PCTuning fórum

doslo k potizeim a je treba ji zavrit...

mel jsem nejake trojany,smazal,NOD32 nic nehlasi,padal mi system:Autorised....odpocitavani...vypl jsem vzdalene volani procedur ale Generic Host Proces je traba vypnout to furt hlasi(pri startu systemu...

jo a NOD32 nemuze skontrolovat tenhle soubor-smdat32a.sys pry je pouzivan,zaclo to v okamziku zjisteni trojanu...

Mam ADSL 512/128

Elprezidento píše:...mel jsem nejake trojany,smazal...

No spíš to vypadá, že nesmazal... aspoň ne všechny. Postni sem výpis z HiJackThis.

Logfile of HijackThis v1.98.2
Scan saved at 16:09:06, on 14.11.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\System32\system32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\wincmd\WINCMD32.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SiMoCo\SiMoCo.exe
C:\Program Files\Opera7\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pavel\Dokumenty\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fulltext.centrum.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/82.179.166.192/index.php?v=6&aff=88489
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.centrum.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.192 new-search.net
O1 - Hosts: 82.179.166.190 x-google.net
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] system32.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] system32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sygate Personal Firewall] system32.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.centrum.cz/
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

tyhle dvě se mně moc nezdaj, P2P nemusím, dělá to bordel v PC

Rozhodně se podívej na následující položky:

• C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
• C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/82.179.166.192/index.php?v=6&aff=88489
• R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
• O1 - Hosts: 82.179.166.192 new-search.net
• O1 - Hosts: 82.179.166.190 x-google.net
• O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
• O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
• O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll



Tohle neznám - je to regulerní?

• O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

co to znamena podivej se...mam nainstalovany ad-aware ten to neodhali,dalsi SYSTEM SPYWARE me odkazuje na mazani v registru a podobne veci,na coz si bez rozumne rady netroufnu...diky za starost..

Elprezidento píše:co to znamena podivej se...mam nainstalovany ad-aware ten to neodhali,dalsi SYSTEM SPYWARE me odkazuje na mazani v registru a podobne veci,na coz si bez rozumne rady netroufnu...diky za starost..

Před spouštěcí klíče v registrech napiš "-" (bez úvozovek) a nebo je vyexportuj a smázni. Případně ty exe/dll soubory (asm.exe, evntsvc.exe...) zabal a pošli na xp@wo.cz - mrknu na ně.

DU Meter mi stale a stale hlasi upload mezi 0-5 kb/s furt neustale...mam zapnuty firewall v XP,mam nainstalovany Kerio,netlimiter hlasi obcasne malinke uploady na system32.exe ale opravdu zanedbatelny...ale pritom graf skace neustale nahoru k 5ti kb/s...po 20 minutach pripojeni zacina upload pomalu klesat,ted cca po 45 min je nulovy...po restartu pc znovu odber...nechapu nechapu...