kontrola logu z combofixu

sabababa, 8 Srpen, 2011

Operační systém Windows 10/8/7/Vista/XP

prosím o kontrolu logu z combofixu
děkuji
saba.kral@mail.com

ComboFix 11-08-08.01 - Administrator 08.08.2011 20:39:39.6.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1527.1110 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator.HUNOVE\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator.HUNOVE\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-08 do 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-06 21:57 . 2011-08-06 21:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\KOŠ
2011-08-06 21:32 . 2011-08-06 21:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2011-08-06 21:32 . 2011-08-06 21:32 -------- d-----w- c:\documents and settings\Administrator.HUNOVE\Data aplikací\SUPERAntiSpyware.com
2011-08-06 21:22 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-06 21:21 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-06 21:21 . 2011-08-06 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-06 19:59 . 2011-08-06 19:59 13685936 ----a-w- c:\program files\Firefox Setup 5.0.1.exe
2011-08-06 19:51 . 2011-08-06 19:51 1052672 ----a-w- c:\program files\FirefoxSetup5.0.1cz.exe
2011-08-03 15:53 . 2011-08-03 22:08 9466208 ----a-w- c:\program files\mbam-setup-1.51.1.1800.exe
2011-08-02 21:13 . 2011-08-06 21:45 -------- d-----r- C:\!KillBox
2011-08-01 23:21 . 2011-08-01 23:26 3447576 ----a-w- c:\program files\ccsetup309.exe
2011-08-01 23:18 . 2011-08-01 23:19 2951802 ----a-w- c:\program files\EClea2_0.exe
2011-08-01 23:04 . 2011-08-01 23:04 -------- d-----w- c:\program files\TomTom
2011-08-01 17:44 . 2011-08-01 17:44 -------- d-----w- c:\program files\TomTom International B.V
2011-08-01 17:43 . 2011-08-06 21:49 -------- d-----w- c:\program files\TomTom HOME 2
2011-08-01 17:42 . 2011-08-01 17:42 -------- d-----w- c:\program files\TomTom DesktopSuite
2011-07-30 14:02 . 2011-07-30 14:03 16711816 ----a-w- c:\program files\ashampoo_clipfinder_hd_e2.20_sm.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 16:31 . 2010-12-29 07:52 114688 ----a-w- c:\windows\DUMPb42d.tmp
2011-07-04 11:43 . 2010-12-26 10:18 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-26 10:18 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-29 12:50 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-26 10:18 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-26 10:18 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-12-26 10:18 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-12-26 10:18 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-12-26 10:18 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-26 10:18 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-12-26 10:18 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-01 16:02 . 2011-07-01 16:02 589648 ----a-w- c:\program files\GoogleEarthProSetup.exe
2011-06-19 08:00 . 2011-05-19 05:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-08 22:44 . 2011-04-29 19:32 12360024 ----a-w- c:\program files\Firefox Setup 4.0.1.exe
2011-06-06 11:35 . 2010-08-16 05:50 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-01-29 18:05 . 2011-01-29 18:05 12259516 ----a-w- c:\program files\FreeYouTubeToMp3Converter.exe
2011-01-29 18:00 . 2011-01-29 18:00 10050902 ----a-w- c:\program files\Codecs6030_allin1.exe
2011-01-07 07:45 . 2011-01-07 07:43 4149589 ----a-r- c:\program files\ComboFix.exe
2010-12-06 18:04 . 2010-12-06 18:04 27964824 ----a-w- c:\program files\PROWin32.exe
2010-11-12 00:40 . 2010-11-12 00:40 7271080 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE
2010-11-11 23:57 . 2010-11-11 23:57 5184550 ----a-w- c:\program files\kodek016cz.exe
2010-11-11 22:13 . 2010-11-11 22:13 14914820 ----a-w- c:\program files\kmp_2.9.4.1435.EXE
2010-11-06 20:44 . 2010-11-06 20:44 4882487 ----a-w- c:\program files\CDbxp_setup_4.3.7.2423.exe
2010-10-04 17:08 . 2010-10-04 17:08 1187896 ----a-w- c:\program files\ccsetup236_slim.exe
2010-10-04 16:00 . 2010-10-04 15:44 1495112 ----a-w- c:\program files\install_flash_player.exe
2010-09-20 01:07 . 2010-08-31 19:44 458896 ----a-w- c:\program files\lkpdetect.exe
2010-09-04 19:15 . 2010-09-04 19:14 18175880 ----a-w- c:\program files\vsoConvertXtoDVD4_setup.exe
2010-08-31 20:32 . 2010-08-31 20:32 874272 ----a-w- c:\program files\jxpiinstall.exe
2010-08-31 19:56 . 2010-08-31 19:55 16664352 ----a-w- c:\program files\jre-6u16-windows-i586.exe
2010-08-01 21:52 . 2010-08-01 21:51 6850120 ----a-w- c:\program files\as253.exe
2010-07-23 21:55 . 2010-07-23 21:55 1154616 ----a-w- c:\program files\ccsetup233_slim.exe
2010-07-23 10:11 . 2010-07-23 10:11 777436 ----a-w- c:\program files\cbsgrabber_setup.exe
2010-07-21 09:40 . 2010-07-21 09:37 14554960 ----a-w- c:\program files\sp27103.exe
2009-09-04 16:01 . 2009-09-04 16:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 16:01 . 2009-09-04 16:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 16:01 . 2009-09-04 16:01 1691464 ----a-w- c:\program files\dsetup32.dll
1998-10-15 09:04 . 1998-10-15 09:04 37136 ----a-w- c:\program files\regsvr32.exe
1998-10-15 09:04 . 1998-10-15 09:04 222976 ----a-w- c:\program files\mssce.exe
1998-07-16 12:15 . 1998-07-16 12:15 1215720 ----a-w- c:\program files\immc.exe
2011-07-08 07:29 . 2011-08-06 20:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-02 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 ffire;FlashFire;c:\windows\system32\drivers\ffire.sys [15.7.2009 20:39 10624]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2006 18:53 685816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29.6.2011 14:50 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.12.2010 12:18 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.12.2010 12:18 19544]
R3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10.8.2009 12:07 89600]
S0 Hmq50;Hmq50; [x]
S0 Mrw72;Mrw72; [x]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [23.7.2010 17:01 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [23.7.2010 17:01 8456]
S3 maw800c;maw800c;c:\windows\system32\drivers\maw800c.sys [12.8.2006 11:54 24784]
S3 maw800m;maw800m;c:\windows\system32\drivers\maw800m.sys [12.8.2006 11:54 25044]
S3 maw800u;maw800u;c:\windows\system32\drivers\maw800u.sys [12.8.2006 11:54 51797]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Download All by FlashGet
IE: Download using FlashGet
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Administrator.HUNOVE\Data aplikací\Mozilla\Firefox\Profiles\b8k6ybl7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=cs&tab=iw
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 20:50
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-287218729-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,3c,f3,46,a4,f5,b4,42,ae,6a,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,9f,5b,5d,48,0c,0e,4f,aa,3e,c0,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,9d,49,f7,06,b9,43,41,a1,75,36,\
.
[HKEY_USERS\S-1-5-21-1292428093-287218729-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A659DF6A-18A7-6772-D74F-2A50B9A73096}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1292428093-287218729-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,3d,b2,d5,b5,e9,77,cf,f2,d9,61,c0,9e,25,22,87,df,2e,89,1e,17,dd,15,
f3,b7,63,9b,35,68,7a,6d,0e,f4,63,65,8b,84,b5,ec,ec,4c,ee,20,d1,34,2e,eb,a8,\
"??"=hex:fd,94,dc,49,e6,54,69,7d,fb,40,5e,b2,63,38,2d,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6a,00,0d,f2,24,c3,42,cd,79,74,c8,46,34,d6,ed,90,3c,d5,80,7e,6d,
4d,39,fa,ff,b0,0d,d6,c3,32,ea,50,f3,f5,79,c6,5b,75,05,d3,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c6c553a3-bca0-4a7d-b6c3-6a7673b7e112}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014f
"Therad"=dword:00000021
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,40,02,13,ad,75,b8,fc,03,0e,19,9b,7e,c0,c3,5d,71,ae,29,89,e6,ae,dd,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3588)
c:\windows\system32\msls31.dll
.
Celkový čas: 2011-08-08 20:55:13
ComboFix-quarantined-files.txt 2011-08-08 18:55
ComboFix2.txt 2011-08-08 17:33
.
Před spuštěním: Volných bajtů: 22 234 562 560
Po spuštění: Volných bajtů: 22 217 326 592
.
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 11898CFE185FD4604807886DB7E84839

[62138] kontrola logu z combofixu

Dne 9 Srpen, 2011 Jiří Moos komentuje:

odpovědět

Nějaký problém? Nebo proč postuješ log? Po zběžném hození oka celkem čisté..

Poslat nový komentář

Vaše uživatelské jméno: *

E-mail: *

Obsah tohoto pole je soukromý a nebude veřejně zobrazen.

Domovská stránka:

Předmět:

Komentář: *

Formát textu

Filtered HTML

Webové a e-mailové adresy jsou automaticky převedeny na odkazy.
Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p>
Řádky a odstavce se zalomí automaticky.
You can use BBCode tags in the text.

Full HTML

Řádky a odstavce se zalomí automaticky.
Webové a e-mailové adresy jsou automaticky převedeny na odkazy.
You may use [block:module=delta] tags to display the contents of block delta for module module.
Image links with 'rel="lightbox"' in the <a> tag will appear in a Lightbox when clicked on.
You can use BBCode tags in the text.

Více informací o možnostech formátování

CAPTCHA

Toto je spamová ochrana. Prosím věnujte ji plnou pozornost.