Jump to content

ComboFix


Recommended Posts

Dobrý deň,

 

nakoľko som mal problémy s PC - jeho zdĺhavým spúšťaním, bolo mi poradené, že mám skúsiť odvírovať PC prostredníctvom ComboFix-u. Tak som aj spravil a na konci ako vystúp dalo tabuľku, v ktorej sa absolútne nevyznám. Ak ešte niečo náhodou tam ostalo, poraďte mi prosím čo mám na základe tohto výstupu ešte spraviť, aby to bolo všetko ok?

 

Tu ponúkam výstup z log-u.

 

ComboFix 11-02-23.06 - Fekiač 24.02.2011  11:14:31.1.2 - x86
Systém Microsoft Windows XP Professional  5.1.2600.3.1250.421.1033.18.2046.1567 [GMT 1:00]
Running from: c:\documents and settings\Fekiač\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

.
/wow section - STAGE 25
Systém nemôže nájsť zadanú cestu.
@DO was unexpected at this time.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fekiač\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\program files\YouTube Downloader Toolbar\IE\4.1\yoUTubedownloadertoolbarie.dll

.
(((((((((((((((((((((((((   Files Created from 2011-01-24 to 2011-02-24  )))))))))))))))))))))))))))))))
.

2011-02-02 21:28 . 2011-02-02 21:31	--------	d-----w-	c:\program files\ICQ7.4
2011-01-28 20:26 . 2011-01-28 20:27	--------	d-----w-	c:\program files\Crawler
2011-01-28 20:26 . 2011-01-28 20:26	142592	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-28 20:26 . 2011-02-24 09:37	--------	d-----w-	c:\documents and settings\Fekiač\Application Data\Spyware Terminator
2011-01-28 20:25 . 2011-02-23 20:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spyware Terminator
2011-01-28 20:25 . 2011-02-17 18:59	--------	d-----w-	c:\program files\Spyware Terminator
2011-01-27 19:42 . 2011-02-21 21:37	--------	d-----w-	c:\program files\Mozilla Firefox 4.0 Beta 10
2011-01-25 12:26 . 2011-01-25 12:26	--------	d-----w-	c:\program files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-28 3318784]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-02-02 119608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-28 2216960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Fekiač^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\documents and settings\Fekiač\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Fekiač^Start Menu^Programs^Startup^Jádro Plánovače úloh SolidWorks.lnk]
path=c:\documents and settings\Fekiač\Start Menu\Programs\Startup\Jádro Plánovače úloh SolidWorks.lnk
backup=c:\windows\pss\Jádro Plánovače úloh SolidWorks.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43	69632	------r-	c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21	57344	----a-w-	c:\program files\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29	165784	----a-w-	c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
2005-02-08 04:00	98304	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\E_FATIACE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 18:48	136176	----atw-	c:\documents and settings\Fekiač\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18	133432	----a-w-	c:\program files\ICQ7.0\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-06-01 11:51	1468296	----a-w-	c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27	119152	----a-w-	c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-09-16 16:41	1961984	------w-	c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2008-11-01 15:44	949376	----a-w-	c:\program files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-28 16:43	8466432	----a-w-	c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-06-28 16:43	81920	----a-w-	c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-06-28 16:43	1626112	----a-w-	c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-10 08:52	16861184	------r-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-09-03 07:52	536576	----a-w-	c:\windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 15:47	524288	----a-w-	c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 00:27	26102056	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07	2260480	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\u!!warez!!]
2010-12-14 19:00	395640	----a-w-	c:\program files\u!!warez!!\u!!warez!!.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 17:38	35328	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
2006-04-29 03:36	208896	----a-r-	c:\windows\system32\WinSys2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Software\\PASW\\statistics.com"=
"d:\\Software\\PASW\\statistics.exe"=
"d:\\Software\\PASW\\SPSSWinWrapIDE.exe"=
"d:\\Hry\\Age off Empires III\\age3x.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\u!!warez!!\\u!!warez!!.exe"=
"c:\\Documents and Settings\\Fekiač\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Software\\MS FP\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17. 11. 2008 14:14 682232]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [1. 11. 2008 16:40 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28. 1. 2011 21:26 142592]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24. 2. 2010 11:22 185472]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22. 10. 2010 16:38 386560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13. 3. 2009 12:27 247096]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [10. 12. 2010 12:56 47616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8. 12. 2009 23:38 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 FXDrv32;FXDrv32;\??\c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys --> c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [?]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\FEKIA~1\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\FEKIA~1\LOCALS~1\Temp\gUSBSTOi.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [25. 12. 2010 21:57 30576]
.
Contents of the 'Scheduled Tasks' folder

2011-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 07:19]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 22:38]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 22:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - d:\software\MSFP~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Fekiač\Application Data\Mozilla\Firefox\Profiles\kjmz15ex.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 11:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2011-02-24  11:25:36
ComboFix-quarantined-files.txt  2011-02-24 10:25

Pre-Run: 77 766 307 840 bytes free
Post-Run: 10 adresárov, 79 564 087 296 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - DEB906A60E36D3D1762081D63EEB7EB2

 

Ďakujem za radu.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Additional information you can see at Privacy Policy