OMLOUVÁME SE ZA NEPŘÍJEMNOST ALE SYSTÉM WINDOWS NEBYL USPĚŠNĚ SPUŠTĚN Z DŮVODU ZMĚNY HARDWERU NEBO SOFTRWARU ABY CHRÁNIL SOUBORY A SLOŽKY
JINAK JSE MI HO PODAŘILO
SPUSTIT Z NOUZOVEHO REŽIMU
ALE V NORMÁLNÍM REŽIMU POKRAČUJE VÝŠE UVEDENÝ RESTART ....PŘÍDÁVÁM LOG
ComboFix 09-10-01.05 - user 03.10.2009 12:40.23.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.284 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-03 do 2009-10-03 )))))))))))))))))))))))))))))))
.
2009-10-03 04:47 . 2009-10-03 04:47 -------- d-----w- c:\program files\ESET
2009-10-02 20:39 . 2009-10-02 20:41 5067769 ----a-w- c:\windows\REGBK03.ZIP
2009-09-29 09:57 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 09:57 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 09:57 . 2009-10-02 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 14:38 . 2009-09-23 14:39 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2009-09-21 09:58 . 2009-09-21 09:59 5076455 ----a-w- c:\windows\REGBK02.ZIP
2009-09-21 09:56 . 2009-09-21 09:56 -------- d---a-w- c:\windows\VDLL.DLL
2009-09-21 09:56 . 2009-09-21 09:56 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-09-21 09:56 . 2009-09-21 09:56 -------- d---a-w- c:\windows\logo_1.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 19:49 . 2009-05-07 08:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-19 07:31 . 2008-10-26 06:54 -------- d-----w- c:\program files\EA Sports
2009-09-10 16:06 . 2009-08-18 12:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-07 11:29 . 2009-05-18 11:09 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-08-28 08:39 . 2009-04-21 08:57 179792 ----a-w- c:\windows\system32\guard32.dll
2009-08-28 08:39 . 2009-04-21 08:57 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-08-28 08:39 . 2009-04-21 08:57 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-08-28 08:39 . 2009-04-21 08:57 132168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-08-10 06:09 . 2008-12-13 14:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-08 15:52 . 2009-08-08 15:52 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-16 07:05 . 2009-07-16 05:49 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-16 06:59 . 2009-07-16 05:49 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 05:48 . 2009-07-16 05:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-09 18:19 . 2009-07-09 18:19 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-08-28 1796368]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-08-30 69632]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.1.2009 11:14 64160]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.4.2009 10:57 132168]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2009 11:43 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 55024]
S3 APMUKCF;APMUKCF;c:\docume~1\user\LOCALS~1\Temp\APMUKCF.exe --> c:\docume~1\user\LOCALS~1\Temp\APMUKCF.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 12:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,4a,67,15,5b,a9,6a,5b,cd,e9,29,0d,e8,6d,03,26,ab,ed,d4,03,b1,05,91,
9e,12,18,64,cd,52,6a,9b,30,35,dd,39,6d,c6,2c,07,28,e0,cc,4d,3d,fe,d3,a7,b4,\
"??"=hex:8a,95,0c,91,36,dd,90,2c,2c,e3,05,7a,7a,8f,80,cc
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,4d,8c,a1,66,59,d4,ee,8d,27,72,77,96,fc,f0,44,7e,c3,ac,d1,82,
55,ab,c3,2c,d2,34,74,f9,c0,6e,7c,49,54,78,86,01,bd,9a,fb,a9,22,e1,0a,f0,e0,\
"rkeysecu"=hex:fb,81,90,31,d2,93,d3,3d,73,a6,fd,d8,95,a1,26,4b
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\guard32.dll
.
Celkový čas: 2009-10-03 12:49
ComboFix-quarantined-files.txt 2009-10-03 10:49
Před spuštěním: Volných bajtů: 73 456 193 536
Po spuštění: Volných bajtů: 73 521 631 232
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
133 --- E O F --- 2009-08-02 17:04
),takže bych dělal co píše Rudy,bude to nejjednoduší..
Přispějete na provoz fóra?