jsem nainstaloval NODa s registračním klíčem od školy (a hned jsem se nakazil.. :-) ), ale nebyla to chyba antiviru, teď si ho nechám jako jediný. MS je ukrutně pomalý. Ty ostatní aplikace jsem instaloval až po nakažení, zkoušel jsem to nejdřív po dobrém.. ;-)

Vypadá to, že škody žádné nejsou. Chtěl jsem se podívat, jak dopadly soubory v karanténě online scanu Esetu, ale ten už nejde pustit a všechny aplikace ve kterých něco našel se zdá, že fungují, tak to neřeším. Změnil jsem hesla a časel uvidím, jestli ten prevít něco napáchal.
Zatím díky.

Ještě log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Maver!ck at 2011-10-21 21:22:24
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 2 GB (3%) free of 94 GB
Total RAM: 3032 MB (45% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2753588128-4106196835-699413311-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2753588128-4106196835-699413311-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-06 1961240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2010-10-06 187672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-22 6139904]
"ECDeject"=C:\PROGRA~1\ECDeject\CDeject.exe [2008-07-01 371208]
"FSCRecovery"=c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe [2008-06-18 268096]
"OSD"=C:\Program Files\OEM\OSD_1.16\osd.exe [2008-06-18 376832]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-06-02 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-06-02 2184464]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]
"ASUS Ai Charger"=C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe [2010-05-10 465536]
"NSU_agent"=C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2011-08-11 169264]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-02 203416]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-06 488728]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Maver!ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll
"msacm.sl_anet"=sl_anet.acm
"msacm.divxa32"=divxa32.acm
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.l3codec"=l3codecp.acm
"vidc.dvsd"=pdvcodec.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-10-21 21:22:24 ----D---- C:\rsit
2011-10-21 20:33:37 ----D---- C:\Windows\LastGood
2011-10-21 20:32:29 ----D---- C:\ProgramData\ESET
2011-10-21 19:55:12 ----A---- C:\Windows\rafazon.bat
2011-10-21 18:39:11 ----SHD---- C:\$RECYCLE.BIN
2011-10-21 18:39:07 ----D---- C:\Windows\temp
2011-10-21 12:19:30 ----A---- C:\Windows\system32\drivers\tdx.sys
2011-10-21 12:15:30 ----A---- C:\Windows\zip.exe
2011-10-21 12:15:30 ----A---- C:\Windows\SWSC.exe
2011-10-21 12:15:30 ----A---- C:\Windows\SWREG.exe
2011-10-21 12:15:30 ----A---- C:\Windows\sed.exe
2011-10-21 12:15:30 ----A---- C:\Windows\PEV.exe
2011-10-21 12:15:30 ----A---- C:\Windows\NIRCMD.exe
2011-10-21 12:15:30 ----A---- C:\Windows\MBR.exe
2011-10-21 12:15:30 ----A---- C:\Windows\grep.exe
2011-10-21 12:15:17 ----D---- C:\Windows\ERDNT
2011-10-20 23:30:24 ----D---- C:\Program Files\trend micro
2011-10-20 21:11:23 ----ASH---- C:\hiberfil.sys
2011-10-20 20:16:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-10-20 20:10:34 ----D---- C:\Program Files\Microsoft Security Client
2011-10-20 15:38:04 ----A---- C:\Windows\system32\devil.dll
2011-10-20 15:38:04 ----A---- C:\Windows\system32\avisynth.dll
2011-10-20 13:55:42 ----A---- C:\Windows\umcat_01.db
2011-10-19 22:52:00 ----D---- C:\Program Files\WinPcap
2011-10-19 22:40:40 ----D---- C:\Program Files\WMR14
2011-10-19 12:49:41 ----D---- C:\Program Files\iPod
2011-10-19 12:49:35 ----D---- C:\Program Files\iTunes
2011-10-19 12:37:51 ----D---- C:\Program Files\Bonjour
2011-10-12 12:43:30 ----A---- C:\Windows\system32\wininet.dll
2011-10-12 12:43:30 ----A---- C:\Windows\system32\urlmon.dll
2011-10-12 12:43:29 ----A---- C:\Windows\system32\url.dll
2011-10-12 12:43:29 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-12 12:43:29 ----A---- C:\Windows\system32\iertutil.dll
2011-10-12 12:43:28 ----A---- C:\Windows\system32\mshtml.dll
2011-10-12 12:43:27 ----A---- C:\Windows\system32\ieframe.dll
2011-10-12 12:43:26 ----A---- C:\Windows\system32\occache.dll
2011-10-12 12:43:26 ----A---- C:\Windows\system32\mstime.dll
2011-10-12 12:43:26 ----A---- C:\Windows\system32\msfeeds.dll
2011-10-12 12:43:26 ----A---- C:\Windows\system32\iedkcs32.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\msfeedssync.exe
2011-10-12 12:43:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\licmgr10.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\ieUnatt.exe
2011-10-12 12:43:25 ----A---- C:\Windows\system32\ieui.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\iesysprep.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\iesetup.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\iernonce.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\iepeers.dll
2011-10-12 12:43:25 ----A---- C:\Windows\system32\ie4uinit.exe
2011-10-12 12:42:34 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-12 12:42:32 ----A---- C:\Windows\system32\win32k.sys
2011-10-12 12:42:23 ----A---- C:\Windows\system32\UIAutomationCore.dll
2011-10-12 12:42:23 ----A---- C:\Windows\system32\oleacc.dll
2011-10-12 12:42:22 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-12 12:42:22 ----A---- C:\Windows\system32\oleaccrc.dll
2011-10-10 22:30:38 ----D---- C:\Program Files\ICQ7.6
2011-10-08 20:40:50 ----A---- C:\Windows\system32\drivers\ZTEusbser6k.sys
2011-10-08 20:40:50 ----A---- C:\Windows\system32\drivers\ZTEusbnmea.sys
2011-10-08 20:40:50 ----A---- C:\Windows\system32\drivers\ZTEusbmdm6k.sys
2011-10-08 20:40:50 ----A---- C:\Windows\system32\drivers\massfilter.sys
2011-10-08 20:40:24 ----D---- C:\Program Files\ZTE
2011-10-07 22:00:21 ----D---- C:\Program Files\Wireshark
2011-10-07 21:58:37 ----D---- C:\Users\Maver!ck\AppData\Roaming\Wireshark
2011-10-05 16:30:42 ----D---- C:\Windows\Replay AV
2011-09-29 14:30:11 ----D---- C:\Users\Maver!ck\AppData\Roaming\Canon
2011-09-29 14:08:39 ----A---- C:\Windows\system32\CNMLM88.DLL

======List of files/folders modified in the last 1 month======

2011-10-21 21:21:41 ----D---- C:\Users\Maver!ck\AppData\Roaming\Skype
2011-10-21 21:20:50 ----D---- C:\Program Files\ESET
2011-10-21 21:00:15 ----RD---- C:\Program Files
2011-10-21 21:00:02 ----A---- C:\Windows\NeroDigital.ini
2011-10-21 20:56:08 ----SHD---- C:\System Volume Information
2011-10-21 20:52:26 ----HD---- C:\Boot
2011-10-21 20:46:58 ----D---- C:\Program Files\Spyware Terminator
2011-10-21 20:34:18 ----SHD---- C:\Windows\Installer
2011-10-21 20:34:09 ----D---- C:\Windows\system32\drivers
2011-10-21 20:34:09 ----D---- C:\Windows\system32\catroot
2011-10-21 20:34:08 ----D---- C:\Windows\inf
2011-10-21 20:33:37 ----D---- C:\Windows
2011-10-21 20:32:29 ----D---- C:\ProgramData
2011-10-21 20:29:43 ----D---- C:\Users\Maver!ck\AppData\Roaming\Media Player Classic
2011-10-21 20:29:35 ----D---- C:\Windows\Minidump
2011-10-21 20:29:35 ----D---- C:\Windows\Debug
2011-10-21 19:52:08 ----D---- C:\Windows\Prefetch
2011-10-21 19:41:57 ----D---- C:\ProgramData\Spyware Terminator
2011-10-21 18:36:28 ----A---- C:\Windows\system.ini
2011-10-21 18:36:22 ----D---- C:\Windows\system32\drivers\etc
2011-10-21 18:32:49 ----D---- C:\Windows\System32
2011-10-21 18:32:49 ----D---- C:\Windows\AppPatch
2011-10-21 18:32:48 ----D---- C:\Program Files\Common Files
2011-10-21 13:03:02 ----D---- C:\Windows\Tasks
2011-10-21 12:54:15 ----D---- C:\Windows\system32\config
2011-10-20 21:16:57 ----D---- C:\Users\Maver!ck\AppData\Roaming\Spyware Terminator
2011-10-20 20:10:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-20 15:32:09 ----D---- C:\Users\Maver!ck\AppData\Roaming\vlc
2011-10-20 15:29:33 ----D---- C:\Program Files\Opera
2011-10-20 14:26:02 ----SD---- C:\Windows\Downloaded Program Files
2011-10-19 23:53:41 ----D---- C:\Windows\Microsoft.NET
2011-10-19 23:45:14 ----D---- C:\Windows\twain_32
2011-10-19 23:45:14 ----D---- C:\Windows\system32\catroot2
2011-10-19 22:20:56 ----RSD---- C:\Windows\assembly
2011-10-19 12:56:51 ----D---- C:\Users\Maver!ck\AppData\Roaming\Apple Computer
2011-10-19 12:53:11 ----D---- C:\Program Files\Common Files\Apple
2011-10-14 23:29:20 ----D---- C:\Users\Maver!ck\AppData\Roaming\ICQ
2011-10-14 23:24:51 ----D---- C:\Windows\rescache
2011-10-13 13:14:31 ----D---- C:\Windows\winsxs
2011-10-13 12:57:12 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-13 12:56:02 ----D---- C:\Windows\system32\migration
2011-10-13 12:56:02 ----D---- C:\Program Files\Windows Mail
2011-10-13 12:56:02 ----D---- C:\Program Files\Internet Explorer
2011-10-13 12:56:01 ----D---- C:\Windows\system32\cs-CZ
2011-10-13 12:34:23 ----D---- C:\Program Files\ABBYY FineReader 10
2011-10-13 11:34:46 ----A---- C:\Windows\system32\mrt.exe
2011-10-13 11:33:22 ----D---- C:\ProgramData\Microsoft Help
2011-10-10 22:31:41 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-08 20:46:48 ----D---- C:\Windows\ModemLogs
2011-10-05 16:41:37 ----D---- C:\Windows\Downloaded Installations
2011-10-02 15:47:59 ----D---- C:\Users\Maver!ck\AppData\Roaming\uTorrent
2011-09-29 14:13:30 ----RSD---- C:\Windows\Media
2011-09-23 23:42:21 ----SD---- C:\Users\Maver!ck\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AiCharger;ASUS Charger Driver; C:\Windows\system32\DRIVERS\AiCharger.sys [2010-05-05 13224]
R0 PxHelp20;PxHelp20; C:\Windows\system32\DRIVERS\PxHelp20.sys [2011-03-30 20016]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-04-22 717296]
R0 timounter;Maxtor MaxBlast Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2009-04-20 441760]
R1 ECDejectPortIO;ECS ECDeject Port I/O; \??\C:\PROGRA~1\ECDeject\ECDejectIO.sys [2008-06-30 20104]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-03-18 142592]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R2 Ethpdrv;Ethernet Packet Driver; C:\Windows\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 tifsfilter;Maxtor MaxBlast FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-04-20 44384]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6032.sys [2008-04-15 224384]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 GpdDevDPort;GpdDevDPort; \??\C:\Windows\system32\directport.sys [2008-06-17 7168]
R3 GpdKbFilter;GpdKbFilter; \??\C:\Windows\system32\kbfiltr.sys [2008-03-31 8192]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-22 2136920]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 NETwNv32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETwNv32.sys [2011-01-19 6923264]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2008-12-27 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-03-25 131712]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\Windows\system32\drivers\NSDriver.sys []
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\APLMp50.sys [2006-11-29 28224]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 catchme;catchme; \??\C:\Users\Maver!ck\AppData\Local\Temp\catchme.sys []
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-12-17 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-12-17 25512]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ipw_bus;IPWireless; C:\Windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\Windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\Windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2008-06-01 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2008-06-01 2142488]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-06-01 25624]
S3 LVUVC;1.3 MP Webcam(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2008-06-02 3644568]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-02-22 9216]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-01-28 47360]
S3 PRODIGY;PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-03-02 105856]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-03-02 105856]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-30 308248]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 59392]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 49152]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 384512]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-06-01 180224]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 872448]
R2 OsdService;OSD Service; C:\Program Files\OEM\OSD_1.16\OsdService.exe [2008-02-22 94208]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 122880]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 815616]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 808960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService []
S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-06-01 141848]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-06-01 141848]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe []
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe []
S2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe []
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 IBG_gds_db;InterBase 2009 Guardian gds_db; C:\CodeGear\InterBase\bin\ibguard.exe [2009-08-12 36864]
S3 IBS_gds_db;InterBase 2009 Server gds_db; C:\CodeGear\InterBase\bin\ibserver.exe [2009-08-12 2887680]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]

-----------------EOF-----------------

Re: Infected by Trojan-Dropper.Win32.Injector.knn

Napsal: 21 říj 2011 22:05
od mav3r!ck
Super, díky moc.

Re: Infected by Trojan-Dropper.Win32.Injector.knn

Napsal: 30 říj 2011 16:53
od mav3r!ck
Zdravím, možná jsem přeci jen objevil jeden problém, přestala fungovat hibernace. Pomocí powercfg jsem zkusil hibernaci zakazat, restartoval, znovu povolil a zase restartoval, ale to nepomohlo. Uspávání, jak se zdá, proběhne v pořádku, ale při nabíhání se mu nepodaří vrátit do předchozího stavu a zeptá se, jestli chci spustit běžným způsobem nebo nouzový režim.
Hledal jsem, ale nikoho s podobným problémem jsem nenašel. Většinou všichni řeší, že nevědí jak hibernaci povolit nebo že přestala fungovat po instalaci SP1, ale na žádnou užitěčnou radu jsem nenarazil.

Nenapadá vás, jestli to nemůže mít něco společného s tím ZA?

Předpokládám, že nově nainstalovaný NOD na to vliv nemá a pak je tu ještě jedna věc. Pravděpodobně kvůli tomu rootkitu se mi tehdy začala na céčku zobrazovat složka BOOT (přestala být skrytá). Myslel jsem, že je to součást viru, tak se jí pokusil vymazat.
Restartoval jsem teprve až po skončení čištění s vaší pomocí a systém kvůli nějakým smazaným souborům z té složky nenaběhl. Nechal jsem ho ale opravit z instalačky Vist a pak to bylo v pohodě. Napadlo mě, že se tím možná neobnovily všechny smazané soubory z té složky, ale jen ty, co jsou nutné pro spuštění. A třeba tam chybí ještě něco pro obnovu uspaného systému. Přijde mi to jako hodně nepravděpodobné, ale radši píšu všechny možnosti.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz