VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=98264

Stránka 1 z 1

Kontrola logu

Napsal: 28 úno 2010 10:07
od Galder
Zdar potřeboval bych zkontrolovat log. Problém mám, že se mi po každém restartu znovu objeví v documents and settings složka HelpAssistant.OEM-B89E4FF. Udělal jsem log z combofixu, hlasí tam rootkit infection, tak jsem se chtěl zeptat co s tím. Dík moc za pomoc.

Výpis:

ComboFix 10-02-27.04 - Uživatel 28.02.2010 9:29.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1136 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-167295909-1211618615-1966352987-1000
c:\program files\Internet Explorer\msimg32.dll

.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_port135sik
-------\Service_securentm
-------\Service_systemntmi


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-28 do 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-28 08:23 . 2010-02-28 08:28 -------- d--h--w- c:\documents and settings\HelpAssistant.OEM-B89E4FFA895\Okolní síť
2010-02-28 08:23 . 2010-02-28 08:28 -------- d-----w- c:\documents and settings\HelpAssistant.OEM-B89E4FFA895\Oblíbené položky
2010-02-28 08:23 . 2010-02-28 08:28 -------- d-----r- c:\documents and settings\HelpAssistant.OEM-B89E4FFA895\Nabídka Start
2010-02-28 08:23 . 2010-02-28 08:27 -------- d-----w- c:\documents and settings\HelpAssistant.OEM-B89E4FFA895\Dokumenty
2010-02-28 08:23 . 2010-02-28 08:24 -------- d--h--r- c:\documents and settings\HelpAssistant.OEM-B89E4FFA895\Data aplikací
2010-02-28 08:23 . 2006-10-25 21:11 -------- d--h--w- c:\documents and settings\HelpAssistant.OEM-B89E4FFA895\Okolní tiskárny
2010-02-28 08:23 . 2006-10-25 19:15 -------- d--h--w- c:\documents and settings\HelpAssistant.OEM-B89E4FFA895\Šablony
2010-02-28 08:23 . 2010-02-28 08:27 -------- d-----w- c:\documents and settings\HelpAssistant.OEM-B89E4FFA895
2010-02-28 07:44 . 2010-02-28 07:44 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-28 07:36 . 2010-02-28 07:36 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-02-11 04:46 . 2010-02-11 04:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:37 . 2010-02-11 04:37 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 07:41 . 2006-10-25 19:45 -------- d-----w- c:\program files\ATI Technologies
2010-02-28 07:40 . 2006-10-25 19:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-28 07:14 . 2007-09-06 17:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-27 20:30 . 2009-05-27 19:59 -------- d-----w- c:\program files\Spyware Terminator
2010-02-27 20:27 . 2009-08-21 16:53 -------- d-----w- c:\program files\DAEMON Tools
2010-02-27 18:40 . 2009-05-27 13:40 -------- d-----w- c:\program files\CCleaner
2010-02-27 16:29 . 2009-05-31 09:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-11 07:38 . 2006-01-04 19:46 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2006-01-04 19:01 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2006-10-25 19:45 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:45 . 2006-01-04 19:47 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:36 . 2006-01-04 19:41 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2006-01-04 19:41 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2006-01-04 19:41 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2006-01-04 19:41 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2006-01-04 19:41 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2006-01-04 19:39 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2006-01-04 19:39 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2006-01-04 19:31 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:19 . 2006-01-04 19:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2006-01-04 19:25 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 03:55 . 2006-01-04 19:11 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:53 . 2006-01-04 19:11 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2006-01-04 19:05 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-10 20:20 . 2006-10-25 20:06 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-06 13:08 . 2008-11-15 16:01 -------- d-----w- c:\program files\Google
2009-12-31 16:50 . 2007-11-03 18:10 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2006-10-25 19:15 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 18:51 . 2001-10-25 14:00 82720 -c--a-w- c:\windows\system32\perfc005.dat
2009-12-09 18:51 . 2001-10-25 14:00 437890 -c--a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2007-11-03 18:01 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2007-11-03 18:01 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2007-11-03 18:01 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-27 949376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\documents and settings\Uživatel\Plocha\Programy\QTTask.exe" [2009-05-26 413696]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dbeng6.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\Track Mania\\TrackMania.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\Eset\\nod32kui.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Documents and Settings\\Uživatel\\Plocha\\Programy\\qttask.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3693:TCP"= 3693:TCP:Services
"5886:TCP"= 5886:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2009 17:50 664064]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [27.5.2009 15:07 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27.5.2009 20:59 142592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3.8.2009 19:28 55152]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.2.2009 10:55 222968]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2010 14:08 135664]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\DFC.tmp --> c:\windows\TEMP\DFC.tmp [?]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 17:08 533360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [20.7.2007 17:01 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [20.7.2007 17:01 85696]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 13:08]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 13:08]

2010-02-27 c:\windows\Tasks\Norton Security Scan for Uživatel.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-13 12:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {BDDF3F45-9035-4AC9-8D76-6124F2EF5990} = 10.1.1.1,10.1.1.2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 09:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A54DB78]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a54db78
\Driver\ACPI -> 0x8a27cd50
\Driver\atapi -> sfsync02.sys @ 0xba0c98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> 0x892ea330
PacketIndicateHandler -> NDIS.sys @ 0xb9d13a21
SendHandler -> NDIS.sys @ 0xb9cf187b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\DFC.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(1696)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\crypserv.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-02-28 09:51:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-28 08:51

Před spuštěním: 6 559 707 136
Po spuštění: 6 789 238 784

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 340E336A037D50673DFA597B8BE8FB53

Re: Kontrola logu

Napsal: 28 úno 2010 10:19
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\windows\TEMP\DFC.tmp

Driver::
{DEF85C80-216A-43ab-AF70-1665EDBE2780}
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Kontrola logu

Napsal: 28 úno 2010 11:17
od Galder
Dík moc, ješte jsem se chtěl zeptat co s tím rootkitem viz výpis z logu: MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Objevilo s to v logu i po spuštění s tím skriptem, co jste mi poradil.

Dík moc za pomoc.

Re: Kontrola logu

Napsal: 28 úno 2010 18:48
od Rudy
Zkontrolujte tímto: http://www2.gmer.net/mbr/mbr.exe .

Re: Kontrola logu

Napsal: 02 bře 2010 19:23
od Rudy
OK. Nevadí a zamykám.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz