macko7 Zverejnené 24. Február, 2011 Zdieľať Zverejnené 24. Február, 2011 Dobrý deň, nakoľko som mal problémy s PC - jeho zdĺhavým spúšťaním, bolo mi poradené, že mám skúsiť odvírovať PC prostredníctvom ComboFix-u. Tak som aj spravil a na konci ako vystúp dalo tabuľku, v ktorej sa absolútne nevyznám. Ak ešte niečo náhodou tam ostalo, poraďte mi prosím čo mám na základe tohto výstupu ešte spraviť, aby to bolo všetko ok? Tu ponúkam výstup z log-u. ComboFix 11-02-23.06 - Fekiač 24.02.2011 11:14:31.1.2 - x86 Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1567 [GMT 1:00] Running from: c:\documents and settings\Fekiač\Desktop\ComboFix.exe AV: Eset NOD32 Antivirus 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point * Resident AV is active . /wow section - STAGE 25 Systém nemôže nájsť zadanú cestu. @DO was unexpected at this time. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Fekiač\Application Data\ACD Systems\ACDSee\ImageDB.ddf c:\program files\YouTube Downloader Toolbar\IE\4.1\yoUTubedownloadertoolbarie.dll . ((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 ))))))))))))))))))))))))))))))) . 2011-02-02 21:28 . 2011-02-02 21:31 -------- d-----w- c:\program files\ICQ7.4 2011-01-28 20:26 . 2011-01-28 20:27 -------- d-----w- c:\program files\Crawler 2011-01-28 20:26 . 2011-01-28 20:26 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2011-01-28 20:26 . 2011-02-24 09:37 -------- d-----w- c:\documents and settings\Fekiač\Application Data\Spyware Terminator 2011-01-28 20:25 . 2011-02-23 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2011-01-28 20:25 . 2011-02-17 18:59 -------- d-----w- c:\program files\Spyware Terminator 2011-01-27 19:42 . 2011-02-21 21:37 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 10 2011-01-25 12:26 . 2011-01-25 12:26 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-28 3318784] "ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-02-02 119608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-28 2216960] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Fekiač^Start Menu^Programs^Startup^GameRanger.lnk] path=c:\documents and settings\Fekiač\Start Menu\Programs\Startup\GameRanger.lnk backup=c:\windows\pss\GameRanger.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Fekiač^Start Menu^Programs^Startup^Jádro Plánovače úloh SolidWorks.lnk] path=c:\documents and settings\Fekiač\Start Menu\Programs\Startup\Jádro Plánovače úloh SolidWorks.lnk backup=c:\windows\pss\Jádro Plánovače úloh SolidWorks.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2006-09-28 19:21 57344 ----a-w- c:\program files\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series] 2005-02-08 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIACE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-03-18 18:48 136176 ----atw- c:\documents and settings\Fekiač\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2009-06-01 11:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-09-16 16:41 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] 2008-11-01 15:44 949376 ----a-w- c:\program files\Eset\nod32kui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-06-28 16:43 8466432 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-06-28 16:43 81920 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-06-28 16:43 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-04-10 08:52 16861184 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] 2008-09-03 07:52 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] 2010-10-22 15:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\u!!warez!!] 2010-12-14 19:00 395640 ----a-w- c:\program files\u!!warez!!\u!!warez!!.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2] 2006-04-29 03:36 208896 ----a-r- c:\windows\system32\WinSys2.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "d:\\Software\\PASW\\statistics.com"= "d:\\Software\\PASW\\statistics.exe"= "d:\\Software\\PASW\\SPSSWinWrapIDE.exe"= "d:\\Hry\\Age off Empires III\\age3x.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\u!!warez!!\\u!!warez!!.exe"= "c:\\Documents and Settings\\Fekiač\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "d:\\Software\\MS FP\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"= "c:\\Program Files\\ICQ7.4\\ICQ.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17. 11. 2008 14:14 682232] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [1. 11. 2008 16:40 15424] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28. 1. 2011 21:26 142592] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24. 2. 2010 11:22 185472] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22. 10. 2010 16:38 386560] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13. 3. 2009 12:27 247096] R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [10. 12. 2010 12:56 47616] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8. 12. 2009 23:38 135664] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 FXDrv32;FXDrv32;\??\c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys --> c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [?] S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\FEKIA~1\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\FEKIA~1\LOCALS~1\Temp\gUSBSTOi.sys [?] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [25. 12. 2010 21:57 30576] . Contents of the 'Scheduled Tasks' folder 2011-02-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 07:19] 2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 22:38] 2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 22:38] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.icq.com/ IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xportovať do programu Microsoft Excel - d:\software\MSFP~1\Office12\EXCEL.EXE/3000 IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe LSP: c:\windows\system32\imon.dll Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Fekiač\Application Data\Mozilla\Firefox\Profiles\kjmz15ex.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p= . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-24 11:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(816) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll . Completion time: 2011-02-24 11:25:36 ComboFix-quarantined-files.txt 2011-02-24 10:25 Pre-Run: 77 766 307 840 bytes free Post-Run: 10 adresárov, 79 564 087 296 voľných bajtov WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - DEB906A60E36D3D1762081D63EEB7EB2 Ďakujem za radu. Odkaz na príspevok Zdieľať na iných stránkach Ďalšie možnosti zdieľania...
Odporúčané príspevky
Vytvorte si účet alebo sa prihláste, aby ste mohli písať príspevky
Ak chcete odoslať príspevok, musíte byť členom
Vytvoriť konto
Zaregistrujte si nový účet v našej komunite. Je to ľahké!
Zaregistrovať si nové kontoPrihlásiť sa
Máte už konto? Prihláste sa tu.
Prihlásiť sa teraz