Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:01, on 15.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\DOCUME~1\Notebook\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [Notebook] C:\Documents and Settings\Notebook\Notebook.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\WINDOWS\
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Síťová schránka ClipSrvsp_rssrv (ClipSrvsp_rssrv) - Unknown owner - C:\WINDOWS\system32\6to4svcr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8067 bytes
Prosim o kontrolu HJT - nalezeny ROOTKITY Vyřešeno
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
tak pocet nalezenych viru se od vcera zdvojnasobil..tak nevim. je treba sem vypsat nazvy jednotlivych trojanu?
diky
diky
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
Malwarebytes' Anti-Malware 1.36
Verze databáze: 1984
Windows 5.1.2600 Service Pack 3
15.4.2009 10:30:59
mbam-log-2009-04-15 (10-30-55).txt
Typ skenu: Rychlý sken
Objektu skenováno: 63531
Uplynulý cas: 2 minute(s), 35 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 14
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 49
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\ws2_32sik.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Notebook.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN20.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN21.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN24.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN35.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN36.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN37.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> No action taken.
Verze databáze: 1984
Windows 5.1.2600 Service Pack 3
15.4.2009 10:30:59
mbam-log-2009-04-15 (10-30-55).txt
Typ skenu: Rychlý sken
Objektu skenováno: 63531
Uplynulý cas: 2 minute(s), 35 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 14
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 49
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\ws2_32sik.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Notebook.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN20.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN21.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN24.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN35.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN36.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN37.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> No action taken.
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochranu u AVG+štít u ST.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochranu u AVG+štít u ST.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
log mbam
Malwarebytes' Anti-Malware 1.36
Verze databáze: 1984
Windows 5.1.2600 Service Pack 3
15.4.2009 11:32:59
mbam-log-2009-04-15 (11-32-59).txt
Typ skenu: Rychlý sken
Objektu skenováno: 63597
Uplynulý cas: 2 minute(s), 8 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 14
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 48
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\systemntmi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ws2_32sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN36.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN37.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.36
Verze databáze: 1984
Windows 5.1.2600 Service Pack 3
15.4.2009 11:32:59
mbam-log-2009-04-15 (11-32-59).txt
Typ skenu: Rychlý sken
Objektu skenováno: 63597
Uplynulý cas: 2 minute(s), 8 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 14
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 48
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\systemntmi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ws2_32sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN36.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN37.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Notebook\Local Settings\Temp\BN38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
ComboFix 09-04-15.08 - Notebook 15.04.2009 11:41.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.607 [GMT 2:00]
Spuštěný z: c:\documents and settings\Notebook\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ClipSrvsp_rssrv
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-15 do 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\windows\system32\xircom
2009-04-15 09:36 . 2009-04-15 09:36 30464 ----a-w c:\windows\system32\drivers\acpi32.sys
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\documents and settings\Notebook\Data aplikací\Malwarebytes
2009-04-15 08:26 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 08:26 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-13 11:04 . 2009-04-13 11:06 161 ----a-w c:\windows\wcx_ftp.ini
2009-04-13 11:03 . 2009-04-13 11:06 820 ----a-w c:\windows\wincmd.ini
2009-04-13 11:03 . 2009-04-13 11:04 -------- d-----w C:\totalcmd
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\UC.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\RAR.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\PKZIP.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\PKUNZIP.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\NOCLOSE.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\LHA.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\ARJ.PIF
2009-04-13 10:01 . 2009-04-15 08:33 137 --s-a-w c:\windows\system32\1147464385.dat
2009-04-11 10:03 . 2009-04-15 09:02 -------- d--h--w C:\$AVG8.VAULT$
2009-03-27 15:08 . 2008-08-14 13:26 2068224 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-27 15:08 . 2008-08-14 13:26 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-27 15:08 . 2008-08-14 13:26 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-27 15:08 . 2008-08-14 13:26 2191360 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-27 15:08 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-27 15:08 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-03-27 15:06 . 2008-10-03 10:04 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-03-27 15:06 . 2008-10-15 16:38 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-03-27 15:06 . 2008-09-04 17:17 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-03-25 17:12 . 2009-03-25 17:12 -------- d-----w C:\sr
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\program files\microsoft frontpage
2009-04-15 09:02 . 2008-09-30 14:11 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-04-15 09:02 . 2008-09-30 14:11 -------- d-----w c:\program files\Spyware Terminator
2009-04-15 09:00 . 2008-09-30 14:11 -------- d-----w c:\documents and settings\Notebook\Data aplikací\Spyware Terminator
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 06:43 . 2009-04-15 06:43 -------- d-----w c:\program files\Trend Micro
2009-04-13 09:08 . 2001-10-25 13:00 46214 ----a-w c:\windows\system32\perfc005.dat
2009-04-13 09:08 . 2001-10-25 13:00 309954 ----a-w c:\windows\system32\perfh005.dat
2009-03-27 15:06 . 2008-09-30 14:08 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-03-27 15:06 . 2008-10-03 12:11 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-27 15:06 . 2008-10-03 12:11 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-27 15:06 . 2008-10-03 12:11 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-09 14:07 . 2009-02-09 14:07 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:07 . 2008-04-14 05:45 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-16 20:30 . 2008-06-24 08:42 3594752 ------w c:\windows\system32\dllcache\mshtml.dll
2008-09-30 14:05 . 2008-09-30 14:05 13992 ----a-w c:\documents and settings\Notebook\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-05-12 17:08 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2008-03-26 1491528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-30 2957824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-27 1601304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-29 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-27 15:06 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-27 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-27 107272]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-09-30 138752]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-27 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-27 298264]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - HELPSVC
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Notebook - c:\documents and settings\Notebook\Notebook.exe
HKLM-Run-RegistryMechanic - (no file)
Notify-AWinNotifyVitaKey MC3000 - (no file)
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 11:44
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\btmmhook.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\docume~1\Notebook\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2009-04-15 11:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-15 09:45
Před spuštěním: Volných bajtů: 34 379 149 312
Po spuštění: Volných bajtů: 34 365 313 024
170 --- E O F --- 2009-04-06 17:25
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.607 [GMT 2:00]
Spuštěný z: c:\documents and settings\Notebook\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ClipSrvsp_rssrv
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-15 do 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\windows\system32\xircom
2009-04-15 09:36 . 2009-04-15 09:36 30464 ----a-w c:\windows\system32\drivers\acpi32.sys
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\documents and settings\Notebook\Data aplikací\Malwarebytes
2009-04-15 08:26 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 08:26 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-13 11:04 . 2009-04-13 11:06 161 ----a-w c:\windows\wcx_ftp.ini
2009-04-13 11:03 . 2009-04-13 11:06 820 ----a-w c:\windows\wincmd.ini
2009-04-13 11:03 . 2009-04-13 11:04 -------- d-----w C:\totalcmd
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\UC.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\RAR.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\PKZIP.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\PKUNZIP.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\NOCLOSE.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\LHA.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\ARJ.PIF
2009-04-13 10:01 . 2009-04-15 08:33 137 --s-a-w c:\windows\system32\1147464385.dat
2009-04-11 10:03 . 2009-04-15 09:02 -------- d--h--w C:\$AVG8.VAULT$
2009-03-27 15:08 . 2008-08-14 13:26 2068224 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-27 15:08 . 2008-08-14 13:26 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-27 15:08 . 2008-08-14 13:26 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-27 15:08 . 2008-08-14 13:26 2191360 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-27 15:08 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-27 15:08 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-03-27 15:06 . 2008-10-03 10:04 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-03-27 15:06 . 2008-10-15 16:38 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-03-27 15:06 . 2008-09-04 17:17 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-03-25 17:12 . 2009-03-25 17:12 -------- d-----w C:\sr
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\program files\microsoft frontpage
2009-04-15 09:02 . 2008-09-30 14:11 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-04-15 09:02 . 2008-09-30 14:11 -------- d-----w c:\program files\Spyware Terminator
2009-04-15 09:00 . 2008-09-30 14:11 -------- d-----w c:\documents and settings\Notebook\Data aplikací\Spyware Terminator
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 06:43 . 2009-04-15 06:43 -------- d-----w c:\program files\Trend Micro
2009-04-13 09:08 . 2001-10-25 13:00 46214 ----a-w c:\windows\system32\perfc005.dat
2009-04-13 09:08 . 2001-10-25 13:00 309954 ----a-w c:\windows\system32\perfh005.dat
2009-03-27 15:06 . 2008-09-30 14:08 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-03-27 15:06 . 2008-10-03 12:11 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-27 15:06 . 2008-10-03 12:11 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-27 15:06 . 2008-10-03 12:11 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-09 14:07 . 2009-02-09 14:07 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:07 . 2008-04-14 05:45 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-16 20:30 . 2008-06-24 08:42 3594752 ------w c:\windows\system32\dllcache\mshtml.dll
2008-09-30 14:05 . 2008-09-30 14:05 13992 ----a-w c:\documents and settings\Notebook\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-05-12 17:08 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2008-03-26 1491528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-30 2957824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-27 1601304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-29 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-27 15:06 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-27 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-27 107272]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-09-30 138752]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-27 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-27 298264]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - HELPSVC
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Notebook - c:\documents and settings\Notebook\Notebook.exe
HKLM-Run-RegistryMechanic - (no file)
Notify-AWinNotifyVitaKey MC3000 - (no file)
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 11:44
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\btmmhook.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\docume~1\Notebook\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2009-04-15 11:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-15 09:45
Před spuštěním: Volných bajtů: 34 379 149 312
Po spuštění: Volných bajtů: 34 365 313 024
170 --- E O F --- 2009-04-06 17:25
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\drivers\acpi32.sys
c:\windows\system32\1147464385.dat
Driver::
acpi32
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=-
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
ComboFix 09-04-15.08 - Notebook 15.04.2009 14:44.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.609 [GMT 2:00]
Spuštěný z: c:\documents and settings\Notebook\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Notebook\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\system32\1147464385.dat
c:\windows\system32\drivers\acpi32.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-15 do 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\windows\system32\xircom
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\documents and settings\Notebook\Data aplikací\Malwarebytes
2009-04-15 08:26 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 08:26 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-13 11:04 . 2009-04-13 11:06 161 ----a-w c:\windows\wcx_ftp.ini
2009-04-13 11:03 . 2009-04-13 11:06 820 ----a-w c:\windows\wincmd.ini
2009-04-13 11:03 . 2009-04-13 11:04 -------- d-----w C:\totalcmd
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\UC.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\RAR.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\PKZIP.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\PKUNZIP.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\NOCLOSE.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\LHA.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\ARJ.PIF
2009-04-11 10:03 . 2009-04-15 10:19 -------- d--h--w C:\$AVG8.VAULT$
2009-03-27 15:08 . 2008-08-14 13:26 2068224 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-27 15:08 . 2008-08-14 13:26 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-27 15:08 . 2008-08-14 13:26 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-27 15:08 . 2008-08-14 13:26 2191360 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-27 15:08 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-27 15:08 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-03-27 15:06 . 2008-10-03 10:04 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-03-27 15:06 . 2008-10-15 16:38 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-03-27 15:06 . 2008-09-04 17:17 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-03-25 17:12 . 2009-03-25 17:12 -------- d-----w C:\sr
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 09:48 . 2001-10-25 13:00 46214 ----a-w c:\windows\system32\perfc005.dat
2009-04-15 09:48 . 2001-10-25 13:00 309954 ----a-w c:\windows\system32\perfh005.dat
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\program files\microsoft frontpage
2009-04-15 09:02 . 2008-09-30 14:11 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-04-15 09:02 . 2008-09-30 14:11 -------- d-----w c:\program files\Spyware Terminator
2009-04-15 09:00 . 2008-09-30 14:11 -------- d-----w c:\documents and settings\Notebook\Data aplikací\Spyware Terminator
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 06:43 . 2009-04-15 06:43 -------- d-----w c:\program files\Trend Micro
2009-03-27 15:06 . 2008-09-30 14:08 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-03-27 15:06 . 2008-10-03 12:11 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-27 15:06 . 2008-10-03 12:11 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-27 15:06 . 2008-10-03 12:11 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-09 14:07 . 2009-02-09 14:07 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:07 . 2008-04-14 05:45 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-16 20:30 . 2008-06-24 08:42 3594752 ------w c:\windows\system32\dllcache\mshtml.dll
2008-09-30 14:05 . 2008-09-30 14:05 13992 ----a-w c:\documents and settings\Notebook\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-05-12 17:08 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-15_09.44.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 13:00 . 2009-04-13 09:08 40190 c:\windows\system32\perfc009.dat
+ 2001-10-25 13:00 . 2009-04-15 09:48 40190 c:\windows\system32\perfc009.dat
- 2001-10-25 13:00 . 2009-04-13 09:08 46214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2009-04-15 09:48 46214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2009-04-15 09:48 311802 c:\windows\system32\perfh009.dat
- 2001-10-25 13:00 . 2009-04-13 09:08 311802 c:\windows\system32\perfh009.dat
+ 2001-10-25 13:00 . 2009-04-15 09:48 309954 c:\windows\system32\perfh005.dat
- 2001-10-25 13:00 . 2009-04-13 09:08 309954 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2008-03-26 1491528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-30 2957824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-27 1601304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-29 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-27 15:06 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-27 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-27 107272]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-09-30 138752]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-27 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-27 298264]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 14:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3284)
c:\docume~1\Notebook\LOCALS~1\Temp\catchme.dll
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2009-04-15 14:47
ComboFix-quarantined-files.txt 2009-04-15 12:46
ComboFix2.txt 2009-04-15 12:32
ComboFix3.txt 2009-04-15 09:45
Před spuštěním: Volných bajtů: 34 334 552 064
Po spuštění: Volných bajtů: 34 325 663 744
151 --- E O F --- 2009-04-06 17:25
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.609 [GMT 2:00]
Spuštěný z: c:\documents and settings\Notebook\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Notebook\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\system32\1147464385.dat
c:\windows\system32\drivers\acpi32.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-15 do 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\windows\system32\xircom
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\documents and settings\Notebook\Data aplikací\Malwarebytes
2009-04-15 08:26 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 08:26 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-13 11:04 . 2009-04-13 11:06 161 ----a-w c:\windows\wcx_ftp.ini
2009-04-13 11:03 . 2009-04-13 11:06 820 ----a-w c:\windows\wincmd.ini
2009-04-13 11:03 . 2009-04-13 11:04 -------- d-----w C:\totalcmd
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\UC.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\RAR.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\PKZIP.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\PKUNZIP.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\NOCLOSE.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\LHA.PIF
2009-04-13 11:03 . 2008-08-08 05:04 545 ----a-w c:\windows\ARJ.PIF
2009-04-11 10:03 . 2009-04-15 10:19 -------- d--h--w C:\$AVG8.VAULT$
2009-03-27 15:08 . 2008-08-14 13:26 2068224 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-27 15:08 . 2008-08-14 13:26 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-27 15:08 . 2008-08-14 13:26 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-27 15:08 . 2008-08-14 13:26 2191360 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-27 15:08 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-27 15:08 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-03-27 15:06 . 2008-10-03 10:04 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-03-27 15:06 . 2008-10-15 16:38 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-03-27 15:06 . 2008-09-04 17:17 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-03-25 17:12 . 2009-03-25 17:12 -------- d-----w C:\sr
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 09:48 . 2001-10-25 13:00 46214 ----a-w c:\windows\system32\perfc005.dat
2009-04-15 09:48 . 2001-10-25 13:00 309954 ----a-w c:\windows\system32\perfh005.dat
2009-04-15 09:43 . 2009-04-15 09:43 -------- d-----w c:\program files\microsoft frontpage
2009-04-15 09:02 . 2008-09-30 14:11 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-04-15 09:02 . 2008-09-30 14:11 -------- d-----w c:\program files\Spyware Terminator
2009-04-15 09:00 . 2008-09-30 14:11 -------- d-----w c:\documents and settings\Notebook\Data aplikací\Spyware Terminator
2009-04-15 08:26 . 2009-04-15 08:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 06:43 . 2009-04-15 06:43 -------- d-----w c:\program files\Trend Micro
2009-03-27 15:06 . 2008-09-30 14:08 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-03-27 15:06 . 2008-10-03 12:11 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-27 15:06 . 2008-10-03 12:11 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-27 15:06 . 2008-10-03 12:11 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-09 14:07 . 2009-02-09 14:07 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:07 . 2008-04-14 05:45 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-16 20:30 . 2008-06-24 08:42 3594752 ------w c:\windows\system32\dllcache\mshtml.dll
2008-09-30 14:05 . 2008-09-30 14:05 13992 ----a-w c:\documents and settings\Notebook\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-05-12 17:08 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-15_09.44.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 13:00 . 2009-04-13 09:08 40190 c:\windows\system32\perfc009.dat
+ 2001-10-25 13:00 . 2009-04-15 09:48 40190 c:\windows\system32\perfc009.dat
- 2001-10-25 13:00 . 2009-04-13 09:08 46214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2009-04-15 09:48 46214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2009-04-15 09:48 311802 c:\windows\system32\perfh009.dat
- 2001-10-25 13:00 . 2009-04-13 09:08 311802 c:\windows\system32\perfh009.dat
+ 2001-10-25 13:00 . 2009-04-15 09:48 309954 c:\windows\system32\perfh005.dat
- 2001-10-25 13:00 . 2009-04-13 09:08 309954 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2008-03-26 1491528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-30 2957824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-27 1601304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-29 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-27 15:06 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-27 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-27 107272]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-09-30 138752]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-27 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-27 298264]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 14:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3284)
c:\docume~1\Notebook\LOCALS~1\Temp\catchme.dll
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2009-04-15 14:47
ComboFix-quarantined-files.txt 2009-04-15 12:46
ComboFix2.txt 2009-04-15 12:32
ComboFix3.txt 2009-04-15 09:45
Před spuštěním: Volných bajtů: 34 334 552 064
Po spuštění: Volných bajtů: 34 325 663 744
151 --- E O F --- 2009-04-06 17:25
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:01, on 15.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\ComboFix\hidec.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\ComboFix\Catchme.tmp
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5667 bytes
Scan saved at 14:53:01, on 15.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\ComboFix\hidec.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\ComboFix\Catchme.tmp
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5667 bytes
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
tak tady to je..po tom co se udelal ten combofix log..se pc nejak zpomalil..a hrozne pomalu se nacitaji stranky v IE7.. zvlast pc help se nacetlo az na 5. pokus.. tak nevim..no mrkni na to please..sem sam zvedavej..
diky
diky
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu HJT - nalezeny ROOTKITY
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Kód: Vybrat vše
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 66 hostů