kontrola logu (combofix) - opravení spouštění pevných disků
Napsal: 01 zář 2010 10:59
Dobrý den!
Měla jsem problém se spouštěním pevných disků. Našla jsem si zde návod s Combofixem a už mi je lze opět spouštět po dvojkliku. Jak mám tedy pokračovat dále? Zde je log :
ComboFix 10-08-31.02 - petra 01.09.2010 11:27:25.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.480 [GMT 2:00]
Spuštěný z: c:\documents and settings\petra\Plocha\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\Microsoft\ipdll.dll
c:\documents and settings\petra\lame_enc_en.dll
c:\documents and settings\petra\lametritonus_en.dll
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\NetProject
C:\resycled
c:\windows\daemon.dll
c:\windows\system32\drivers\gaopdxserv.sys
c:\windows\system32\drivers\msqpdxiwiqvpdu.sys
c:\windows\system32\drivers\msqpdxixvkltpi.sys
c:\windows\system32\drivers\msqpdxpylydtaq.sys
c:\windows\system32\drivers\msqpdxtidmixud.sys
c:\windows\system32\msqpdxbodpkipx.dll
D:\Autorun.inf
D:\resycled
G:\Autorun.inf
G:\resycled
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_msqpdxserv.sys
-------\Service_msqpdxserv.sys
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-01 do 2010-09-01 )))))))))))))))))))))))))))))))
.
2010-09-01 08:51 . 2010-09-01 08:51 61440 ----a-w- c:\windows\system32\svch?st.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 08:18 . 2006-08-05 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-01 08:14 . 2006-08-05 13:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 09:23 . 2007-11-06 20:18 -------- d-----w- c:\program files\Google
2010-08-31 09:18 . 2008-07-26 17:37 -------- d-----w- c:\program files\MediaCoder
2010-08-31 09:17 . 2004-08-18 12:00 78010 ----a-w- c:\windows\system32\perfc005.dat
2010-08-31 09:17 . 2004-08-18 12:00 414278 ----a-w- c:\windows\system32\perfh005.dat
2010-08-31 09:10 . 2007-11-06 20:17 -------- d-----w- c:\program files\Java
2010-08-31 09:09 . 2007-11-01 18:32 -------- d-----w- c:\program files\ICQToolbar
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3e1a778f-6ffb-46a4-8810-070db1c563fd}"= "c:\program files\YouTubeVideo\tbYouT.dll" [2008-03-13 1524248]
[HKEY_CLASSES_ROOT\clsid\{3e1a778f-6ffb-46a4-8810-070db1c563fd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3e1a778f-6ffb-46a4-8810-070db1c563fd}]
2008-03-13 09:30 1524248 ----a-w- c:\program files\YouTubeVideo\tbYouT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3e1a778f-6ffb-46a4-8810-070db1c563fd}"= "c:\program files\YouTubeVideo\tbYouT.dll" [2008-03-13 1524248]
[HKEY_CLASSES_ROOT\clsid\{3e1a778f-6ffb-46a4-8810-070db1c563fd}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3E1A778F-6FFB-46A4-8810-070DB1C563FD}"= "c:\program files\YouTubeVideo\tbYouT.dll" [2008-03-13 1524248]
[HKEY_CLASSES_ROOT\clsid\{3e1a778f-6ffb-46a4-8810-070db1c563fd}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 335872]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 55296]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-29 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-26 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Mˇstnˇ vyhled v nˇ.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\windows\system32\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [5.8.2006 15:22 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [5.8.2006 15:22 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.3.2010 22:32 135664]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-09-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 20:32]
2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 20:32]
2010-09-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-09-01 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 208.62.125.146:80
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\petra\Data aplikací\Mozilla\Firefox\Profiles\5gsazu8b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 11:36
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82C7CE08]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7573fc3
\Driver\ACPI -> ACPI.sys @ 0xf74c0cb8
\Driver\atapi -> 0x82c7ce08
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: VIA Compatible Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7334ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7341b21
SendHandler -> NDIS.sys @ 0xf731f87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1957994488-2111687655-1343024091-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3284)
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Celkový čas: 2010-09-01 11:42:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-01 09:42
Před spuštěním: Volných bajtů: 11 048 103 936
Po spuštění: Volných bajtů: 11 200 335 872
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 60A08EEC1922018F6141724BC2706CC0
Měla jsem problém se spouštěním pevných disků. Našla jsem si zde návod s Combofixem a už mi je lze opět spouštět po dvojkliku. Jak mám tedy pokračovat dále? Zde je log :
ComboFix 10-08-31.02 - petra 01.09.2010 11:27:25.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.480 [GMT 2:00]
Spuštěný z: c:\documents and settings\petra\Plocha\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\Microsoft\ipdll.dll
c:\documents and settings\petra\lame_enc_en.dll
c:\documents and settings\petra\lametritonus_en.dll
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\NetProject
C:\resycled
c:\windows\daemon.dll
c:\windows\system32\drivers\gaopdxserv.sys
c:\windows\system32\drivers\msqpdxiwiqvpdu.sys
c:\windows\system32\drivers\msqpdxixvkltpi.sys
c:\windows\system32\drivers\msqpdxpylydtaq.sys
c:\windows\system32\drivers\msqpdxtidmixud.sys
c:\windows\system32\msqpdxbodpkipx.dll
D:\Autorun.inf
D:\resycled
G:\Autorun.inf
G:\resycled
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_msqpdxserv.sys
-------\Service_msqpdxserv.sys
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-01 do 2010-09-01 )))))))))))))))))))))))))))))))
.
2010-09-01 08:51 . 2010-09-01 08:51 61440 ----a-w- c:\windows\system32\svch?st.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 08:18 . 2006-08-05 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-01 08:14 . 2006-08-05 13:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 09:23 . 2007-11-06 20:18 -------- d-----w- c:\program files\Google
2010-08-31 09:18 . 2008-07-26 17:37 -------- d-----w- c:\program files\MediaCoder
2010-08-31 09:17 . 2004-08-18 12:00 78010 ----a-w- c:\windows\system32\perfc005.dat
2010-08-31 09:17 . 2004-08-18 12:00 414278 ----a-w- c:\windows\system32\perfh005.dat
2010-08-31 09:10 . 2007-11-06 20:17 -------- d-----w- c:\program files\Java
2010-08-31 09:09 . 2007-11-01 18:32 -------- d-----w- c:\program files\ICQToolbar
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3e1a778f-6ffb-46a4-8810-070db1c563fd}"= "c:\program files\YouTubeVideo\tbYouT.dll" [2008-03-13 1524248]
[HKEY_CLASSES_ROOT\clsid\{3e1a778f-6ffb-46a4-8810-070db1c563fd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3e1a778f-6ffb-46a4-8810-070db1c563fd}]
2008-03-13 09:30 1524248 ----a-w- c:\program files\YouTubeVideo\tbYouT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3e1a778f-6ffb-46a4-8810-070db1c563fd}"= "c:\program files\YouTubeVideo\tbYouT.dll" [2008-03-13 1524248]
[HKEY_CLASSES_ROOT\clsid\{3e1a778f-6ffb-46a4-8810-070db1c563fd}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3E1A778F-6FFB-46A4-8810-070DB1C563FD}"= "c:\program files\YouTubeVideo\tbYouT.dll" [2008-03-13 1524248]
[HKEY_CLASSES_ROOT\clsid\{3e1a778f-6ffb-46a4-8810-070db1c563fd}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 335872]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 55296]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-29 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-26 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Mˇstnˇ vyhled v nˇ.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\windows\system32\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [5.8.2006 15:22 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [5.8.2006 15:22 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.3.2010 22:32 135664]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-09-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 20:32]
2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 20:32]
2010-09-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-09-01 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 208.62.125.146:80
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\petra\Data aplikací\Mozilla\Firefox\Profiles\5gsazu8b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 11:36
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82C7CE08]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7573fc3
\Driver\ACPI -> ACPI.sys @ 0xf74c0cb8
\Driver\atapi -> 0x82c7ce08
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: VIA Compatible Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7334ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7341b21
SendHandler -> NDIS.sys @ 0xf731f87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1957994488-2111687655-1343024091-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3284)
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Celkový čas: 2010-09-01 11:42:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-01 09:42
Před spuštěním: Volných bajtů: 11 048 103 936
Po spuštění: Volných bajtů: 11 200 335 872
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 60A08EEC1922018F6141724BC2706CC0
Stáhněte SPTD 
Pokud nemáte, přesuňte Combofix na plochu
