Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

AVAST nasiel Win32: Rootkit-gen

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
IKO
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 02 čer 2011 21:11

AVAST nasiel Win32: Rootkit-gen

#1 Příspěvek od IKO »

Prosim o kontrolu, AVAST nasiel pri kontrole po restarte Win32: Rootkit-gen.
V pocitacoch som zaciatocnik.
Dakujem.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Ivan at 2011-06-02 22:05:44
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (9%) free of 16 GB
Total RAM: 767 MB (31% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1563985344-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1563985344-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll [2011-05-06 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - I.R.I.S. Desktop Search - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [2006-01-11 1385768]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll [2011-05-06 734048]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-10-29 4620288]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-10-29 86016]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2006-07-07 348160]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2005-03-16 90112]
"Ulead Quick-Drop"=C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe [2005-04-28 102400]
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [2004-12-23 81920]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"HPUsageTracking"=c:\Program Files\HP\HP UT\bin\hppusg.exe [2009-05-11 24576]
"HPPQVideo"=c:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [2007-05-07 106496]
"ToolBoxFX"=c:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2009-06-17 40960]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-05-06 532320]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"I.R.I.S. Desktop Search"=C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe [2006-01-11 5193512]
"Google Update"=C:\Documents and Settings\Ivan.IVAN-1KTSBYHEJ7\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
T-Mobile Communication Center.lnk - C:\Program Files\T-Mobile Communication Center\TMCC.exe
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\limewire\LimeWire.exe"="D:\Program Files\limewire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Programy\skype\Phone\Skype.exe"="D:\Programy\skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\StubInstaller.exe"="D:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\limewire\LimeWire.exe"="D:\limewire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Limewie\LimeWire\LimeWire.exe"="D:\Limewie\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\hry\CS.1.6\Cs 1.6\hl.exe"="D:\hry\CS.1.6\Cs 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\utorrent.exe"="C:\Documents and Settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\utorrent.exe:*:Enabled:µTorrent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\hry\UNDERGROUND2\Speed.exe"="D:\hry\UNDERGROUND2\Speed.exe:*:Enabled:Speed"
"D:\hry\soldier\SoF.exe"="D:\hry\soldier\SoF.exe:*:Enabled:SoF"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"G:\Dokumenty\hry\UNDERGROUND2\Speed.exe"="G:\Dokumenty\hry\UNDERGROUND2\Speed.exe:*:Enabled:Speed"
"C:\Program Files\VMware\VMware Server\vmware-authd.exe"="C:\Program Files\VMware\VMware Server\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\Program Files\VMware\VMware Server\vmware-hostd.exe"="C:\Program Files\VMware\VMware Server\vmware-hostd.exe:*:Enabled:VMware Hostd"
"G:\Dokumenty\hry\CS.1.6\Cs 1.6\hl.exe"="G:\Dokumenty\hry\CS.1.6\Cs 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Instal\skype\Phone\Skype.exe"="D:\Instal\skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2011-06-02 22:05:45 ----D---- C:\Program Files\trend micro
2011-06-02 22:05:44 ----D---- C:\rsit
2011-06-02 18:02:05 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-06-02 18:02:05 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-06-02 18:02:05 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-06-02 18:02:05 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-06-02 18:02:05 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-06-02 18:02:04 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-06-02 18:02:04 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-06-02 18:02:04 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-06-02 18:01:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-06-02 18:01:44 ----D---- C:\Program Files\AVAST Software
2011-06-02 18:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-06-02 07:03:02 ----D---- C:\Documents and Settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Search Settings
2011-06-02 07:03:00 ----D---- C:\Program Files\YouTube Downloader Toolbar
2011-06-02 07:03:00 ----D---- C:\Program Files\Common Files\Spigot
2011-06-02 07:03:00 ----D---- C:\Program Files\Application Updater
2011-05-28 19:33:01 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2011-05-25 23:06:01 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2011-05-25 22:45:21 ----D---- C:\Program Files\Hewlett-Packard
2011-05-25 22:42:54 ----A---- C:\WINDOWS\system32\hppcew11.dll
2011-05-25 22:42:54 ----A---- C:\WINDOWS\system32\drivers\hpfxgen.sys
2011-05-25 22:42:54 ----A---- C:\WINDOWS\system32\drivers\hpfxbulk.sys
2011-05-25 22:42:50 ----A---- C:\WINDOWS\system32\hpxp1312.dll
2011-05-25 22:42:50 ----A---- C:\WINDOWS\system32\hpptsp04.dll
2011-05-25 22:42:50 ----A---- C:\WINDOWS\system32\hppasc11.dll
2011-05-25 22:36:38 ----D---- C:\HP_CM1312_series_full_solution_v5.0_EMEA2
2011-05-25 19:16:33 ----ASH---- C:\WINDOWS\system32\winzvprt5.sys
2011-05-20 22:16:50 ----D---- C:\Documents and Settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\skypePM
2011-05-20 22:16:50 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras
2011-05-20 22:16:33 ----D---- C:\Program Files\Common Files\Skype
2011-05-14 15:31:46 ----D---- C:\Documents and Settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\VMware
2011-05-14 15:26:54 ----D---- C:\Program Files\Common Files\VMware
2011-05-14 14:54:19 ----A---- C:\WINDOWS\system32\vmnetdhcp.exe
2011-05-14 14:54:16 ----A---- C:\WINDOWS\system32\vmnat.exe
2011-05-14 14:54:16 ----A---- C:\WINDOWS\system32\drivers\vmnetuserif.sys
2011-05-14 14:54:11 ----A---- C:\WINDOWS\system32\vnetlib.dll
2011-05-14 14:53:46 ----D---- C:\Virtual Machines
2011-05-14 14:51:59 ----D---- C:\Program Files\VMware
2011-05-14 14:51:59 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2011-05-05 22:09:14 ----D---- C:\Program Files\Adobe Media Player
2011-05-05 22:09:10 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2011-06-02 22:05:45 ----RD---- C:\Program Files
2011-06-02 22:05:10 ----D---- C:\Documents and Settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Skype
2011-06-02 22:01:56 ----D---- C:\Program Files\Mozilla Firefox
2011-06-02 20:44:48 ----D---- C:\WINDOWS\Temp
2011-06-02 20:32:18 ----D---- C:\WINDOWS\system32
2011-06-02 20:30:43 ----D---- C:\WINDOWS\Prefetch
2011-06-02 19:40:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-02 18:02:05 ----D---- C:\WINDOWS\system32\drivers
2011-06-02 18:02:01 ----SHD---- C:\WINDOWS\Installer
2011-06-02 18:02:01 ----HD---- C:\Config.Msi
2011-06-02 18:02:00 ----D---- C:\WINDOWS\WinSxS
2011-06-02 18:01:54 ----D---- C:\WINDOWS
2011-06-02 17:55:48 ----A---- C:\WINDOWS\slovnik vety.INI
2011-06-02 08:54:52 ----A---- C:\WINDOWS\wincmd.ini
2011-06-02 07:03:00 ----D---- C:\Program Files\Common Files
2011-05-29 16:59:45 ----A---- C:\WINDOWS\NeroDigital.ini
2011-05-28 09:52:31 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-26 13:01:34 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-05-25 23:06:01 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2011-05-25 23:05:14 ----D---- C:\Program Files\HP
2011-05-25 23:05:08 ----HD---- C:\WINDOWS\inf
2011-05-25 23:05:08 ----D---- C:\WINDOWS\system32\CatRoot
2011-05-25 22:55:01 ----A---- C:\WINDOWS\win.ini
2011-05-25 22:45:23 ----D---- C:\WINDOWS\twain_32
2011-05-25 22:42:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-05-20 22:16:31 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-05-15 14:15:07 ----D---- C:\Documents and Settings
2011-05-14 14:53:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-06 07:24:11 ----A---- C:\WINDOWS\T602.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-12-05 20640]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-01 27904]
R0 viamraid;viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [2004-05-18 74112]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 USIUDF;USIUDF; C:\WINDOWS\System32\Drivers\USIUDF.sys [2004-07-07 292896]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2009-10-20 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
R3 PAC207;VideoCAM GF112; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2009-10-20 16560]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S0 ElbyVCD;ElbyVCD; C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S1 M9207;Digital TV USB Mini Receiver; C:\WINDOWS\system32\DRIVERS\M9207BDA.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2005-10-07 58288]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 85408]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2010-12-29 9728]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2010-12-29 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2010-12-29 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2010-12-29 105088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-10-29 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2009-10-20 121392]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2009-10-20 326192]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2009-10-20 399920]
R2 VMwareHostd;VMware Host Agent; C:\Program Files\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
R2 VMwareServerWebAccess;VMware Server Web Access; C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-09 655624]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 vmwriter;VMware VSS Writer; C:\Program Files\VMware\VMware Server\vmVssWriter.exe [2009-10-20 29744]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: AVAST nasiel Win32: Rootkit-gen

#2 Příspěvek od Rudy »

Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
IKO
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 02 čer 2011 21:11

Re: AVAST nasiel Win32: Rootkit-gen

#3 Příspěvek od IKO »

tu je log combofixu:

ComboFix 11-06-02.02 - Ivan 02.06.2011 23:13:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.767.231 [GMT 2:00]
Running from: c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Local Settings\Temporary Internet Files\slovnik.INI
d:\dokumenty\Readiris.DUS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- c:\program files\trend micro
2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- C:\rsit
2011-06-02 16:02 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-02 16:02 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-02 16:02 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-02 16:02 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-02 16:02 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-02 16:02 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-02 16:02 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-02 16:02 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-02 16:01 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-02 16:01 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\program files\AVAST Software
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Search Settings
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\program files\Common Files\Spigot
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\program files\Application Updater
2011-05-28 17:33 . 2011-05-28 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-05-25 21:06 . 2011-05-25 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-05-25 20:45 . 2011-05-25 20:45 -------- d-----w- c:\program files\Hewlett-Packard
2011-05-25 20:42 . 2008-09-26 23:37 188416 ----a-w- c:\windows\system32\hppcew11.dll
2011-05-25 20:42 . 2007-07-16 21:29 26136 ----a-w- c:\windows\system32\drivers\hpfxgen.sys
2011-05-25 20:42 . 2007-07-16 21:29 17432 ----a-w- c:\windows\system32\drivers\hpfxbulk.sys
2011-05-25 20:42 . 2009-06-26 17:43 770048 ----a-w- c:\windows\system32\hpptsp04.dll
2011-05-25 20:42 . 2008-09-26 23:37 450560 ----a-w- c:\windows\system32\hppasc11.dll
2011-05-25 20:42 . 2007-10-24 19:18 729088 ----a-w- c:\windows\system32\hpxp1312.dll
2011-05-25 20:36 . 2011-05-25 21:01 -------- d-----w- C:\HP_CM1312_series_full_solution_v5.0_EMEA2
2011-05-25 17:16 . 2011-05-25 17:16 608 --sha-w- c:\windows\system32\winzvprt5.sys
2011-05-20 20:16 . 2011-06-02 19:10 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\skypePM
2011-05-20 20:16 . 2011-06-01 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-20 20:16 . 2011-05-20 20:16 -------- d-----w- c:\program files\Common Files\Skype
2011-05-14 13:31 . 2011-05-14 14:19 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\VMware
2011-05-14 13:26 . 2011-05-14 13:26 -------- d-----w- c:\program files\Common Files\VMware
2011-05-14 12:55 . 2011-06-02 18:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2011-05-14 12:54 . 2009-10-20 13:21 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-05-14 12:54 . 2009-10-20 13:22 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-05-14 12:54 . 2009-10-20 13:22 399920 ----a-w- c:\windows\system32\vmnat.exe
2011-05-14 12:54 . 2009-10-20 13:21 723504 ----a-w- c:\windows\system32\vnetlib.dll
2011-05-14 12:53 . 2011-05-14 12:53 -------- d-----w- C:\Virtual Machines
2011-05-14 12:51 . 2011-06-02 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2011-05-14 12:51 . 2011-05-14 12:51 -------- d-----w- c:\program files\VMware
2011-05-05 20:09 . 2011-05-05 20:09 -------- d-----w- c:\program files\Adobe Media Player
2011-05-05 20:09 . 2011-05-05 20:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-24 21:25 . 2006-07-31 16:06 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-24 21:25 . 2006-07-31 16:06 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-24 21:25 . 2006-07-31 16:06 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"I.R.I.S. Desktop Search"="c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe" [2006-01-11 5193512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-03-16 90112]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-04-28 102400]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-06-17 40960]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-06 532320]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-3-26 114688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
T-Mobile Communication Center.lnk - c:\program files\T-Mobile Communication Center\TMCC.exe [2010-12-29 761856]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2006-3-26 585728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"g:\\Dokumenty\\hry\\UNDERGROUND2\\Speed.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"=
"g:\\Dokumenty\\hry\\CS.1.6\\Cs 1.6\\hl.exe"=
"d:\\Instal\\skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"2395:TCP"= 2395:TCP:rgcurfwo
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.6.2011 18:02 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.6.2011 18:02 307928]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [6.5.2011 17:33 393112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.6.2011 18:02 19544]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20.10.2009 15:22 54960]
R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [20.10.2009 15:21 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [20.10.2009 23:27 57344]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [1.4.2007 17:31 9446]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 M9207;Digital TV USB Mini Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.1.2011 22:09 136176]
S2 vonzmhxd;uppqdhs;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.1.2011 22:09 136176]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [7.10.2005 13:45 58288]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [4.2.2007 21:58 85408]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29.12.2010 14:24 9728]
S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [20.10.2009 15:22 29744]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vonzmhxd
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:09]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
LSP: c:\program files\VMware\VMware Server\vsocklib.dll
TCP: Interfaces\{42B5F870-4857-4D62-9FC0-BEEBECD56BC3}: NameServer = 92.245.2.245,193.58.193.11
TCP: Interfaces\{4F2C9272-069A-4B59-828C-24D60ED0CB2A}: NameServer = 92.254.2.245,193.58.193.11
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Mozilla\Firefox\Profiles\up4tnhx8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 23:34
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vonzmhxd]
"ServiceDll"="c:\windows\system32\pkigas.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\VMGINA.DLL
.
Completion time: 2011-06-02 23:37:20
ComboFix-quarantined-files.txt 2011-06-02 21:37
.
Pre-Run: 1 314 787 328 bytes free
Post-Run: 3 115 061 248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - FDCE682A4BCC12BDEF802F39BD6ADC53
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: AVAST nasiel Win32: Rootkit-gen

#4 Příspěvek od Rudy »

Ještě dočistíme:

Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\program files\Common Files\Spigot

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2395:TCP"=-

Driver::
vonzmhxd

NetSvc::
vonzmhxd
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
IKO
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 02 čer 2011 21:11

Re: AVAST nasiel Win32: Rootkit-gen

#5 Příspěvek od IKO »

Tu je nový log.

ComboFix 11-06-04.02 - Ivan 04.06.2011 13:50:34.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.767.346 [GMT 2:00]
Running from: c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VONZMHXD
-------\Service_vonzmhxd
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- c:\program files\trend micro
2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- C:\rsit
2011-06-02 16:02 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-02 16:02 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-02 16:02 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-02 16:02 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-02 16:02 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-02 16:02 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-02 16:02 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-02 16:02 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-02 16:01 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-02 16:01 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\program files\AVAST Software
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Search Settings
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\program files\Application Updater
2011-05-28 17:33 . 2011-05-28 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-05-25 21:06 . 2011-05-25 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-05-25 20:45 . 2011-05-25 20:45 -------- d-----w- c:\program files\Hewlett-Packard
2011-05-25 20:42 . 2008-09-26 23:37 188416 ----a-w- c:\windows\system32\hppcew11.dll
2011-05-25 20:42 . 2007-07-16 21:29 26136 ----a-w- c:\windows\system32\drivers\hpfxgen.sys
2011-05-25 20:42 . 2007-07-16 21:29 17432 ----a-w- c:\windows\system32\drivers\hpfxbulk.sys
2011-05-25 20:42 . 2009-06-26 17:43 770048 ----a-w- c:\windows\system32\hpptsp04.dll
2011-05-25 20:42 . 2008-09-26 23:37 450560 ----a-w- c:\windows\system32\hppasc11.dll
2011-05-25 20:42 . 2007-10-24 19:18 729088 ----a-w- c:\windows\system32\hpxp1312.dll
2011-05-25 20:36 . 2011-05-25 21:01 -------- d-----w- C:\HP_CM1312_series_full_solution_v5.0_EMEA2
2011-05-25 17:16 . 2011-05-25 17:16 608 --sha-w- c:\windows\system32\winzvprt5.sys
2011-05-20 20:16 . 2011-06-03 19:52 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\skypePM
2011-05-20 20:16 . 2011-06-01 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-20 20:16 . 2011-05-20 20:16 -------- d-----w- c:\program files\Common Files\Skype
2011-05-14 13:31 . 2011-05-14 14:19 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\VMware
2011-05-14 13:26 . 2011-05-14 13:26 -------- d-----w- c:\program files\Common Files\VMware
2011-05-14 12:55 . 2011-06-04 12:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2011-05-14 12:54 . 2009-10-20 13:21 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-05-14 12:54 . 2009-10-20 13:22 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-05-14 12:54 . 2009-10-20 13:22 399920 ----a-w- c:\windows\system32\vmnat.exe
2011-05-14 12:54 . 2009-10-20 13:21 723504 ----a-w- c:\windows\system32\vnetlib.dll
2011-05-14 12:53 . 2011-05-14 12:53 -------- d-----w- C:\Virtual Machines
2011-05-14 12:51 . 2011-06-04 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2011-05-14 12:51 . 2011-05-14 12:51 -------- d-----w- c:\program files\VMware
2011-05-05 20:09 . 2011-05-05 20:09 -------- d-----w- c:\program files\Adobe Media Player
2011-05-05 20:09 . 2011-05-05 20:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-24 21:25 . 2006-07-31 16:06 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-24 21:25 . 2006-07-31 16:06 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-24 21:25 . 2006-07-31 16:06 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-02_21.34.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-04 12:02 . 2011-06-04 12:02 16384 c:\windows\temp\Perflib_Perfdata_d10.dat
+ 2011-06-04 12:01 . 2011-06-04 12:01 16384 c:\windows\temp\Perflib_Perfdata_c7c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"I.R.I.S. Desktop Search"="c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe" [2006-01-11 5193512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-03-16 90112]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-04-28 102400]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-06-17 40960]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-3-26 114688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
T-Mobile Communication Center.lnk - c:\program files\T-Mobile Communication Center\TMCC.exe [2010-12-29 761856]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2006-3-26 585728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"g:\\Dokumenty\\hry\\UNDERGROUND2\\Speed.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"=
"g:\\Dokumenty\\hry\\CS.1.6\\Cs 1.6\\hl.exe"=
"d:\\Instal\\skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.6.2011 18:02 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.6.2011 18:02 307928]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [6.5.2011 17:33 393112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.6.2011 18:02 19544]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20.10.2009 15:22 54960]
R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [20.10.2009 15:21 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [20.10.2009 23:27 57344]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [1.4.2007 17:31 9446]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 M9207;Digital TV USB Mini Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.1.2011 22:09 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.1.2011 22:09 136176]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [7.10.2005 13:45 58288]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [4.2.2007 21:58 85408]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29.12.2010 14:24 9728]
S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [20.10.2009 15:22 29744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:09]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
LSP: c:\program files\VMware\VMware Server\vsocklib.dll
TCP: Interfaces\{42B5F870-4857-4D62-9FC0-BEEBECD56BC3}: NameServer = 92.245.2.245,193.58.193.11
TCP: Interfaces\{4F2C9272-069A-4B59-828C-24D60ED0CB2A}: NameServer = 92.254.2.245,193.58.193.11
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Mozilla\Firefox\Profiles\up4tnhx8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\VMGINA.DLL
.
- - - - - - - > 'explorer.exe'(3172)
c:\windows\system32\msi.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchSystem910.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-06-04 14:12:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-04 12:12
ComboFix2.txt 2011-06-02 21:37
.
Pre-Run: 2 997 886 976 bytes free
Post-Run: 2 985 046 016 voľných bajtov
.
- - End Of File - - BDB5277594CAC5F26AA57273074E8814
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: AVAST nasiel Win32: Rootkit-gen

#6 Příspěvek od Rudy »

Ještě jednou spusťte CF tímto skriptem:
Folder::
c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Search Settings
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
IKO
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 02 čer 2011 21:11

Re: AVAST nasiel Win32: Rootkit-gen

#7 Příspěvek od IKO »

log je teraz takýto. Neviem, či je to už O.K., ale nesmierna vďaka (Len žasnem)

ComboFix 11-06-04.02 - Ivan 04.06.2011 20:13:09.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.767.52 [GMT 2:00]
Running from: c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Search Settings
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- c:\program files\trend micro
2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- C:\rsit
2011-06-02 16:02 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-02 16:02 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-02 16:02 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-02 16:02 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-02 16:02 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-02 16:02 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-02 16:02 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-02 16:02 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-02 16:01 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-02 16:01 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\program files\AVAST Software
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-02 05:03 . 2011-06-04 13:07 -------- d-----w- c:\program files\Application Updater
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-05-28 17:33 . 2011-05-28 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-05-25 21:06 . 2011-05-25 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-05-25 20:45 . 2011-05-25 20:45 -------- d-----w- c:\program files\Hewlett-Packard
2011-05-25 20:42 . 2008-09-26 23:37 188416 ----a-w- c:\windows\system32\hppcew11.dll
2011-05-25 20:42 . 2007-07-16 21:29 26136 ----a-w- c:\windows\system32\drivers\hpfxgen.sys
2011-05-25 20:42 . 2007-07-16 21:29 17432 ----a-w- c:\windows\system32\drivers\hpfxbulk.sys
2011-05-25 20:42 . 2009-06-26 17:43 770048 ----a-w- c:\windows\system32\hpptsp04.dll
2011-05-25 20:42 . 2008-09-26 23:37 450560 ----a-w- c:\windows\system32\hppasc11.dll
2011-05-25 20:42 . 2007-10-24 19:18 729088 ----a-w- c:\windows\system32\hpxp1312.dll
2011-05-25 20:36 . 2011-05-25 21:01 -------- d-----w- C:\HP_CM1312_series_full_solution_v5.0_EMEA2
2011-05-25 17:16 . 2011-05-25 17:16 608 --sha-w- c:\windows\system32\winzvprt5.sys
2011-05-20 20:16 . 2011-06-04 18:04 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\skypePM
2011-05-20 20:16 . 2011-06-01 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-20 20:16 . 2011-05-20 20:16 -------- d-----w- c:\program files\Common Files\Skype
2011-05-14 13:31 . 2011-06-04 15:56 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\VMware
2011-05-14 13:26 . 2011-05-14 13:26 -------- d-----w- c:\program files\Common Files\VMware
2011-05-14 12:55 . 2011-06-04 15:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2011-05-14 12:54 . 2009-10-20 13:21 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-05-14 12:54 . 2009-10-20 13:22 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-05-14 12:54 . 2009-10-20 13:22 399920 ----a-w- c:\windows\system32\vmnat.exe
2011-05-14 12:54 . 2009-10-20 13:21 723504 ----a-w- c:\windows\system32\vnetlib.dll
2011-05-14 12:53 . 2011-05-14 12:53 -------- d-----w- C:\Virtual Machines
2011-05-14 12:51 . 2011-06-04 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2011-05-14 12:51 . 2011-05-14 12:51 -------- d-----w- c:\program files\VMware
2011-05-05 20:09 . 2011-05-05 20:09 -------- d-----w- c:\program files\Adobe Media Player
2011-05-05 20:09 . 2011-05-05 20:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-24 21:25 . 2006-07-31 16:06 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-24 21:25 . 2006-07-31 16:06 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-24 21:25 . 2006-07-31 16:06 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-02_21.34.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-04 15:04 . 2011-06-04 15:04 16384 c:\windows\temp\Perflib_Perfdata_a7c.dat
+ 2011-06-04 15:03 . 2011-06-04 15:03 16384 c:\windows\temp\Perflib_Perfdata_a24.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"I.R.I.S. Desktop Search"="c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe" [2006-01-11 5193512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-03-16 90112]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-04-28 102400]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-06-17 40960]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-3-26 114688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
T-Mobile Communication Center.lnk - c:\program files\T-Mobile Communication Center\TMCC.exe [2010-12-29 761856]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2006-3-26 585728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"g:\\Dokumenty\\hry\\UNDERGROUND2\\Speed.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"=
"g:\\Dokumenty\\hry\\CS.1.6\\Cs 1.6\\hl.exe"=
"d:\\Instal\\skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.6.2011 18:02 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.6.2011 18:02 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.6.2011 18:02 19544]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20.10.2009 15:22 54960]
R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [20.10.2009 15:21 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [20.10.2009 23:27 57344]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [1.4.2007 17:31 9446]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 M9207;Digital TV USB Mini Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.1.2011 22:09 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.1.2011 22:09 136176]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [7.10.2005 13:45 58288]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [4.2.2007 21:58 85408]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29.12.2010 14:24 9728]
S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [20.10.2009 15:22 29744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:09]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
LSP: c:\program files\VMware\VMware Server\vsocklib.dll
TCP: Interfaces\{42B5F870-4857-4D62-9FC0-BEEBECD56BC3}: NameServer = 92.245.2.245,193.58.193.11
TCP: Interfaces\{4F2C9272-069A-4B59-828C-24D60ED0CB2A}: NameServer = 92.254.2.245,193.58.193.11
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Mozilla\Firefox\Profiles\up4tnhx8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-04 20:23
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\VMGINA.DLL
.
- - - - - - - > 'explorer.exe'(1484)
c:\windows\system32\msi.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchSystem910.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2011-06-04 20:26:03
ComboFix-quarantined-files.txt 2011-06-04 18:25
ComboFix2.txt 2011-06-04 12:12
ComboFix3.txt 2011-06-02 21:37
.
Pre-Run: 2 887 438 336 bytes free
Post-Run: 2 887 843 840 voľných bajtov
.
- - End Of File - - 0531611F8688B8C7A9908626E0FF82D4
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: AVAST nasiel Win32: Rootkit-gen

#8 Příspěvek od Rudy »

Log jž vypadá čistý. Ještě Avast hlásí rootkit?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
IKO
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 02 čer 2011 21:11

Re: AVAST nasiel Win32: Rootkit-gen

#9 Příspěvek od IKO »

Som smutný. Nič sa nenapravilo. Identifikoval sa rovnaký výrus, ako na začiatku. Čo s ním?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: AVAST nasiel Win32: Rootkit-gen

#10 Příspěvek od Rudy »

V jakém souboru byl detekován?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
IKO
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 02 čer 2011 21:11

Re: AVAST nasiel Win32: Rootkit-gen

#11 Příspěvek od IKO »

C:\Windows\ System32\pkigas.dll je infikovaný výrusom Win32: Rootkit-gen

Opísal som to celé tak, ako to vypísalo. Ďakujem za pomoc vopred.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: AVAST nasiel Win32: Rootkit-gen

#12 Příspěvek od Rudy »

Vraťte se k ComboFix. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
C:\Windows\ System32\pkigas.dll
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
IKO
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 02 čer 2011 21:11

Re: AVAST nasiel Win32: Rootkit-gen

#13 Příspěvek od IKO »

Posielam log k preskúmaniu. Vďaka.

ComboFix 11-06-05.01 - Ivan 05.06.2011 13:35:48.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.767.237 [GMT 2:00]
Running from: c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- c:\program files\trend micro
2011-06-02 20:05 . 2011-06-02 20:05 -------- d-----w- C:\rsit
2011-06-02 16:02 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-02 16:02 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-02 16:02 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-02 16:02 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-02 16:02 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-02 16:02 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-02 16:02 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-02 16:02 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-02 16:01 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-02 16:01 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\program files\AVAST Software
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-02 05:03 . 2011-06-04 13:07 -------- d-----w- c:\program files\Application Updater
2011-06-02 05:03 . 2011-06-02 05:03 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-05-28 17:33 . 2011-05-28 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-05-25 21:06 . 2011-05-25 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-05-25 20:45 . 2011-05-25 20:45 -------- d-----w- c:\program files\Hewlett-Packard
2011-05-25 20:42 . 2008-09-26 23:37 188416 ----a-w- c:\windows\system32\hppcew11.dll
2011-05-25 20:42 . 2007-07-16 21:29 26136 ----a-w- c:\windows\system32\drivers\hpfxgen.sys
2011-05-25 20:42 . 2007-07-16 21:29 17432 ----a-w- c:\windows\system32\drivers\hpfxbulk.sys
2011-05-25 20:42 . 2009-06-26 17:43 770048 ----a-w- c:\windows\system32\hpptsp04.dll
2011-05-25 20:42 . 2008-09-26 23:37 450560 ----a-w- c:\windows\system32\hppasc11.dll
2011-05-25 20:42 . 2007-10-24 19:18 729088 ----a-w- c:\windows\system32\hpxp1312.dll
2011-05-25 20:36 . 2011-05-25 21:01 -------- d-----w- C:\HP_CM1312_series_full_solution_v5.0_EMEA2
2011-05-25 17:16 . 2011-05-25 17:16 608 --sha-w- c:\windows\system32\winzvprt5.sys
2011-05-20 20:16 . 2011-06-05 06:57 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\skypePM
2011-05-20 20:16 . 2011-06-01 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-20 20:16 . 2011-05-20 20:16 -------- d-----w- c:\program files\Common Files\Skype
2011-05-14 13:31 . 2011-06-04 18:40 -------- d-----w- c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\VMware
2011-05-14 13:26 . 2011-05-14 13:26 -------- d-----w- c:\program files\Common Files\VMware
2011-05-14 12:55 . 2011-06-05 11:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2011-05-14 12:54 . 2009-10-20 13:21 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-05-14 12:54 . 2009-10-20 13:22 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-05-14 12:54 . 2009-10-20 13:22 399920 ----a-w- c:\windows\system32\vmnat.exe
2011-05-14 12:54 . 2009-10-20 13:21 723504 ----a-w- c:\windows\system32\vnetlib.dll
2011-05-14 12:53 . 2011-05-14 12:53 -------- d-----w- C:\Virtual Machines
2011-05-14 12:51 . 2011-06-05 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2011-05-14 12:51 . 2011-05-14 12:51 -------- d-----w- c:\program files\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-24 21:25 . 2006-07-31 16:06 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-24 21:25 . 2006-07-31 16:06 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-24 21:25 . 2006-07-31 16:06 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-02_21.34.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-05 06:48 . 2011-06-05 06:48 16384 c:\windows\temp\Perflib_Perfdata_c48.dat
+ 2011-06-05 06:47 . 2011-06-05 06:47 16384 c:\windows\temp\Perflib_Perfdata_b28.dat
+ 2011-06-05 11:47 . 2011-06-05 11:47 16384 c:\windows\temp\Perflib_Perfdata_45c.dat
+ 2011-06-05 11:46 . 2011-06-05 11:46 16384 c:\windows\temp\Perflib_Perfdata_160.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"I.R.I.S. Desktop Search"="c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe" [2006-01-11 5193512]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-03-16 90112]
"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" [2005-04-28 102400]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2009-06-17 40960]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-3-26 114688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
T-Mobile Communication Center.lnk - c:\program files\T-Mobile Communication Center\TMCC.exe [2010-12-29 761856]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2006-3-26 585728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"g:\\Dokumenty\\hry\\UNDERGROUND2\\Speed.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"=
"g:\\Dokumenty\\hry\\CS.1.6\\Cs 1.6\\hl.exe"=
"d:\\Instal\\skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.6.2011 18:02 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.6.2011 18:02 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.6.2011 18:02 19544]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20.10.2009 15:22 54960]
R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [20.10.2009 15:21 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [20.10.2009 23:27 57344]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [1.4.2007 17:31 9446]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 M9207;Digital TV USB Mini Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.1.2011 22:09 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.1.2011 22:09 136176]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [7.10.2005 13:45 58288]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [4.2.2007 21:58 85408]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29.12.2010 14:24 9728]
S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [20.10.2009 15:22 29744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:09]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
LSP: c:\program files\VMware\VMware Server\vsocklib.dll
TCP: Interfaces\{42B5F870-4857-4D62-9FC0-BEEBECD56BC3}: NameServer = 92.245.2.245,193.58.193.11
TCP: Interfaces\{4F2C9272-069A-4B59-828C-24D60ED0CB2A}: NameServer = 92.254.2.245,193.58.193.11
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\documents and settings\Ivan.IVAN-1KTSBYHEJ7\Application Data\Mozilla\Firefox\Profiles\up4tnhx8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 13:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\VMGINA.DLL
.
- - - - - - - > 'explorer.exe'(368)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchSystem910.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-06-05 13:52:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-05 11:52
ComboFix2.txt 2011-06-04 18:26
ComboFix3.txt 2011-06-04 12:12
ComboFix4.txt 2011-06-02 21:37
.
Pre-Run: 2 761 080 832 bytes free
Post-Run: 2 753 486 848 voľných bajtov
.
- - End Of File - - C17CB31AED80BB00D69C22A0427D8976
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: AVAST nasiel Win32: Rootkit-gen

#14 Příspěvek od Rudy »

Log vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
IKO
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 02 čer 2011 21:11

Re: AVAST nasiel Win32: Rootkit-gen

#15 Příspěvek od IKO »

Táák som Vám držal palce, ale nevyšlo to.
C:\Windows\ System32\pkigas.dll je infikovaný výrusom Win32: Rootkit-gen
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“