Prajem pekny den,
chcel by som poprosit o kontrolu LOGu z HiJackTHis, mam virus - Avira AntiVir hlasi TR/Drob.Agent.gkm Trojan a neviem sa ho zbavit neustale sa objavuje v Windows/Sytem32/drivers a napriek tomu ze ho zakazdym zmazem objavi sa znova..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:17, on 3. 4. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\janco\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\janco\janco.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\janco\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [janco] C:\Documents and Settings\janco\janco.exe /i
O4 - HKCU\..\Run: [] C:\Documents and Settings\janco\.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-810833284-386730596-2741441111-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8629 bytes
Vopred velmi pekne dakujem,
Yanco
Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Ahoj dakujem za odpoved,
no tento Malwarebytes' Anti-Malware som skusal uz dnes spustit, ale zial som dal odstranit tie infikovane subory dufajuc ze sa tym moj problem odstrani (prv nez som narazil na toto forum)..
Kazdopadne povodny LOG som si uchoval:
Malwarebytes' Anti-Malware 1.35
Database version: 1938
Windows 5.1.2600 Service Pack 2
3. 4. 2009 19:21:57
mbam-log-2009-04-03 (19-21-52).txt
Scan type: Quick Scan
Objects scanned: 70741
Time elapsed: 7 minute(s), 7 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
C:\WINDOWS\Temp\7F13.tmp (Backdoor.KeyStart) -> No action taken.
C:\WINDOWS\Temp\7F13.tmp (Backdoor.KeyStart) -> No action taken.
Memory Modules Infected:
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\7F13.tmp (Backdoor.KeyStart) -> No action taken.
C:\Documents and Settings\janco\Local Settings\Temporary Internet Files\Content.IE5\ACFCY66I\731l1[1].exe (Backdoor.KeyStart) -> No action taken.
C:\Documents and Settings\janco\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\wpv181238422083.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\janco\Local Settings\Temp\opravnenie na podnikanie-1.doc (Heuristics.Malware) -> No action taken.
C:\Documents and Settings\janco\Local Settings\Temp\opravnenie na podnikanie.doc (Heuristics.Malware) -> No action taken.
-----------------------
Momentale robim ten scan este raz, ak nieco najde tak postnem LOG.
Y.
no tento Malwarebytes' Anti-Malware som skusal uz dnes spustit, ale zial som dal odstranit tie infikovane subory dufajuc ze sa tym moj problem odstrani (prv nez som narazil na toto forum)..
Kazdopadne povodny LOG som si uchoval:
Malwarebytes' Anti-Malware 1.35
Database version: 1938
Windows 5.1.2600 Service Pack 2
3. 4. 2009 19:21:57
mbam-log-2009-04-03 (19-21-52).txt
Scan type: Quick Scan
Objects scanned: 70741
Time elapsed: 7 minute(s), 7 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
C:\WINDOWS\Temp\7F13.tmp (Backdoor.KeyStart) -> No action taken.
C:\WINDOWS\Temp\7F13.tmp (Backdoor.KeyStart) -> No action taken.
Memory Modules Infected:
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\7F13.tmp (Backdoor.KeyStart) -> No action taken.
C:\Documents and Settings\janco\Local Settings\Temporary Internet Files\Content.IE5\ACFCY66I\731l1[1].exe (Backdoor.KeyStart) -> No action taken.
C:\Documents and Settings\janco\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\wpv181238422083.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\janco\Local Settings\Temp\opravnenie na podnikanie-1.doc (Heuristics.Malware) -> No action taken.
C:\Documents and Settings\janco\Local Settings\Temp\opravnenie na podnikanie.doc (Heuristics.Malware) -> No action taken.
-----------------------
Momentale robim ten scan este raz, ak nieco najde tak postnem LOG.
Y.
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Novy LOG z Malwarebytes' Anti-Malware opat nasiel 3 infikovane napriek tomu ze som to predtym dal uz zmazat..
Malwarebytes' Anti-Malware 1.35
Database version: 1938
Windows 5.1.2600 Service Pack 2
3. 4. 2009 20:33:45
mbam-log-2009-04-03 (20-33-39).txt
Scan type: Quick Scan
Objects scanned: 71015
Time elapsed: 9 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.35
Database version: 1938
Windows 5.1.2600 Service Pack 2
3. 4. 2009 20:33:45
mbam-log-2009-04-03 (20-33-39).txt
Scan type: Quick Scan
Objects scanned: 71015
Time elapsed: 9 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Agent) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Tak to zase dej smazat.
Odinstaluj jeden antivir, nejspíše AVG.
Vypni rez. ochranu u zbývajícího antiviru (Avira).
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Odinstaluj jeden antivir, nejspíše AVG.
Vypni rez. ochranu u zbývajícího antiviru (Avira).
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Antivir ochranu som odstavil, zavrel vsetky okna a spustil ComboFix z plochy tu je jeho LOG:
ComboFix 09-04-01.01 - janco 2009-04-03 21:06:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.759.458 [GMT 2:00]
SpuÜt∞n² z: c:\documents and settings\janco\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Vytvo°en nov² Bod Obnovenφ
.
((((((((((((((((((((((((((((((((((((((( Ostatnφ v²mazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\janco\Data aplikacφ\wiaserva.log
c:\documents and settings\janco\janco.exe
.
((((((((((((((((((((((((( Soubory vytvo°enΘ od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 19:56 . 2009-04-03 19:56 <DIR> d-------- c:\program files\Avira
2009-04-03 19:56 . 2009-04-03 19:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikacφ\Avira
2009-04-03 19:56 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-03 19:13 . 2009-04-03 19:13 <DIR> d-------- c:\documents and settings\janco\Data aplikacφ\Malwarebytes
2009-04-03 19:12 . 2009-04-03 19:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 19:12 . 2009-04-03 19:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikacφ\Malwarebytes
2009-04-03 19:12 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 19:12 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-03 18:48 . 2009-04-03 18:48 <DIR> d-------- c:\program files\Trend Micro
2009-04-03 18:35 . 2009-04-03 18:35 <DIR> d-------- c:\program files\CCleaner
2009-04-03 11:37 . 2009-04-03 11:37 <DIR> d-------- C:\000
.
(((((((((((((((((((((((((((((((((((((((( Find3M v²pis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 19:00 --------- d-----w c:\documents and settings\janco\Data aplikacφ\Launchy
2009-04-03 17:12 --------- d-----w c:\documents and settings\janco\Data aplikacφ\Lavasoft
2009-03-31 08:01 --------- d-----w c:\documents and settings\janco\Data aplikacφ\Azureus
2009-03-23 15:21 --------- d-----w c:\program files\Azureus
2009-02-23 18:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 18:40 --------- d-----w c:\program files\STORMWARE
2009-02-03 21:12 --------- d-----w c:\program files\GameTop.com
2005-11-23 19:38 397,312 ----a-w c:\documents and settings\janco\jogl.dll
2008-12-19 06:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 06:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 06:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 06:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 06:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( SpouÜt∞cφ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnΘ zßznamy a legitimnφ v²chozφ ·daje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\janco\Local Settings\Data aplikacφ\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-14 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-14 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-28 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-28 688218]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-09-06 417856]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-05-10 102469]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2007-09-17 892928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuτt╪ní\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2007-02-11 520192]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-09-06 06:29 180290 c:\windows\system32\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikacφ\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikacφ\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\TortoiseSVN\\bin\\TSVNCache.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Launchy\\Launchy.exe"=
"c:\\WINDOWS\\system32\\1XConfig.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikacφ\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Download\\PC protection\\HJTInstall.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\WINDOWS\\system32\\ZCfgSvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:AzureusTorrentPortTCP
"65535:UDP"= 65535:UDP:AzureusTorrentPortUDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-03 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [2007-09-17 79948]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 PSched;PlßnovaΦ paket∙ technologie QoS;c:\windows\system32\drivers\psched.sys [2004-11-20 69120]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S2 ws2_32sik;ws2_32sik;c:\windows\system32\drivers\ws2_32sik.sys [2005-09-13 30464]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{640adca3-4204-11dd-8436-0015001745e5}]
\Shell\AutoRun\command - H:\USBNB.exe
.
Obsah adresß°e 'NaplßnovanΘ ·lohy'
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 18:36]
2009-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810833284-386730596-2741441111-1005.job
- c:\documents and settings\janco\Local Settings\Data aplikac []
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -
HKCU-Run-janco - c:\documents and settings\janco\janco.exe
.
------- Dopl≥kov² sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportova¥ do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\janco\Data aplikacφ\Mozilla\Firefox\Profiles\v7at9n8j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\janco\Data aplikacφ\Mozilla\Firefox\Profiles\v7at9n8j.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 21:08:44
Windows 5.1.2600 Service Pack 2 NTFS
skenovßnφ skryt²ch proces∙ ...
skenovßnφ skryt²ch polo₧ek 'Po spuÜt∞nφ' ...
skenovßnφ skryt²ch soubor∙ ...
sken byl ·speÜn∞ dokonΦen
skrytΘ soubory: 0
**************************************************************************
.
--------------------- Knihovny navßzanΘ na b∞₧φcφ procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\LgNotify.dll
.
Celkov² Φas: 2009-04-03 21:12:24
ComboFix-quarantined-files.txt 2009-04-03 19:11:47
P°ed spuÜt∞nφm: 3á323á525á120
Po spuÜt∞nφ: 4,233,656,320
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
192 --- E O F --- 2009-03-19 06:20:21
ComboFix 09-04-01.01 - janco 2009-04-03 21:06:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.759.458 [GMT 2:00]
SpuÜt∞n² z: c:\documents and settings\janco\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Vytvo°en nov² Bod Obnovenφ
.
((((((((((((((((((((((((((((((((((((((( Ostatnφ v²mazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\janco\Data aplikacφ\wiaserva.log
c:\documents and settings\janco\janco.exe
.
((((((((((((((((((((((((( Soubory vytvo°enΘ od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 19:56 . 2009-04-03 19:56 <DIR> d-------- c:\program files\Avira
2009-04-03 19:56 . 2009-04-03 19:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikacφ\Avira
2009-04-03 19:56 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-03 19:13 . 2009-04-03 19:13 <DIR> d-------- c:\documents and settings\janco\Data aplikacφ\Malwarebytes
2009-04-03 19:12 . 2009-04-03 19:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 19:12 . 2009-04-03 19:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikacφ\Malwarebytes
2009-04-03 19:12 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 19:12 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-03 18:48 . 2009-04-03 18:48 <DIR> d-------- c:\program files\Trend Micro
2009-04-03 18:35 . 2009-04-03 18:35 <DIR> d-------- c:\program files\CCleaner
2009-04-03 11:37 . 2009-04-03 11:37 <DIR> d-------- C:\000
.
(((((((((((((((((((((((((((((((((((((((( Find3M v²pis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 19:00 --------- d-----w c:\documents and settings\janco\Data aplikacφ\Launchy
2009-04-03 17:12 --------- d-----w c:\documents and settings\janco\Data aplikacφ\Lavasoft
2009-03-31 08:01 --------- d-----w c:\documents and settings\janco\Data aplikacφ\Azureus
2009-03-23 15:21 --------- d-----w c:\program files\Azureus
2009-02-23 18:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 18:40 --------- d-----w c:\program files\STORMWARE
2009-02-03 21:12 --------- d-----w c:\program files\GameTop.com
2005-11-23 19:38 397,312 ----a-w c:\documents and settings\janco\jogl.dll
2008-12-19 06:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 06:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 06:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 06:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 06:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( SpouÜt∞cφ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnΘ zßznamy a legitimnφ v²chozφ ·daje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\janco\Local Settings\Data aplikacφ\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-14 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-14 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-28 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-28 688218]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-09-06 417856]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-05-10 102469]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2007-09-17 892928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuτt╪ní\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2007-02-11 520192]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-09-06 06:29 180290 c:\windows\system32\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikacφ\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikacφ\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\TortoiseSVN\\bin\\TSVNCache.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Launchy\\Launchy.exe"=
"c:\\WINDOWS\\system32\\1XConfig.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikacφ\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Download\\PC protection\\HJTInstall.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\WINDOWS\\system32\\ZCfgSvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:AzureusTorrentPortTCP
"65535:UDP"= 65535:UDP:AzureusTorrentPortUDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-03 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [2007-09-17 79948]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 PSched;PlßnovaΦ paket∙ technologie QoS;c:\windows\system32\drivers\psched.sys [2004-11-20 69120]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S2 ws2_32sik;ws2_32sik;c:\windows\system32\drivers\ws2_32sik.sys [2005-09-13 30464]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{640adca3-4204-11dd-8436-0015001745e5}]
\Shell\AutoRun\command - H:\USBNB.exe
.
Obsah adresß°e 'NaplßnovanΘ ·lohy'
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 18:36]
2009-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810833284-386730596-2741441111-1005.job
- c:\documents and settings\janco\Local Settings\Data aplikac []
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -
HKCU-Run-janco - c:\documents and settings\janco\janco.exe
.
------- Dopl≥kov² sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportova¥ do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\janco\Data aplikacφ\Mozilla\Firefox\Profiles\v7at9n8j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\janco\Data aplikacφ\Mozilla\Firefox\Profiles\v7at9n8j.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 21:08:44
Windows 5.1.2600 Service Pack 2 NTFS
skenovßnφ skryt²ch proces∙ ...
skenovßnφ skryt²ch polo₧ek 'Po spuÜt∞nφ' ...
skenovßnφ skryt²ch soubor∙ ...
sken byl ·speÜn∞ dokonΦen
skrytΘ soubory: 0
**************************************************************************
.
--------------------- Knihovny navßzanΘ na b∞₧φcφ procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\LgNotify.dll
.
Celkov² Φas: 2009-04-03 21:12:24
ComboFix-quarantined-files.txt 2009-04-03 19:11:47
P°ed spuÜt∞nφm: 3á323á525á120
Po spuÜt∞nφ: 4,233,656,320
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
192 --- E O F --- 2009-03-19 06:20:21
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Tuto složku znáš:
C:\000 ?
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
sc config amd64si start= disabled
sc stop amd64si
sc delete amd64si
sc config ati64si start= disabled
sc stop ati64si
sc delete ati64si
sc config port135sik start= disabled
sc stop port135sik
sc delete port135sik
sc config securentm start= disabled
sc stop securentm
sc delete securentm
sc config ws2_32sik start= disabled
sc stop ws2_32sik
sc delete ws2_32sikulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\ws2_32sik.sys
DirLook::
C:\000
Driver::
amd64si
ati64si
port135sik
securentm
ws2_32sik
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Tuto složku znáš:
C:\000 ?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Ano, C:\000 poznam, vytvoril som ho ja, pouzivam tento adresar ako temp..
ComboFix 09-04-01.01 - janco 2009-04-03 22:50:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.759.469 [GMT 2:00]
Spuštěný z: c:\documents and settings\janco\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\janco\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\ws2_32sik.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ws2_32sik.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WS2_32SIK
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 19:56 . 2009-04-03 19:56 <DIR> d-------- c:\program files\Avira
2009-04-03 19:56 . 2009-04-03 19:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Avira
2009-04-03 19:56 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-03 19:13 . 2009-04-03 19:13 <DIR> d-------- c:\documents and settings\janco\Data aplikací\Malwarebytes
2009-04-03 19:12 . 2009-04-03 19:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 19:12 . 2009-04-03 19:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-03 19:12 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 19:12 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-03 18:48 . 2009-04-03 18:48 <DIR> d-------- c:\program files\Trend Micro
2009-04-03 18:35 . 2009-04-03 18:35 <DIR> d-------- c:\program files\CCleaner
2009-04-03 11:37 . 2009-04-03 11:37 <DIR> d-------- C:\000
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 21:01 --------- d-----w c:\documents and settings\janco\Data aplikací\Launchy
2009-04-03 17:12 --------- d-----w c:\documents and settings\janco\Data aplikací\Lavasoft
2009-03-31 08:01 --------- d-----w c:\documents and settings\janco\Data aplikací\Azureus
2009-03-23 15:21 --------- d-----w c:\program files\Azureus
2009-02-23 18:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 18:40 --------- d-----w c:\program files\STORMWARE
2009-02-03 21:12 --------- d-----w c:\program files\GameTop.com
2005-11-23 19:38 397,312 ----a-w c:\documents and settings\janco\jogl.dll
2008-12-19 06:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 06:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 06:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 06:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 06:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\000 ----
((((((((((((((((((((((((((((( SnapShot@2009-04-03_21.09.27,10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-03 20:57:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\janco\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-14 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-14 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-28 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-28 688218]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-09-06 417856]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-05-10 102469]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2007-09-17 892928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2007-02-11 520192]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-09-06 06:29 180290 c:\windows\system32\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\TortoiseSVN\\bin\\TSVNCache.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Launchy\\Launchy.exe"=
"c:\\WINDOWS\\system32\\1XConfig.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Download\\PC protection\\HJTInstall.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\WINDOWS\\system32\\ZCfgSvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:AzureusTorrentPortTCP
"65535:UDP"= 65535:UDP:AzureusTorrentPortUDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-03 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [2007-09-17 79948]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-11-20 69120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{640adca3-4204-11dd-8436-0015001745e5}]
\Shell\AutoRun\command - H:\USBNB.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 18:36]
2009-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810833284-386730596-2741441111-1005.job
- c:\documents and settings\janco\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\janco\Data aplikací\Mozilla\Firefox\Profiles\v7at9n8j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\janco\Data aplikací\Mozilla\Firefox\Profiles\v7at9n8j.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 22:58:49
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\LgNotify.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\ATKKBService.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RegSrvc.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\1XConfig.exe
.
**************************************************************************
.
Celkový čas: 2009-04-03 23:07:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-03 21:07:02
ComboFix2.txt 2009-04-03 19:12:25
Před spuštěním: 4 263 418 880
Po spuštění: 4,198,103,552
217 --- E O F --- 2009-03-19 06:20:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:19, on 3. 4. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\janco\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\janco\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-810833284-386730596-2741441111-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7517 bytes
ComboFix 09-04-01.01 - janco 2009-04-03 22:50:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.759.469 [GMT 2:00]
Spuštěný z: c:\documents and settings\janco\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\janco\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\ws2_32sik.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ws2_32sik.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WS2_32SIK
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-03 do 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 19:56 . 2009-04-03 19:56 <DIR> d-------- c:\program files\Avira
2009-04-03 19:56 . 2009-04-03 19:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Avira
2009-04-03 19:56 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-03 19:13 . 2009-04-03 19:13 <DIR> d-------- c:\documents and settings\janco\Data aplikací\Malwarebytes
2009-04-03 19:12 . 2009-04-03 19:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 19:12 . 2009-04-03 19:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-03 19:12 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 19:12 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-03 18:48 . 2009-04-03 18:48 <DIR> d-------- c:\program files\Trend Micro
2009-04-03 18:35 . 2009-04-03 18:35 <DIR> d-------- c:\program files\CCleaner
2009-04-03 11:37 . 2009-04-03 11:37 <DIR> d-------- C:\000
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 21:01 --------- d-----w c:\documents and settings\janco\Data aplikací\Launchy
2009-04-03 17:12 --------- d-----w c:\documents and settings\janco\Data aplikací\Lavasoft
2009-03-31 08:01 --------- d-----w c:\documents and settings\janco\Data aplikací\Azureus
2009-03-23 15:21 --------- d-----w c:\program files\Azureus
2009-02-23 18:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 18:40 --------- d-----w c:\program files\STORMWARE
2009-02-03 21:12 --------- d-----w c:\program files\GameTop.com
2005-11-23 19:38 397,312 ----a-w c:\documents and settings\janco\jogl.dll
2008-12-19 06:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 06:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 06:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 06:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 06:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\000 ----
((((((((((((((((((((((((((((( SnapShot@2009-04-03_21.09.27,10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-03 20:57:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 13:42 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\janco\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-14 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-14 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-28 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-28 688218]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-09-06 417856]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-05-10 102469]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2007-09-17 892928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2007-02-11 520192]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-09-06 06:29 180290 c:\windows\system32\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\TortoiseSVN\\bin\\TSVNCache.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Hewlett-Packard\\OrderReminder\\OrderReminder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Launchy\\Launchy.exe"=
"c:\\WINDOWS\\system32\\1XConfig.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Documents and Settings\\janco\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Download\\PC protection\\HJTInstall.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\WINDOWS\\system32\\ZCfgSvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:AzureusTorrentPortTCP
"65535:UDP"= 65535:UDP:AzureusTorrentPortUDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-03 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [2007-09-17 79948]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-11-20 69120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{640adca3-4204-11dd-8436-0015001745e5}]
\Shell\AutoRun\command - H:\USBNB.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 18:36]
2009-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810833284-386730596-2741441111-1005.job
- c:\documents and settings\janco\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\janco\Data aplikací\Mozilla\Firefox\Profiles\v7at9n8j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\janco\Data aplikací\Mozilla\Firefox\Profiles\v7at9n8j.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 22:58:49
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\LgNotify.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\ATKKBService.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RegSrvc.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\1XConfig.exe
.
**************************************************************************
.
Celkový čas: 2009-04-03 23:07:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-03 21:07:02
ComboFix2.txt 2009-04-03 19:12:25
Před spuštěním: 4 263 418 880
Po spuštění: 4,198,103,552
217 --- E O F --- 2009-03-19 06:20:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:19, on 3. 4. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\janco\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\janco\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-810833284-386730596-2741441111-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7517 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše.
Kód: Vybrat vše
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Dakujem,
spravil som vsetko ako si povedal.
Len ten AFT-Cleaner som zatial nespustil, lebo sa mi ho nepodarilo stiahnut - nejaky problem so strankou (skusim neskorsie znova).
Tu JAVU mam ondisntalovat uplne vsetky polozky (vid obr.)? Nie su to nejake kumulativne update?
[img=http://img18.imageshack.us/img18/9042/javaodinstal.th.png]
Y.
spravil som vsetko ako si povedal.
Len ten AFT-Cleaner som zatial nespustil, lebo sa mi ho nepodarilo stiahnut - nejaky problem so strankou (skusim neskorsie znova).
Tu JAVU mam ondisntalovat uplne vsetky polozky (vid obr.)? Nie su to nejake kumulativne update?
[img=http://img18.imageshack.us/img18/9042/javaodinstal.th.png]
![[img=http://img18.imageshack.us/img18/9042/javaodinstal.th.png]](http://img18.imageshack.us/my.php?image=javaodinstal.png){kind=link}
Y.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Ano všechny javy odinstaluj a nainstaluj jen tu poslední z odkazu.
Odkaz na ATF Cleaner mi jde, můžeš stáhnout i odsud:
http://www.stahuj.centrum.cz/internet_a ... f-cleaner/
Můžeš dát pak vyřešeno , fajfku.
Odkaz na ATF Cleaner mi jde, můžeš stáhnout i odsud:
http://www.stahuj.centrum.cz/internet_a ... f-cleaner/
Můžeš dát pak vyřešeno , fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosba o Kontrolu LOGu - TR/Drob.Agent.gkm Trojan
Dakujem Jaro!
Full scan prebehol v poriadku, tak verim ze vdaka tvojej vydatnej pomoci je vsetko zazehnane!
Este som sa chcel opytat ze ci by som sa mohol ja naoplatku nejako revansovat? Nie som sice ziaden prachac, ale rad by som aspon trochou podporil nezistnu pracu ludi ako si ty!
Este raz za pomoc velmi pekne dakujem!
Full scan prebehol v poriadku, tak verim ze vdaka tvojej vydatnej pomoci je vsetko zazehnane!
Este som sa chcel opytat ze ci by som sa mohol ja naoplatku nejako revansovat? Nie som sice ziaden prachac, ale rad by som aspon trochou podporil nezistnu pracu ludi ako si ty!
Este raz za pomoc velmi pekne dakujem!
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů