Padá mi explorer.exe

V Rekonstrukci · Příspěvekod **V Rekonstrukci** » 08 srp 2008 20:36

tak tady je log report:
ComboFix 08-08-08.04 - Michal 2008-08-08 20:12:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1250.1.1029.18.276 [GMT 2:00]
Running from: C:\Documents and Settings\Michal\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michal\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\Michal\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Michal\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Michal\Oblíbené položky\Spyware&Malware Protection.url
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\system32\fccyxwvt.dll
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\nnnoPIyX.dll
C:\WINDOWS\system32\qoMcdCUk.dll
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tuvUkLFw.dll
C:\WINDOWS\system32\urqQiJCs.dll
C:\WINDOWS\system32\XyIPonnn.ini
C:\WINDOWS\system32\XyIPonnn.ini2
C:\WINDOWS\system32\yayyaBTn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFORMANCE_MONITOR

((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.

2008-08-08 19:58 . 2008-08-08 19:58 <DIR> d-------- C:\totalcmd
2008-08-08 19:58 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\UC.PIF
2008-08-08 19:58 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\RAR.PIF
2008-08-08 19:58 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-08-08 19:58 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-08-08 19:58 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-08-08 19:58 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\LHA.PIF
2008-08-08 19:58 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\ARJ.PIF
2008-08-08 19:58 . 2008-08-08 20:08 491 --a------ C:\WINDOWS\wincmd.ini
2008-08-03 20:46 . 2008-08-03 21:08 <DIR> d-------- C:\Program Files\WinXP Manager
2008-08-03 20:09 . 2008-08-03 20:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-02 23:16 . 2008-08-02 23:16 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-08-02 21:18 . 2008-08-02 21:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-02 21:16 . 2008-08-02 21:16 34,688 --a------ C:\WINDOWS\system32\nnnlmnkl.dll
2008-08-02 20:42 . 2008-08-02 21:37 <DIR> d-------- C:\Program Files\VirtualDJ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 18:41 --------- d-----w C:\Program Files\HighGrow
2008-07-10 06:47 --------- d-----w C:\Program Files\ICQToolbar
2008-07-02 18:07 --------- d-----w C:\Program Files\ICQ6
2008-06-16 08:18 --------- d-----w C:\Program Files\Winamp
2008-06-14 08:35 --------- d-----w C:\Program Files\Total Video Converter
2008-02-16 14:07 604 ---ha-w C:\Program Files\STLL Notifier
2007-10-06 20:35 106,592 ----a-w C:\Program Files\06PK61.BUP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A596175D-BBC7-476A-A152-FBA652B64505}]
2008-08-02 21:16 34688 --a------ C:\WINDOWS\system32\nnnlmnkl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-23 14:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-23 14:00 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A596175D-BBC7-476A-A152-FBA652B64505}"= "C:\WINDOWS\system32\nnnlmnkl.dll" [2008-08-02 21:16 34688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlmnkl]
2008-08-02 21:16 34688 C:\WINDOWS\system32\nnnlmnkl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"midi2"= xgusb.cpl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" -atboottime
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe
"Anvshell"=C:\WINDOWS\Anvshell.exe
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;C:\WINDOWS\System32\DRIVERS\adusbser.sys [2006-10-23 10:36]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-09-23 14:00]
S3 lredbooo;lredbooo;C:\DOCUME~1\Michal\LOCALS~1\Temp\lredbooo.sys []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\5af53zwl.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 20:20:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nnnlmnkl.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Completion time: 2008-08-08 20:27:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-08 18:27:40

Pre-Run: 4,046,069,760
Post-Run: 3,978,825,728

146

Reklama

Padá mi explorer.exe

Re: Padá mi explorer.exe

Kdo je online