VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

skype trojan

https://forum.viry.cz:443/viewtopic.php?t=124808

Stránka 1 z 2

skype trojan

Napsal: 07 říj 2012 11:45
od pesslovany
Zdravím
Takže... jako hlupák jsem na to samozřejmě klikl a stáhl(poslal mi to otec :o ).. Pak jsem to projel esetem a spybot search and destroy, něco to našlo restartoval jsem pc a nenaskočil mi windows, projel jsem to v nouzovém režimu nenašlo to nic, restartoval pc do windows jsem se dostal ale pořádmu tu vyskakuji hlašky jako: catalyst cc přestal pracovat, spybot prestal pracovat.. atd atd skype jsem radsi nezkousel spustit.
při spuštění rsilog to napsalo že hijackthis přestal pracovat,na konci to napsalo ze rsit přestal pracovat, ale log to vyhodilo.



Logfile of random's system information tool 1.09 (written by random/random)
Run by Jakub at 2012-10-07 12:43:44
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 345 GB (72%) free of 477 GB
Total RAM: 3326 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:47, on 7.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jakub\Desktop\RSIT.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\trend micro\Jakub.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [PLF2050] C:\Windows\PLF2050.exe
O4 - HKLM\..\Run: [PLF2050] C:\Windows\PLF2050.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ACPService - Unknown owner - C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 6212 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-06-07 329480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-06-07 59144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-10-03 3080264]
"PLF2050"=C:\Windows\PLF2050.exe [2008-07-10 40960]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-04-07 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"=C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-15 452016]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Wvzqzm"=C:\Users\Jakub\AppData\Roaming\Wvzqzm.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.divxa32"=msaud32_divx.acm
"VIDC.FPS1"=frapsvid.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"vidc.mjpg"=pvmjpg30.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-10-07 12:43:44 ----D---- C:\rsit
2012-10-07 12:16:49 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-10-07 12:16:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-10-07 12:08:10 ----A---- C:\Windows\ntbtlog.txt
2012-10-07 00:37:25 ----A---- C:\Users\Jakub\AppData\Roaming\8A3C.exe
2012-10-07 00:24:36 ----D---- C:\Users\Jakub\AppData\Roaming\Malwarebytes
2012-10-07 00:24:18 ----D---- C:\ProgramData\Malwarebytes
2012-10-06 21:52:22 ----A---- C:\Windows\system32\reem.bat
2012-10-06 21:52:22 ----A---- C:\Windows\system32\inv.vbs
2012-10-06 21:52:22 ----A---- C:\Windows\system32\a.bat
2012-10-06 21:52:22 ----A---- C:\Users\Jakub\AppData\Roaming\zqmkrehUkpoKfsafsaZg.exe
2012-10-06 21:52:18 ----A---- C:\Users\Jakub\AppData\Roaming\5CDB.exe
2012-10-06 01:07:19 ----A---- C:\Windows\unvise32.exe
2012-10-06 01:07:17 ----D---- C:\Program Files\LooksBuilderSE
2012-10-06 01:04:18 ----D---- C:\Program Files\Common Files\Pinnacle
2012-10-06 01:03:09 ----D---- C:\ProgramData\Pinnacle Studio Ultimate Collection
2012-10-06 00:58:40 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2012-10-06 00:58:38 ----D---- C:\Program Files\Common Files\Yahoo!
2012-10-06 00:58:37 ----D---- C:\ProgramData\Studio 14
2012-10-06 00:58:37 ----D---- C:\ProgramData\Pinnacle Studio Plus
2012-10-06 00:56:06 ----D---- C:\Program Files\Pinnacle
2012-10-06 00:53:20 ----D---- C:\ProgramData\Pinnacle
2012-10-05 16:13:04 ----RSH---- C:\ProgramData\A6E619EC6E.sys
2012-10-05 16:13:04 ----ASH---- C:\ProgramData\KGyGaAvL.sys
2012-10-05 16:13:03 ----D---- C:\Users\Jakub\AppData\Roaming\Corel
2012-10-05 16:11:45 ----D---- C:\ProgramData\Corel
2012-10-05 16:11:45 ----D---- C:\Program Files\Common Files\Protexis
2012-10-05 16:09:58 ----D---- C:\Program Files\Common Files\Corel
2012-10-05 16:09:37 ----D---- C:\Program Files\Corel
2012-10-03 16:08:49 ----A---- C:\Windows\system32\mshtml.dll
2012-10-03 16:08:45 ----A---- C:\Windows\system32\ieframe.dll
2012-10-03 16:08:43 ----A---- C:\Windows\system32\urlmon.dll
2012-10-03 16:08:42 ----A---- C:\Windows\system32\wininet.dll
2012-10-03 16:08:42 ----A---- C:\Windows\system32\msfeeds.dll
2012-10-03 16:08:40 ----A---- C:\Windows\system32\mshtmled.dll
2012-10-03 16:08:40 ----A---- C:\Windows\system32\ieui.dll
2012-10-03 16:08:40 ----A---- C:\Windows\system32\iertutil.dll
2012-10-03 16:08:39 ----A---- C:\Windows\system32\url.dll
2012-10-03 16:08:39 ----A---- C:\Windows\system32\jsproxy.dll
2012-10-03 16:08:36 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-10-03 14:56:25 ----D---- C:\Program Files\Black Isle
2012-09-25 23:18:33 ----D---- C:\Users\Jakub\AppData\Roaming\Sony
2012-09-25 23:11:03 ----D---- C:\Program Files\Sony
2012-09-23 21:21:11 ----AD---- C:\ProgramData\TEMP
2012-09-23 21:03:05 ----D---- C:\Program Files\unreal tournament
2012-09-23 19:45:22 ----D---- C:\ProgramData\id Software
2012-09-16 13:55:42 ----D---- C:\Program Files\3DO
2012-09-14 21:28:22 ----AT---- C:\Windows\system32\SIntfNT.dll
2012-09-14 21:28:22 ----AT---- C:\Windows\system32\SIntf32.dll
2012-09-14 21:28:22 ----AT---- C:\Windows\system32\SIntf16.dll
2012-09-12 13:09:23 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 13:09:23 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-09-12 13:09:21 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 13:09:21 ----A---- C:\Windows\system32\drivers\netio.sys
2012-09-12 13:09:21 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:08:42 ----A---- C:\Windows\system32\d3d10level9.dll
2012-09-10 21:41:17 ----D---- C:\Program Files\ffdshow
2012-09-10 21:41:16 ----D---- C:\ProgramData\IObit
2012-09-10 21:41:16 ----D---- C:\Program Files\IObit

======List of files/folders modified in the last 1 month======

2012-10-07 12:43:50 ----D---- C:\Windows\Prefetch
2012-10-07 12:43:47 ----D---- C:\Program Files\trend micro
2012-10-07 12:43:45 ----D---- C:\Windows\Temp
2012-10-07 12:41:12 ----D---- C:\Windows\System32
2012-10-07 12:41:12 ----D---- C:\Windows\inf
2012-10-07 12:41:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-07 12:36:21 ----D---- C:\Windows\system32\config
2012-10-07 12:34:48 ----RD---- C:\Program Files
2012-10-07 12:29:59 ----D---- C:\Users\Jakub\AppData\Roaming\Skype
2012-10-07 12:16:49 ----D---- C:\ProgramData
2012-10-07 12:15:27 ----D---- C:\Windows\system32\drivers
2012-10-07 12:08:10 ----D---- C:\Windows
2012-10-07 12:03:54 ----D---- C:\Windows\Performance
2012-10-06 22:02:37 ----D---- C:\Program Files\Steam
2012-10-06 21:25:48 ----SHD---- C:\System Volume Information
2012-10-06 11:49:23 ----SHD---- C:\Windows\Installer
2012-10-06 01:52:06 ----D---- C:\Users\Jakub\AppData\Roaming\uTorrent
2012-10-06 01:04:47 ----D---- C:\Windows\system32\DriverStore
2012-10-06 01:04:47 ----D---- C:\Windows\system32\catroot
2012-10-06 01:04:18 ----D---- C:\Program Files\Common Files
2012-10-06 01:02:33 ----D---- C:\Windows\winsxs
2012-10-06 01:01:52 ----RSD---- C:\Windows\Fonts
2012-10-06 00:52:18 ----D---- C:\Users\Jakub\AppData\Roaming\Dropbox
2012-10-06 00:51:42 ----D---- C:\Users\Jakub\AppData\Roaming\DAEMON Tools Lite
2012-10-04 16:17:11 ----D---- C:\Windows\rescache
2012-10-04 01:37:32 ----D---- C:\Program Files\Internet Explorer
2012-10-04 01:37:31 ----D---- C:\Windows\system32\migration
2012-10-03 17:42:51 ----D---- C:\Program Files\Soldat
2012-10-03 17:39:03 ----D---- C:\Users\Jakub\AppData\Roaming\Tunngle
2012-10-03 17:39:03 ----D---- C:\ProgramData\Tunngle
2012-10-03 16:08:04 ----D---- C:\Windows\system32\catroot2
2012-10-03 13:57:01 ----D---- C:\Windows\Tasks
2012-10-03 13:57:01 ----D---- C:\Windows\system32\Tasks
2012-10-03 13:56:55 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-10-01 19:05:08 ----HD---- C:\Program Files\InstallShield Installation Information
2012-09-25 23:55:38 ----RSD---- C:\Windows\assembly
2012-09-25 20:30:41 ----D---- C:\Windows\Minidump
2012-09-23 23:36:36 ----D---- C:\Windows\debug
2012-09-20 21:35:15 ----SD---- C:\Users\Jakub\AppData\Roaming\Microsoft
2012-09-14 14:50:21 ----D---- C:\Program Files\Guild Wars 2
2012-09-12 15:27:13 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2010-06-17 14392]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-10-29 104536]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-18 239168]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
R2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [2012-06-25 48296]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 9334784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 275968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-08-30 3659240]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2011-09-02 22040]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2011-09-02 30360]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2011-07-06 328552]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 SPC2050;USB2.0 PC Camera (SPC2050); C:\Windows\system32\DRIVERS\spc2050.sys [2010-01-05 3002240]
S2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALSysIO;ALSysIO; \??\C:\Users\Jakub\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 athr;Extensible Wireless LAN device driver for Windows 7; C:\Windows\system32\DRIVERS\athr.sys [2010-05-27 1227776]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 9334784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-01-05 32768]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2005-10-09 23600]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-08-02 42496]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 ACPService;ACPService; C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe [2008-06-11 741376]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 217600]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 291840]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 MsDepSvc;Web Deployment Agent Service; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-05-06 76888]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 AODService;AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [2012-06-25 136648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-21 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-21 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-08-01 529232]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: skype trojan

Napsal: 07 říj 2012 11:47
od vyosek
Zdravim :)

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: skype trojan

Napsal: 07 říj 2012 11:54
od pesslovany
všechny rkilly to sundalo a stihli vytvořit jen tohle:
mám udělat i combo fix? ikdyž tohle nic neudělalo?

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/07/2012 12:53:12 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

Re: skype trojan

Napsal: 07 říj 2012 12:14
od pesslovany
nevím jestli to s tím nějak souvisí ale když připojím svůj externí harddisk ukazuje mi to na něm asi jen 3 soubory přitom je plný a složku mi to ukazuje jako zástupce...

Re: skype trojan

Napsal: 07 říj 2012 12:27
od vyosek
:arrow: Zapojte do PC vsechny USB klice (flashky, ext. disky apod.) :arrow: Udelejte ComboFix

Re: skype trojan

Napsal: 07 říj 2012 12:31
od pesslovany
sundá ho to než se dostane přes 10% log vůbec nevytvoři , jdu na combo fix

když zapnu combofix vyskočí mi přes něj asi 20 oken jak všechno přestalo pracovat a v půlce rozbalování se to zasekne a přestane pracovat i on

Re: skype trojan

Napsal: 07 říj 2012 14:03
od vyosek
Zkuste USBFix i ComboFix v nouzovem rezimu

Re: skype trojan

Napsal: 07 říj 2012 18:08
od pesslovany
############################## | UsbFix 7.059 | [Deletion]

User: Jakub (Administrator) # PES-DESKTOP [Gigabyte Technology Co., Ltd. GA-MA790XT-UD4P]
Updated 16/09/2011 by El Desaparecido
Started at 19:00:08 | 07/10/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: AMD Phenom(tm) II X3 720 Processor
CPU 2: AMD Phenom(tm) II X3 720 Processor
Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514

Windows Firewall: Disabled /!\
RAM -> 3326 Mb
C:\ (%systemdrive%) -> Fixed drive # 466 Gb (336 Mb free - 72%) [] # NTFS
D:\ -> Fixed drive # 466 Gb (64 Mb free - 14%) [Prestigio Data Racer II] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM

################## | Files # Infected Folders |

Deleted ! C:\Users\Jakub\AppData\Roaming\5CDB.exe
Deleted ! C:\Users\Jakub\AppData\Roaming\8A3C.exe
Deleted ! C:\Users\Jakub\AppData\Roaming\Qplymrkzluzmkkny.exe
Deleted ! C:\Users\Jakub\AppData\Roaming\zqmkrehUkpoKfsafsaZg.exe
Deleted ! C:\Windows\system32\a.bat
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1675525387-2233582047-1216908265-1000
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1675525387-2233582047-1216908265-1001
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-1029037301-3462189534-1233442900-1001
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-1113459934-397142054-3181204746-1002
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-1675525387-2233582047-1216908265-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-1675525387-2233582047-1216908265-1001
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-2862360604-3596266522-1169858271-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-442807217-1981417806-639199395-1000
Deleted ! D:\autorun.exe

(!) Temporary files deleted.


################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[07/10/2012 - 19:05:00 | SHD ] C:\$RECYCLE.BIN
[07/10/2012 - 13:33:49 | D ] C:\32788R22FWJFW
[09/10/2007 - 18:07:59 | D ] C:\Adobe Premiere Pro CS3
[08/03/2012 - 15:23:52 | D ] C:\AMD
[14/01/2012 - 13:36:59 | D ] C:\ATI
[18/01/2012 - 15:09:59 | D ] C:\Boot
[20/11/2010 - 14:40:07 | RASH | 383786] C:\bootmgr
[14/01/2012 - 21:32:52 | N | 8192] C:\BOOTSECT.BAK
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[24/08/2012 - 12:00:04 | D ] C:\DriveKey
[02/08/2009 - 10:59:51 | N | 171136] C:\grldr
[07/10/2012 - 18:58:52 | ASH | 2615320576] C:\hiberfil.sys
[24/08/2012 - 11:51:19 | N | 0] C:\IO.SYS
[24/08/2012 - 11:51:19 | N | 0] C:\MSDOS.SYS
[18/01/2012 - 22:30:45 | RD ] C:\MSOCache
[07/10/2012 - 18:58:56 | ASH | 3487096832] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[06/07/2012 - 00:49:22 | D ] C:\PFiles
[07/10/2012 - 12:34:48 | D ] C:\Program Files
[07/10/2012 - 12:16:49 | D ] C:\ProgramData
[14/01/2012 - 12:41:17 | D ] C:\Recovery
[07/10/2012 - 12:43:51 | D ] C:\rsit
[06/10/2012 - 21:25:48 | SHD ] C:\System Volume Information
[07/10/2012 - 19:05:00 | D ] C:\UsbFix
[07/10/2012 - 19:00:15 | A | 864] C:\UsbFix.txt
[16/01/2012 - 14:19:48 | D ] C:\Users
[07/10/2012 - 13:32:46 | D ] C:\Windows
[07/10/2012 - 19:05:00 | RSHD ] D:\$RECYCLE.BIN
[11/10/2010 - 21:43:12 | N | 2782782] D:\14315.bmp
[18/07/2012 - 18:53:11 | N | 97342] D:\539840_336436883106028_963525558_n.jpg
[12/01/2012 - 01:24:14 | N | 19532542] D:\Doodle_Jump_v1.23_.ipa
[29/01/2012 - 12:56:46 | N | 161781771] D:\Dota 2 - Tobi Wan At His Most Entertaining.mp4
[01/01/2012 - 13:49:38 | D ] D:\E-mail
[03/10/2012 - 16:32:07 | D ] D:\Filmy
[22/02/2012 - 20:26:25 | D ] D:\fotky
[03/10/2012 - 16:30:47 | D ] D:\Hry
[07/10/2012 - 13:11:56 | D ] D:\hYDguxl
[03/10/2012 - 16:31:46 | D ] D:\iphone-
[16/07/2012 - 00:08:32 | D ] D:\italie
[21/09/2012 - 18:51:32 | N | 167356131] D:\Long live The International.mp4
[30/01/2012 - 16:36:13 | D ] D:\Mamka
[01/01/2012 - 13:49:08 | D ] D:\narvaný foťák- vše
[10/01/2012 - 17:13:06 | N | 198237958] D:\PEOPLE ARE AWESOME (DON'S VERSION).mp4
[15/02/2012 - 01:01:10 | N | 98682914] D:\PEOPLE ARE AWESOME 2011.mp4
[03/10/2012 - 16:28:34 | D ] D:\plocha
[06/02/2012 - 22:50:24 | N | 32581105] D:\Red Hot Chili Peppers - Can't Stop (Video).flv
[03/10/2012 - 16:33:03 | D ] D:\skola
[03/10/2012 - 16:24:13 | D ] D:\Software
[30/11/2011 - 15:20:40 | SHD ] D:\System Volume Information
[18/11/2011 - 19:29:59 | N | 99] D:\televize.asx
[10/10/2011 - 12:47:25 | SH | 4096] D:\Thumbs.db
[28/01/2010 - 02:28:21 | N | 9662] D:\TurboHddUsb.ico
[03/10/2012 - 16:16:43 | D ] D:\záloha
[10/10/2011 - 12:47:28 | D ] D:\Šumava 2011

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_PES-DESKTOP.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.

################## | E.O.F |

Re: skype trojan

Napsal: 07 říj 2012 18:11
od vyosek
Zkuste nyni ComboFix

Re: skype trojan

Napsal: 07 říj 2012 18:28
od pesslovany
ComboFix 12-10-04.02 - Jakub 07.10.2012 19:10:42.3.3 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3326.2479 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\A6E619EC6E.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-07 do 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 11:29 . 2012-10-07 17:07 -------- d-----w- C:\UsbFix
2012-10-07 10:43 . 2012-10-07 10:43 -------- d-----w- C:\rsit
2012-10-07 10:16 . 2012-10-07 10:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-07 10:16 . 2012-10-07 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-07 10:14 . 2012-10-07 10:14 -------- d-----w- c:\users\Jakub\AppData\Local\ElevatedDiagnostics
2012-10-06 22:24 . 2012-10-06 22:24 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2012-10-06 22:24 . 2012-10-06 22:24 -------- d-----w- c:\programdata\Malwarebytes
2012-10-06 19:52 . 2012-10-06 19:52 7 ----a-w- c:\windows\system32\reem.bat
2012-10-06 19:52 . 2012-10-06 19:52 54 ----a-w- c:\windows\system32\inv.vbs
2012-10-05 23:07 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2012-10-05 23:07 . 2012-10-05 23:07 -------- d-----w- c:\program files\LooksBuilderSE
2012-10-05 23:04 . 2012-10-05 23:04 -------- d-----w- c:\program files\Common Files\Pinnacle
2012-10-05 23:03 . 2012-10-05 23:03 -------- d-----w- c:\users\Jakub\AppData\Local\Pinnacle
2012-10-05 23:03 . 2012-10-05 23:03 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2012-10-05 22:58 . 2012-10-05 22:58 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2012-10-05 22:58 . 2012-10-05 22:58 -------- d-----w- c:\program files\Common Files\Yahoo!
2012-10-05 22:58 . 2012-10-05 22:58 -------- d-----w- c:\programdata\Studio 14
2012-10-05 22:58 . 2012-10-05 22:58 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2012-10-05 22:56 . 2012-10-05 23:06 -------- d-----w- c:\program files\Pinnacle
2012-10-05 22:53 . 2012-10-05 23:02 -------- d-----w- c:\programdata\Pinnacle
2012-10-05 14:13 . 2012-10-05 16:39 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-10-05 14:13 . 2012-10-05 14:13 -------- d-----w- c:\users\Jakub\AppData\Roaming\Corel
2012-10-05 14:11 . 2012-10-05 14:11 -------- d-----w- c:\programdata\Corel
2012-10-05 14:11 . 2012-10-05 14:11 -------- d-----w- c:\program files\Common Files\Protexis
2012-10-05 14:09 . 2012-10-05 14:09 -------- d-----w- c:\program files\Common Files\Corel
2012-10-05 14:09 . 2012-10-05 14:09 -------- d-----w- c:\program files\Corel
2012-10-05 12:08 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9AE8501-91AD-4FFE-89F0-F7E918E60912}\mpengine.dll
2012-10-03 12:56 . 2012-10-03 12:56 -------- d-----w- c:\program files\Black Isle
2012-09-25 21:18 . 2012-09-25 21:18 -------- d-----w- c:\users\Jakub\AppData\Local\Sony
2012-09-25 21:18 . 2012-09-25 21:18 -------- d-----w- c:\users\Jakub\AppData\Roaming\Sony
2012-09-25 21:11 . 2012-09-25 21:58 -------- d-----w- c:\program files\Sony
2012-09-23 19:03 . 2012-09-23 19:03 -------- d-----w- c:\program files\unreal tournament
2012-09-23 17:45 . 2012-09-23 17:45 -------- d-----w- c:\programdata\id Software
2012-09-16 11:55 . 2012-09-16 11:55 -------- d-----w- c:\program files\3DO
2012-09-14 19:28 . 2012-09-14 19:29 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-09-14 19:28 . 2012-09-14 19:29 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-09-14 19:28 . 2012-09-14 19:29 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-09-12 11:09 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 11:09 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 11:09 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 11:09 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 11:09 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 11:08 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-10 19:41 . 2012-09-10 19:41 -------- d-----w- c:\program files\ffdshow
2012-09-10 19:41 . 2012-09-10 19:41 -------- d-----w- c:\programdata\IObit
2012-09-10 19:41 . 2012-09-10 19:41 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-07 17:07 . 2012-10-07 17:06 853546672 ----a-w- C:\UsbFix_Upload_Me_PES-DESKTOP.zip
2012-10-03 11:56 . 2012-04-05 09:30 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-03 11:56 . 2012-01-14 10:54 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 07:18 . 2012-01-14 11:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-10 11:11 . 2012-02-08 15:19 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-10 11:11 . 2012-04-05 21:58 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-10 11:11 . 2012-02-08 15:19 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-10 11:11 . 2012-02-08 15:19 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-27 20:47 . 2012-07-27 20:47 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46 13013504 ----a-w- c:\windows\system32\amdocl.dll
2012-07-18 17:47 . 2012-08-19 20:13 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-26 10828392]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-10-03 3080264]
"PLF2050"="c:\windows\PLF2050.exe" [2008-07-10 40960]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R2 ACPService;ACPService;c:\program files\Philips\CamSuite\1.0.9.0\ACPService.exe [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [x]
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Jakub\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SPC2050;USB2.0 PC Camera (SPC2050);c:\windows\system32\DRIVERS\spc2050.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 14:26]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 14:26]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.109.181.238 10.109.255.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Wvzqzm - c:\users\Jakub\AppData\Roaming\Wvzqzm.exe
HKCU-Run-Qplymrkzluzmkkny.exe - c:\users\Jakub\AppData\Roaming\Qplymrkzluzmkkny.exe
HKLM-Run-Qplymrkzluzmkkny.exe - c:\users\Jakub\AppData\Roaming\Qplymrkzluzmkkny.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
Celkový čas: 2012-10-07 19:15:04
ComboFix-quarantined-files.txt 2012-10-07 17:15
.
Před spuštěním: Volných bajtů: 358 122 627 072
Po spuštění: Volných bajtů: 358 112 186 368
.
- - End Of File - - DEAA5C4BB2450BB28803AA8D4C679A03

Re: skype trojan

Napsal: 07 říj 2012 18:28
od pesslovany
harddisk je v pořádku...

Re: skype trojan

Napsal: 07 říj 2012 18:31
od vyosek
:arrow: Jeste ale nekoncime :)

:arrow: Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/
  • c:\windows\system32\clinfo.exe
    c:\windows\unvise32.exe
    c:\windows\system32\reem.bat
  • Kliknete na Choose file
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Scan It
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)

Re: skype trojan

Napsal: 07 říj 2012 18:37
od pesslovany
bude to chvíli trvat jsem ve frontě 2k lidí na analýzu

Re: skype trojan

Napsal: 07 říj 2012 18:38
od vyosek
Zkuste tady http://virusscan.jotti.org/cs

Re: skype trojan

Napsal: 07 říj 2012 18:40
od pesslovany
clinfo.exe
unvise32.exe
reem.bat
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz