LOG
Napsal: 01 črc 2010 18:17
Zdravím,můžete mi pls někdo projet log z combofixu?Nějak se mi poslední dobou sralo pc,tak jsem to projel....
Kód: Vybrat vše
ComboFix 10-06-30.03 - Greddy 01.07.2010 18:56:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.726 [GMT 2:00]
Spuštěný z: c:\documents and settings\Greddy\Dokumenty\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Greddy\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Greddy\Local Settings\Temp\yvlll.bak
c:\windows\system32\_003535_.tmp.dll
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-01 do 2010-07-01 )))))))))))))))))))))))))))))))
.
2010-06-16 16:11 . 2010-06-16 16:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-11 18:58 . 2010-06-11 18:58 -------- d-----w- c:\program files\xrecode II
2010-06-11 12:59 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 20:44 . 2002-09-23 12:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 20:44 . 2002-09-23 12:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 16:12 . 2010-05-19 08:07 -------- d-----w- c:\program files\Zoner
2010-05-20 21:01 . 2010-05-20 21:01 -------- d-----w- c:\program files\Advanced PDF to HTML converter
2010-05-06 10:35 . 2002-09-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 14:29 . 2009-12-07 15:11 -------- d-----w- c:\program files\MSXML 4.0
2010-05-04 16:28 . 2010-05-04 16:28 -------- d-----w- c:\program files\Software602
2010-05-03 16:51 . 2010-05-03 16:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-03 16:51 . 2010-05-03 16:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-03 16:47 . 2010-05-03 16:47 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-03 16:47 . 2009-12-17 20:33 -------- d-----w- c:\program files\Nokia
2010-05-03 16:36 . 2010-05-03 16:36 -------- d-----w- c:\program files\NSS
2010-05-02 08:09 . 2002-09-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 17:08 . 2010-04-29 17:08 10454 ----a-w- c:\windows\system32\drivers\parldr2k.sys
2010-04-20 05:32 . 2002-09-23 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 15:29 . 2010-04-25 07:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2008-04-14 03:22 . 2009-11-27 22:09 60416 --sha-w- c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
.
------- Sigcheck -------
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . BC1F14BAB52C87846AE51228C59173EB . 561664 . . [5.82] . . c:\windows\SoftwareDistribution\Download\acce8888a2025362d898d606b12a9a53\sp1qfe\comctl32.dll
[-] 2006-08-25 . 3ABCC88C3C67D873170A96A25C93616F . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\acce8888a2025362d898d606b12a9a53\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 . E26B26189B786E6B092F002041D5A1E2 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\acce8888a2025362d898d606b12a9a53\sp2qfe\comctl32.dll
[-] 2006-08-25 . 6CB1BAC5FA7E692B63C3D5AAA348E76A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\acce8888a2025362d898d606b12a9a53\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-07-13 . C6D88AE5F7192ABC477C3D2655E28DCA . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\b3fcbdb02bfe19358640e48956949d42\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-03-17 . 33DFA99B7ACF485A51E96C18CA68D473 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\3bf6999727ddb1d518f5b60a6000e8ba\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2005-08-31 . 7EEDB3AF3DDBB57CA98A00D0280613AB . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\d74a58a2257733dd923587d311758d6c\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . 2AD16B1C3E9EEE367C5B3B6028DE31E7 . 561152 . . [5.1.2600.1634] . . c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp1qfe\user32.dll
[-] 2005-03-02 . 2AD16B1C3E9EEE367C5B3B6028DE31E7 . 561152 . . [5.1.2600.1634] . . c:\windows\SoftwareDistribution\Download\b42e2a407e873f5761583af9613ff553\sp1qfe\user32.dll
[-] 2005-03-02 . 3EF380290CE2CA8598E475CEAC4ADB13 . 577024 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2qfe\user32.dll
[-] 2005-03-02 . 9267BC598E271BC3FA69F36CF1C8BD36 . 577024 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\8084f39e8152f1987d7302c85e1ce96f\sp2gdr\user32.dll
[7] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Greddy\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]
"Infium"="c:\documents and settings\Greddy\Plocha\QIP Infium bz™Pack\inf.exe" [2009-11-10 5986304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 774168]
"To-Do DeskList"="c:\program files\To-Do DeskList\To-Do DeskList.exe" [2008-12-29 1328128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 40448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\Greddy\LOCALS~1\Temp\yvlll.bak 2yGDEBNEED
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Greddy\\Plocha\\QIP Infium bz™Pack\\inf.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\ODEON\\JAF\\JCOP.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [29.4.2010 19:08 10454]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [25.11.2009 21:33 26752]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [3.5.2010 18:47 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [3.5.2010 18:47 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.11.2009 17:26 691696]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CF72CB5F-E7CD-4C47-B1B7-17AD23D5EBA6} = 10.26.194.1,10.26.0.60
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/isds/cab/filleractivex.cab?3,14,8,0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 19:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\documents and settings\Greddy\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Celkový čas: 2010-07-01 19:15:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-01 17:15
Před spuštěním: Volných bajtů: 53 082 935 296
Po spuštění: Volných bajtů: 54 222 929 920
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 9FD31B08C708AF7DE76053457BFA4A31
