VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojský kůň hider.vfh

https://forum.viry.cz:443/viewtopic.php?t=130912

Stránka 1 z 1

Trojský kůň hider.vfh

Napsal: 14 čer 2013 14:20
od 8Rohlajz8
Zdravím, mám podezření, že mám v pc trojského koně mohli byste mi prosím zkontrolovat RSIT log a popřípadě poradit jak ho odstranit? Předem děkuji.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pc at 2013-06-14 15:12:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 936 MB (3%) free of 37 GB
Total RAM: 3327 MB (72% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-963894560-682003330-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-963894560-682003330-1004UA.job
C:\WINDOWS\tasks\YourFile DownloaderUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - E:\AVG\avgdtiex.dll [2012-10-15 938104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{595D0E32-CA62-29E1-5F8A-8F812BDFA489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - E:\Microsoft Office 2007 CZ + key\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBD508A4-770A-6669-ECDF-DCABAFF1D045}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"AVG_TRAY"=E:\AVG\avgtray.exe [2012-11-19 2598520]
"GrooveMonitor"=E:\Microsoft Office 2007 CZ + key\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Pc\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-07-27 116648]
"CursorXP"=E:\cursor xp\CursorXP.exe [2005-01-19 128000]
"DAEMON Tools Lite"=E:\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"GarenaPlus"=E:\Garena Plus\GarenaMessenger.exe [2013-05-29 9839408]
"Skype"=E:\Skype\Phone\Skype.exe [2013-04-19 18678376]

C:\Documents and Settings\Pc\Nabídka Start\Programy\Po spuštění
Dropbox.lnk - C:\Documents and Settings\Pc\Data aplikací\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-07-28 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\Microsoft Office 2007 CZ + key\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62e3e118-024d-11e2-b137-f658a23c5f0e}]
shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8b6990-e9cf-11e1-b113-b81021d99c0c}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2013-06-14 15:12:31 ----D---- C:\rsit
2013-06-06 12:07:35 ----D---- C:\Program Files\Dropbox
2013-06-01 21:11:44 ----D---- C:\Program Files\x264 Video Codec
2013-05-21 15:36:35 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2013-05-21 15:36:35 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2013-05-21 15:36:35 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2013-05-21 15:36:35 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2013-05-21 15:36:34 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2013-05-21 15:36:34 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2013-05-21 15:36:34 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2013-05-21 15:36:34 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2013-05-21 15:36:33 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2013-05-21 15:36:33 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2013-05-21 15:36:33 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2013-05-21 15:36:33 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2013-05-17 14:13:35 ----D---- C:\Program Files\Common Files\Skype
2013-05-15 10:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2820197$
2013-05-15 10:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2829361$
2013-05-14 10:04:56 ----D---- C:\Program Files\Microsoft Office
2013-05-13 11:35:14 ----A---- C:\WINDOWS\system32\muweb.dll
2013-05-13 11:35:14 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2013-05-13 11:35:14 ----A---- C:\WINDOWS\system32\mucltui.dll
2013-05-12 15:23:20 ----D---- C:\Program Files\Microsoft Silverlight
2013-05-09 13:28:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\StarApp
2013-05-09 13:23:53 ----D---- C:\Documents and Settings\Pc\Data aplikací\TS3Client
2013-04-10 09:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-10 09:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-10 09:28:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-10 09:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
2013-04-02 13:29:03 ----A---- C:\WINDOWS\War3Unin.exe
2013-03-30 19:14:26 ----D---- C:\Program Files\Bluefish
2013-03-28 12:32:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Browse22save
2013-03-27 15:24:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\SoftSafe
2013-03-27 15:24:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Boroowsee2save
2013-03-27 15:24:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallMate
2013-03-21 21:09:34 ----D---- C:\Documents and Settings\Pc\Data aplikací\Google
2013-03-21 21:08:38 ----D---- C:\Program Files\Google
2013-03-20 15:49:56 ----D---- C:\Program Files\trend micro
2013-03-19 23:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$

======List of files/folders modified in the last 3 months======

2013-06-14 15:06:05 ----D---- C:\WINDOWS\Prefetch
2013-06-14 14:31:11 ----D---- C:\Documents and Settings\Pc\Data aplikací\Dropbox
2013-06-14 11:23:23 ----D---- C:\WINDOWS\Temp
2013-06-14 11:18:21 ----D---- C:\WINDOWS\system32
2013-06-14 09:29:17 ----D---- C:\Documents and Settings\Pc\Data aplikací\Skype
2013-06-14 08:33:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-06-14 08:33:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\GarenaMessenger
2013-06-14 08:28:08 ----D---- C:\WINDOWS\system32\drivers
2013-06-12 23:08:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-06-12 19:07:46 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-12 08:32:56 ----D---- C:\Documents and Settings\Pc\Data aplikací\GarenaPlus
2013-06-12 00:27:35 ----D---- C:\Documents and Settings\Pc\Data aplikací\Tunngle
2013-06-11 03:09:44 ----D---- C:\Documents and Settings\Pc\Data aplikací\uTorrent
2013-06-09 20:32:47 ----HD---- C:\WINDOWS\inf
2013-06-09 16:20:45 ----D---- C:\WINDOWS\system32\CatRoot2
2013-06-07 10:33:40 ----SHD---- C:\WINDOWS\Installer
2013-06-07 10:33:34 ----SHD---- C:\Config.Msi
2013-06-06 12:07:35 ----RD---- C:\Program Files
2013-06-01 21:12:24 ----D---- C:\WINDOWS
2013-06-01 21:11:56 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-05-25 21:40:32 ----D---- C:\Documents and Settings\Pc\Data aplikací\U3
2013-05-21 16:48:17 ----HD---- C:\Program Files\InstallShield Installation Information
2013-05-21 15:37:19 ----D---- C:\WINDOWS\WinSxS
2013-05-21 15:36:36 ----D---- C:\WINDOWS\system32\DirectX
2013-05-21 15:36:13 ----RSD---- C:\WINDOWS\assembly
2013-05-18 06:24:14 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-05-17 14:13:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-05-17 14:13:35 ----D---- C:\Program Files\Common Files
2013-05-15 12:18:01 ----SD---- C:\WINDOWS\Tasks
2013-05-15 11:47:28 ----D---- C:\WINDOWS\Microsoft.NET
2013-05-15 10:25:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-05-15 10:24:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-05-15 10:24:36 ----D---- C:\Program Files\Internet Explorer
2013-05-15 10:24:23 ----D---- C:\WINDOWS\ie8updates
2013-05-15 10:21:49 ----A---- C:\WINDOWS\imsins.BAK
2013-05-15 10:21:10 ----HD---- C:\WINDOWS\$hf_mig$
2013-05-15 10:18:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-05-15 10:17:24 ----A---- C:\WINDOWS\system32\MRT.exe
2013-05-14 09:58:56 ----D---- C:\Program Files\Common Files\System
2013-05-14 09:58:56 ----A---- C:\WINDOWS\win.ini
2013-05-13 13:42:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-05-13 13:11:16 ----RSD---- C:\WINDOWS\Fonts
2013-05-13 13:10:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-05-13 13:10:15 ----D---- C:\Program Files\Microsoft Works
2013-05-13 13:09:41 ----D---- C:\WINDOWS\pchealth
2013-05-07 06:22:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-04-17 00:26:49 ----A---- C:\WINDOWS\system32\wininet.dll
2013-04-17 00:26:45 ----A---- C:\WINDOWS\system32\urlmon.dll
2013-04-17 00:26:43 ----A---- C:\WINDOWS\system32\url.dll
2013-04-17 00:26:43 ----A---- C:\WINDOWS\system32\occache.dll
2013-04-17 00:26:40 ----A---- C:\WINDOWS\system32\mstime.dll
2013-04-17 00:26:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2013-04-17 00:26:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2013-04-17 00:26:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2013-04-17 00:26:22 ----A---- C:\WINDOWS\system32\licmgr10.dll
2013-04-17 00:26:22 ----A---- C:\WINDOWS\system32\jsproxy.dll
2013-04-17 00:26:20 ----A---- C:\WINDOWS\system32\iertutil.dll
2013-04-17 00:26:13 ----A---- C:\WINDOWS\system32\iepeers.dll
2013-04-17 00:26:13 ----A---- C:\WINDOWS\system32\ieframe.dll
2013-04-17 00:26:00 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2013-04-13 04:59:14 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2013-04-11 18:16:59 ----SD---- C:\Documents and Settings\Pc\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-04-11 302368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-09-19 242240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-07-28 7084544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-05-14 103040]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-13 7069288]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-08-24 323816]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2010-11-28 35712]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 GGSAFERDriver;GGSAFER Driver; \??\E:\Garena Plus\Room\safedrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSICDSetup;MSICDSetup; \??\G:\CDriver.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\G:\NTIOLib.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-07-28 643072]
R2 AVGIDSAgent;AVGIDSAgent; E:\AVG\avgidsagent.exe [2012-11-02 5174392]
R2 avgwd;AVG WatchDog; E:\AVG\avgwdsvc.exe [2012-02-14 193288]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-03-05 75136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 SkypeUpdate;Skype Updater; E:\Skype\Updater\Updater.exe [2013-04-19 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Microsoft Office 2007 CZ + key\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-17 117144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TunngleService;TunngleService; E:\Tunngle\Tunngle\TnglCtrl.exe [2012-11-26 745368]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Trojský kůň hider.vfh

Napsal: 14 čer 2013 16:52
od Rudy
Zdravím!
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: Trojský kůň hider.vfh

Napsal: 14 čer 2013 17:55
od 8Rohlajz8
Dobrý den, předem děkuji za váš čas a vaše rady. Udělal jsem co ste mi tu popsal, ale ten výpis z kombofixu je tak dlouhý že má asi 401 000 znaků a maximální povolený počet znaků zde je 80 000. Takže jestli to sem mám naházet v několika příspěvcích a nebo radši zaslat na email?

Re: Trojský kůň hider.vfh

Napsal: 14 čer 2013 18:31
od Rudy
Uložte třeba na leteckaposta a dejte odkaz.

Re: Trojský kůň hider.vfh

Napsal: 15 čer 2013 13:30
od 8Rohlajz8
http://leteckaposta.cz/348329041 odkaza na log z kombofixu

Re: Trojský kůň hider.vfh

Napsal: 15 čer 2013 13:53
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Trojský kůň hider.vfh

Napsal: 15 čer 2013 14:22
od 8Rohlajz8
Tak hotovo. Děkuji za váš čas a ochotu.

Zde je výpis z kombofixu

ComboFix 13-06-13.01 - Pc 15.06.2013 15:10:38.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2076 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pc\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pc\Plocha\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-15 do 2013-06-15 )))))))))))))))))))))))))))))))
.
.
2013-06-14 16:13 . 2008-04-14 12:00 64256 -c--a-w- c:\windows\system32\dllcache\serial.sys
2013-06-14 16:13 . 2008-04-14 12:00 64256 ----a-w- c:\windows\system32\drivers\serial.sys
2013-06-14 13:12 . 2013-06-14 13:12 -------- d-----w- C:\rsit
2013-06-06 10:07 . 2013-06-06 10:07 -------- d-----w- c:\program files\Dropbox
2013-06-01 23:41 . 2013-06-01 23:41 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2013-06-01 19:11 . 2013-06-02 21:22 -------- d-----w- c:\program files\x264 Video Codec
2013-05-21 13:36 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-05-21 13:36 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-05-21 13:36 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-05-21 13:36 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-05-21 13:36 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-05-21 13:36 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-05-21 13:36 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-05-21 13:36 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-05-21 13:36 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-05-21 13:36 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-05-21 13:36 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-05-21 13:36 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-05-17 12:13 . 2013-05-17 12:13 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 17:07 . 2012-08-02 20:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 17:07 . 2012-08-02 20:59 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:26 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2008-04-14 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-08 13:22 . 2013-04-02 11:29 2829 ----a-w- c:\windows\War3Unin.pif
2013-04-08 13:22 . 2013-04-02 11:29 139264 ----a-w- c:\windows\War3Unin.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2013-06-01 19:11 225280 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Pc\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Pc\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Pc\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Pc\Data aplikací\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="e:\cursor xp\CursorXP.exe" [2005-01-19 128000]
"DAEMON Tools Lite"="e:\daemon tools lite\DTLite.exe" [2012-04-17 3671872]
"GarenaPlus"="e:\garena plus\GarenaMessenger.exe" [2013-05-29 9839408]
"Skype"="e:\skype\Phone\Skype.exe" [2013-04-19 18678376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"GrooveMonitor"="e:\microsoft office 2007 cz + key\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Pc\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Pc\Data aplikací\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\Documents and Settings\\Pc\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19.9.2012 13:30 242240]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29.5.2012 20:46 1528672]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [27.7.2012 13:00 103040]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [5.8.2012 17:30 27136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [9.2.2012 13:16 10064]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [27.7.2012 13:00 35712]
S2 SkypeUpdate;Skype Updater;e:\skype\Updater\Updater.exe [19.4.2013 15:14 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.7.2012 12:57 1691480]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\garena plus\Room\safedrv.sys --> e:\garena plus\Room\safedrv.sys [?]
S3 MSICDSetup;MSICDSetup;\??\g:\cdriver.sys --> g:\CDriver.sys [?]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C;\??\g:\ntiolib.sys --> g:\NTIOLib.sys [?]
S3 TunngleService;TunngleService;e:\tunngle\Tunngle\TnglCtrl.exe [13.12.2012 20:37 745368]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 17:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-15 15:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1376)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2676)
c:\documents and settings\All Users\Data aplikací\Microsoft\Media Tools\MediaIconsOverlays.dll
c:\documents and settings\Pc\Data aplikací\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\documents and settings\Pc\Data aplikací\Dropbox\bin\Dropbox.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\rundll32.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-06-15 15:21:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-15 13:21
ComboFix2.txt 2013-06-14 16:46
.
Před spuštěním: Volných bajtů: 10 573 856 768
Po spuštění: Volných bajtů: 10 635 915 264
.
- - End Of File - - D59128404B80967D1EA02AB767E6B123
413FC2A0C716421B3158746D63736515

Re: Trojský kůň hider.vfh

Napsal: 15 čer 2013 15:31
od Rudy
Log již vypadá OK. Nastala nějaká změna?

Re: Trojský kůň hider.vfh

Napsal: 15 čer 2013 17:25
od 8Rohlajz8
Počitač je znatelně rychlejší a už mi z antiviru nevyskakují okna o nakažení. Děkuji za pomoc a váš čas.

Re: Trojský kůň hider.vfh

Napsal: 15 čer 2013 18:28
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz