Ako odstranim Ransomware "Slovenska policia" ?

chameleo · Napísal autor témy **chameleo**: 17.12.2012 8:11

Inak existuje nieco, co dokaze takuto hrozbu zablokovat? Mam NODa a zial ten nezakrocil.

personal compuper · Napísal **personal compuper**: 17.12.2012 14:42

Nuž takto žiaden antivir neni dokonaly Netreba si to zbytočne zidealizovať NOD sa radi mezdi tie lepšie antiviry. a niet začo rád som pomohol.

SolutiOn · Napísal **SolutiOn**: 17.12.2012 18:29

chameleo jedine co este mozes spravit aby sa ti takato havet nedostala do PC by si mal mat vsetko aktualizovane programy, pluginy a windows

chameleo · Napísal autor témy **chameleo**: 18.12.2012 0:06

Cital som clanky o tomto Ransomware a vraj sa siria cez skype a USB. No na 99% som si isty ze som to mal z jednej stranky kde som si chcel pozret nahlady jedneho filmu. Bol to zahranicny web s uloziskom na foto a podobne.

SolutiOn · Napísal **SolutiOn**: 18.12.2012 9:57

ja som chytil tento policajny virus na jednej ceskej stranke s modmi na mafiu 2

chameleo · Napísal autor témy **chameleo**: 18.12.2012 10:30

OK takze mi to je jasne odkial to mam.

SolutiOn · Napísal **SolutiOn**: 18.12.2012 14:02

ja som si tiez myslel ze som to chytil z toho obrazku na mod ale cital som na jednej stranke o virusoch citujem : Není přitom nutné navštívit nějakou pochybnou webovou stránku s warezem, cracky apod., ale klidně i legitimní webovou stránku, kde se bez vědomí správce “usídlila” havěť typu drive-by downloads.

chameleo · Napísal autor témy **chameleo**: 18.12.2012 16:16

Preto mam obavy ze sa to bude opakovat, mam WIN7 SP1.

SolutiOn · Napísal **SolutiOn**: 18.12.2012 20:09

ako som ti uz pisal mal by si mat vsetko aktualizovane. ci uz win, antivirus, doplnky a programy

chameleo · Napísal autor témy **chameleo**: 18.12.2012 23:49

Prave citam o BitDefender, mate s nim nejake skusenosti?

Ma velmi dobre odporucania.

Kód:

http://www.av-test.org/en/tests/home-user/windows-7/sepoct-2012/
http://www.zive.sk/najlepsie-cisti-pocitac-bitdefender-tvrdi-av-comparatives/sc-4-a-297940/default.aspx

Jurike · Napísal **Jurike**: 19.12.2012 4:43

Chces kvalitny antivir? Siahni po produktoch od spolocnosti Kaspersky Lab (Spokojny zakaznik uz 2 roky) alebo Symantec. Ich produkty su TOP a nic kvalitnejsie nezozenies. To ale neznamena, ze by si bol 100% odolny proti virom. Tie testy ber len orientacne.

personal compuper · Napísal **personal compuper**: 19.12.2012 9:46

To je pravda kaspersky je kvalitný dobrý je z free ešte avast ,avira , MSE

chameleo · Napísal autor témy **chameleo**: 19.12.2012 9:50

Ja som v tom ze najlepsi je NOD od Esetu. Pouzivam ho dlhe roky.

personal compuper · Napísal **personal compuper**: 19.12.2012 9:53

no veď ho aj použivaj

Ageiris · Napísal **Ageiris**: 19.12.2012 16:44

mal som jeden cas BitDefender Total Security 2012. Super antivirak, perfektne UI, vyborne detekcne schopnosti. Mal len jeden neospravedlnitelny problem...nedovolil mi spravit obnovu systemu, nepomohlo ani ked som ho uplne vypol, musel som ho uplne odistalovat. Neviem, mozno bol problem len u mna, mozno vo verzii 2013 sa to uz nestava. Ale to iste s obnovou systemu som zazil aj pri Kaspersky Pure 2. Tak som sa vykaslal na platene produkty, mam Comodo Internet Security 6 Beta, a ziaden problem, dokonca je free, a napr oproti kaspersky mi z RAM berie 14 MB, zatial co napr. Kaspersky si berie 200 MB, Zone Alarm dokonca 300 MB.
Eset je fajn, ale ma problemy s ransomware a s tymi fejk antivirakmi ako napr. Live Security Platinum, Online Shield apod..

Z platenych produktov som bol najviac spokojny s Norton Internet Security 2012. Bol tak lahky na system ze som ani nevedel, ze vobec bezi nejaka heuristika alebo real-time ochrana. Avast 7 je tiez fajn,Internet Security stoji len nieco okolo 400 korun ceskych.

chameleo · Napísal autor témy **chameleo**: 20.12.2012 0:54

Dakujem za zaujimave zhodnotenie. Prekvapilo ma ze Eset si nedokaze poradit s ransomware. Zacinam uvazovat o zmene.

Jurike · Napísal **Jurike**: 20.12.2012 8:40

Ageiris --> Tiez suhlasim, ze ten Norton neni tak narocny na system. Od neho som cakal, ze to bude naopak. Vlastnim ultrabook, kde bol nainstalovany na 60 dni. Malo krat sa mi stavalo, ze sa mi roztocil vetrak. Skoda len, ze je jeho cena taka vysoka (oproti KIS) inac by som si zakupil licenciu.

personal compuper · Napísal **personal compuper**: 20.12.2012 8:50

Chameleo a zase si to len idealizuješ žiaden antivir není dokonalý to není dôvod na zmenu

Filips · Napísal **Filips**: 20.12.2012 14:17

Mám ten istý problém mám postupovať tak isto a dať tu všetky logy ?

personal compuper · Napísal **personal compuper**: 20.12.2012 14:20

pošli log z rsit http://en.kioskea.net/download/download-11416-rsit a nasledne z combofixu http://www.bleepingcomputer.com/download/combofix/

Filips · Napísal **Filips**: 20.12.2012 15:54

Citácia:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marika at 2012-12-20 14:31:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (26%) free of 16 GB
Total RAM: 1279 MB (66% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Marika\Application Data\Mozilla\Firefox\Profiles\fhdf5c3b.default

prefs.js - "browser.startup.homepage" - "www.centrum.sk"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutRights.js
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Marika\Application Data\Mozilla\Firefox\Profiles\fhdf5c3b.default\extensions\
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

C:\Documents and Settings\Marika\Application Data\Mozilla\Firefox\Profiles\fhdf5c3b.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Marika\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-06-17 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-10 7311360]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [2005-11-28 1009400]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2005-11-28 118784]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-10 86016]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-01-04 1937408]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Marika\Start Menu\Programs\Startup
runctf.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"c:\documents and settings\marika\local settings\temporary internet files\content.ie5\ljr3514e\photoalbum[1].exe"="c:\documents and settings\marika\local settings\temporary internet files\content.ie5\ljr3514e\photoalbum[1].exe:*:Enabled:photoalbum[1]"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\sysinit.exe"="C:\WINDOWS\sysinit.exe:*:Enabled:sysinit"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-20 14:31:56 ----D---- C:\Program Files\trend micro
2012-12-20 14:31:55 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2012-12-20 14:31:56 ----D---- C:\Program Files
2012-12-20 14:31:00 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-20 14:30:57 ----D---- C:\WINDOWS\Temp
2012-12-20 13:36:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-17 21:19:39 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2012-12-17 20:26:21 ----D---- C:\WINDOWS\Prefetch
2012-12-13 15:26:43 ----D---- C:\Documents and Settings\Marika\Application Data\vlc
2012-12-11 06:51:49 ----D---- C:\Program Files\Mozilla Firefox
2012-12-09 17:12:13 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 pxscan;pxscan; C:\WINDOWS\System32\drivers\pxscan.sys [2009-05-01 22024]
R0 pxsec;pxsec; C:\WINDOWS\System32\drivers\pxsec.sys [2009-05-01 27656]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2008-09-07 96320]
R0 timounter;Acronis TrueImage Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2008-09-07 249152]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-09-07 30688]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2009-07-02 22016]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2012-10-15 50704]
S3 Rockey_USB;Feitian ROCKEY4 USB Service; C:\WINDOWS\system32\DRIVERS\Rockey4USB.sys [2009-07-02 12928]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-12 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2005-11-28 172032]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-05-01 4368952]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-10 131139]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-07-11 606720]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DfSdkS;Defragmentation-Service; D:\otimizer 9\Ashampoo WinOptimizer 9\DfsdkS.exe [2009-08-24 406016]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-22 182768]

-----------------EOF-----------------

Filips · Napísal **Filips**: 20.12.2012 15:54

Citácia:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marika at 2012-12-20 14:31:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (26%) free of 16 GB
Total RAM: 1279 MB (66% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Marika\Application Data\Mozilla\Firefox\Profiles\fhdf5c3b.default

prefs.js - "browser.startup.homepage" - "www.centrum.sk"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutRights.js
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Marika\Application Data\Mozilla\Firefox\Profiles\fhdf5c3b.default\extensions\
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

C:\Documents and Settings\Marika\Application Data\Mozilla\Firefox\Profiles\fhdf5c3b.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Marika\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-06-17 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-10 7311360]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [2005-11-28 1009400]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2005-11-28 118784]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-10 86016]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-01-04 1937408]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Marika\Start Menu\Programs\Startup
runctf.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"c:\documents and settings\marika\local settings\temporary internet files\content.ie5\ljr3514e\photoalbum[1].exe"="c:\documents and settings\marika\local settings\temporary internet files\content.ie5\ljr3514e\photoalbum[1].exe:*:Enabled:photoalbum[1]"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\sysinit.exe"="C:\WINDOWS\sysinit.exe:*:Enabled:sysinit"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-20 14:31:56 ----D---- C:\Program Files\trend micro
2012-12-20 14:31:55 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2012-12-20 14:31:56 ----D---- C:\Program Files
2012-12-20 14:31:00 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-20 14:30:57 ----D---- C:\WINDOWS\Temp
2012-12-20 13:36:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-17 21:19:39 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2012-12-17 20:26:21 ----D---- C:\WINDOWS\Prefetch
2012-12-13 15:26:43 ----D---- C:\Documents and Settings\Marika\Application Data\vlc
2012-12-11 06:51:49 ----D---- C:\Program Files\Mozilla Firefox
2012-12-09 17:12:13 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 pxscan;pxscan; C:\WINDOWS\System32\drivers\pxscan.sys [2009-05-01 22024]
R0 pxsec;pxsec; C:\WINDOWS\System32\drivers\pxsec.sys [2009-05-01 27656]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2008-09-07 96320]
R0 timounter;Acronis TrueImage Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2008-09-07 249152]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-09-07 30688]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2009-07-02 22016]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2012-10-15 50704]
S3 Rockey_USB;Feitian ROCKEY4 USB Service; C:\WINDOWS\system32\DRIVERS\Rockey4USB.sys [2009-07-02 12928]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-12 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2005-11-28 172032]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-05-01 4368952]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-10 131139]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-07-11 606720]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DfSdkS;Defragmentation-Service; D:\otimizer 9\Ashampoo WinOptimizer 9\DfsdkS.exe [2009-08-24 406016]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-22 182768]

-----------------EOF-----------------

personal compuper · Napísal **personal compuper**: 20.12.2012 16:02

kde je log z combofixu

Filips · Napísal **Filips**: 20.12.2012 18:57

Sorry pomýlil som sa a dal som sem dva krát to isté

Citácia:

ComboFix 12-12-20.02 - Marika 20.12.2012 14:42:52.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1279.845 [GMT 1:00]
Running from: G:\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dsgsdgdsgdsgw.pad
c:\documents and settings\All Users\Application Data\salesmonitor
c:\documents and settings\Marika\wgsdgsdgdsgsd.exe
c:\documents and settings\Marika\WINDOWS
c:\program files\Common Files\Companion Wizard
C:\WA7P
c:\windows\IsUn0405.exe
c:\windows\system32\495664
c:\windows\system32\aahaxxyav_navfx.dat
c:\windows\system32\ahhjknu_navfx.dat
c:\windows\system32\apqniqkty_navfx.dat
c:\windows\system32\covpwy_navfx.dat
c:\windows\system32\dlklqe_navfx.dat
c:\windows\system32\epbnhrk_navfx.dat
c:\windows\system32\MUI\041b\tourstart.exe
c:\windows\system32\myaia.dat
c:\windows\system32\myaia_nav.dat
c:\windows\system32\myaia_navps.dat
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))
.
.
2012-12-20 13:31 . 2012-12-20 13:31 -------- d-----w- c:\program files\trend micro
2012-12-20 13:31 . 2012-12-20 13:32 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 12:09 . 2012-10-15 12:09 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2009-06-29 15:52 . 2009-06-29 15:52 19282288 -c--a-w- c:\program files\IE8-WindowsXP-x86-SKY.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-28 1009400]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-11-28 118784]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Marika\Start Menu\Programs\Startup\
runctf.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [27.2.2009 21:45 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [19.4.2009 7:01 27656]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [27.2.2009 21:45 4368952]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.6.2009 13:27 222968]
S3 DfSdkS;Defragmentation-Service;d:\otimizer 9\Ashampoo WinOptimizer 9\DfSdkS.exe [27.10.2012 14:40 406016]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [2.7.2009 6:52 12928]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 19:06]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.centrum.sk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\documents and settings\Marika\Application Data\Mozilla\Firefox\Profiles\fhdf5c3b.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.centrum.sk
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
AddRemove-myaia - c:\windows\system32\myaia.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-20 14:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-12-20 14:53:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-20 13:53
.
Pre-Run: 4 298 235 904 bytes free
Post-Run: 5 437 476 864 bytes free
.
- - End Of File - - 28A17D5B7D4A41ACA80C9623BE1CF973

personal compuper · Napísal **personal compuper**: 20.12.2012 19:58

ulož combofix na plochu stiahni si cfscript z http://uloz.to/xumU1Tt/cfscript-txt uloz ho na plochu pretiahni cfscript cez combofix aplikuje sa script posli log.
Stiahni si adwcleaner http://www.softpedia.com/get/Antivirus/ ... aner.shtml spusť daj delete pošli log
stiahni si MBAM z http://fileforum.betanews.com/detail/Ma ... 86760019/1 nainštaluj spusť daj plnu kontrolu predom nič nemaž pošli log
odinčtaluj
c:\program files\Lavasoft
C:\Program Files\Spybot - Search & Destroy
c:\program files\Spyware Terminator

Filips · Napísal **Filips**: 20.12.2012 20:45

odkaz na MBAM mi nefunguje. to pretiahni si myslel že to mam chytit a dat na ikonku exe suboru vsak ?

personal compuper · Napísal **personal compuper**: 20.12.2012 20:46

ano tak to mislim už odkaz funguje

Filips · Napísal **Filips**: 20.12.2012 21:02

Ten Combofix už ide dosť dlho. Už to bude asi 40 min. môže byť ? Ako je to stará šunka so Sempronom ale aj tak sa mi to zdá dlho

personal compuper · Napísal **personal compuper**: 20.12.2012 21:06

a stoji ty to na niečom či nie v akej si faze

Filips · Napísal **Filips**: 20.12.2012 21:15

Scanning for infected files.. Celý počítač zamrzol aj keď tam bliká tá čiarka ale prieskumník nejde nič nereaguje ale s myšou pritom môžem hýbať.

Ako odstranim Ransomware "Slovenska policia" ?

Podobné témy