VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosim o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=116761

Stránka 1 z 2

prosim o kontrolu logu

Napsal: 06 lis 2011 10:19
od lukasenko555
Dobry den, mam takyto problem. Nechce mi nacitavat niektore stranky na internete. Jedna sa hlavne o stranky eset, avg, ... atd. Vypise mi, ze server sa nenasiel. Inak sa zda byt vsetko ok. Na nete som nasiel niekde combofix, tak prikladam log. Pozrite sa prosim na to.
Dakujem

ComboFix 11-11-06.01 - Lukas . 11. 2011 9:35.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.7 [GMT 1:00]
Running from: c:\documents and settings\Lukas\Dokumenty\Preberanie\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lukas\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-05 17:26 . 2011-11-05 17:26 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Malwarebytes
2011-11-05 17:26 . 2011-11-05 17:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-05 17:25 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 17:25 . 2011-11-05 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-05 17:11 . 2011-11-05 17:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-11-05 17:08 . 2011-11-05 17:08 -------- d-----w- c:\program files\CCleaner
2011-11-05 17:07 . 2011-11-05 17:13 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\Temp
2011-11-05 17:07 . 2011-11-05 17:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-11-05 17:06 . 2011-11-05 17:14 -------- d-----w- c:\program files\Google
2011-11-05 17:06 . 2011-11-05 17:06 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\Google
2011-11-04 19:26 . 2011-11-04 19:26 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\ESET
2011-11-04 18:36 . 2011-11-04 18:36 -------- d-----w- c:\program files\ESET
2011-10-30 19:49 . 2011-10-30 19:49 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-10-30 19:48 . 2011-10-30 19:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-10-30 19:40 . 2011-10-30 19:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2001-10-25 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 21:25 . 2001-10-25 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:25 . 2001-10-25 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 2009-10-12 14:07 78336 ------w- c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 2001-10-25 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2001-10-25 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2009-10-12 14:07 389120 ------w- c:\windows\system32\html.iec
2011-08-12 11:51 . 2009-10-12 14:01 26488 ----a-w- c:\windows\system32\spupdsvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2010-11-16 172856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12. 10. 2009 17:57 642560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 9. 2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29. 9. 2009 13:05 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29. 9. 2009 13:03 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20. 10. 2009 18:22 222968]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [12. 10. 2009 18:00 223128]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5. 11. 2011 18:06 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5. 11. 2011 18:06 136176]
S3 VCommUSB;Service for ACTIA USB Devices;c:\windows\system32\drivers\VCommUSB.sys [6. 11. 2010 20:03 40576]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-05 17:06]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-05 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.68.234.1 195.68.234.10
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\255cutsw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 09:45
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\Lukas\LOCALS~1\Temp\RGI9F9.tmp 7102 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-06 09:49:54
ComboFix-quarantined-files.txt 2011-11-06 08:49
.
Pre-Run: Volných bajtů: 49 680 384 000
Post-Run: Volných bajtů: 50 054 709 248
.
- - End Of File - - 2B67F454E24988D88011E74DAAA78FC5

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 10:26
od vyosek
Zdravim a pekny den preji :)

:arrow: Hned na uvod male pokarani - ComboFix se nepouziva bez doporuceni - vizte nize

:arrow: Nebezpeci CFka
  • Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
  • Maze stopy po haveti, takze v logu z RSIT neni nic videt
  • Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
  • CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
  • CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 14:37
od lukasenko555
takze tu je prvy log:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Lukas [Admin rights]
Mode: Scan -- Date : 11/06/2011 14:33:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


druhy log:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Lukas [Admin rights]
Mode: Remove -- Date : 11/06/2011 14:35:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



treti log:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Lukas [Admin rights]
Mode: HOSTSFix -- Date : 11/06/2011 14:36:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt



stvrty log:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Lukas [Admin rights]
Mode: ProxyFix -- Date : 11/06/2011 14:37:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 16:23
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
c:\program files\AskBarDis
c:\program files\ICQ6Toolbar

Drive::
gupdate
gupdatem
ICQ Service

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"Adobe Reader Speed Launcher"=-

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Firefox::
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\255cutsw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

Collect::
c:\docume~1\Lukas\LOCALS~1\Temp\RGI9F9.tmp

ClearJavaCache::

AtJob::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 17:55
od lukasenko555
posielam vyhodeny log:

ComboFix 11-11-06.01 - Lukas . 11. 2011 17:33:51.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.65 [GMT 1:00]
Running from: c:\documents and settings\Lukas\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Lukas\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-05 17:26 . 2011-11-05 17:26 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Malwarebytes
2011-11-05 17:26 . 2011-11-05 17:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-05 17:25 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 17:25 . 2011-11-05 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-05 17:11 . 2011-11-05 17:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-11-05 17:08 . 2011-11-05 17:08 -------- d-----w- c:\program files\CCleaner
2011-11-05 17:07 . 2011-11-05 17:13 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\Temp
2011-11-05 17:07 . 2011-11-05 17:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-11-05 17:06 . 2011-11-05 17:14 -------- d-----w- c:\program files\Google
2011-11-05 17:06 . 2011-11-05 17:06 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\Google
2011-11-04 19:26 . 2011-11-04 19:26 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\ESET
2011-11-04 18:36 . 2011-11-04 18:36 -------- d-----w- c:\program files\ESET
2011-10-30 19:49 . 2011-10-30 19:49 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-10-30 19:48 . 2011-10-30 19:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-10-30 19:40 . 2011-10-30 19:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2001-10-25 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 21:25 . 2001-10-25 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:25 . 2001-10-25 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 2009-10-12 14:07 78336 ------w- c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 2001-10-25 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2001-10-25 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2009-10-12 14:07 389120 ------w- c:\windows\system32\html.iec
2011-08-12 11:51 . 2009-10-12 14:01 26488 ----a-w- c:\windows\system32\spupdsvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2010-11-16 172856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12. 10. 2009 17:57 642560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 9. 2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29. 9. 2009 13:05 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29. 9. 2009 13:03 735960]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [12. 10. 2009 18:00 223128]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5. 11. 2011 18:06 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5. 11. 2011 18:06 136176]
S3 VCommUSB;Service for ACTIA USB Devices;c:\windows\system32\drivers\VCommUSB.sys [6. 11. 2010 20:03 40576]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-05 17:06]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-05 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.68.234.1 195.68.234.10
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\255cutsw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 17:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-11-06 17:50:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-06 16:50
ComboFix2.txt 2011-11-06 16:16
ComboFix3.txt 2011-11-06 08:49
.
Pre-Run: Volných bajtů: 51 087 138 816
Post-Run: Volných bajtů: 51 074 600 960
.
- - End Of File - - 9804975BFF17812F8B895B35B6B8034E

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 18:20
od vyosek
Nejak se nam neprovedlo co melo, takze na to pujdem jinak :)

:arrow: Stahnete OTM (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

  • Kód: Vybrat vše

    :reg
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"Adobe Reader Speed Launcher"=-

:services
gupdate
gupdatem
ICQ Service

:files
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\docume~1\Lukas\LOCALS~1\Temp\*.*
c:\program files\AskBarDis
c:\program files\ICQ6Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Kliknete na cervene tlacitko MoveIt!
  • Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 18:30
od lukasenko555
prikladam log:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry key HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HP Software Update not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Error: No service named ICQ Service was found to stop!
Service\Driver key ICQ Service not found.
========== FILES ==========
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\docume~1\Lukas\LOCALS~1\Temp\hpodvd09.log moved successfully.
File/Folder c:\program files\AskBarDis not found.
File/Folder c:\program files\ICQ6Toolbar not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002252_.tmp moved successfully.
C:\WINDOWS\005515_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Lukas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 111826 bytes
->FireFox cache emptied: 55631715 bytes
->Flash cache emptied: 725 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 48150 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Lukas
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11062011_182449

Files moved on Reboot...

Registry entries deleted on Reboot...

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 18:58
od vyosek
Jak se chova PC :???:

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 19:12
od lukasenko555
No zda sa, ze problem sa vyriesil, momentalne sa popisovana chyba neprejavuje. Mozte mi napisat co ten problem vlastne odstranilo a kde vlastne bol problem?

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 19:50
od vyosek
:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: Problem byl zpuobeny haveti a blokovanim stranek v hosts souboru - takze havet smazana a stranky odblokovany

:arrow: Poprosim jeste o novy log z RSIT a napiste jak se chova PC

Re: prosim o kontrolu logu

Napsal: 06 lis 2011 21:55
od lukasenko555
log poslem, ale az v piatok, som uz totiz v praci a ten comp na ktorom sa to prejavilo, mam doma (nebude vadit ak sa zatial na tom compe bude pracovat bez toho posledneho kroku co ste napisali? ). Mohli by ste mi este poradit ako si mam spravne skontrolovat notas na ktorom som teraz? ci aj tu nemam nahodou nejaku haved, o ktorej neviem... pouzivam Eset smart security

Re: prosim o kontrolu logu

Napsal: 07 lis 2011 08:26
od vyosek
:arrow: Ze se na PC bude pracova nevadi, ty kroky jsou spise uklidove a udrzbove

:arrow: Pisete ze jste v praci = mate pracovni PC - proc se o nej starat, na to mate preci IT management, tohle by nemela byt vase povinnost...ale pokud chcete tak zbeznou kontrolu ESETem udelejte

Re: prosim o kontrolu logu

Napsal: 07 lis 2011 15:13
od lukasenko555
notas je moj, ja chodim na tyzdnovky, takze si ho nosim so sebou. Firemny co mam, ma nezujima... :-) Esetom som to nechal prejst a nic nenasiel, ale to aj ten doma som nechal a bol tam nejaky virus...

Re: prosim o kontrolu logu

Napsal: 07 lis 2011 15:15
od vyosek
OK, pak tedy az budete u toho PC co jsme resili, tak provedte zadane "ukoly" :)

Re: prosim o kontrolu logu

Napsal: 07 lis 2011 16:42
od lukasenko555
ok, zatial dakujem
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz