Re: Postupne odchadzanie PC
Napsal: 16 srp 2010 19:58
Zdravim,
v normalnom rezime zatial ok, avast aj zone alarm som odinstaloval aby isiel combofix
firefox stale nejde
tu posielam log:
ComboFix 10-08-15.04 - Peter 16/08/2010 20:47:47.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.44.1029.18.479.134 [GMT 2:00]
Running from: c:\documents and settings\Peter\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Peter\Plocha\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.
2010-08-13 22:02 . 2010-08-13 22:02 -------- d-----w- c:\program files\VirusTotalUploader2
2010-08-13 21:25 . 2010-08-13 21:26 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 11:30 . 2007-01-24 19:01 -------- d-----w- c:\program files\TrojanHunter 4.2
2010-08-14 20:29 . 2009-12-08 17:39 -------- d-----w- c:\program files\trend micro
2010-08-08 16:31 . 2009-03-26 16:58 -------- d-----w- c:\program files\Opera
2010-08-06 17:07 . 2010-02-07 14:12 -------- d-----w- c:\program files\IKEA HomePlanner
2010-07-30 11:59 . 2007-01-24 19:24 -------- d-----w- c:\program files\Alwil Software
2010-07-19 20:08 . 2007-07-16 09:26 -------- d-----w- c:\program files\rajce
2007-03-04 19:35 . 2007-03-04 19:31 21822168 -c--a-w- c:\program files\AdbeRdr80_en_US.exe
2007-03-04 19:30 . 2007-03-04 19:28 7050552 ----a-w- c:\program files\psa30se_en_us.exe
2007-02-25 17:32 . 2007-02-25 17:32 8704 ------w- c:\program files\OfficeXPUniversalActivator.exe
2007-01-27 18:39 . 2007-01-27 18:39 1695184 ------w- c:\program files\tcmdr656.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSRaid"="c:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-05-18 905216]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"SSC Service Utility"="c:\program files\SSC Service Utility\ssc_serv.exe" [2007-10-09 665600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-24 202256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [4.3.2007 20:54 51072]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [25.1.2007 19:44 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [25.1.2007 19:44 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [25.1.2007 19:44 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [25.1.2007 19:45 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [25.1.2007 19:45 83344]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 22:42 323584]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.2.2007 20:31 664064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-08-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-162531612-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-162531612-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/downloadrequest?updtConfId=4&updtReqId=124879760
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: ukf.sk
Trusted Zone: ukf.sk\e-prihlaska
Trusted Zone: ukf.sk\www.fotonavratka
Trusted Zone: ukf.sk
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Peter\Data aplikací\Mozilla\Firefox\Profiles\6evnj8t0.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 20:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(344)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-16 20:56:07
ComboFix-quarantined-files.txt 2010-08-16 18:56
ComboFix2.txt 2010-08-16 18:43
ComboFix3.txt 2010-08-14 21:21
Pre-Run: 9,643,978,752
Post-Run: 9,633,357,824
Current=1 Default=1 Failed=0 LastKnownGood=2 Sets=,1,2,3
- - End Of File - - FD1E2F223C5390A8FFB0767C031FD1CC
v normalnom rezime zatial ok, avast aj zone alarm som odinstaloval aby isiel combofix
firefox stale nejde
tu posielam log:
ComboFix 10-08-15.04 - Peter 16/08/2010 20:47:47.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.44.1029.18.479.134 [GMT 2:00]
Running from: c:\documents and settings\Peter\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Peter\Plocha\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.
2010-08-13 22:02 . 2010-08-13 22:02 -------- d-----w- c:\program files\VirusTotalUploader2
2010-08-13 21:25 . 2010-08-13 21:26 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 11:30 . 2007-01-24 19:01 -------- d-----w- c:\program files\TrojanHunter 4.2
2010-08-14 20:29 . 2009-12-08 17:39 -------- d-----w- c:\program files\trend micro
2010-08-08 16:31 . 2009-03-26 16:58 -------- d-----w- c:\program files\Opera
2010-08-06 17:07 . 2010-02-07 14:12 -------- d-----w- c:\program files\IKEA HomePlanner
2010-07-30 11:59 . 2007-01-24 19:24 -------- d-----w- c:\program files\Alwil Software
2010-07-19 20:08 . 2007-07-16 09:26 -------- d-----w- c:\program files\rajce
2007-03-04 19:35 . 2007-03-04 19:31 21822168 -c--a-w- c:\program files\AdbeRdr80_en_US.exe
2007-03-04 19:30 . 2007-03-04 19:28 7050552 ----a-w- c:\program files\psa30se_en_us.exe
2007-02-25 17:32 . 2007-02-25 17:32 8704 ------w- c:\program files\OfficeXPUniversalActivator.exe
2007-01-27 18:39 . 2007-01-27 18:39 1695184 ------w- c:\program files\tcmdr656.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSRaid"="c:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-05-18 905216]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"SSC Service Utility"="c:\program files\SSC Service Utility\ssc_serv.exe" [2007-10-09 665600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-24 202256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [4.3.2007 20:54 51072]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [25.1.2007 19:44 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [25.1.2007 19:44 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [25.1.2007 19:44 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [25.1.2007 19:45 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [25.1.2007 19:45 83344]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 22:42 323584]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.2.2007 20:31 664064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-08-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-162531612-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-162531612-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/downloadrequest?updtConfId=4&updtReqId=124879760
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: ukf.sk
Trusted Zone: ukf.sk\e-prihlaska
Trusted Zone: ukf.sk\www.fotonavratka
Trusted Zone: ukf.sk
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Peter\Data aplikací\Mozilla\Firefox\Profiles\6evnj8t0.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 20:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(344)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-16 20:56:07
ComboFix-quarantined-files.txt 2010-08-16 18:56
ComboFix2.txt 2010-08-16 18:43
ComboFix3.txt 2010-08-14 21:21
Pre-Run: 9,643,978,752
Post-Run: 9,633,357,824
Current=1 Default=1 Failed=0 LastKnownGood=2 Sets=,1,2,3
- - End Of File - - FD1E2F223C5390A8FFB0767C031FD1CC
Stahněte MBAM z mého podpisu
...no parada 