RTC video PnP listener - prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 05 čer 2017 11:17

2017-06-04 21:53:59.406 Sophos Virus Removal Tool version 2.6.0
2017-06-04 21:53:59.406 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-06-04 21:53:59.406 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-06-04 21:53:59.406 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2017-06-04 21:53:59.406 Checking for updates...
2017-06-04 21:54:00.593 Update progress: proxy server not available
2017-06-04 21:54:03.265 Update error: failed to read remote metadata (error 4)
[T46381] ..\SUL\Handle.cpp:98 + SU::Handle::readRemoteMetadata()
[T75884] ..\SUL\Metadata.cpp:144 SU::Metadata::readRemoteMetadata()
[I40394] Downloading customer file from sophos:1:1
[E26245] Error fetching data from http://dci.sophosupd.com/update/2/9e/29 ... a00871.dat: WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:2:1
[E26245] Error fetching data from http://dci.sophosupd.net/update/2/9e/29 ... a00871.dat: WinHttpSendRequest 12029
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:3:1
[E75373] Ran out of sophos aliases for this update source
[E35369] Out of update sources
[E99999] Out of sources
2017-06-04 21:54:22.343 Error initialising detection engine - virus data checksum error
2017-06-04 21:54:25.593 Error level 1

2017-06-04 21:54:32.859 Scan failed due to fatal error.
2017-06-04 21:54:32.859

------------------------------------------------------------

2017-06-04 21:54:34.812 Sophos Virus Removal Tool version 2.6.0
2017-06-04 21:54:34.812 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-06-04 21:54:34.812 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-06-04 21:54:34.812 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2017-06-04 21:54:34.812 Checking for updates...
2017-06-04 21:54:35.859 Update progress: proxy server not available
2017-06-04 21:54:45.015 Error initialising detection engine - virus data checksum error
2017-06-04 21:54:51.359 Downloading updates...
2017-06-04 21:54:51.359 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-06-04 21:54:51.359 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-04 21:54:51.359 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-04 21:54:51.359 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-06-04 21:54:51.359 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-06-04 21:54:51.359 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-06-04 21:54:51.375 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-06-04 21:54:51.375 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-06-04 21:54:51.375 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-06-04 21:54:51.375 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-04 21:54:51.531 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-06-04 21:54:51.531 Update progress: [I19463] Product download size 165113825 bytes
2017-06-04 21:55:49.953 Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-06-04 21:55:49.953 Update progress: [I19463] Product download size 1784068 bytes
2017-06-04 21:55:57.218 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-06-04 21:55:57.218 Update progress: [I19463] Product download size 2265483 bytes
2017-06-04 21:56:07.390 Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-06-04 21:56:07.390 Update progress: [I19463] Product download size 353040 bytes
2017-06-04 21:56:12.421 Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-06-04 21:56:13.468 Installing updates...
2017-06-04 21:56:14.078 Error level 1
2017-06-04 21:57:43.984 Update successful
2017-06-04 21:58:20.468 Option all = no
2017-06-04 21:58:20.468 Option recurse = yes
2017-06-04 21:58:20.468 Option archive = no
2017-06-04 21:58:20.468 Option service = yes
2017-06-04 21:58:20.468 Option confirm = yes
2017-06-04 21:58:20.468 Option sxl = yes
2017-06-04 21:58:20.468 Option max-data-age = 35
2017-06-04 21:58:20.468 Option vdl-logging = yes
2017-06-04 21:58:20.578 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-06-04 21:58:20.578 Machine ID: 5f788f5f83d4461292853faca75187c0
2017-06-04 21:58:20.593 Component SVRTcli.exe version 2.6.0
2017-06-04 21:58:20.593 Component control.dll version 2.6.0
2017-06-04 21:58:20.593 Component SVRTservice.exe version 2.6.0
2017-06-04 21:58:20.593 Component engine\osdp.dll version 1.44.1.2285
2017-06-04 21:58:20.593 Component engine\veex.dll version 3.68.5.2285
2017-06-04 21:58:20.593 Component engine\savi.dll version 9.0.7.2285
2017-06-04 21:58:20.593 Component rkdisk.dll version 1.5.31.1
2017-06-04 21:58:20.593 Version info: Product version 2.6.0
2017-06-04 21:58:20.593 Version info: Detection engine 3.68.5
2017-06-04 21:58:20.593 Version info: Detection data 5.39
2017-06-04 21:58:20.593 Version info: Build date 2.5.2017
2017-06-04 21:58:20.593 Version info: Data files added 296
2017-06-04 21:58:20.593 Version info: Last successful update 4.6.2017 23:57:43

2017-06-05 01:19:50.250 Warning: rootkit scan failed to open device "\\?\Volume{551a1f7f-acc6-11e6-aa1f-806d6172696f}" (87)
2017-06-05 02:16:10.687 >>> Virus 'Mal/VMProtBad-A' found in file C:\System Volume Information\_restore{CD251913-093A-471D-BD79-C51A04E4C3ED}\RP179\A0197279.dll
2017-06-05 02:16:10.750 >>> Virus 'Mal/VMProtBad-A' found in file HKCR\exefile\default
2017-06-05 02:44:20.125 Could not open LOGICAL:0003:00000000
2017-06-05 02:44:20.125 Could not open D:\
2017-06-05 02:47:33.421 Could not open LOGICAL:0005:00000000
2017-06-05 02:47:33.437 Could not open F:\
2017-06-05 02:47:33.703 The following items will be cleaned up:
2017-06-05 02:47:33.703 Mal/VMProtBad-A
2017-06-05 09:17:09.125 Threat 'Mal/VMProtBad-A' has been cleaned up.
2017-06-05 09:17:09.125 Registry value "HKCR\exefile\default" belongs to malware 'Mal/VMProtBad-A'.
2017-06-05 09:17:09.125 Registry value "HKCR\exefile\default" has been cleaned up.
2017-06-05 09:17:09.125 File "C:\System Volume Information\_restore{CD251913-093A-471D-BD79-C51A04E4C3ED}\RP179\A0197279.dll" belongs to malware 'Mal/VMProtBad-A'.
2017-06-05 09:17:09.125 File "C:\System Volume Information\_restore{CD251913-093A-471D-BD79-C51A04E4C3ED}\RP179\A0197279.dll" has been cleaned up.
2017-06-05 09:17:09.125 Removal successful
2017-06-05 09:17:10.015 Error level 0

Reklama
Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 05 čer 2017 16:53

Mám problémy s roguekillerem(jen s tou novou verzí) po dvaceti minutách se program freezne a neodpovídá. U starší druhé verze se starým interfacem problém nemám, ale nevím jestli je stejně kvalitní vzhledem k tomu, že se například nemusí instalovat?
Možná by se mi podařilo scan dokončit ve stavu nouze.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 05 čer 2017 18:48

jo nouzový režim je lepší.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 06 čer 2017 10:13

Roguekiller přestal odpovídat. Mám pocit, že se to stane pokaždé,když kontroluje soubor:
C:\RECYCLERS\S-1-5-21-7253455443-1078081533-839522115-500\Dc3.exe

Jinak stihl detekovat jednu infekci:

C:\Documents and Settings\Administrator.BBDRA...Settings\Data aplikací\Slimware Utilities Inc

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 06 čer 2017 10:17

Zkusím to ještě jednou.

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 06 čer 2017 11:17

Znovu se to zaseklo, tentokrát u jinýho soboru.

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 06 čer 2017 13:23

Udělal jsem scan v RKportable_old interface. Nalezenou položku jsem vymazal.

{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.11.1.0",
"x64": false,
"date": "Jun 4 2017",
"contact": "http://www.adlice.com/contact/",
"feedback": "https://forum.adlice.com",
"website": "http://www.adlice.com/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows XP (5.1.2600 Service Pack 3) 32 bits version",
"boot": 1,
"winpe": false,
"user": "Administrator",
"user_admin": true,
"program_location": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Plocha\\RogueKiller_old32.exe",
"x64": false,
"licensing": "free"
},
"report": {
"type": 2,
"aborted": false,
"date": "06/06/2017 11:25:19",
"duration": 6540,
"debug": false,
"count": 1,
"show_legit_hooks": false,
"expert_mode": false,
"switches": []
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": false
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": false
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 164,
"path": "C:\\WINDOWS2\\system32\\smss.exe",
"command_line": "\\SystemRoot\\System32\\smss.exe",
"pid_parent": 4,
"path_parent": "",
"is_64": false
},
{
"name": "csrss.exe",
"name_parent": "smss.exe",
"pid": 340,
"path": "C:\\WINDOWS2\\system32\\csrss.exe",
"command_line": "",
"pid_parent": 164,
"path_parent": "C:\\WINDOWS2\\system32\\smss.exe",
"is_64": false
},
{
"name": "winlogon.exe",
"name_parent": "smss.exe",
"pid": 364,
"path": "C:\\WINDOWS2\\system32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 164,
"path_parent": "C:\\WINDOWS2\\system32\\smss.exe",
"is_64": false
},
{
"name": "services.exe",
"name_parent": "winlogon.exe",
"pid": 416,
"path": "C:\\WINDOWS2\\system32\\services.exe",
"command_line": "C:\\WINDOWS2\\system32\\services.exe",
"pid_parent": 364,
"path_parent": "C:\\WINDOWS2\\system32\\winlogon.exe",
"is_64": false
},
{
"name": "lsass.exe",
"name_parent": "winlogon.exe",
"pid": 428,
"path": "C:\\WINDOWS2\\system32\\lsass.exe",
"command_line": "C:\\WINDOWS2\\system32\\lsass.exe",
"pid_parent": 364,
"path_parent": "C:\\WINDOWS2\\system32\\winlogon.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 592,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS2\\system32\\svchost -k DcomLaunch",
"pid_parent": 416,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 660,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 416,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 716,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS2\\system32\\svchost.exe -k netsvcs",
"pid_parent": 416,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 964,
"path": "C:\\WINDOWS2\\explorer.exe",
"command_line": "C:\\WINDOWS2\\Explorer.EXE",
"pid_parent": 928,
"path_parent": "",
"is_64": false
},
{
"name": "RogueKiller_old32.exe",
"name_parent": "Explorer.EXE",
"pid": 1308,
"path": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Plocha\\RogueKiller_old32.exe",
"command_line": "\"C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Plocha\\RogueKiller_old32.exe\" ",
"pid_parent": 964,
"path_parent": "C:\\WINDOWS2\\explorer.exe",
"is_64": false
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [],
"tasks": [],
"filesystem": [
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP.Gen1"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "SlimWare Utilities Inc",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc",
"path_compressed": "%localappdata%\\SlimWare Utilities Inc",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "ignores.dat",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\ignores.dat",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\ignores.dat",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "acer.png",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\Images\\acer.png",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\Images\\acer.png",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 2,
"name": "Images",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\Images",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\Images",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "2016-11-21 23-49-45 0.log",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\Logs\\2016-11-21 23-49-45 0.log",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\Logs\\2016-1~1.LOG",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "2016-11-21 23-49-58 0.log",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\Logs\\2016-11-21 23-49-58 0.log",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\Logs\\2016-1~2.LOG",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "2016-11-21 23-51-10 0.log",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\Logs\\2016-11-21 23-51-10 0.log",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\Logs\\2016-1~3.LOG",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 2,
"name": "Logs",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\Logs",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\Logs",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "rupdates.db",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\rupdates.db",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\rupdates.db",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "settings.db",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\settings.db",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\settings.db",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "supdates.db",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\supdates.db",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\supdates.db",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "SWDUMon.cat",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\SWDUMon.cat",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\SWDUMon.cat",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "SWDUMon.inf",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\SWDUMon.inf",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\SWDUMon.inf",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 1,
"name": "SWDUMon.sys",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers\\SWDUMon.sys",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1\\SWDUMon.sys",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
},
{
"type": 2,
"name": "SlimDrivers",
"path_expanded": "C:\\Documents and Settings\\Administrator.BBDRA2-3D0A5E7C\\Local Settings\\Data aplikací\\SlimWare Utilities Inc\\SlimDrivers",
"path_compressed": "%SystemDrive%\\DOCUME~1\\ADMINI~1.BBD\\LOCALS~1\\DATAAP~1\\SLIMWA~1\\SLIMDR~1",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
}
]
}
],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": false,
"driver_error": 65536,
"results": []
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: WDC WD20EARS-00S8B1 +++++\n--- User ---\n[MBR] a5ced8a48748cd199ba61954ef8dd124\n[BSP] 970b64111ddb8e108d85fbe7f7707fa1 : Windows XP MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 14 | Size: 1907727 MB [Windows XP Bootstrap | Windows XP Bootloader]\nUser = LL1 ... OK\nError reading LL2 MBR! NOT VALID!\n\n+++++ PhysicalDrive1: SAMSUNG HD502HI +++++\n--- User ---\n[MBR] 98233269bb5a58b110f235d5cf8cd70e\n[BSP] 7d509d352da6a11935c6d5a6e6d43cad : Windows XP MBR Code\nPartition table:\n0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB[Invalid]\nUser = LL1 ... OK\nError reading LL2 MBR! NOT VALID!\n\n+++++ PhysicalDrive2: WD Elements 1078 USB Device +++++\n--- User ---\n[MBR] 80c62457758a47faf6e8d4dd76b6817c\n[BSP] 3154fbf95cc663d581f5ae972329f964 : Windows XP MBR Code\nPartition table:\n0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715371 MB [Windows XP Bootstrap | Windows XP Bootloader]\nUser = LL1 ... OK\nError reading LL2 MBR! ([32] Po?adavek není podporován. )\n\n"
}
}
}

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 06 čer 2017 17:30

Vypni antivir i firewall.
Stáhni
Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 06 čer 2017 19:38

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Administrator on Łt 06.06.2017 at 19:22:38,56.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Documents and Settings\Adam2\Plocha\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

\zoek-results2016-03-14-225613.log 7713 bytes
\zoek-results2016-11-03-193430.log 15800 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\ATI Technologies deleted successfully
C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\LumaEmu_SteamCloud deleted successfully
C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Malwarebytes' Anti-Malware (portable) deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Dictionary by not found
C:\Program Files\ATI Technologies not found
C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Malwarebytes' Anti-Malware (portable) not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\Program Files\VstPlugins123 deleted
C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\ProductData deleted
C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Package Cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi" [16.03.2017 01:52]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fhoibnponjcgjgcnfacekaijdbbplhib - https://chrome.google.com/webstore/deta ... ijdbbplhib[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Documents and Settings\Adam2\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=11563 folders=926 3380604099 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS2\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS2\Temp successfully emptied
C:\DOCUME~1\Adam2\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\\Documents and Settings\Adam2\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Łt 06.06.2017 at 19:34:07,06 ======================

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 06 čer 2017 21:57

Zemana AntiMalware 2.72.2.388 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.6.6
Operating System : Windows XP 32-bit
Processor : 4X AMD Phenom(tm) II X4 965 Processor
BIOS Mode : Legacy
CUID : 1411D8038D943CE9720D4E
Scan Type : Skenování systému
Duration : 61m 44s
Scanned Objects : 377721
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : SKUPINA,0,2

Detected Objects
-------------------------------------------------------

Tabs Hijack (System)
Status : Skenováno
Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potenciálně nechtěné modifikace
Cleaning Action : Opravit
Related Objects :
Záznam registru - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = about:newtab


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 06 čer 2017 22:09

Ještě Combofix.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 06 čer 2017 22:16

ComboFix 17-05-16.01 - Adam2 06.06.2017 22:05:22.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2367 [GMT 2:00]
Spuštěný z: c:\documents and settings\Adam2\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinPCap
c:\program files\WinPCap\LICENSE
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\uninstall.exe
E:\autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-05-06 do 2017-06-06 )))))))))))))))))))))))))))))))
.
.
2017-06-06 17:40 . 2017-06-06 17:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací\Zemana
2017-06-06 17:40 . 2017-06-06 17:40 181496 ----a-w- c:\windows2\system32\drivers\zam32.sys
2017-06-06 17:40 . 2017-06-06 17:40 181496 ----a-w- c:\windows2\system32\drivers\zamguard32.sys
2017-06-06 17:40 . 2017-06-06 17:40 -------- d-----w- c:\program files\Zemana AntiMalware
2017-06-06 17:40 . 2017-06-06 17:40 -------- d-----w- c:\documents and settings\Adam2\Local Settings\Data aplikací\Zemana
2017-06-06 17:31 . 2017-06-06 17:22 24064 ----a-w- c:\windows2\zoek-delete.exe
2017-06-05 09:23 . 2017-06-05 09:23 -------- d-----w- c:\program files\RogueKiller
2017-06-04 21:53 . 2017-06-04 21:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Data aplikací\Sophos
2017-06-04 18:11 . 2017-06-04 18:11 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací\LogMeIn
2017-05-08 19:25 . 2017-05-08 19:25 121560 ----a-w- c:\windows2\system32\drivers\mbamchameleon.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-06 09:25 . 2017-04-04 00:01 24688 ----a-w- c:\windows2\system32\drivers\TrueSight.sys
2017-06-04 22:05 . 2017-04-07 11:38 356 ----a-w- c:\documents and settings\Adam2\advanced_ip_scanner_MAC.bin
2017-06-04 22:05 . 2017-04-07 11:38 41 ----a-w- c:\documents and settings\Adam2\advanced_ip_scanner_Aliases.bin
2017-04-11 12:28 . 2017-04-07 12:21 159448 ----a-w- c:\windows2\system32\drivers\klflt.sys
2017-04-11 12:28 . 2017-04-07 12:21 128496 ----a-w- c:\windows2\system32\drivers\klhk.sys
2017-04-07 12:39 . 2016-06-14 15:47 165088 ----a-w- c:\windows2\system32\drivers\kneps.sys
2017-03-15 02:21 . 2017-03-15 02:21 1700352 ----a-w- c:\windows2\system32\gdiplus.dll
2017-03-15 02:21 . 2017-03-15 02:21 1060864 ----a-w- c:\windows2\system32\mfc71.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-11-03 27226072]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-02-17 2789248]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2000-01-01 41134712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2017-03-02 5883912]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2017-04-03 14522512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS2\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Adam2\\Plocha\\dst\\bin\\dontstarve_steam.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows2\system32\drivers\cm_km.sys [10.6.2016 6:41 170840]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows2\system32\drivers\klbackupdisk.sys [7.6.2016 23:33 57264]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows2\system32\drivers\HWiNFO32.SYS [20.11.2016 20:30 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows2\system32\drivers\klbackupflt.sys [15.6.2016 0:17 77656]
R1 klhk;Kaspersky Lab service driver;c:\windows2\system32\drivers\klhk.sys [7.4.2017 14:21 128496]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows2\system32\drivers\klpd.sys [31.5.2016 23:31 41392]
R1 kltdf;kltdf;c:\windows2\system32\drivers\kltdf.sys [17.5.2016 23:34 82352]
R1 kltdi;kltdi;c:\windows2\system32\drivers\kltdi.sys [17.5.2016 23:15 71088]
R1 kneps;kneps;c:\windows2\system32\drivers\kneps.sys [14.6.2016 17:47 165088]
R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [12.6.2013 11:10 5280944]
R1 ZAM;ZAM Helper Driver;c:\windows2\system32\drivers\zam32.sys [6.6.2017 19:40 181496]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows2\system32\drivers\zamguard32.sys [6.6.2017 19:40 181496]
R2 FoxitReaderService;Foxit Reader Service;c:\program files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [6.3.2017 3:23 1659592]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2.3.2017 14:26 2282504]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows2\system32\KaraokeSer.exe [17.11.2016 16:52 88696]
R2 kldisk;kldisk;c:\windows2\system32\drivers\kldisk.sys [31.5.2016 23:24 69000]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [27.2.2017 12:01 405424]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [26.12.2015 0:24 1880960]
R2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [6.6.2017 19:40 14522512]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows2\system32\drivers\dtlitescsibus.sys [2.5.2015 14:14 25104]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows2\system32\drivers\klflt.sys [7.4.2017 14:21 159448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows2\system32\drivers\klim5.sys [23.5.2016 22:33 50080]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows2\system32\drivers\klkbdflt.sys [19.5.2016 0:50 44976]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows2\system32\drivers\klmouflt.sys [7.6.2015 1:44 37040]
R3 kltap;Kaspersky Security Data Escort Adapter;c:\windows2\system32\drivers\kltap.sys [22.6.2016 13:50 42336]
R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [3.4.2017 21:36 21104]
R3 NLNdisMP;NLNdisMP;c:\windows2\system32\drivers\nlndis.sys [12.6.2013 11:10 5229360]
R3 usbfilter;AMD USB Filter Driver;c:\windows2\system32\drivers\usbfilter.sys [17.11.2016 16:31 43392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows2\system32\drivers\viahduaa.sys [17.11.2016 16:52 2561968]
S2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [28.6.2016 1:54 241544]
S2 KSDE1.0.0;Služba Kaspersky Secure Connection 1.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [28.6.2016 2:54 241544]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.3.2016 4:10 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [20.9.2016 13:54 324224]
S3 AMBFilt;AMBFilt;c:\windows2\system32\drivers\Ambfilt.sys [17.11.2016 16:52 1656960]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31.3.2015 8:30 1023728]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows2\system32\drivers\nlndis.sys [12.6.2013 11:10 5229360]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ZAM
*NewlyCreated* - ZAMSVC
*NewlyCreated* - ZAM_GUARD
.
Obsah adresáře 'Naplánované úlohy'
.
2017-05-08 c:\windows2\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows2\system32\xp_eos.exe [2016-11-21 23:28]
.
2017-06-06 c:\windows2\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows2\system32\xp_eos.exe [2016-11-21 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.slimwareutilities.com/slimdr ... wnload.php
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Codec_is1 - c:\program files\Codec\Uninstall\unins000.exe
AddRemove-{23daf363-3020-4059-b3ae-dc4ad39fed19} - c:\documents and settings\All Users.WINDOWS2\Data aplikací\Package Cache\{23daf363-3020-4059-b3ae-dc4ad39fed19}\VC_redist.x86.exe
AddRemove-{2af972c7-13b0-4978-92a8-fee26a4fb4e9} - c:\documents and settings\All Users.WINDOWS2\Data aplikací\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\documents and settings\All Users.WINDOWS2\Data aplikací\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\documents and settings\All Users.WINDOWS2\Data aplikací\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\documents and settings\All Users.WINDOWS2\Data aplikací\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-06-06 22:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2017-06-06 22:15:59
ComboFix-quarantined-files.txt 2017-06-06 20:15
.
Před spuštěním: Volných bajtů: 1 615 176 515 584
Po spuštění: Volných bajtů: 1 615 122 284 544
.
- - End Of File - - 92AE2D38A385F09937941689A6145813
413FC2A0C716421B3158746D63736515


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů