Zdravim mile osadenstvo tohto fora,
na uvod chcem oznamit, ze nazov topicu nie je nazov nejakej kniznej publikacie alebo filmu. Je to len vyjadrenie mojho pocitu bezmocnosti, nad ustavicnym problemom s ktorym si uz neviem poradit. Tyka sa to problemov s virusmia to konkretne: autorun.inf a Win32/PSW. OnLineGames. NBR trojanom.
Ked sa s PC nieco stane clovek si to rychlo vsimne. Pri otvarani lokálneho disku windows zobrazil moznost Otvorit v programe... ,pricom tuto hlasku windows zobrazuje len pri suboroch ktore nepozna. Dalej som zistil ze sa mi nedaju zobrazit skyte subory a priecinky. Bolo mi to podozrive ved som pouzival NOD32 s najnovsou aktualizaciou a taktiez som pravidlene skenoval PC sso Spybot Search and destroy. Pri skene PC antivirus NIC nenasiel. Nastastie som mal vytvorene body obnovy, ktore som si pravidelne vytvaral a teda nebol problem "vratit PC v case". Takto som riesil problem s tymito dvoma "smejdami", a nakolko NOD si s problemom neporadil tak som ho odinstaloval a na jeho miesto som nainstaloval G data total care, ktory dosiahol najlepsie hodnotenia v testoch. Zmazal som body obnovy, pretoze ako sa ukazalo aj v nich som mal nejaky virus, a vytvoril novy. Po tomto som si myslel, ze uz mam vystarane a bude pokoj, lenze ako ukazal dalsi vyvoj udalosti, nebolo tomu tak. Asi po dvoch dnoch sa problemy( nezobrazovanie skrytych priecinkov, nutnost otvarat lokalne disky cez moznost preskumat) objavili znovu. Aj v tomto pripade som to chcel vyriesit obnovou systemu, avsak skoncilo to pre mna sokujucim vysledkom, v ktorom mi windows oznamil, ze pri spusteni bodu obnovy sa nic neudialo resp nezmenilo. A tato situacia pretrvava az dodnes. Sice som tu havet odstranil ( teda aspon dufam) pomocou SAS ale nasledky virusov pretrvavaju. A preto som v koncoch a jednoducho povedane chcem mat zapnute zobrazovanie skrytych preicinkov no sucastna situacia mi to neumoznuje.
Preto sa obraciam na vas, ludi z fora, ktori podla mojho nazoru mate velmi velke skusenosti s podobnymi problemami, so ziadostou, ci by ste boli taky laskavy a pomohli mi.
Pripojil som k tomuto topicu aj logy z RSITu. Hijack a Rookit revealu.
P.s. Sorry za to rozpisovanie ale musel som sa vyrozpravat
Tu su logy:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:10:40, on 1. 6. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\TotalCare\AVK\AVKService.exe
C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\G Data\TotalCare\AVK\AVK.exe
C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
F3 - REG:win.ini: run=
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 5867 bytes
Logfile of random's system information tool 1.07 (written by random/random)
Run by Monty at 2010-06-01 22:12:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 511 MB (38% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G Data WebFilter - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll [2009-08-12 590408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2004-11-12 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A7C4DD-B2E6-4CA0-BB6E-737A61364155}]
CHelper Class - C:\PROGRA~1\EUROTR~1\e2003i.dll [2010-03-16 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2004-11-12 208896]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G Data WebFilter - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll [2009-08-12 590408]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"=C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe [2009-08-12 1123400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-05-18 2397424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-25 126976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
"NoRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=
"NoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{239a26e2-5e2c-11df-9176-941e7f288857}]
shell\AutoRun\command - 2.bat
shell\open\command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97165a57-30a3-11df-912a-f86db6030a56}]
shell\AutoRun\command - 2.bat
shell\open\command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7f6dc60-305c-11df-aa13-806d6172696f}]
shell\AutoRun\command - 2.bat
shell\open\command - 2.bat
======List of files/folders created in the last 1 months======
2010-05-28 22:55:32 ----D---- C:\Program Files\Hijack
2010-05-26 21:21:26 ----D---- C:\Program Files\trend micro
2010-05-26 21:21:25 ----D---- C:\rsit
2010-05-26 21:00:53 ----D---- C:\Documents and Settings\Monty\Application Data\SUPERAntiSpyware.com
2010-05-26 21:00:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-26 21:00:43 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-20 19:11:53 ----D---- C:\Program Files\Scorpions WinCheater
2010-05-20 19:11:32 ----D---- C:\Program Files\ABCgames Cheater
2010-05-12 19:49:45 ----SHD---- C:\#GDATA.Trash.Store#
2010-05-12 18:21:33 ----D---- C:\Program Files\G Data
2010-05-12 18:21:33 ----D---- C:\Program Files\Common Files\G DATA
2010-05-12 18:21:33 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
2010-05-10 19:05:27 ----D---- C:\Documents and Settings\Monty\Application Data\Yahoo!
2010-05-10 19:05:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2010-05-10 19:05:26 ----D---- C:\Program Files\Yahoo!
2010-05-10 19:05:16 ----D---- C:\Program Files\CCleaner
2010-05-10 16:09:46 ----D---- C:\Documents and Settings\Monty\Application Data\Malwarebytes
2010-05-10 16:09:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-10 16:09:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-09 20:21:32 ----D---- C:\Documents and Settings\Monty\Application Data\SecuROM
2010-05-09 20:16:48 ----D---- C:\Documents and Settings\Monty\Application Data\InstallShield
======List of files/folders modified in the last 1 months======
2010-06-01 22:10:08 ----D---- C:\WINDOWS\temp
2010-06-01 22:10:08 ----D---- C:\WINDOWS
2010-06-01 22:08:30 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-01 22:08:15 ----D---- C:\WINDOWS\Prefetch
2010-06-01 22:04:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-01 22:00:06 ----D---- C:\Documents and Settings\Monty\Application Data\SolidDocuments
2010-06-01 14:11:44 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 20:43:02 ----D---- C:\Documents and Settings\Monty\Application Data\OpenOffice.org2
2010-05-30 21:29:17 ----D---- C:\WINDOWS\system32
2010-05-30 21:00:03 ----D---- C:\WINDOWS\system32\drivers
2010-05-30 12:46:14 ----SHD---- C:\System Volume Information
2010-05-30 12:46:14 ----D---- C:\WINDOWS\system32\Restore
2010-05-29 19:36:01 ----SHD---- C:\WINDOWS\Installer
2010-05-29 19:36:01 ----D---- C:\WINDOWS\WinSxS
2010-05-29 19:36:01 ----D---- C:\Config.Msi
2010-05-29 19:31:38 ----RSD---- C:\WINDOWS\Fonts
2010-05-28 22:55:32 ----RD---- C:\Program Files
2010-05-27 12:58:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-26 21:46:20 ----HD---- C:\WINDOWS\inf
2010-05-26 14:27:48 ----D---- C:\WINDOWS\system32\config
2010-05-26 14:27:27 ----D---- C:\WINDOWS\system32\wbem
2010-05-26 14:27:26 ----D---- C:\WINDOWS\Registration
2010-05-12 20:13:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-12 19:49:45 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-12 19:49:45 ----D---- C:\Program Files\IrfanView
2010-05-12 19:43:20 ----SD---- C:\Documents and Settings\Monty\Application Data\Microsoft
2010-05-12 18:28:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-05-12 18:21:33 ----D---- C:\Program Files\Common Files
2010-05-11 16:17:01 ----RSD---- C:\WINDOWS\assembly
2010-05-11 16:15:39 ----D---- C:\Program Files\OpenOffice.org 2.3
2010-05-10 19:31:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-10 19:06:39 ----D---- C:\WINDOWS\Minidump
2010-05-10 19:06:39 ----D---- C:\WINDOWS\Debug
2010-05-10 18:43:41 ----D---- C:\WINDOWS\PeerNet
2010-05-10 18:23:16 ----D---- C:\WINDOWS\Connection Wizard
2010-05-09 20:17:52 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 02006311;02006311; C:\WINDOWS\system32\DRIVERS\02006311.sys [2009-09-25 128016]
R1 GRD;G Data Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-25 2863616]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2001-10-30 280782]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 a11uq2dv;a11uq2dv; C:\WINDOWS\system32\drivers\a11uq2dv.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-25 520192]
R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-08-12 1045064]
R2 AVKService;G Data Scheduler; C:\Program Files\G Data\TotalCare\AVK\AVKService.exe [2009-08-12 397896]
R2 AVKWCtl;G Data Filesystem Monitor; C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe [2009-07-30 1244760]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 GDFwSvc;G Data Personal Firewall; C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe [2009-08-03 1538352]
R3 GDScan;G Data Scanner; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [2009-07-27 300616]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 G Data Backup Service;G Data Backup Service; C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2009-07-09 863304]
S3 G Data Tuner Service;G Data Tuner Service; C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-04-20 918600]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-16 435016]
-----------------EOF-----------------
Rookit revealer:
HKLM\SECURITY\Policy\Secrets\SAC* 15. 3. 2010 19:37 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 15. 3. 2010 19:37 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 4. 5. 2009 22:02 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 4. 5. 2009 22:03 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\G Data Backup Service\Description 1. 6. 2010 21:56 55 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 16. 3. 2010 22:18 0 bytes Access is denied.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40 4. 5. 2009 22:21 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\G Data Backup Service\Description 1. 6. 2010 21:56 55 bytes Data mismatch between Windows API and raw hive data.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nikdy nekoncaci pribeh-prosim o kontolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Nikdy nekoncaci pribeh-prosim o kontolu logu
zdravim
infekce je pravdepodobne stale pritomna
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
infekce je pravdepodobne stale pritomna
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Přispějete na provoz fóra?