[ Príspevkov: 2 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 06.08.08
Prihlásený: 06.08.08
Príspevky: 1
Témy: 1 | 1
NapísalOffline : 06.08.2008 20:30 | prosim o prezretie logu

ComboFix 08-08-05.05 - Admin 2008-08-06 20:11:23.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.95 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.

2008-08-06 20:13 . 2008-08-06 20:13 268 --ah----- C:\sqmdata04.sqm
2008-08-06 20:13 . 2008-08-06 20:13 244 --ah----- C:\sqmnoopt04.sqm
2008-08-06 00:20 . 2008-08-06 00:20 268 --ah----- C:\sqmdata03.sqm
2008-08-06 00:20 . 2008-08-06 00:20 244 --ah----- C:\sqmnoopt03.sqm
2008-08-05 06:45 . 2008-08-05 06:45 268 --ah----- C:\sqmdata02.sqm
2008-08-05 06:45 . 2008-08-05 06:45 244 --ah----- C:\sqmnoopt02.sqm
2008-08-05 01:14 . 2008-08-05 01:14 268 --ah----- C:\sqmdata01.sqm
2008-08-05 01:14 . 2008-08-05 01:14 244 --ah----- C:\sqmnoopt01.sqm
2008-08-04 00:39 . 2008-08-04 00:39 268 --ah----- C:\sqmdata00.sqm
2008-08-04 00:39 . 2008-08-04 00:39 244 --ah----- C:\sqmnoopt00.sqm
2008-07-31 19:37 . 2008-07-31 19:37 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-20 12:01 . 2008-07-20 12:01 <DIR> d-------- C:\Documents and Settings\Admin\Contacts
2008-07-20 11:35 . 2008-07-20 11:40 <DIR> d-------- C:\Program Files\Windows Live
2008-07-20 11:35 . 2008-07-20 11:39 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-20 11:34 . 2008-07-20 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-15 14:12 . 2008-07-15 14:12 <DIR> d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-07-13 21:31 . 2008-07-13 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 18:18 --------- d-----w C:\Documents and Settings\Admin\Application Data\Skype
2008-08-06 15:42 --------- d-----w C:\Documents and Settings\Admin\Application Data\skypePM
2008-07-23 19:02 --------- d-----w C:\Program Files\Java
2008-07-20 19:05 --------- d-----w C:\Documents and Settings\Admin\Application Data\ICQ
2008-07-05 08:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-21 13:27 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-20 14:07 --------- d-----w C:\Program Files\ESET
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:35 --------- d-----w C:\Program Files\ICQ6Toolbar
2008-06-18 17:35 --------- d-----w C:\Program Files\ICQ6
2008-06-18 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ICQ
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:02 --------- d-----w C:\Program Files\Microsoft Works
2008-06-09 23:05 --------- d-----w C:\Documents and Settings\Admin\Application Data\Winamp
2008-03-15 22:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:35 5724184]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-17 18:03 949376]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 14:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 11:39]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-05-29 11:42]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1166c366-2705-11dd-bc0d-0019dbbd1168}]
\Shell\AutoRun\command - tym8a.exe
\Shell\explore\Command - tym8a.exe
\Shell\open\Command - tym8a.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1166c376-2705-11dd-bc0d-0019dbbd1168}]
\Shell\AutoRun\command - rthrw.com
\Shell\explore\Command - rthrw.com
\Shell\open\Command - rthrw.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d81306d-175f-11dd-bc01-0019dbbd1168}]
\Shell\AutoRun\command - J:\win.exe
\Shell\lost\command - J:\win.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c7424b-951e-11dc-bb46-0019dbbd1168}]
\Shell\AutoRun\command - K:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d91d0ad7-15c6-11dd-bc00-0019dbbd1168}]
\Shell\AutoRun\command - J:\jfvkcsy.bat
\Shell\explore\Command - J:\jfvkcsy.bat
\Shell\open\Command - J:\jfvkcsy.bat
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HTMLSupport - C:\Program Files\Common Files\Microsoft Shared\HTMLView\htmlsupport09.exe
HKLM-Run-Winram32 Driver - lolwut.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\41x6kufh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.zoznam.sk


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 20:18:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-06 20:20:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-06 18:20:25

Pre-Run: 23,258,574,848 bytes free
Post-Run: 9 adres rov, 24,972,513,280 vo–něch bajtov

162 --- E O F --- 2008-07-10 07:12:53


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 07.08.2008 11:07 | prosim o prezretie logu

Ahoj,

otestuj na www.virustotal.com tento subor:

Kód:
C:\WINDOWS\system32\winsys2.exe


 [ Príspevkov: 2 ] 


prosim o prezretie logu



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

kontola logu prosim

v Antivíry a antispywary

13

638

08.01.2008 22:37

arkan

V tomto fóre nie sú ďalšie neprečítané témy.

prosím kontrolu logu HJT

v Antivíry a antispywary

9

469

07.11.2007 0:49

patrick1

V tomto fóre nie sú ďalšie neprečítané témy.

prosim o kontrolu logu

v Antivíry a antispywary

2

537

21.12.2009 15:41

pitimir

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Operačné systémy Microsoft

2

320

09.02.2008 10:24

_DanWer_

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o kontrolu logu

v Antivíry a antispywary

1

454

30.11.2007 22:15

Roberbo

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o kontrolu logu

v Antivíry a antispywary

11

346

22.03.2008 13:11

jero

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o kontrolu logu

v Antivíry a antispywary

0

297

24.12.2011 10:45

labkomil

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Antivíry a antispywary

30

2310

01.10.2006 22:44

abraxas1988

V tomto fóre nie sú ďalšie neprečítané témy.

prosim o kontrolu logu

v Antivíry a antispywary

10

475

18.08.2008 22:53

Kosak

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Antivíry a antispywary

1

344

06.08.2008 19:29

Kosak

V tomto fóre nie sú ďalšie neprečítané témy.

prosim o kontorlu logu :(

v Antivíry a antispywary

11

717

09.01.2008 15:25

mino22

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Antivíry a antispywary

7

526

23.04.2008 23:03

strongy

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Antivíry a antispywary

6

343

24.03.2008 13:40

igiok1

V tomto fóre nie sú ďalšie neprečítané témy.

prosím kontrolu logu HJT

v Antivíry a antispywary

9

384

14.12.2007 19:04

alan

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Antivíry a antispywary

4

559

13.04.2008 0:16

igiok1

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o kontrolu logu

v Antivíry a antispywary

4

355

29.12.2007 20:03

br4n0



© 2005 - 2017 PCforum, edited by JanoF