Prosím o kontrolu logu

Radkoff · Příspěvek od **Radkoff** » pát 26. srp 2011, 22:47

ComboFix 11-08-26.04 - Petr 26.08.2011 22:32:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.2210 [GMT 2:00]
Spuštěný z: c:\users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HCK1W03T\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Petr\AppData\Roaming\Mikrotik
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\advtool.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\advtool.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\dhcp.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\dhcp.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\hotspot.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\hotspot.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\mpls.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\mpls.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\ppp.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\ppp.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\roteros.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\roteros.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\roting4.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\roting4.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\secure.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\secure.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\sync.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\sync.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\system.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\system.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\ups.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\ups.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\wlan4.crc
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\4.5-824657165\wlan4.dll
c:\users\Petr\AppData\Roaming\Mikrotik\Winbox\winbox.cfg
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-26 do 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-26 20:38 . 2011-08-26 20:38 -------- d-----w- c:\users\Petr\AppData\Local\temp
2011-08-26 20:38 . 2011-08-26 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-26 10:31 . 2011-08-26 10:31 -------- d-----w- c:\windows\system32\SPReview
2011-08-26 10:29 . 2011-08-26 10:29 -------- d-----w- c:\windows\system32\EventProviders
2011-08-25 18:24 . 2011-08-25 18:24 -------- d--h--w- c:\windows\update.8.1
2011-08-22 08:38 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BADCF05-D7D2-4059-A9DE-1B5D15DEBA4D}\mpengine.dll
2011-08-21 16:43 . 2011-08-21 16:43 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2011-08-21 16:43 . 2011-08-21 16:43 -------- d-----w- c:\users\Default\AppData\Local\ATI
2011-08-21 16:23 . 2011-08-21 16:23 -------- d-----w- C:\ATI
2011-08-21 16:16 . 2011-08-21 16:16 -------- d-----w- c:\windows\ufa
2011-08-21 16:15 . 2011-08-21 16:16 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 16:14 . 2011-08-21 16:14 -------- d-----w- c:\windows\av_ico
2011-08-21 16:12 . 2011-08-21 16:12 -------- d--h--w- c:\windows\update.tray-14-0
2011-08-21 16:12 . 2011-08-21 16:12 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-08-17 08:46 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D7A50D1-DEE3-4090-A7E1-6DC7213AC02B}\mpengine.dll
2011-08-12 10:20 . 2011-01-03 17:33 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5B6F3CE-A71F-4927-A098-178E1EBF1971}\gapaengine.dll
2011-07-29 20:45 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-28 22:22 . 2011-07-28 22:22 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:35 . 2011-07-28 21:35 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-28 20:53 . 2011-07-28 20:53 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\amdpcom32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 10:38 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-08-21 10:45 . 2011-06-08 17:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-28 21:40 . 2010-03-31 18:41 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-28 21:30 . 2010-03-31 18:41 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-28 21:09 . 2010-03-31 18:41 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-28 21:03 . 2010-03-31 18:41 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-28 21:01 . 2010-03-31 18:41 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:53 . 2010-03-31 18:41 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-28 20:53 . 2010-03-31 18:41 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-13 03:39 . 2010-10-19 18:02 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-11 02:29 . 2011-07-13 10:41 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-06 22:06 . 2011-06-06 22:06 211984 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-02-05 2408448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl72ddc246;MpKsl72ddc246;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4ADC0E57-80FE-4C60-9BFD-066E58F13712}\MpKsl72ddc246.sys [x]
R1 MpKslfa3f4a36;MpKslfa3f4a36;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F70F9AC2-613B-499D-AA6B-E3BBAE756A46}\MpKslfa3f4a36.sys [x]
R1 MpKslfab1b4ac;MpKslfab1b4ac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28C61966-ACCC-4B27-BD65-5EEF5442814B}\MpKslfab1b4ac.sys [x]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-16 462952]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-20 1343400]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-01 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.24.1 192.168.0.1
.
.
------- Asociace souborů -------
.
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-systemup - c:\windows\systemup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-08-26 22:45:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-26 20:45
.
Před spuštěním: Volných bajtů: 66 200 535 040
Po spuštění: Volných bajtů: 65 991 262 208
.
- - End Of File - - 5812473CA949A387E30EB7296089C421