Zaseklý zavirovaný PC

tabape · Příspěvekod **tabape** » 17 lis 2011 20:54

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:41:21, on 17.11.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Zdenek\AppData\Local\Seznam.cz\postak.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Zdenek\Desktop\New Folder\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\Zdenek\AppData\Local\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe -rem
O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{10FAFB6D-C08D-4BF5-AC21-787996885DD4}: NameServer = 88.146.157.41,212.111.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{10FAFB6D-C08D-4BF5-AC21-787996885DD4}: NameServer = 88.146.157.41,212.111.0.10
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 11381 bytes

Reklama

Příspěvekod **jaro3** » 17 lis 2011 21:46

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

Odinstaluj si jeden antivir (+antispyware)...bud ESET NOD32 nebo Avast , nemůžeš mít dva..
Pak udělej nový sken Combofixem.

Co ty soubory na VirusTotal??

tabape · Příspěvekod **tabape** » 17 lis 2011 21:48

File name:
dnssdX.dll
Submission date:
2011-11-17 20:34:55 (UTC)
Current status:
finished
Result:
1/ 41 (2.4%)

tabape · Příspěvekod **tabape** » 17 lis 2011 21:50

Antivirus Version Last Update Result
AhnLab-V3 2011.11.16.00 2011.11.16 -
AntiVir 7.11.17.203 2011.11.16 -
Antiy-AVL 2.0.3.7 2011.11.16 -
Avast 6.0.1289.0 2011.11.16 -
AVG 10.0.0.1190 2011.11.16 -
BitDefender 7.2 2011.11.16 -
ByteHero 1.0.0.1 2011.11.14 Trojan.Malware.Win32.xPack.i
ClamAV 0.97.3.0 2011.11.16 -
Commtouch 5.3.2.6 2011.11.16 -
Comodo 10778 2011.11.14 -
DrWeb 5.0.2.03300 2011.11.16 -
Emsisoft 5.1.0.11 2011.11.16 -
eSafe 7.0.17.0 2011.11.16 -
eTrust-Vet 37.0.9569 2011.11.16 -
F-Prot 4.6.5.141 2011.11.16 -
F-Secure 9.0.16440.0 2011.11.16 -
Fortinet 4.3.370.0 2011.11.16 -
GData 22 2011.11.16 -
Ikarus T3.1.1.109.0 2011.11.16 -
Jiangmin 13.0.900 2011.11.16 -
K7AntiVirus 9.119.5474 2011.11.16 -
Kaspersky 9.0.0.837 2011.11.16 -
McAfee 5.400.0.1158 2011.11.16 -
McAfee-GW-Edition 2010.1D 2011.11.16 -
Microsoft 1.7801 2011.11.16 -
NOD32 6636 2011.11.16 -
Norman 6.07.13 2011.11.16 -
nProtect 2011-11-16.01 2011.11.16 -
Panda 10.0.3.5 2011.11.16 -
PCTools 8.0.0.5 2011.11.16 -
Prevx 3.0 2011.11.17 -
Rising 23.84.02.02 2011.11.16 -
Sophos 4.71.0 2011.11.16 -
SUPERAntiSpyware 4.40.0.1006 2011.11.16 -
TheHacker 6.7.0.1.343 2011.11.16 -
TrendMicro 9.500.0.1008 2011.11.16 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.16 -
VBA32 3.12.16.4 2011.11.15 -
VIPRE 11062 2011.11.16 -
ViRobot 2011.11.16.4776 2011.11.16 -
VirusBuster 14.1.66.1 2011.11.16 -
Additional information
Show all
MD5 : 111f48831c088d047644b307ce0e5888
SHA1 : 52614d20766d49a3d55cfa6fd44ccc8388836de4
SHA256: d6ac30d3a11c5586f96ce458191738db520fe5706eae1b6a23e1b9e40c7498a1

VT Community

tabape · Příspěvekod **tabape** » 17 lis 2011 21:52

a ten druhý mi to nechce vzít, nic se neděje, nic to nenapíše, chvíli to načítá a pak nic...

Příspěvekod **jaro3** » 17 lis 2011 22:11

dnssdX.dll to bude asi omyl toho antiviru...

Vlož tam jen tu cestu , nehkledej nic v exploreru..

Nebo zkus sem:
http://www.virscan.org/

tabape · Příspěvekod **tabape** » 17 lis 2011 22:37

Prestal mi na tom notebooku jet internet...

1Spitfire1 · Příspěvekod **1Spitfire1** » 17 lis 2011 22:53

Udělej si zavčas zálohu. Budeš muset přeinstalovat OS.
A odinstaluj AVAST.

Příspěvekod **jaro3** » 17 lis 2011 23:08

1Spitfire1: Takové rady si nech pro sebe a nevstupuj do řešeného problému!!!

Zkus několikrát restartovat PC.

tabape · Příspěvekod **tabape** » 17 lis 2011 23:35

Tak net po restartu jel, ale ted uz se asi po treti snazim po log z combofixu a nikdy mi to zadny neudela. Skonci to na 50.fázi

tabape · Příspěvekod **tabape** » 17 lis 2011 23:50

zase to nejede, ja uz to asi dnes balim. diky za pomoc. Zitra se budu snazit pokracovat.

Příspěvekod **jaro3** » 18 lis 2011 08:19

OK , někdy vytváření logu trvá neskutečně dlouho i půl hodiny i víc. Je třeba vyčkat.

Zaseklý zavirovaný PC Vyřešeno

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Re: Zaseklý zavirovaný PC

Kdo je online