Niečo mi rozhádzalo windows
Najprv som si všimol, že názvy ikôn nie sú priehľadné ako ich mávam a zmizli mi ikony "Dokumenty" a "Koš" z pracovnej plochy. Tak som komp reštartol a naštartovalo to divne, lebo téma windowsu sa zmenila na klasickú (vyzerá ako Win 2000) a styl win xp sa už nedá zvoliť. Přidat a odbrat nezobrazuje všetky aplikácie a niektoré aplikácie sa nedajú spustiť (vyskočí windows installer). MSCONFIG nejde spustiť ani Obnova systému (vypíše, že Nástroj Obnovení systému nemuže zajistit ochranu počítače).
ComboFix 08-07-09.4 - Milan 2008-07-10 8:32:45.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.52 [GMT 2:00]
Running from: C:\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aeaeedbcbebdd_z.dll
C:\WINDOWS\system32\system\
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.
2008-07-10 08:31 . 2008-07-10 08:33 <DIR> d-------- C:\QooBox
2008-07-10 08:31 . 2008-07-10 08:33 <DIR> d-------- C:\QooBox
2008-07-10 08:31 . 2008-07-10 08:42 <DIR> d-------- C:\ComboFix
2008-07-10 08:31 . 2008-07-10 08:42 <DIR> d-------- C:\ComboFix
2008-07-10 08:23 . 2008-07-10 08:24 2,609,418 --a------ C:\ComboFix.exe
2008-07-10 08:23 . 2008-07-10 08:24 2,609,418 --a------ C:\ComboFix.exe
2008-07-10 08:23 . 2008-07-10 08:24 2,609,418 --a------ C:\ComboFix.exe
2008-07-09 21:44 . 2008-07-09 21:44 1,709 --a------ C:\Regedt.reg
2008-07-09 21:44 . 2008-07-09 21:44 1,709 --a------ C:\Regedt.reg
2008-07-09 21:44 . 2008-07-09 21:44 1,709 --a------ C:\Regedt.reg
2008-07-09 13:48 . 2008-07-09 13:48 <DIR> d-------- C:\WINDOWS\system32\%programfiles%
2008-07-09 13:48 . 2008-07-09 13:48 <DIR> d-------- C:\WINDOWS\system32\%commonprogramfiles%
2008-07-08 14:19 . 2008-07-08 14:21 <DIR> d-------- C:\Documents and Settings\Milan\.scribus
2008-07-07 13:34 . 2007-09-04 01:25 718,938,112 --a------ C:\GUnaGU - English is Easy Csaba is Dead.avi
2008-07-06 07:57 . 2002-12-20 15:02 1,077,336 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-06 07:57 . 2003-09-23 07:00 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL32.OCX
2008-07-06 07:57 . 2000-05-22 07:00 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCT3N.OCX
2008-07-06 07:57 . 2003-09-23 07:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.ocx
2008-07-06 07:57 . 2008-02-10 11:57 164,156 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-07-06 07:57 . 2008-02-10 11:57 140,300 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-07-06 07:57 . 2002-12-05 19:58 109,248 --a------ C:\WINDOWS\system32\MSWINSCN.OCX
2008-07-06 07:57 . 2008-02-10 11:57 108,348 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-07-06 07:57 . 2007-11-16 00:32 92,672 --a------ C:\WINDOWS\system32\dijpg.dll
2008-07-05 20:00 . 2008-07-05 20:00 1,891 --a------ C:\WINDOWS\imsins.BAK
2008-07-05 19:12 . 2008-07-05 19:12 979,456 --a------ C:\had.exe
2008-07-05 19:12 . 2008-07-05 19:12 979,456 --a------ C:\had.exe
2008-07-05 19:12 . 2008-07-05 19:12 979,456 --a------ C:\had.exe
2008-07-05 19:12 . 2008-07-05 19:29 101 --a------ C:\skore.dat
2008-07-05 19:12 . 2008-07-05 19:29 101 --a------ C:\skore.dat
2008-07-05 19:12 . 2008-07-05 19:29 101 --a------ C:\skore.dat
2008-07-04 10:15 . 2008-07-04 10:14 608,448 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-07-03 12:58 . 2005-05-07 14:14 90,112 --a------ C:\WINDOWS\system32\custmon2k.dll
2008-07-02 14:19 . 314,572,800 C:\pagefile.sys
2008-07-02 14:19 . 314,572,800 C:\pagefile.sys
2008-06-27 23:10 . 2008-06-27 23:10 54,624 --a------ C:\WINDOWS\system32\2c895B.sys
2008-06-27 23:02 . 2008-06-27 23:02 2,335,270 --a------ C:\WINDOWS\system32\e9893B.mht
2008-06-27 17:00 . 2008-04-14 08:51 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-27 17:00 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-27 17:00 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-27 17:00 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-27 11:18 . 2008-06-27 21:03 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-06-27 11:16 . 2008-06-19 17:15 918,368 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-06-27 11:14 . 2008-06-16 19:21 29,696 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-06-27 11:14 . 2008-06-06 16:55 8,704 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-06-27 10:08 . 2008-06-27 10:08 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-06-26 21:00 . 2008-06-26 21:16 117 --a------ C:\WINDOWS\crywmvtoavi.ini
2008-06-26 20:55 . 2008-06-26 21:16 5 --a------ C:\WINDOWS\system32\SySwmvtoavi.dat
2008-06-26 15:35 . 2008-06-26 15:35 <DIR> d-------- C:\Documents and Settings\Milan\avidemux
2008-06-25 09:35 . 2008-06-25 09:35 24,576 --a------ C:\WINDOWS\system32\SAM
2008-06-15 09:34 . 2008-06-26 22:46 <DIR> d-------- C:\Symbols
2008-06-15 09:34 . 2008-06-26 22:46 <DIR> d-------- C:\Symbols
2008-06-15 09:34 . 2008-06-26 22:46 <DIR> d-------- C:\Symbols
2008-06-14 22:48 . 2006-11-22 12:35 42,496 --a------ C:\WINDOWS\system32\AdvUninstCPL.cpl
2008-06-14 21:28 . 2008-01-21 17:43 4,244,744 --a------ C:\WINDOWS\system32\qtp-mt334.dll
2008-06-14 21:28 . 2008-01-21 17:43 247,560 --a------ C:\WINDOWS\system32\prgiso.dll
2008-06-14 21:28 . 2008-01-21 17:43 39,472 --a------ C:\WINDOWS\system32\drivers\hotcore3.sys
2008-06-14 21:28 . 2008-01-21 17:43 13,576 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-06-14 15:49 . 2008-06-14 16:09 <DIR> d-------- C:\Documents and Settings\Milan\.zenmap
2008-06-14 09:23 . 2008-06-14 09:23 <DIR> d--hs---- C:\RECYCLER
2008-06-14 09:23 . 2008-06-14 09:23 <DIR> d--hs---- C:\RECYCLER
2008-06-13 08:28 . 2008-06-13 08:28 7,680,054 --a------ C:\81878-day-moon.bmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
d-sh--w 0 2008-07-04 14:13:21 \System Volume Information
d-sh--w 0 2008-07-04 14:13:21 \System Volume Information
d-sh--w 0 2008-06-14 07:23:42 \RECYCLER
d-sh--w 0 2008-06-14 07:23:42 \RECYCLER
2008-06-07 14:54 397,379 ----a-w C:\WINDOWS\system32\paqbonus.exe
2008-06-07 14:54 237,568 ----a-w C:\WINDOWS\system32\winping.exe
2008-05-29 16:58 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-15 09:10 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-18 06:20 1,883,928 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2008-04-14 07:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 06:57 331,776 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 06:53 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 06:53 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 06:53 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr
2008-04-14 06:53 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr
2008-04-14 06:53 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-04-14 06:53 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 06:53 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
2008-04-14 06:53 146,944 ----a-w C:\WINDOWS\system32\winspool.drv
2008-04-14 06:53 14,336 ----a-w C:\WINDOWS\system32\ssstars.scr
2008-04-14 06:53 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 06:51 996,864 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 06:50 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 06:50 1,442,816 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 06:49 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 06:49 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 06:46 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 06:44 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 06:41 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 06:41 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 06:41 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 06:38 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-14 06:38 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 06:37 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 06:07 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 06:06 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 06:03 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 06:00 80,896 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:58 78,848 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:54 47,616 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 05:53 556,544 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:47 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:45 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:44 66,048 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 22:10 463,360 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:06 2,927,616 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:05 188,928 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
--sha-w 314,572,800 2008-07-10 06:37:29 \pagefile.sys
--sha-w 314,572,800 2008-07-10 06:37:29 \pagefile.sys
--sha-w 213 2008-07-05 10:40:20 \boot.ini
--sha-w 213 2008-07-05 10:40:20 \boot.ini
--sha-r 250,576 2008-04-30 12:16:48 \ntldr
--sha-r 250,576 2008-04-30 12:16:48 \ntldr
--sha-r 47,564 2004-08-03 20:38:34 \NTDETECT.COM
--sha-r 47,564 2004-08-03 20:38:34 \NTDETECT.COM
--sha-r 4,952 2001-10-25 14:00:00 \Bootfont.bin
--sha-r 4,952 2001-10-25 14:00:00 \Bootfont.bin
--sha-r 0 2008-04-17 17:44:45 \MSDOS.SYS
--sha-r 0 2008-04-17 17:44:45 \MSDOS.SYS
--sha-r 0 2008-04-17 17:44:45 \IO.SYS
--sha-r 0 2008-04-17 17:44:45 \IO.SYS
---ha-w 0 2008-04-17 17:44:45 \CONFIG.SYS
---ha-w 0 2008-04-17 17:44:45 \CONFIG.SYS
---ha-w 0 2008-04-17 17:44:45 \AUTOEXEC.BAT
---ha-w 0 2008-04-17 17:44:45 \AUTOEXEC.BAT
----a-w 718,938,112 2007-09-03 23:25:06 \GUnaGU - English is Easy Csaba is Dead.avi
----a-w 718,938,112 2007-09-03 23:25:06 \GUnaGU - English is Easy Csaba is Dead.avi
----a-w 7,680,054 2008-06-13 06:28:53 \81878-day-moon.bmp
----a-w 7,680,054 2008-06-13 06:28:53 \81878-day-moon.bmp
----a-w 2,609,418 2008-07-10 06:24:41 \ComboFix.exe
----a-w 2,609,418 2008-07-10 06:24:41 \ComboFix.exe
----a-w 979,456 2008-07-05 17:12:20 \had.exe
----a-w 979,456 2008-07-05 17:12:20 \had.exe
----a-w 1,709 2008-07-09 19:44:38 \Regedt.reg
----a-w 1,709 2008-07-09 19:44:38 \Regedt.reg
----a-w 101 2008-07-05 17:29:06 \skore.dat
----a-w 101 2008-07-05 17:29:06 \skore.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:52 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 08:52 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-10 08:41:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\CAPM2RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-07-10 8:51:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 06:50:29
Adresářů: 8, Volných bajtů: 3,563,216,896
Adres ý…: 10, Volněch bajt…: 3,563,962,368
233
