[ Príspevkov: 14 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
NapísalOffline : 29.03.2008 16:37 | http://208.101.27.67/2202.exe

Poradi mi niekto, co toto je?! Uz som párkrát precesal "C"-ko, aj som dal do karanteny, ale vzdy sa mi po urcitom case znova objavi.. Este je tam vypisane, ze Ozdok trojan.. Preco ho neviem zlikvidovat s NOD32? Dik..


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 08.03.08
Prihlásený: 29.11.17
Príspevky: 2680
Témy: 215 | 215
NapísalOffline : 29.03.2008 17:06 | http://208.101.27.67/2202.exe

posli log s hijackthisu.
http://www.pcforum.sk/cistime-napadnuty ... 27265.html


Offline

Užívateľ
Užívateľ
http://208.101.27.67/2202.exe

Registrovaný: 02.01.06
Prihlásený: 17.01.12
Príspevky: 3470
Témy: 91 | 91
Bydlisko: PO
NapísalOffline : 29.03.2008 17:10 | http://208.101.27.67/2202.exe

ono asi bude treba brutalnejsie na to... Spy Sweeper by to zmakol :)


_________________
Volvo forever...
Offline

Skúsený užívateľ
Skúsený užívateľ
http://208.101.27.67/2202.exe

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 29.03.2008 21:03 | http://208.101.27.67/2202.exe

Možno, keby trial nemal len skenovanie. Ak nepomôže antispyware, hijackthis/combofix bude najlepšie riešenie.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
Napísal autor témyOffline : 29.03.2008 21:21 | http://208.101.27.67/2202.exe

Nie som az taky velky odbornik v tejto oblasti, preto som najprv nainstaloval Spy Sweeper, ktory pomaly dokoncuje skenovanie ale medzi tym 3x vyskocilo okienko s tymto názvom: Meno- http://208.101.27.67/2202aa.exe, Virus:Ozdok Trojan! No, uvidim..


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
Napísal autor témyOffline : 29.03.2008 22:29 | http://208.101.27.67/2202.exe

Skenovanie ukoncene, najhorsie co vyslo vo Spy Sweepery je toto:

Name-parent tools for aim
Category:System Monitor
Subcategory:Commercial System Monitor
Risk Rating: 5 paliciek, cize max.
Description: Parent Tools for AIM, is a monitoring program that secretly tracks all activities of computer users.

Co s tym, karanten?viete mi poradit?

Medzitym som to prelozil, asi takto:
Description: Parent Tools for AIM, is a monitoring program that secretly tracks all activities of computer users.
= Popis: Mateřské prostředky k cíli, je řídicí program to tajně sleduje všechny aktivity uživatelů počítače.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
Napísal autor témyOffline : 29.03.2008 22:33 | http://208.101.27.67/2202.exe

Tak som to nakoniec supol do karanteny, uvidim ci bude este dalej vyskakovat to okienko, alebo nie..


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
Napísal autor témyOffline : 31.03.2008 18:37 | http://208.101.27.67/2202.exe

Ten Trojan sa mi nepodaril zlikvidovat. Nachádza sa tu: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\OD2R45IV\2202aa[1].exe
Vie niekto nejaky návod, ako ho odtial vymazat, pretoze akonáhle ho vymazem, za chvilu je naspat! Je to velká "potvora".hi
Skusal som ho dostat s tymito antispywarmi: Spy Sweeper, Spyware Terminátor a naposledy SUPERAntiSpywarem. A velké nic.. Dokonca sa mi behom skenovania vyjde alarm na monitor od NOD32, ako keby sa mi vysmieval,ze: "Tu som, chit ma!" :D .. Uz mi nic iné asi neostáva, len reinstall XP.. :loony:
Jaj a NOD-ka tam spomina - C:\WINDOWS\system32\svchost.exe.


Offline

Skúsený užívateľ
Skúsený užívateľ
http://208.101.27.67/2202.exe

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 31.03.2008 20:37 | http://208.101.27.67/2202.exe

Pošli log z combofix.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
Napísal autor témyOffline : 01.04.2008 18:06 | http://208.101.27.67/2202.exe

OK, skúsim to, dúfam, ze sa mi to podari..hm


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
Napísal autor témyOffline : 01.04.2008 19:00 | http://208.101.27.67/2202.exe

Toto mi vyslo z toho testu, tak neviem! :roll:

ComboFix 08-03-30.5 - ali 2008-04-01 18:48:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1038.18.184 [GMT 2:00]
Running from: D:\Programok\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\inst.exe
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\Cache\00049FE6
C:\Program Files\myglobalsearch\bar\Cache\000B4408
C:\Program Files\myglobalsearch\bar\Cache\000E3DD0
C:\Program Files\myglobalsearch\bar\Cache\0015407D
C:\Program Files\myglobalsearch\bar\Cache\0065EB2F
C:\Program Files\myglobalsearch\bar\Cache\0135E698
C:\Program Files\myglobalsearch\bar\Cache\014401DC
C:\Program Files\myglobalsearch\bar\Cache\014403B1.bin
C:\Program Files\myglobalsearch\bar\Cache\01440660.bin
C:\Program Files\myglobalsearch\bar\Cache\01440835.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\windows\system32\f3PSSavr.scr
C:\windows\Temp\1021049656.exe
C:\windows\Temp\106256257.exe
C:\windows\Temp\1131210703.exe
C:\windows\Temp\1143903035.exe
C:\windows\Temp\1150806491.exe
C:\windows\Temp\1154201008.exe
C:\windows\Temp\1170761573.exe
C:\windows\Temp\1196571970.exe
C:\windows\Temp\122527621.exe
C:\windows\Temp\1275179110.exe
C:\windows\Temp\12766614.exe
C:\windows\Temp\1319751690.exe
C:\windows\Temp\1351576600.exe
C:\windows\Temp\1449372903.exe
C:\windows\Temp\1515931046.exe
C:\windows\Temp\1517220176.exe
C:\windows\Temp\1520287409.exe
C:\windows\Temp\1524926702.exe
C:\windows\Temp\1648559023.exe
C:\windows\Temp\1677556490.exe
C:\windows\Temp\1720461122.exe
C:\windows\Temp\1757322273.exe
C:\windows\Temp\1806749827.exe
C:\windows\Temp\1815136884.exe
C:\windows\Temp\1861642575.exe
C:\windows\Temp\186763477.exe
C:\windows\Temp\1873940801.exe
C:\windows\Temp\1905048255.exe
C:\windows\Temp\1915152441.exe
C:\windows\Temp\2096287981.exe
C:\windows\Temp\2108290277.exe
C:\windows\Temp\238792665.exe
C:\windows\Temp\243790546.exe
C:\windows\Temp\328199385.exe
C:\windows\Temp\352746886.exe
C:\windows\Temp\43944013.exe
C:\windows\Temp\458238873.exe
C:\windows\Temp\465748087.exe
C:\windows\Temp\49833094.exe
C:\windows\Temp\511557866.exe
C:\windows\Temp\538152265.exe
C:\windows\Temp\545979271.exe
C:\windows\Temp\560137232.exe
C:\windows\Temp\562960948.exe
C:\windows\Temp\603754022.exe
C:\windows\Temp\664193718.exe
C:\windows\Temp\718072985.exe
C:\windows\Temp\725816333.exe
C:\windows\Temp\784739613.exe
C:\windows\Temp\842261356.exe
C:\windows\Temp\949224418.exe
C:\windows\Temp\999447229.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE


((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-31 22:24 . 2008-03-31 22:24 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-03-31 22:24 . 2008-03-31 22:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2008-03-31 22:23 . 2008-03-31 22:23 <DIR> d-------- C:\Program Files\Winamp Remote
2008-03-31 22:23 . 2008-03-31 22:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
2008-03-31 01:23 . 2008-03-31 01:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-03-31 01:22 . 2008-03-31 01:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-31 01:22 . 2008-03-31 01:22 <DIR> d-------- C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\SUPERAntiSpyware.com
2008-03-30 23:18 . 2008-04-01 14:38 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-30 23:18 . 2008-04-01 14:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-03-30 23:18 . 2008-04-01 14:35 <DIR> d-------- C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\Spyware Terminator
2008-03-30 23:18 . 2008-03-30 23:18 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-29 21:05 . 2008-03-29 21:05 <DIR> d-------- C:\Program Files\Webroot
2008-03-29 21:05 . 2008-03-29 21:05 <DIR> d-------- C:\Program Files\AskSBar
2008-03-29 21:05 . 2008-03-29 21:05 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot
2008-03-29 21:05 . 2008-03-29 21:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-03-29 21:05 . 2007-12-10 21:08 1,526,584 --a------ C:\WINDOWS\WRSetup.dll
2008-03-29 21:05 . 2007-12-10 20:47 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-29 21:05 . 2007-12-10 20:47 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-29 21:05 . 2007-12-10 20:47 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-29 21:05 . 2007-12-10 20:47 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-03-29 20:54 . 2008-03-29 20:54 <DIR> d-------- C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\Webroot
2008-03-14 04:03 . 2008-03-14 04:03 276 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-14 03:24 . 2008-03-14 03:24 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-03-14 02:06 . 2008-03-14 04:04 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 16:47 2,026 ----a-w C:\Program Files\wincmd.ini
2008-04-01 16:47 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-01 16:47 --------- d-----w C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\uTorrent
2008-04-01 16:15 --------- d-----w C:\Program Files\Winamp
2008-04-01 12:41 --------- d-----w C:\Program Files\Java
2008-04-01 12:30 --------- d-----w C:\Program Files\ElcomSoft
2008-03-31 15:30 --------- d-----w C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\Orbit
2008-03-30 23:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 16:36 --------- d-----w C:\Program Files\Internet Cleaner
2008-03-28 07:58 --------- d-----w C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\Image Zone Express
2008-03-28 07:26 --------- d-----w C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\Skype
2008-03-24 12:09 --------- d-----w C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\OpenOffice.org2
2008-03-20 01:00 --------- d-----w C:\Program Files\Jewel Quest 2
2008-03-14 10:18 --------- d-----w C:\Program Files\Alawar
2008-03-14 02:22 --------- d-----w C:\Program Files\Clickster
2008-03-14 02:21 --------- d-----w C:\Program Files\PopCap Games
2008-03-14 02:20 --------- d-----w C:\Program Files\BearFlix
2008-03-14 02:19 --------- d-----w C:\Program Files\BearShare
2008-03-14 02:18 --------- d-----w C:\Program Files\shockwave.com
2008-03-14 02:18 --------- d-----w C:\Program Files\iWin.com Games
2008-03-14 02:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-02-27 21:15 --------- d-----w C:\Documents and Settings\ali\Data aplikací\Azureus
2008-02-25 21:51 --------- d-----w C:\Program Files\QuickTime
2008-02-25 21:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-24 10:47 --------- d-----w C:\Program Files\Kids Colouring Book 2006
2008-02-21 18:55 --------- d-----w C:\Program Files\iFit Explorer
2008-02-17 18:24 --------- d-----w C:\Program Files\Feelers
2008-02-10 20:15 --------- d-----w C:\Program Files\GenoPro
2008-02-07 22:38 --------- d-----w C:\Program Files\Eset
2008-02-03 11:11 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-01-27 15:02 14,336 ----a-w C:\windows\system32\svchost.exe
2007-09-14 20:49 120 ----a-w C:\Program Files\wcx_ftp.ini
2007-08-03 21:21 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-08-03 21:21 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-06-02 12:56 47,360 ----a-w C:\Documents and Settings\ali.EMO-288F17766B2\Application Data\pcouffin.sys
2006-10-05 08:44 480 ----a-w C:\Program Files\uninstal.bin
2006-10-05 08:44 40,960 ----a-w C:\Program Files\uninstal.exe
2006-02-05 22:47 278,695,200 ----a-r C:\Program Files\tmnationseswc_setup.exe
2005-09-21 06:19 718,320 ----a-w C:\Program Files\ABBYY FineReader 8.0 Professional Edition.msi
2005-09-21 05:54 96,256 ----a-w C:\Program Files\2070.mst
2005-09-21 05:54 96,256 ----a-w C:\Program Files\1040.mst
2005-09-21 05:54 95,232 ----a-w C:\Program Files\1036.mst
2005-09-21 05:54 92,160 ----a-w C:\Program Files\1034.mst
2005-09-21 05:54 3,584 ----a-w C:\Program Files\1033.mst
2005-09-20 21:59 360 ----a-w C:\Program Files\setup.ini
2005-09-20 18:38 356,352 ----a-w C:\Program Files\setup.exe
2003-04-21 13:09 245,408 ----a-w C:\Program Files\unicows.dll
2002-03-11 10:06 1,822,520 ----a-w C:\Program Files\instmsiW.exe
2007-08-10 14:03 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2007-08-10 14:03 6,275,816 ----a-w C:\Program Files\opera\program\plugins\ScorchPDFWrapper.dll
2005-05-13 15:12 217,073 --sha-r C:\windows\meta4.exe
2005-10-24 09:13 66,560 --sha-r C:\windows\MOTA113.exe
2005-10-13 19:27 422,400 --sha-r C:\windows\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\windows\system32\avisynth.dll
2005-07-14 10:31 27,648 --sha-r C:\windows\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\windows\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\windows\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\windows\system32\i420vfw.dll
2005-12-22 18:23 816,640 --sha-r C:\windows\system32\smab.dll
2005-02-28 11:16 240,128 --sha-r C:\windows\system32\x.264.exe
2004-01-24 22:00 70,656 --sha-r C:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-29 21:05 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-29 21:05 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-29 21:05 267592]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-29 21:05 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-17 16:47 15360]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2008-01-30 18:55 219952]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-07-15 18:44 1401856]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2008-01-30 18:55 219952]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-25 04:59 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2006-10-17 03:20 398944]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-04 09:58 949376]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 14:36 495616]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 14:48 286720]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-30 23:18 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:47 15360]

C:\Documents and Settings\ali\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-16 00:16:48 61440]

C:\Documents and Settings\ali.EMO-288F17766B2\Start Menu\Programs\Indˇt˘pult\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Indˇt˘pult\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 02:16:54 610365]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-10-12 20:13:43 278528]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Image Zone Express\\HP_IZE.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\USDownloader\\USDownloader.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Programok\\StrongDC.exe"=
"C:\\Program Files\\ChickenShoot X-Mas 2003\\Kurka.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-03-30 23:18]
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\windows\system32\DRIVERS\sea1bus.sys [2007-02-08 13:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\windows\system32\DRIVERS\sea1mdfl.sys [2007-02-08 13:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\windows\system32\DRIVERS\sea1mdm.sys [2007-02-08 13:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\windows\system32\DRIVERS\sea1mgmt.sys [2007-02-08 13:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\windows\system32\DRIVERS\sea1nd5.sys [2007-02-08 13:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\windows\system32\DRIVERS\sea1obex.sys [2007-02-08 13:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\windows\system32\DRIVERS\sea1unic.sys [2007-02-08 13:56]
S3 SF-620;SF-620 USB Infrared Adapter;C:\windows\system32\DRIVERS\SF-620.sys [2004-08-12 04:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d03a515-013a-11db-aec7-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-26 20:50:05 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-09-25 16:07:57 C:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1150992379.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 18:51:20
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pgfilter]
"ImagePath"="\??\C:\Program Files\PeerGuardian2\pgfilter.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-01 18:52:04
ComboFix-quarantined-files.txt 2008-04-01 16:52:01
13 könyvtár 23,831,580,672 bájt szabad
16 könyvtár 23,818,858,496 bájt szabad
.
2008-03-15 09:08:35 --- E O F ---


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
Napísal autor témyOffline : 01.04.2008 19:29 | http://208.101.27.67/2202.exe

Po teste mi prestal vyskakovat na monitor ten alarm od NOD s tou koncovkou ...2202aa.exe. Pozrel som aj miesto, kde sa predtym nachádzal..
Ze by zmizol?! Hmm.. Cudné.. :loony:


Offline

Skúsený užívateľ
Skúsený užívateľ
http://208.101.27.67/2202.exe

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 01.04.2008 20:19 | http://208.101.27.67/2202.exe

Nie je to čudné. Combofix vymazal mnohonásobnú zálohu toho trojana, ktorú si NOD nevšimol (typické) a mazal len aktívny trojan.
Ešte v combofixe vykonaj tento skript:
Kód:
KillAll::

Driver::
FFI

File::
C:\windows\x2.64.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d03a515-013a-11db-aec7-806d6172696f}]
 


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.03.08
Prihlásený: 10.06.17
Príspevky: 78
Témy: 15 | 15
Napísal autor témyOffline : 01.04.2008 20:33 | http://208.101.27.67/2202.exe

Velmi pekne Ti dakujem za pomoc !!! :)


 [ Príspevkov: 14 ] 


http://208.101.27.67/2202.exe




© 2005 - 2017 PCforum, edited by JanoF