Kontrola logu

[medved75]

Dobrý den! Chtěl bych poprosit o zkontrolování tohoto logu,děkuji velmi předem!:

ComboFix 12-09-06.04 - Dawe 07.09.2012 8:32.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1536.89 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dawe\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
SP: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7094}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dawe\mpegdll.dll
c:\documents and settings\Dawe\Playboy2003.exe
c:\documents and settings\Dawe\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-07 do 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-07 06:20 . 2012-09-07 06:20 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0E7E090-4CFE-4C8B-A09A-EC9DE7A42D1F}\MpKsl481d695e.sys
2012-09-06 18:39 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0E7E090-4CFE-4C8B-A09A-EC9DE7A42D1F}\mpengine.dll
2012-09-05 18:34 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-29 06:44 . 2012-08-29 06:44 73696 -c--a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-24 13:48 . 2012-08-24 13:48 -------- d-----w- c:\documents and settings\Dawe\Data aplikací\Apple Computer
2012-08-22 09:08 . 2012-08-22 10:37 -------- dc----w- c:\program files\Real
2012-08-20 10:26 . 2012-08-20 10:26 -------- dc----w- c:\windows\system32\Adobe
2012-08-20 10:00 . 2012-08-20 10:16 -------- dc----w- c:\program files\trend micro
2012-08-20 10:00 . 2012-08-20 10:01 -------- d-----w- C:\rsit
2012-08-20 09:56 . 2012-08-20 10:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Google Updater
2012-08-20 09:22 . 2012-08-20 09:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-08-20 09:20 . 2012-08-20 09:20 -------- dc----w- c:\program files\Common Files\Apple
2012-08-20 09:20 . 2012-08-20 09:20 -------- dc----w- c:\program files\Apple Software Update
2012-08-20 09:20 . 2012-08-20 09:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2012-08-08 13:16 . 2012-08-08 13:16 -------- d-----w- c:\documents and settings\Dawe\Data aplikací\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 13:30 . 2012-04-03 19:56 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-03 13:30 . 2011-07-03 19:48 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 13:30 . 2012-07-27 12:30 9232584 -c--a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-28 18:24 . 2012-07-07 20:00 477168 -c--a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-07-05 10:22 473072 -c--a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-07-07 20:00 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2012-08-22 09:08 . 2011-06-27 18:32 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2012-07-06 13:58 . 2004-08-18 12:00 78336 -c--a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-06-27 16:52 139784 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-18 12:00 1866112 -c--a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-18 12:00 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-18 12:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-18 12:00 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-18 12:00 385024 -c----w- c:\windows\system32\html.iec
2012-06-27 02:14 . 2012-06-27 02:14 4472832 -c--a-w- c:\windows\system32\GPhotos.scr
2009-09-04 16:01 . 2009-09-04 16:01 525656 -c--a-w- c:\program files\DXSETUP.exe
2009-09-04 16:01 . 2009-09-04 16:01 94024 -c--a-w- c:\program files\DSETUP.dll
2009-09-04 16:01 . 2009-09-04 16:01 1691464 -c--a-w- c:\program files\dsetup32.dll
2012-08-29 06:44 . 2012-06-25 09:31 266720 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-14 03:21 . F92DC696F3442E350D7DF44AED6EBD4B . 817152 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 . F92DC696F3442E350D7DF44AED6EBD4B . 817152 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-14 03:21 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\XPize Darkside\Backup\comres.dll
[7] 2004-08-18 12:00 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . DCEC4A3B35A9A17A4BA2FCE48C300E0C . 1695232 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . DCEC4A3B35A9A17A4BA2FCE48C300E0C . 1695232 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\XPize Darkside\Backup\explorer.exe
[7] 2004-08-18 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 655F96DA753F16E8951D3602797730E2 . 425472 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 655F96DA753F16E8951D3602797730E2 . 425472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\XPize Darkside\Backup\regedit.exe
[7] 2004-08-18 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 9064261EFF6CE2F5FF1C5E4C41FE8A50 . 30208 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 9064261EFF6CE2F5FF1C5E4C41FE8A50 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\XPize Darkside\Backup\ctfmon.exe
[7] 2004-08-18 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ie8\iexplore.exe
[-] 2009-03-08 . 9BFB9382417AEF605852F79631EB4513 . 599904 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\XPize Darkside\Backup\iexplore.exe
[7] 2004-08-18 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-20 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-01 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2012-08-20 160752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 30208]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\et.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"2544:UDP"= 2544:UDP:Windows Media Format SDK (internettv.exe)
"2545:UDP"= 2545:UDP:Windows Media Format SDK (internettv.exe)
"2546:UDP"= 2546:UDP:Windows Media Format SDK (internettv.exe)
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10.9.2011 12:38 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10.9.2011 12:38 5248]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [27.6.2011 19:09 77056]
R1 MpKsl481d695e;MpKsl481d695e;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0E7E090-4CFE-4C8B-A09A-EC9DE7A42D1F}\MpKsl481d695e.sys [7.9.2012 8:20 29904]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2011 1:22 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3.4.2012 21:56 250568]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14.5.2012 12:13 23456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2011 1:22 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 20:21 114144]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [1.7.2011 10:03 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [1.7.2011 10:45 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [1.7.2011 10:45 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [1.7.2011 10:03 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [1.7.2011 10:03 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [1.7.2011 10:03 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [1.7.2011 10:03 109864]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL481D695E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:42]
.
2012-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-06-27 10:36]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 23:22]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 23:22]
.
2012-09-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Dawe\Data aplikací\Mozilla\Firefox\Profiles\680fuqsq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-07 08:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.swf\OpenWithList\GSpot.exe]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02f9e4ed-d097-41af-8168-69cac0360a6e}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f4
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,9f,a2,6a,01,c4,34,b3,ae,7a,3a,20,b9,a6,f6,22,ac,84,fb,40,38,
a0,d6,7e,c4,f3,bc,f0,56,6f,7c,6f,11,1d,16,18,01,02,f6,18,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash]
@DACL=(02 0000)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\CLSID]
@DACL=(02 0000)
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\CurVer]
@DACL=(02 0000)
@="ShockwaveFlash.ShockwaveFlash.10"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\cscui.dll
.
Celkový čas: 2012-09-07 08:44:25
ComboFix-quarantined-files.txt 2012-09-07 06:44
.
Před spuštěním: Volných bajtů: 108 585 906 176
Po spuštění: Volných bajtů: 108 673 728 512
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 20AE25451C41FBCB043C643E360751FC

[Roli]

Zdravím, kdo Ti poradil tam hned narvat ComboFix bez předchozí konzultace ?

Tenhle softík totiž není dětská hračka.


No nic lidi jsou nepoučitelní, pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

FireFox::
FF - ProfilePath - c:\documents and settings\Dawe\Data aplikací\Mozilla\Firefox\Profiles\680fuqsq.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2832595&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[medved75]

Ahoj!
Program Combofix mi doporučil jeden můj známý, živí se jako ajťák už ix let (tak si myslím, že se v tom vyzná). Pak mi řekl,abych se zaregistroval na těhlech stránkách a dal sem výslednou listinu z toho Combofixu na posouzení. Takže promiň§
Jinak díky moc za odpověď!

[medved75]

Ahoj!
Udělal jsem vše podle tvých instrukcí, ale restart Windowsů to po mně nechtělo. Každopádně přikládám k posouzení druhý log a děkuji!:

ComboFix 12-09-06.04 - Dawe 07.09.2012 8:32.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1536.89 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dawe\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
SP: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7094}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dawe\mpegdll.dll
c:\documents and settings\Dawe\Playboy2003.exe
c:\documents and settings\Dawe\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-07 do 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-07 06:20 . 2012-09-07 06:20 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0E7E090-4CFE-4C8B-A09A-EC9DE7A42D1F}\MpKsl481d695e.sys
2012-09-06 18:39 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0E7E090-4CFE-4C8B-A09A-EC9DE7A42D1F}\mpengine.dll
2012-09-05 18:34 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-29 06:44 . 2012-08-29 06:44 73696 -c--a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-24 13:48 . 2012-08-24 13:48 -------- d-----w- c:\documents and settings\Dawe\Data aplikací\Apple Computer
2012-08-22 09:08 . 2012-08-22 10:37 -------- dc----w- c:\program files\Real
2012-08-20 10:26 . 2012-08-20 10:26 -------- dc----w- c:\windows\system32\Adobe
2012-08-20 10:00 . 2012-08-20 10:16 -------- dc----w- c:\program files\trend micro
2012-08-20 10:00 . 2012-08-20 10:01 -------- d-----w- C:\rsit
2012-08-20 09:56 . 2012-08-20 10:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Google Updater
2012-08-20 09:22 . 2012-08-20 09:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-08-20 09:20 . 2012-08-20 09:20 -------- dc----w- c:\program files\Common Files\Apple
2012-08-20 09:20 . 2012-08-20 09:20 -------- dc----w- c:\program files\Apple Software Update
2012-08-20 09:20 . 2012-08-20 09:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2012-08-08 13:16 . 2012-08-08 13:16 -------- d-----w- c:\documents and settings\Dawe\Data aplikací\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 13:30 . 2012-04-03 19:56 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-03 13:30 . 2011-07-03 19:48 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 13:30 . 2012-07-27 12:30 9232584 -c--a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-28 18:24 . 2012-07-07 20:00 477168 -c--a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-07-05 10:22 473072 -c--a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-07-07 20:00 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2012-08-22 09:08 . 2011-06-27 18:32 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2012-07-06 13:58 . 2004-08-18 12:00 78336 -c--a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-06-27 16:52 139784 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-18 12:00 1866112 -c--a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-18 12:00 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-18 12:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-18 12:00 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-18 12:00 385024 -c----w- c:\windows\system32\html.iec
2012-06-27 02:14 . 2012-06-27 02:14 4472832 -c--a-w- c:\windows\system32\GPhotos.scr
2009-09-04 16:01 . 2009-09-04 16:01 525656 -c--a-w- c:\program files\DXSETUP.exe
2009-09-04 16:01 . 2009-09-04 16:01 94024 -c--a-w- c:\program files\DSETUP.dll
2009-09-04 16:01 . 2009-09-04 16:01 1691464 -c--a-w- c:\program files\dsetup32.dll
2012-08-29 06:44 . 2012-06-25 09:31 266720 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-14 03:21 . F92DC696F3442E350D7DF44AED6EBD4B . 817152 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 . F92DC696F3442E350D7DF44AED6EBD4B . 817152 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-14 03:21 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\XPize Darkside\Backup\comres.dll
[7] 2004-08-18 12:00 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . DCEC4A3B35A9A17A4BA2FCE48C300E0C . 1695232 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . DCEC4A3B35A9A17A4BA2FCE48C300E0C . 1695232 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\XPize Darkside\Backup\explorer.exe
[7] 2004-08-18 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 655F96DA753F16E8951D3602797730E2 . 425472 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 655F96DA753F16E8951D3602797730E2 . 425472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\XPize Darkside\Backup\regedit.exe
[7] 2004-08-18 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 9064261EFF6CE2F5FF1C5E4C41FE8A50 . 30208 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 9064261EFF6CE2F5FF1C5E4C41FE8A50 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\XPize Darkside\Backup\ctfmon.exe
[7] 2004-08-18 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ie8\iexplore.exe
[-] 2009-03-08 . 9BFB9382417AEF605852F79631EB4513 . 599904 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\XPize Darkside\Backup\iexplore.exe
[7] 2004-08-18 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-20 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-01 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2012-08-20 160752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 30208]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\et.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"2544:UDP"= 2544:UDP:Windows Media Format SDK (internettv.exe)
"2545:UDP"= 2545:UDP:Windows Media Format SDK (internettv.exe)
"2546:UDP"= 2546:UDP:Windows Media Format SDK (internettv.exe)
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10.9.2011 12:38 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10.9.2011 12:38 5248]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [27.6.2011 19:09 77056]
R1 MpKsl481d695e;MpKsl481d695e;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C0E7E090-4CFE-4C8B-A09A-EC9DE7A42D1F}\MpKsl481d695e.sys [7.9.2012 8:20 29904]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2011 1:22 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3.4.2012 21:56 250568]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14.5.2012 12:13 23456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2011 1:22 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 20:21 114144]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [1.7.2011 10:03 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [1.7.2011 10:45 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [1.7.2011 10:45 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [1.7.2011 10:03 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [1.7.2011 10:03 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [1.7.2011 10:03 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [1.7.2011 10:03 109864]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL481D695E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:42]
.
2012-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-06-27 10:36]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 23:22]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 23:22]
.
2012-09-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Dawe\Data aplikací\Mozilla\Firefox\Profiles\680fuqsq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-07 08:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.swf\OpenWithList\GSpot.exe]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02f9e4ed-d097-41af-8168-69cac0360a6e}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f4
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,9f,a2,6a,01,c4,34,b3,ae,7a,3a,20,b9,a6,f6,22,ac,84,fb,40,38,
a0,d6,7e,c4,f3,bc,f0,56,6f,7c,6f,11,1d,16,18,01,02,f6,18,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash]
@DACL=(02 0000)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\CLSID]
@DACL=(02 0000)
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\CurVer]
@DACL=(02 0000)
@="ShockwaveFlash.ShockwaveFlash.10"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\cscui.dll
.
Celkový čas: 2012-09-07 08:44:25
ComboFix-quarantined-files.txt 2012-09-07 06:44
.
Před spuštěním: Volných bajtů: 108 585 906 176
Po spuštění: Volných bajtů: 108 673 728 512
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 20AE25451C41FBCB043C643E360751FC

[Roli]

Ahoj!
Program Combofix mi doporučil jeden můj známý, živí se jako ajťák už ix let (tak si myslím, že se v tom vyzná). Pak mi řekl,abych se zaregistroval na těhlech stránkách a dal sem výslednou listinu z toho Combofixu na posouzení. Takže promiň§
Jinak díky moc za odpověď!

To je zajímavé, letitý ajťák Ti tam narve ComboFix a pak Tě pošle sem
Mě se omlouvat nemusíš, ale může se stát že ComboFix "šáhne" kam nemá a bude zle a co s tím pak budeš dělat ?

Jinak tu akci s tím skriptem si neudělal pouze jsi ComboFix spustil.

Tak že znovu


pak mi sem dej ten log co na Tebe vypadne.

[motji]

Pro neaktivitu uzamknuto, viz pravidla
http://forum.viry.cz/viewtopic.php?f=12&t=123975


Pokud chcete topic odemknout, kontaktujte mě nebo někoho z moderátorů na email.