Pouze pri sani v outlooku nejsou psat tyto znaky. Divne je ze nejdou psat na prvnim miste nove radky. pokud udelam mezeru tak jdou.
Prosim o prohlednuti logu zda tam neni neco co by nemelo byt.
Kód: Vybrat vše
ComboFix 10-07-27.04 - Administrator 28.07.2010 12:47:02.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2046.951 [GMT 2:00]
Spuštěný z: d:\profily\Other\Tomas\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
----- BITS: Možné infikované stránky -----
hxxp://phserver:8530
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-28 )))))))))))))))))))))))))))))))
.
2010-07-28 10:51 . 2010-07-28 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-28 10:51 . 2010-07-28 10:52 -------- d-----w- c:\users\Administrator.DOMENA\AppData\Local\temp
2010-07-28 10:51 . 2010-07-28 10:51 -------- d-----w- c:\users\MAREK\AppData\Local\temp
2010-07-28 10:51 . 2010-07-28 10:51 -------- d-----w- c:\users\PETRA\AppData\Local\temp
2010-07-28 10:51 . 2010-07-28 10:51 -------- d-----w- c:\users\Lenka\AppData\Local\temp
2010-07-28 10:51 . 2010-07-28 10:51 -------- d-----w- c:\users\Dominika\AppData\Local\temp
2010-07-28 10:51 . 2010-07-28 10:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-07-28 10:51 . 2010-07-28 10:51 -------- d-----w- c:\users\__sbs_netsetup__\AppData\Local\temp
2010-07-09 13:01 . 2010-07-09 13:01 -------- d-----w- c:\users\Lenka\EurekaLog
2010-07-09 12:58 . 2010-07-09 12:58 -------- d-----w- c:\users\Lenka\AppData\Roaming\ICQ
2010-07-02 07:24 . 2010-07-02 07:25 -------- d-----w- c:\users\PETRA\AppData\Roaming\ICQ
2010-07-01 18:23 . 2010-07-01 18:23 -------- d-----w- c:\users\Tomas\AppData\Roaming\ICQ
2010-07-01 09:19 . 2004-04-23 12:23 2506752 ----a-w- c:\windows\system32\LWCtPl.dll
2010-07-01 09:19 . 2000-11-28 09:35 27388 ----a-w- c:\windows\system32\drivers\ihidfilt.sys
2010-07-01 09:19 . 2004-04-23 12:26 17344 ----a-w- c:\windows\system32\drivers\LHidHi.sys
2010-07-01 09:19 . 2004-04-23 12:26 13888 ----a-w- c:\windows\system32\drivers\LHidLo.sys
2010-07-01 09:19 . 2004-04-23 12:26 10432 ----a-w- c:\windows\system32\drivers\LUsbSys.sys
2010-07-01 09:19 . 2004-04-23 12:25 86016 ----a-w- c:\windows\system32\W9xDAPI.dll
2010-07-01 09:19 . 2004-04-23 12:24 356352 ----a-w- c:\windows\system32\WMWizard.dll
2010-07-01 09:19 . 2010-07-01 09:19 -------- d-----w- c:\program files\Common Files\Logitech
2010-07-01 09:19 . 2004-04-23 12:26 33216 ----a-w- c:\windows\system32\LFLoad.sys
2010-07-01 09:19 . 2004-04-23 12:24 61440 ----a-w- c:\windows\system32\W9XdInst.dll
2010-07-01 09:19 . 2004-04-14 08:54 163840 ----a-w- c:\windows\system32\WmJoyFrc.dll
2010-07-01 09:19 . 2010-07-01 09:19 -------- d-----w- c:\program files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 10:23 . 2009-07-14 08:44 625676 ----a-w- c:\windows\system32\perfh005.dat
2010-07-28 10:23 . 2009-07-14 08:44 119794 ----a-w- c:\windows\system32\perfc005.dat
2010-07-25 11:06 . 2010-04-28 15:45 -------- d-----w- c:\programdata\Microsoft Help
2010-07-11 15:34 . 2010-05-24 15:43 -------- d-----w- c:\program files\ICQ6.5
2010-07-11 15:34 . 2010-05-30 17:14 -------- d-----w- c:\users\MAREK\AppData\Roaming\ICQ
2010-07-03 05:37 . 2010-04-28 12:01 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-01 12:07 . 2010-06-22 14:30 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-01 12:07 . 2010-06-22 14:30 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-01 09:19 . 2010-05-19 10:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-01 09:18 . 2010-05-19 10:21 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-01 04:45 . 2010-05-01 07:35 -------- d-----w- c:\programdata\DVD Shrink
2010-06-23 14:29 . 2010-04-28 12:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-22 20:59 . 2010-05-21 17:02 -------- d-----w- c:\users\MAREK\AppData\Roaming\BitTorrent
2010-06-22 14:30 . 2010-06-22 14:30 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-22 14:29 . 2010-06-22 14:29 -------- d--h--r- c:\users\MAREK\AppData\Roaming\SecuROM
2010-06-22 14:06 . 2010-06-22 14:06 -------- d-----w- c:\program files\Electronic Arts
2010-06-22 12:42 . 2010-06-22 12:42 -------- d-----w- c:\program files\MSXML 4.0
2010-06-13 13:49 . 2010-05-19 10:45 42 ----a-w- c:\users\Tomas\AppData\Roaming\jeyo\JMC_WM\nt32200jcwm.dll
2010-06-13 13:49 . 2010-05-19 10:45 32 ----a-w- c:\users\Tomas\AppData\Roaming\jeyo\JMC_WM\ntcheck3232jcwm.dll
2010-06-13 08:43 . 2010-05-19 10:45 -------- d-----w- c:\users\Administrator.DOMENA\AppData\Roaming\Jeyo
2010-06-13 08:40 . 2010-06-12 23:40 42 ----a-w- c:\users\Administrator.DOMENA\AppData\Roaming\Jeyo\JME_WM\nt32200jewm25.dll
2010-06-13 08:40 . 2010-06-12 23:40 32 ----a-w- c:\users\Administrator.DOMENA\AppData\Roaming\Jeyo\JME_WM\ntcheck3232jewm25.dll
2010-06-13 08:38 . 2010-06-13 08:38 -------- d-----w- c:\program files\Jeyo
2010-06-10 15:55 . 2010-06-10 15:55 -------- d-----w- c:\users\Tomas\AppData\Roaming\CD-LabelPrint
2010-06-01 17:37 . 2010-04-28 11:56 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24 . 2010-06-10 15:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 15:24 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18 . 2010-06-10 15:27 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-17 21:38 . 2010-05-17 21:37 150528 ----a-w- c:\windows\FAVPID.DLL
2010-05-09 09:14 . 2010-06-24 12:25 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-24 12:25 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-01 20:28 . 2010-05-01 20:28 520192 ----a-w- c:\windows\system32\Rolex Explorer II.scr
2010-05-01 20:28 . 2010-05-01 20:28 36840 ----a-w- c:\programdata\Screentime\Rolex Explorer 39mm\saver1.dll
2010-05-01 20:28 . 2010-05-01 20:28 20728 ----a-w- c:\programdata\Screentime\Rolex Explorer 39mm\saver2.dll
2010-05-01 20:28 . 2010-05-01 20:23 674280 ----a-w- c:\windows\system32\Rolex Explorer 39mm.scr
2010-05-01 20:23 . 2010-05-01 20:23 22976 ----a-w- c:\programdata\Screentime\Rolex Datejust 36 mm October 09\saver2.dll
2010-05-01 20:23 . 2010-05-01 20:23 623280 ----a-w- c:\windows\system32\Rolex Datejust 36 mm October 09.scr
2010-05-01 20:23 . 2010-05-01 20:23 39088 ----a-w- c:\programdata\Screentime\Rolex Datejust 36 mm October 09\saver1.dll
2010-05-01 20:20 . 2010-05-01 20:20 20728 ----a-w- c:\programdata\Screentime\Rolex Datejust Lady 31mm\saver2.dll
2010-05-01 20:20 . 2010-05-01 20:20 36840 ----a-w- c:\programdata\Screentime\Rolex Datejust Lady 31mm\saver1.dll
2010-05-01 20:20 . 2010-05-01 20:19 674280 ----a-w- c:\windows\system32\Rolex Datejust Lady 31mm.scr
2010-05-01 20:17 . 2010-05-01 20:16 532480 ----a-w- c:\windows\system32\Rolex Yacht-Master II YG.scr
2010-05-01 20:16 . 2010-05-01 20:16 34304 ----a-w- c:\programdata\Screentime\Rolex Deepsea\saver1.dll
2010-05-01 20:16 . 2010-05-01 20:16 18192 ----a-w- c:\programdata\Screentime\Rolex Deepsea\saver2.dll
2010-05-01 20:16 . 2010-05-01 20:12 524288 ----a-w- c:\windows\system32\Rolex Deepsea.scr
2010-05-01 20:13 . 2010-05-01 20:13 520192 ----a-w- c:\windows\system32\Rolex Oyster Day-Date.scr
2010-05-01 20:11 . 2010-05-01 20:11 532480 ----a-w- c:\windows\system32\Rolex GMT-Master II steel.scr
2010-05-01 14:49 . 2010-06-10 15:27 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 16:16 . 2010-04-29 16:16 108824 ----a-w- c:\users\Administrator.DOMENA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 13:11 . 2010-04-29 13:11 108824 ----a-w- c:\users\PETRA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 12:09 . 2010-04-29 12:09 108824 ----a-w- c:\users\Dominika\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 11:36 . 2010-04-29 11:36 108824 ----a-w- c:\users\MAREK\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 11:07 . 2010-04-29 11:07 108824 ----a-w- c:\users\Lenka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"StartWMDriverWiz"="c:\progra~1\COMMON~1\Logitech\WmDrivers\wmwizard.dll" [2004-04-23 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
c:\users\PETRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 136176]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 03:23]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 03:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2402607258-1950833276-2025321928-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,2a,b8,03,44,a5,3d,49,92,b1,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,2a,b8,03,44,a5,3d,49,92,b1,5c,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-07-28 12:54:04
ComboFix-quarantined-files.txt 2010-07-28 10:54
Před spuštěním: Volných bajtů: 146 387 812 352
Po spuštění: Volných bajtů: 149 595 987 968
- - End Of File - - 0A5AC7555091FACE0924BE941E6DA68B
Přispějete na provoz fóra?