PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Swreg.exe a swsc.exe - trojani?

https://pc-help.cnews.cz/viewtopic.php?f=70&t=25723

Stránka 1 z 1

Swreg.exe a swsc.exe - trojani?

Napsal: 24 bře 2008 14:04
od Pakl
Kontrolou MWAV jsem zjistil, že od poslední kontroly (kterou jste revidovali - dík za to!) přibyly další dvě hlášky infikovaných souborů:

24 III 2008 13:38:55 - Offending file found: C:\WINDOWS\system32\swreg.exe
24 III 2008 13:38:55 - System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Nic nebylo provedeno.

24 III 2008 13:38:55 - Offending file found: C:\WINDOWS\system32\swsc.exe
24 III 2008 13:38:55 - System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Nic nebylo provedeno.

Na http://pc-forum.cz/viewtopic.php?p=9583 ... cd3de3a6fe je napsáno, že to je planý poplach. Prosím vás o radu, platí to i v mém případě?

Pro jistotu posílám celý log, resp. jeho část "Informace o hrozbách" - snad to stačí.


24 III 2008 13:38:51 - ***** Testování registrů a souborů na přítomnost Adware/Spyware *****
24 III 2008 13:38:51 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\xxx\LOCALS~1\Temp\spydb.avs, Size: 359872].
24 III 2008 13:38:51 - Indexed Spyware Databases Successfully Created...

24 III 2008 13:38:52 - Offending Key found: HKLM\Software\magnet !!!
24 III 2008 13:38:53 - Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

24 III 2008 13:38:53 - Offending Key found: HKCU\Software\kazaa !!!
24 III 2008 13:38:53 - Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

24 III 2008 13:38:54 - Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
24 III 2008 13:38:54 - Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

24 III 2008 13:38:54 - Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\look2me !!!
24 III 2008 13:38:54 - Objekt "look2me Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

24 III 2008 13:38:54 - Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
24 III 2008 13:38:54 - Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

24 III 2008 13:38:54 - Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
24 III 2008 13:38:54 - Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

24 III 2008 13:38:54 - Key found with NULL Character: HKLM\Software\Microsoft\Windows\CurrentVersion\System !!!
24 III 2008 13:38:54 - Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

24 III 2008 13:38:54 - Offending Key found: HKCR\magnet !!!
24 III 2008 13:38:54 - Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

24 III 2008 13:38:55 - Offending file found: C:\WINDOWS\notepad2.exe
24 III 2008 13:38:55 - System found infected with popuper Spyware/Adware (notepad2.exe)! Action taken: Nic nebylo provedeno.

24 III 2008 13:38:55 - Offending file found: C:\WINDOWS\system32\swreg.exe
24 III 2008 13:38:55 - System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Nic nebylo provedeno.

24 III 2008 13:38:55 - Offending file found: C:\WINDOWS\system32\swsc.exe
24 III 2008 13:38:55 - System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Nic nebylo provedeno.

24 III 2008 13:38:58 - Offending Registry Entry found: hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com
24 III 2008 13:38:58 - System found infected with mirar Spyware/Adware (hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com)! Action taken: Nic nebylo provedeno.

24 III 2008 13:38:59 - Offending Registry Entry found: hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll
24 III 2008 13:38:59 - System found infected with regsort Corrupted Adware/Spyware (hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll)! Action taken: Nic nebylo provedeno.

Re: Swreg.exe a swsc.exe - trojani?

Napsal: 24 bře 2008 14:12
od memphisto
přilož ještě log z HijackThis

PS: sry, to jsem nevěděl :oops:

Re: Swreg.exe a swsc.exe - trojani?

Napsal: 24 bře 2008 14:36
od Baron Prášil
tyto soubory patří combofixu

ale,preventiní log z hijackthis? určitě! :D

Re: Swreg.exe a swsc.exe - trojani?

Napsal: 24 bře 2008 15:38
od Pakl
Tož dík, tu je ještě HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:08, on 24.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\MuralPix\MpAgent.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\JetToolBar\JetTB.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MuralPixAgent] D:\Program Files\MuralPix\MpAgent.exe /r
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: jetToolBar.lnk = C:\Program Files\JetToolBar\JetTB.exe
O4 - Global Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: SCARABAY - {A28A0545-4B15-4AC0-B4A4-118ACA2A7317} - E:\Abacus\Scarabay\scielib.dll
O9 - Extra 'Tools' menuitem: To fill a login and the password - {A28A0545-4B15-4AC0-B4A4-118ACA2A7317} - E:\Abacus\Scarabay\scielib.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAEF8860-9B05-4F76-BC0F-43604BB4A876}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sp_rssrv - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9134 bytes

Re: Swreg.exe a swsc.exe - trojani?

Napsal: 24 bře 2008 22:26
od Baron Prášil
bez problémů :bigups:

Re: Swreg.exe a swsc.exe - trojani?

Napsal: 24 bře 2008 22:48
od Pakl
Tož dík převelký.
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/