pitimir píše:
To znamena ukoncit vsetku robotu na PC, spustit ComboFix a dat ruky z mysi aj klavesnice prec - ked svoju pracu skonci, objavi sa log. Ten sem treba vlozit
ComboFix 09-11-28.01 - Michaela Machalova 29.11.2009 18:10.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.3071.2590 [GMT -8:00]
Running from: c:\documents and settings\Michaela Machalova\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091129-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Michaela Machalova\autorun.inf
c:\documents and settings\Michaela Machalova\Documents .lnk
c:\documents and settings\Michaela Machalova\FuTLYq.exe
c:\documents and settings\Michaela Machalova\jusched.exe
c:\documents and settings\Michaela Machalova\Music .lnk
c:\documents and settings\Michaela Machalova\nBerfu.exe
c:\documents and settings\Michaela Machalova\New Folder .lnk
c:\documents and settings\Michaela Machalova\Passwords .lnk
c:\documents and settings\Michaela Machalova\Pictures .lnk
c:\documents and settings\Michaela Machalova\poija.exe
c:\documents and settings\Michaela Machalova\poija.scr
c:\documents and settings\Michaela Machalova\Video .lnk
c:\documents and settings\Michaela Machalova\wTsNUp.exe
c:\windows\system32\hlvdd.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.
2009-11-28 03:57 . 2009-11-28 03:57 158 ----a-w- c:\documents and settings\Michaela Machalova\aHprnL.bat
2009-11-28 03:50 . 2009-11-28 03:51 -------- dc-h--w- c:\windows\ie8
2009-11-28 03:32 . 2009-11-28 03:32 158 ----a-w- c:\documents and settings\Michaela Machalova\EpoLry.bat
2009-11-28 01:02 . 2009-11-28 03:35 -------- d-----w- c:\documents and settings\Michaela Machalova\Local Settings\Application Data\Google
2009-11-28 00:31 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-28 00:31 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-28 00:11 . 2009-11-28 00:11 158 ----a-w- c:\documents and settings\Michaela Machalova\EUZcti.bat
2009-11-26 01:19 . 2009-11-26 01:19 -------- d-----w- c:\program files\DoremiSoft
2009-11-26 00:51 . 2009-11-26 00:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-23 22:37 . 2009-11-23 22:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-22 04:08 . 2005-07-28 16:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-11-22 04:08 . 2005-09-07 02:06 28672 ----a-w- c:\windows\system32\hlduinst.exe
2009-11-22 04:08 . 2001-09-29 03:00 164864 ----a-w- c:\windows\system32\UNWISE.EXE
2009-11-22 04:08 . 2005-09-28 22:24 2164411 ----a-w- c:\windows\system32\haspds_windows.dll
2009-11-22 04:08 . 2005-10-13 03:49 3063808 ----a-w- c:\windows\system32\hinstd.dll
2009-11-22 03:44 . 2009-11-22 04:35 -------- d-----w- C:\Tecar Forum
2009-11-22 03:08 . 2009-11-22 03:11 -------- d-----w- C:\Terminátor 4
2009-11-17 17:36 . 2009-11-17 17:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-17 17:36 . 2009-11-17 17:36 -------- d-----w- c:\program files\Reference Assemblies
2009-11-17 17:36 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-17 17:36 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-17 17:36 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-17 17:36 . 2009-11-17 17:36 -------- d-----w- C:\be1e18755113a04daa25dab5dddfbe
2009-11-17 17:36 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-17 17:36 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-17 17:36 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-17 17:36 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-15 18:11 . 2009-11-22 19:44 -------- d-----w- C:\DVD filmy
2009-11-15 17:16 . 2009-11-15 17:16 -------- d-----w- c:\documents and settings\yfl\LOCALS~1
2009-11-15 17:16 . 2009-11-15 17:16 -------- d-----w- c:\documents and settings\yfl
2009-11-15 17:08 . 2009-11-15 17:08 -------- d-----w- c:\program files\Xilisoft
2009-11-15 13:53 . 2009-11-15 13:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-11-15 09:20 . 2009-11-15 09:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-15 09:20 . 2009-11-15 09:20 -------- d-----w- c:\program files\Java
2009-11-15 09:20 . 2009-11-15 09:20 152576 ----a-w- c:\documents and settings\Michaela Machalova\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-15 03:48 . 2009-11-15 03:48 -------- d-sh--w- c:\documents and settings\Michaela Machalova\IECompatCache
2009-11-14 20:04 . 2009-11-14 20:07 -------- d-----w- c:\documents and settings\Michaela Machalova\Local Settings\Application Data\Adobe
2009-11-14 20:03 . 2009-11-14 20:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-14 17:35 . 2009-11-14 17:37 -------- d-----w- c:\program files\VIS
2009-11-14 16:08 . 2002-04-03 12:09 49457 ----a-r- c:\windows\system32\drivers\ftser2k.sys
2009-11-14 16:05 . 2007-12-25 11:21 414208 ----a-r- c:\windows\system32\ftdiunin.exe
2009-11-14 16:05 . 2002-04-03 12:09 18102 ----a-r- c:\windows\system32\drivers\ftdibus.sys
2009-11-14 16:01 . 2009-11-14 16:01 0 ---ha-w- c:\windows\msds.dat
2009-11-14 16:01 . 2009-11-14 16:01 -------- d-----w- C:\vag IHR3040n
2009-11-14 03:57 . 2009-11-14 03:57 -------- d-----w- c:\program files\MSXML 4.0
2009-11-13 02:35 . 2009-11-16 19:23 -------- d-----w- c:\program files\Microsoft Works
2009-11-13 02:35 . 2009-11-13 02:35 -------- d-----w- c:\program files\MSBuild
2009-11-13 02:34 . 2009-11-13 02:34 -------- d-----w- c:\program files\Microsoft.NET
2009-11-13 02:32 . 2009-11-13 02:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-13 02:31 . 2009-11-13 02:35 -------- d-----w- c:\windows\SHELLNEW
2009-11-13 02:31 . 2009-11-13 02:31 -------- d-----w- c:\documents and settings\Michaela Machalova\Local Settings\Application Data\Microsoft Help
2009-11-13 02:31 . 2009-11-16 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-13 02:30 . 2009-11-13 02:30 -------- d-----r- C:\MSOCache
2009-11-12 04:41 . 2009-11-12 04:41 -------- d-----w- c:\documents and settings\Michaela Machalova\Local Settings\Application Data\Identities
2009-11-12 04:41 . 2009-11-12 04:42 -------- d-----w- c:\documents and settings\Michaela Machalova\Local Settings\Application Data\Ahead
2009-11-12 04:38 . 2009-11-12 05:55 -------- d-----w- c:\documents and settings\Michaela Machalova\Application Data\Ahead
2009-11-12 04:38 . 2009-11-12 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-11-12 04:37 . 2009-11-12 04:37 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-12 04:37 . 2009-11-12 04:37 -------- d-----w- c:\program files\Nero
2009-11-12 04:37 . 2009-11-12 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-11 19:07 . 2009-11-22 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-11-11 19:07 . 2009-11-11 19:07 -------- d-----w- c:\program files\DVD Shrink
2009-11-11 18:11 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-11-11 17:58 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-11-11 17:58 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-11-11 17:58 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-11-11 17:58 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-11-11 17:58 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-11-11 17:58 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-11-11 17:58 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-11-11 17:58 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-11 17:49 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-11 17:49 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-11 17:49 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-11 17:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-11 17:44 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-11 17:43 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-11 17:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-11 17:21 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-11 17:20 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-11 17:17 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-11-11 17:16 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-11-11 17:15 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-11 17:06 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-11 14:53 . 2009-11-11 14:53 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-11 14:53 . 2009-11-30 00:08 -------- d-----w- c:\documents and settings\Michaela Machalova\Application Data\skypePM
2009-11-11 10:40 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-11-11 08:06 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-11-11 03:43 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-11 03:43 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-11 02:44 . 2009-11-11 02:44 -------- d-----w- c:\documents and settings\Michaela Machalova\Local Settings\Application Data\WMTools Downloaded Files
2009-11-10 19:51 . 2009-11-30 02:07 -------- d-----w- c:\documents and settings\Michaela Machalova\Application Data\Skype
2009-11-10 19:51 . 2009-11-10 19:51 -------- d-----w- c:\program files\Skype
2009-11-10 19:51 . 2009-11-10 19:51 -------- d-----w- c:\program files\Common Files\Skype
2009-11-10 19:51 . 2009-11-10 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-10 19:06 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-11-10 07:19 . 2009-11-10 07:19 -------- d-sh--w- c:\documents and settings\Michaela Machalova\IETldCache
2009-11-10 07:18 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-10 07:18 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-10 07:18 . 2009-11-28 13:24 -------- d-----w- c:\windows\ie8updates
2009-11-10 07:18 . 2008-04-14 08:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-10 07:18 . 2008-04-14 08:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-10 07:17 . 2009-11-28 03:51 -------- d-----w- c:\windows\system32\sk-SK
2009-11-10 07:16 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-10 07:16 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-10 07:16 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-10 07:16 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-10 07:16 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-10 07:16 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-10 07:16 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-10 07:13 . 2009-01-08 02:20 24576 ----a-w- c:\windows\system32\nlsdl.dll
2009-11-10 07:13 . 2009-01-08 02:20 26112 ----a-w- c:\windows\system32\idndl.dll
2009-11-10 07:13 . 2009-01-08 02:20 23552 ----a-w- c:\windows\system32\normaliz.dll
2009-11-10 07:13 . 2009-01-08 02:20 265720 ----a-w- c:\windows\system32\msdbg2.dll
2009-11-10 02:15 . 2009-11-10 02:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 01:58 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-10 01:58 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-10 01:58 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-10 01:58 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-10 01:58 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-10 01:58 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-10 01:58 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-10 01:58 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-11-10 01:58 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-11-10 01:58 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 19:43 . 2009-11-10 06:58 69232 ----a-w- c:\documents and settings\Michaela Machalova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 16:35 . 2006-02-28 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-09-15 05:55 . 2009-09-15 05:55 0 ----a-w- c:\windows\ativpsrm.bin
2009-09-15 05:34 . 2009-09-15 05:15 147275 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-15 05:34 . 2009-09-15 05:15 5110 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-09-15 05:21 . 2009-09-15 05:16 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-09-15 05:13 . 2009-09-15 05:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-29_22.38.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-15 05:36 . 2009-11-29 22:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-15 05:36 . 2009-11-29 18:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-15 05:36 . 2009-11-29 18:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-15 05:36 . 2009-11-29 22:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-26 00:51 . 2009-11-29 18:59 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-26 00:51 . 2009-11-29 22:37 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-09-15 05:36 . 2009-11-29 22:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-09-15 05:36 . 2009-11-29 18:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"waaifi"="c:\documents and settings\Michaela Machalova\waaifi.exe" [BU]
"poija"="c:\documents and settings\Michaela Machalova\poija.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-21 166456]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-27 90112]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-15 149280]
"Java Quick Start"="c:\documents and settings\Michaela Machalova\jusched.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-07 17421824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.11.2009 16:31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.11.2009 16:31 20560]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [6.4.2008 22:00 6656]
.
Contents of the 'Scheduled Tasks' folder
2009-11-30 c:\windows\Tasks\User_Feed_Synchronization-{DF3022E9-167B-4119-AE09-BB2A37ED0C4E}.job
- c:\windows\system32\msfeedssync.exe [2009-11-28 12:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-29 18:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4C4369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf7316852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: SiS191 Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7222bb0
PacketIndicateHandler -> aswSP.SYS @ 0xa1f01d50
SendHandler -> aswSP.SYS @ 0xa1f01dae
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2680806290-407579845-928017448-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
@SACL=
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
@SACL=
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-11-29 18:21
ComboFix-quarantined-files.txt 2009-11-30 02:21
Pre-Run: 479 806 812 160 bytes free
Post-Run: 13 adresárov, 479 831 367 680 voľných bajtov
- - End Of File - - 81E66F0CF1535E6855B9B0645FC7C353
Choď na stránku: