rootkit v PC - prosim help
Napsal: 02 říj 2010 10:21
zdravim,
mam NTB s XP SP3 aktualizovany , nicmene malvare bites hlasil trojana,avg taky, combofix taky ... spoustil jsem co tak znam (jmenovane programy) a zda se ze uz je to ok,rozjel se i internet,nicmene stale po spisteni pc se delaji nezname zarizeni , cca 30 neznamych zarizeni kazdy start .. na netu pisou ze to dela nejaky mallvare,ale uz nemuzu nic v pc najit ..
log z combofixu .
prosim o help
jinak tady je kousek logu z AVG
trojan remover hlasi po spusteni pc rychlem scanem
C:\WINDOWS\system32\Drivers\utiymzu1.sys
HKLM\SYSTEM\CurrentControlSet\Services\utiymzu1
rootkit.agent
mam NTB s XP SP3 aktualizovany , nicmene malvare bites hlasil trojana,avg taky, combofix taky ... spoustil jsem co tak znam (jmenovane programy) a zda se ze uz je to ok,rozjel se i internet,nicmene stale po spisteni pc se delaji nezname zarizeni , cca 30 neznamych zarizeni kazdy start .. na netu pisou ze to dela nejaky mallvare,ale uz nemuzu nic v pc najit ..
log z combofixu .
prosim o help
Kód: Vybrat vše
ComboFix 10-10-01.01 - oem 02.10.2010 11:14:26.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3067.2402 [GMT 2:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
AV: AVG Internet Security 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-02 do 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 08:06 . 2010-10-02 08:31 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-02 08:05 . 2010-10-02 08:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-02 08:04 . 2010-07-26 17:13 3683248 ----a-w- c:\documents and settings\oem\Data aplikací\Simply Super Software\Trojan Remover\rgm1BA.exe
2010-10-02 08:03 . 2010-10-02 08:03 715152 ----a-w- c:\documents and settings\All Users\Data aplikací\Simply Super Software\Trojan Remover\Data\trunins.exe
2010-10-02 08:03 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-10-02 08:03 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-10-02 08:03 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-10-02 08:03 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-10-02 08:03 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-10-02 08:03 . 2010-10-02 08:15 -------- d-----w- c:\program files\Trojan Remover
2010-10-02 07:31 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 07:31 . 2010-10-02 07:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 07:31 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 12:59 . 2010-10-01 12:59 -------- d-----w- C:\$AVG
2010-10-01 12:53 . 2010-10-02 08:10 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-01 12:52 . 2010-10-02 07:19 -------- d-----w- c:\program files\AVG
2010-09-30 07:18 . 2008-04-14 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-09-25 08:52 . 2010-09-25 08:52 -------- d-----w- c:\windows\system32\NtmsData
2010-09-20 20:31 . 2010-09-20 20:31 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 01:49 . 2010-09-07 01:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 01:48 . 2010-09-07 01:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 01:48 . 2010-09-07 01:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 01:48 . 2010-09-07 01:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 09:05 . 2008-05-07 23:42 92950 ----a-w- c:\windows\system32\perfc005.dat
2010-10-02 09:05 . 2008-05-07 23:42 463456 ----a-w- c:\windows\system32\perfh005.dat
2010-10-01 13:08 . 2010-04-17 13:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-01 12:56 . 2010-01-13 13:50 -------- d-----w- c:\program files\ESET
2010-09-22 04:44 . 2009-11-20 17:36 59917 ----a-w- c:\windows\system32\nvModes.dat
2010-09-22 01:54 . 2008-05-07 23:42 1034240 ----a-w- c:\windows\explorer.exe
2010-08-19 19:42 . 2010-08-19 19:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 19:42 . 2010-08-19 19:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 19:42 . 2010-08-19 19:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 13:17 . 2008-05-07 23:42 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:15 . 2010-08-16 08:15 57344 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-16 08:15 . 2010-08-16 08:15 56997 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\WebPlayer\Uninstaller.exe
2010-08-16 08:15 . 2010-08-16 08:15 56765 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-16 08:15 . 2010-08-16 08:12 -------- d-----w- c:\program files\DivX
2010-08-16 08:15 . 2010-08-16 08:15 53600 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\Update\Uninstaller.exe
2010-08-16 08:15 . 2010-08-16 08:15 57715 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\Player\Uninstaller.exe
2010-08-16 08:15 . 2010-08-16 08:15 84054 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\TransferWizard\Uninstaller.exe
2010-08-16 08:13 . 2010-08-16 08:12 -------- d-----w- c:\program files\Google
2010-08-16 08:11 . 2010-08-16 08:15 1062184 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\Setup\Resource.dll
2010-08-16 08:11 . 2010-08-16 08:11 144696 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-16 08:11 . 2010-08-16 08:15 895256 ----a-w- c:\documents and settings\All Users\Data aplikací\DivX\Setup\DivXSetup.exe
2010-07-22 15:46 . 2008-05-07 23:42 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 13:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-12 02:33 . 2010-07-12 02:33 51040 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-12 02:33 . 2010-07-12 02:33 30432 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-20 17:46 . 2009-11-20 17:46 75 --sh--r- c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((( SnapShot_2010-10-02_08.19.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 17:46 . 2009-04-30 12:51 25088 c:\windows\system32\WLTRYSVC.EXE
+ 2009-11-20 17:46 . 2009-04-30 12:51 65536 c:\windows\system32\wltrynt.dll
- 2009-11-20 17:46 . 2008-12-12 01:38 65536 c:\windows\system32\wltrynt.dll
+ 2008-05-07 23:42 . 2010-10-02 09:05 72910 c:\windows\system32\perfc009.dat
- 2008-05-07 23:42 . 2010-10-02 07:56 72910 c:\windows\system32\perfc009.dat
- 2009-11-20 17:46 . 2008-12-12 01:37 33664 c:\windows\system32\drivers\BCMWLNPF.SYS
+ 2009-11-20 17:46 . 2009-04-30 12:51 33664 c:\windows\system32\drivers\BCMWLNPF.SYS
+ 2009-11-20 17:46 . 2009-04-30 12:51 69632 c:\windows\system32\bcmwlpkt.dll
- 2009-11-20 17:46 . 2008-12-12 01:37 69632 c:\windows\system32\bcmwlpkt.dll
- 2009-11-20 17:46 . 2008-12-12 01:38 143360 c:\windows\system32\preflib.dll
+ 2009-11-20 17:46 . 2009-04-30 12:51 143360 c:\windows\system32\preflib.dll
- 2008-05-07 23:42 . 2010-10-02 07:56 445704 c:\windows\system32\perfh009.dat
+ 2008-05-07 23:42 . 2010-10-02 09:05 445704 c:\windows\system32\perfh009.dat
+ 2008-05-07 23:42 . 2010-06-23 22:30 182656 c:\windows\system32\drivers\ndis.sys
+ 2009-11-20 17:46 . 2009-04-30 12:51 319488 c:\windows\system32\bcmwlu00.exe
+ 2009-11-20 17:46 . 2009-04-30 12:50 151552 c:\windows\system32\bcmwlapi.dll
+ 2009-11-20 17:46 . 2009-04-30 12:50 843776 c:\windows\system32\BCMLogon.dll
+ 2009-11-20 17:46 . 2009-04-30 12:50 757760 c:\windows\system32\bcm1xsup.dll
+ 2009-11-20 17:46 . 2009-04-30 12:51 2396160 c:\windows\system32\WLTRAY.EXE
+ 2009-11-20 17:46 . 2009-04-30 12:51 2670592 c:\windows\system32\WLBCGCBPRO731.DLL
- 2009-11-20 17:46 . 2008-12-12 01:38 2670592 c:\windows\system32\WLBCGCBPRO731.DLL
+ 2009-11-20 17:46 . 2009-04-30 12:51 2682880 c:\windows\system32\vcredist_x86.exe
- 2009-11-20 17:46 . 2008-12-12 01:38 2682880 c:\windows\system32\vcredist_x86.exe
+ 2010-10-02 09:01 . 2009-04-05 12:21 1952512 c:\windows\system32\ReinstallBackups\0022\DriverFiles\BCMWL5.SYS
+ 2009-11-20 19:30 . 2009-04-30 12:51 1952512 c:\windows\system32\drivers\BCMWL5.SYS
- 2009-11-20 19:30 . 2009-04-05 12:21 1952512 c:\windows\system32\drivers\BCMWL5.SYS
+ 2009-11-20 17:46 . 2009-04-30 12:51 2134016 c:\windows\system32\BCMWLTRY.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-19 13590528]
"nwiz"="nwiz.exe" [2009-01-19 1630208]
"NVHotkey"="nvHotkey.dll" [2009-01-19 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-19 86016]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-10-02 1167808]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-10-02 6305088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-04-30 2396160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^0ccxooj.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\0ccxooj.exe
backup=c:\windows\pss\0ccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^0eezqql.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\0eezqql.exe
backup=c:\windows\pss\0eezqql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^1awwrii.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\1awwrii.exe
backup=c:\windows\pss\1awwrii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^2jee6qq.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\2jee6qq.exe
backup=c:\windows\pss\2jee6qq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^2zuu6gg.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\2zuu6gg.exe
backup=c:\windows\pss\2zuu6gg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^3kk9q1m.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\3kk9q1m.exe
backup=c:\windows\pss\3kk9q1m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^6kk6ww6.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\6kk6ww6.exe
backup=c:\windows\pss\6kk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^6ww6ii6.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\6ww6ii6.exe
backup=c:\windows\pss\6ww6ii6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^6yy6kk6.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\6yy6kk6.exe
backup=c:\windows\pss\6yy6kk6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^9g1cyyt.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\9g1cyyt.exe
backup=c:\windows\pss\9g1cyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^9s1okkf.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\9s1okkf.exe
backup=c:\windows\pss\9s1okkf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^brrcnjee.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\brrcnjee.exe
backup=c:\windows\pss\brrcnjee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^c9y1uqqlcc.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\c9y1uqqlcc.exe
backup=c:\windows\pss\c9y1uqqlcc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^dzuu6gg6.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\dzuu6gg6.exe
backup=c:\windows\pss\dzuu6gg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^e70fbww6i.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\e70fbww6i.exe
backup=c:\windows\pss\e70fbww6i.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^fg70hdyy6k.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\fg70hdyy6k.exe
backup=c:\windows\pss\fg70hdyy6k.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^fwwriidu.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\fwwriidu.exe
backup=c:\windows\pss\fwwriidu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^fwwriiduupg.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\fwwriiduupg.exe
backup=c:\windows\pss\fwwriiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^g1cyytkk.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
backup=c:\windows\pss\g1cyytkk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^g6ss6ee6.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\g6ss6ee6.exe
backup=c:\windows\pss\g6ss6ee6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^ggbssnee.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\ggbssnee.exe
backup=c:\windows\pss\ggbssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^ggbssneezq.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\ggbssneezq.exe
backup=c:\windows\pss\ggbssneezq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^hyytkkfwwri.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\hyytkkfwwri.exe
backup=c:\windows\pss\hyytkkfwwri.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^i70jfaa6m.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\i70jfaa6m.exe
backup=c:\windows\pss\i70jfaa6m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^i9e1awwrii.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\i9e1awwrii.exe
backup=c:\windows\pss\i9e1awwrii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^ii6uu6gg6.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\ii6uu6gg6.exe
backup=c:\windows\pss\ii6uu6gg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^k3wrhidtup.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\k3wrhidtup.exe
backup=c:\windows\pss\k3wrhidtup.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^k70lhcc6o.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\k70lhcc6o.exe
backup=c:\windows\pss\k70lhcc6o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^l0rnii6uu.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\l0rnii6uu.exe
backup=c:\windows\pss\l0rnii6uu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^lbbxnnjz.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\lbbxnnjz.exe
backup=c:\windows\pss\lbbxnnjz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^m70njee6q.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\m70njee6q.exe
backup=c:\windows\pss\m70njee6q.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^mhnjee6v.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\mhnjee6v.exe
backup=c:\windows\pss\mhnjee6v.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^nnjzzvllhxx.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\nnjzzvllhxx.exe
backup=c:\windows\pss\nnjzzvllhxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^pfgbcx08.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\pfgbcx08.exe
backup=c:\windows\pss\pfgbcx08.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^q1miiduu.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\q1miiduu.exe
backup=c:\windows\pss\q1miiduu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^q70rnii6u.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\q70rnii6u.exe
backup=c:\windows\pss\q70rnii6u.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^qlccxooj.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\qlccxooj.exe
backup=c:\windows\pss\qlccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^r0ns81pklq8.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\r0ns81pklq8.exe
backup=c:\windows\pss\r0ns81pklq8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^r0ns86e81qb.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\r0ns86e81qb.exe
backup=c:\windows\pss\r0ns86e81qb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^r1cnojzavl.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\r1cnojzavl.exe
backup=c:\windows\pss\r1cnojzavl.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^soojaavmmh.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\soojaavmmh.exe
backup=c:\windows\pss\soojaavmmh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^too6aa6mm.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\too6aa6mm.exe
backup=c:\windows\pss\too6aa6mm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^ttpffbrrndd.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\ttpffbrrndd.exe
backup=c:\windows\pss\ttpffbrrndd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^u1qmmhyy.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\u1qmmhyy.exe
backup=c:\windows\pss\u1qmmhyy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^u3wwriiduup.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\u3wwriiduup.exe
backup=c:\windows\pss\u3wwriiduup.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^uqqlccxooj.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\uqqlccxooj.exe
backup=c:\windows\pss\uqqlccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^w1soojaa.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\w1soojaa.exe
backup=c:\windows\pss\w1soojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^wssneezqql.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\wssneezqql.exe
backup=c:\windows\pss\wssneezqql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^y6kk6ww6.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\y6kk6ww6.exe
backup=c:\windows\pss\y6kk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^y9u1qmmhyy.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\y9u1qmmhyy.exe
backup=c:\windows\pss\y9u1qmmhyy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^oem^Nabídka Start^Programy^Po spuštění^zqqlccxoo.exe]
path=c:\documents and settings\oem\Nabídka Start\Programy\Po spuštění\zqqlccxoo.exe
backup=c:\windows\pss\zqqlccxoo.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-22 23:49 729088 ----a-w- c:\windows\system32\AESTFltr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-04-30 12:51 2396160 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM13Mon.exe]
2009-01-19 01:27 36864 ----a-w- c:\windows\OEM13Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 03:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-20 17:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-02-22 23:49 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"O2FLASH"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 298448]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [10.9.2010 1:45 3210176]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3.9.2010 10:35 6104144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10.9.2010 1:45 265400]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [20.11.2009 21:30 112512]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 26192]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [20.11.2009 21:30 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [20.11.2009 21:30 41760]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [20.11.2009 21:30 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [20.11.2009 21:30 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [20.11.2009 21:30 235840]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.8.2010 10:12 135664]
.
Obsah adresáře 'Naplánované úlohy'
2010-10-02 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2010-10-02 11:13]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 08:12]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 08:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\e526g1bm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 11:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(5988)
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-10-02 11:17:57
ComboFix-quarantined-files.txt 2010-10-02 09:17
ComboFix2.txt 2010-10-02 08:20
ComboFix3.txt 2010-09-30 07:21
Před spuštěním: Volných bajtů: 300 751 667 200
Po spuštění: Volných bajtů: 300 750 524 416
- - End Of File - - E50FC9ED7C876D77BCD685ECC64968EE
Kód: Vybrat vše
C:\WINDOWS\system32\services.exe (1760):\memory_09500000 Trojský kůň Generic17.BKCS
C:\WINDOWS\system32\services.exe (1760) Trojský kůň Generic17.BKCS
C:\WINDOWS\system32\svchost.exe (228):\memory_00400000 Trojský kůň SpamTool.FYS
C:\WINDOWS\system32\svchost.exe (228) Trojský kůň SpamTool.FYS
C:\WINDOWS\system32\svchost.exe (232):\memory_00400000 Trojský kůň SpamTool.FYS
C:\WINDOWS\system32\svchost.exe (232) Trojský kůň SpamTool.FYS
C:\WINDOWS\system32\Drivers\utiymzu1.sys
HKLM\SYSTEM\CurrentControlSet\Services\utiymzu1
rootkit.agent