Preventivně ComboFix

[CZechBoY]

MOhl by se někdo mrknout na log z CF, je to stará pentium 3 sestava :)

ComboFix 09-06-07.01 - MystiX 09.06.2009 14:39.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.245 [GMT 2:00]
Spuštěný z: c:\documents and settings\MystiX\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-09 do 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-05-30 06:47 . 2009-05-30 06:47 498 ----a-w- c:\windows\eReg.dat
2009-05-30 06:47 . 1999-04-02 14:37 33792 ----a-r- c:\windows\NPSExec.exe
2009-05-30 06:47 . 2009-05-30 06:47 -------- d-----w- c:\program files\Electronic Arts
2009-05-30 06:46 . 2009-05-30 06:46 -------- d-----w- c:\program files\Maxis
2009-05-30 06:39 . 2009-05-30 06:39 -------- d-----w- c:\documents and settings\MystiX\WINDOWS
2009-05-27 15:27 . 2009-05-27 15:27 -------- d-----w- c:\program files\AOL Games
2009-05-27 14:55 . 2009-05-27 14:55 -------- d-----w- C:\bordel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 16:51 . 2009-04-06 19:36 -------- d-----w- c:\program files\Opera 10 Preview
2009-05-06 14:30 . 2009-05-06 14:29 -------- d-----w- c:\program files\OO Software
2009-05-06 12:30 . 2009-04-22 17:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-05 12:44 . 2009-05-05 12:44 -------- d-----w- c:\program files\Ligos
2009-05-04 12:20 . 2009-05-04 12:20 -------- d-----w- c:\program files\muvee Technologies
2009-05-04 12:16 . 2009-05-04 12:16 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-02 07:07 . 2009-05-02 07:07 -------- d-----w- c:\program files\Creative
2009-04-29 16:30 . 2009-05-02 06:40 319488 ----a-r- c:\windows\system32\MafiaSetup.exe
2009-04-22 17:13 . 2009-04-22 17:13 -------- d-----w- c:\program files\Sony Ericsson
2009-04-20 18:44 . 2009-04-02 14:45 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-04-20 18:44 . 2009-04-02 14:45 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-04-20 18:27 . 2009-04-20 18:27 -------- d-----w- c:\program files\PF Auto-Typer
2009-04-20 15:58 . 2009-04-08 05:50 -------- d-----w- c:\program files\nLite
2009-04-14 20:00 . 2009-04-14 20:00 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-04-14 20:00 . 2009-04-14 20:00 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-04-14 20:00 . 2009-04-14 20:00 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-04-14 20:00 . 2009-04-14 20:00 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-04-07 23:41 . 2009-04-07 23:41 1316096 ----a-w- c:\windows\system32\ooscrsav.scr
2009-04-07 23:41 . 2009-04-07 23:41 730368 ----a-w- c:\windows\system32\oodsvct.exe
2009-04-07 23:40 . 2009-04-07 23:40 1377536 ----a-w- c:\windows\system32\oodag.exe
2009-04-07 23:39 . 2009-04-07 23:39 2553088 ----a-w- c:\windows\system32\oodtray.exe
2009-04-07 23:39 . 2009-04-07 23:39 194816 ----a-w- c:\windows\system32\oodbs.exe
2009-04-07 23:35 . 2009-04-07 23:35 951552 ----a-w- c:\windows\system32\oodtrrs.dll
2009-04-07 23:35 . 2009-04-07 23:35 541952 ----a-w- c:\windows\system32\oodssrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 9984 ----a-w- c:\windows\system32\oodbsrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 8448 ----a-w- c:\windows\system32\OODAGRS.DLL
2009-04-07 23:34 . 2009-04-07 23:34 15616 ----a-w- c:\windows\system32\OODAGMG.DLL
2009-04-07 13:00 . 2009-04-07 13:00 37896 ----a-w- c:\windows\system32\drivers\oobctm.sys
2009-04-07 12:59 . 2009-04-07 12:59 15104 ----a-w- c:\windows\system32\ootmapi.dll
2009-04-06 17:47 . 2009-04-03 11:37 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-02 18:22 . 2009-04-02 18:22 2678 ----a-w- c:\windows\java\Packages\Data\H7717VHB.DAT
2009-04-02 18:22 . 2009-04-02 18:22 2678 ----a-w- c:\windows\java\Packages\Data\0EA4C86Y.DAT
2009-04-02 18:22 . 2009-04-02 18:22 2678 ----a-w- c:\windows\java\Packages\Data\Y37T3DBF.DAT
2009-04-02 18:22 . 2009-04-02 18:22 2678 ----a-w- c:\windows\java\Packages\Data\TF9FZ1ZP.DAT
2009-04-02 18:18 . 2009-04-02 18:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-02 17:39 . 2009-04-02 16:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 17:39 . 2009-04-02 16:38 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-02 17:37 . 2009-04-02 16:38 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-04-02 16:35 . 2009-04-02 16:35 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-16 12:18 . 2009-05-02 08:00 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-05-02 08:00 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-05-02 08:00 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-05-02 08:00 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-03-24 1488112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2007-04-23 2173744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"e:\\muj server\\SERVER01.exe"=
"c:\\Documents and Settings\\MystiX\\Plocha\\chmatakov15.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\MystiX\\Plocha\\Chmatakov2.exe"=
"c:\\Documents and Settings\\MystiX\\Plocha\\chmat mystix\\ChmatMystiX.exe"=
"c:\\Program Files\\Opera 10 Preview\\opera.exe"=
"c:\\Documents and Settings\\MystiX\\Plocha\\metin2.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 OOTextMode;OOTextMode;c:\windows\System32\drivers\oobctm.sys [2009-04-07 37896]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-09 c:\windows\Tasks\User_Feed_Synchronization-{6558514A-F91D-487B-A645-0A5B971D6380}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.meebo.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 14:44
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="248C5AF76026E2A06649A5D0E253B906D11297F0A9EBF5E13F369A7E1851D3C9095837904A824E67D604C99ED0FCF5F538DAFAFAAD2C1CC0914D17E9B07047BEDAE7ABB613307F362AA877E875F5E1760EEFAC7F9CAA91193FF47F3F0A5267DF1B5589935FE07D92ECABF6FA939A8BFD8DBD0807740B0974D13164E901822A65405FB61388AAA687242422621F2AD289E9D3FE63E8D608DCC4AC6A9AA4735C8C33E62FE71889ABA0474CE9F04249EF94C36693A5DD786A6389B2CC4537F91D15D2727F06D15B8F6F3F84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB34528EDD5E5BE2F6E6677C283FC0E5BEB3843E2B040C9A1528D50DEF96C4E040CE882E7D678AE96682271615C3C3B1A641AA0FD3F529403F374FA061BAEAC7491C00592D85668BF55D52D63D176397EE9D8EAB8CDFEBC93680CD917AB328A91F4420614A51D694D5B349EC2CB34E2E715E0E9AE1B98B3321A488D7EA97DA095D181756441C852C2FA4569F32C893E30A8D2A7625AF24CF2EBCD905A4AD48BBA1DABA5BCD6D7ECDB4BE65C7E3B92AF51AA90A6DEBA231C18FD2C23B5CF6966B0F44802BDE80B14618880852981E6B7986A477400E2818837AE664B10EA1D194CB0207103241F3BA90FA72406DC193D537645FC62A071CDFA86B06357695688A03B20D6AC6D5FD225B03FDA8C2234646194353EA20BC6A7AD7C692A3986BAF72E26A76AF60116B45B701A7323B78075C9C8E0B2B16F990C549541A70B970DCC69E32CAE785803DC268CA8F1CBF26BFF9B6085F997522FE0D43E34D23E4A60CD46D83B6AE81E0581035287CB57DC9BCD75FE6CDDBE9CF0FE910B7045768433C3D885209B363250471EB58D4E66232B10214D4F82E664DF94E7B86393BD531D2F72FFE363C7EF46C83598A27272563B257D46FA65C9E9CDD8058FC0D92820B154D2464D6A0EA2924B352E3A405BB14B98BA7C9C1C98C713D17FBB840350AA4AF5A2E4CA54D02D01D44AE7E20A0E330232814E7D56C6CB57E813FCCBB8ECA83B09317F78442E2AFB14EC966152E1D56318626C516CFC0036C7D0241889D655F0DBC2F9B7492723A1D3B831D1EF92C5C0A58EFD0D8904D2EB422A410577541A71B6F475E1FE7571CFE49BF977EDF97C7B49F056A17E19CB76B568B28F9BC88FC171A375CD0FEFCB4DD0C65BE99502C552036FE69EF0A7B5A05D8A26DE72FA8B59EFED927F727901421E9E06F7851FB729E4679982363F902DBB8D5B63A9C535A37330DC02AC48704151E21FA48FB5845E350953399DB6ECEB0DB984E326800A8C72134229ECF18FBE9361AA6587DDBA48928F8EDD975719623FA5E733289E8121B05B4B730563C2C349744AA2018611A8EF5CA"
"OODEFRAG11.00.00.01WORKSTATION"="16A563F0142797286D2BB918666FB4E4AC6AD91A58DB247668E0A91A77E3AD7EB4CF56BBD92E98F82DBDD399CA1917F641FDB543BE4F7E6456D54F541F71D6693728FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C038D530D6EB34528EDD5E5BE2F6E66775D3D414F9DFA7CF588229B02DB916906CDE8AF9295922C21D9A74BA5A1CD07C3D8916F29965A3A9A8AF9A7F3B790CBEB9E43FCF6A6AA8710F8641ADD48B588A1E3C9192A8031AC519C8DD0F62DF393EA26DEBBEE34A566BD25940526634B0348AB116A4B6AEC8099A9DA7DFBD3C539435704A38DE4074F933D3D02AA6F6D5A2AA1148DAC481841D51DF0379DA00A08CB0C8E7B215385EA5AE9BA43F9B59D9BF596AA171C93B32ED9526C963BEC27C348D37A52A3AC485C0F6B6C21B4483E1BD262E6AA22F3E4B2EF46A2E2D60BFD55DF35D3A1DEE966D5BF39206CE90C3260FD431452F520EDE512E8B34E7A856301DC144AF8D4D862E4D3F019DECE509F4EC5CAD25DC8555101237CB3628F808A34F8755638260117433A7358C8E9DE92FD2E940517490E2146CB7D05F89A37DDA120BE1878628D57F6B30C6A84D849DCA02DAEAE5C02BA734220D26B0A76E001546461CA128991926188EB39C4B5B03D0FDC413D29484BAD13847B900A5967F2613E61C8AFA1CC1CD22AD5B69AAD71A5D8E6D82DBC2BE545CF7AA5E75294A0F7363CF5DF0140BDC7433AC81DE93228623C0D06518A56F54DAEEB04A0D59AA64F963133FD60E3819A9BBDBD0A531D713E6639F4DF418A03A676D051718E7515A4985FC84918AE5CB926E45D3B633092C028B3CB1B07C51AEB10909C33C83C77104810AD44AA74CEAE541207B634EBCE1E1113EE85FB6F1F9F99A4FB371638ECB61D06CBB0190199472705D1C4C396A6A8711F133692F690919BFA22C05BF17302CB0882805EC6A08957B1E6E69AF009D08EAD530095212EFF6597E5797D7C88944A4796E7DEB55284525B88E85705D780D421E65509139E3928C14449C6BFE661D710B45E3C0E1FD8874397D3FC0581C53FE32BCA1E1213EFD4347655E42097B3EA2404886218AB4FDB45D1E09E7B9CEADCFAD04B4BB7F7D602930117925291D4206CD77054A421CD374973A2931BEF6FEA15FEB95997FC2F2B09C005EE017C6D7AC1D355777E9A8CE888DFDBB6C98A2C22B4B89A37F3E54050E8C5352C7FD99C46DCCC947EDDBF1C7861BF8AEED6B8305632A57146F4E9D783BB30CECAFFB555DE3AC5F7172E2342B4ACEA1C48B51EC678565B1EC74B4A943F4FA111C7224638E6BC307C8513FCE7871694D9522D6D91F939E5A0B986CAB6F3C7F2D21ECFECCD6A84BB39258A547C362E33B8A11FC64F4D028F61E6DE3FA9CD5910D8E028642"
.
Celkový čas: 2009-06-09 14:50
ComboFix-quarantined-files.txt 2009-06-09 12:50

Před spuštěním: Volných bajtů: 13 216 157 696
Po spuštění: Volných bajtů: 13 209 214 976

138 --- E O F --- 2009-05-13 19:52

[Reklama]

[Damned]

Soubor
c:\windows\NPSExec.exe

zkontroluj na Virustotalu a dej sem odkaz na výsledek