Prosím teď o kontrolu logu a vytvoreni skriptu pro CFScript.txt abych to mohl zpět prohnat combofixem.
Děkuji mnohokráte
ComboFix 11-04-19.01 - Pedro 19.04.2011 18:33:05.1.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.3416 [GMT 2:00]
Spu�t�n� z: c:\users\Pedro\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatn� v�mazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\resycled
c:\users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\WDICT32.INI
c:\users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\WTRAN32.INI
c:\users\Pedro\AppData\Roaming\Best Malware Protection
c:\users\Pedro\AppData\Roaming\Best Malware Protection\cookies.sqlite
c:\users\Pedro\AppData\Roaming\Best Malware Protection\Instructions.ini
c:\users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Best Malware Protection.lnk
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Best Malware Protection.lnk
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Malware Protection.lnk
c:\users\Pedro\Desktop\Best Malware Protection.lnk
X:\resycled
.
.
((((((((((((((((((((((((( Soubory vytvo�en� od 2011-03-19 do 2011-04-19 )))))))))))))))))))))))))))))))
.
.
2011-04-19 16:37 . 2011-04-19 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-19 15:45 . 2011-04-19 15:45 -------- d-----w- c:\users\Pedro\DoctorWeb
2011-04-19 14:08 . 2011-04-19 14:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-19 14:08 . 2011-04-19 14:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-04-19 13:38 . 2011-04-19 13:38 -------- d-sh--w- c:\programdata\BMEOUP
2011-04-19 13:38 . 2011-04-19 13:38 -------- d-sh--w- c:\programdata\0c9e20
2011-04-19 13:08 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64FE9203-3F45-4D95-870D-46A89FA2AFCB}\mpengine.dll
2011-04-14 19:09 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 12:20 . 2011-04-12 12:21 -------- d-----w- C:\WINTRP
2011-04-06 05:35 . 2010-11-30 09:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-06 05:35 . 2010-11-30 09:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB0C181D-83A6-4550-93C3-1036A48DCA40}\gapaengine.dll
2011-03-31 21:18 . 2011-03-31 21:18 -------- d-----w- c:\users\Pedro\AppData\Roaming\RadarSync
2011-03-31 21:17 . 2011-04-03 18:55 -------- d-----w- c:\program files (x86)\RadarSync
2011-03-31 20:16 . 2011-03-31 20:16 -------- d-----w- c:\users\Pedro\dwhelper
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M v�pis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 20:17 . 2011-02-20 19:37 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 05:55 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 19:03 . 2011-03-07 19:03 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-07 19:01 . 2011-02-25 22:21 507392 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2011-02-28 18:31 . 2011-02-28 18:31 294912 ----a-w- c:\windows\TrnWord.dll
2011-02-28 18:30 . 2011-02-28 18:30 516096 ----a-w- c:\windows\UN32.EXE
2011-02-28 18:23 . 2011-02-28 18:23 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-24 20:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-24 20:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-16 17:31 . 2011-02-16 17:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-16 16:47 . 2009-08-07 08:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-02-16 16:47 . 2009-08-17 11:13 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2011-02-16 16:47 . 2009-08-17 11:13 204584 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-02-16 16:47 . 2009-08-17 11:13 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-02-16 16:47 . 2009-08-17 11:15 286768 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-02-16 16:47 . 2009-08-17 11:13 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2011-02-16 16:47 . 2009-08-17 11:13 261928 ----a-w- c:\windows\system32\SynCtrl.dll
2011-02-16 16:47 . 2009-08-17 11:13 169256 ----a-w- c:\windows\SysWow64\SynCOM.dll
2011-02-16 16:47 . 2009-08-17 11:13 395048 ----a-w- c:\windows\system32\SynCOM.dll
2011-02-16 15:53 . 2011-02-16 15:54 720896 ----a-w- c:\windows\iun6002.exe
2011-02-16 14:05 . 2009-05-13 08:07 15928 ----a-w- c:\windows\system32\drivers\ATK64AMD.sys
2011-02-02 20:40 . 2011-02-21 20:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:10 . 2011-02-16 14:27 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78C2DF98-7813-484B-B16A-D5881BAE3E92}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spou�t�c� body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Pozn�mka* pr�zdn� z�znamy a legitimn� v�choz� �daje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\users\Pedro\Desktop\rmclock_235_bin\RMClockLauncher.exe" [2008-02-29 61440]
"Best Malware Protection"="c:\programdata\0c9e20\BM0c9_2121.exe" [2011-04-19 2455552]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"tvjbmonitor"="c:\program files (x86)\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248]
"PDF Seven"="c:\program files\PDFSeven\PDF.exe" [2009-12-10 489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
R3 CPUgenieDriver;CPUgenieDriver;c:\program files\GreenVantage LLC\CPUgenie64\NBFreezer64.sys [x]
R3 cpuz135;cpuz135;c:\users\Pedro\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTCore64;RTCore64;c:\users\Pedro\Desktop\rmclock_235_bin\RTCore64.sys [2011-02-28 14352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Slu�ba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Dopl�kov� sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\833rzmyt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Quick Translator: {5C655500-E712-41e7-9349-CE462F844B19} - %profile%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
.
- - - - NEPLATN� POLO�KY ODSTRAN�N� Z REGISTRU - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-{F3F1D08D-ABEF-4528-8383-54C46369EBB6} - c:\program files (x86)\InstallShield Installation Information\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}\Setup.exe
.
.
.
--------------------- ZAMKNUT� KL��E V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1865015228-3386764495-2453575237-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkov� �as: 2011-04-19 18:39:33
ComboFix-quarantined-files.txt 2011-04-19 16:39
.
P�ed spu�t�n�m: Voln�ch bajt�: 81�166�663�680
Po spu�t�n�: Voln�ch bajt�: 80�847�822�848
.
- - End Of File - - 2D119010ADF7EE19CE562F06BFCF823D
Přispějete na provoz fóra?