log z Hijackthis
Napsal: 20 bře 2008 17:24
Zpomalil se mně počítač. Udělal jsem log z Combofixu, ale nevyznám se v tom jestli to je v pořádku a jestli to něco smazalo. Každý radí, že se pak má program Combofix odinstalovat, proč se to musí udělat ?
ComboFix 08-03-18.1 - Zdeněk 2008-03-20 16:29:19.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.54 [GMT 1:00]
Running from: C:\Documents and Settings\Zdeněk\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\egdaccess.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\nchezfbwd.dat
C:\WINDOWS\system32\nchezfbwd_nav.dat
C:\WINDOWS\system32\nchezfbwd_navps.dat
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.
2008-03-14 20:49 . 2008-03-14 20:49 <DIR> d-------- C:\Documents and Settings\Zdeněk\Data aplikací\ICQ Toolbar
2008-03-09 20:11 . 2008-03-19 19:13 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-09 20:09 . 2008-03-09 20:20 <DIR> d-------- C:\Program Files\ICQ6
2008-03-09 14:32 . 2008-03-09 18:41 <DIR> d-------- C:\Program Files\ICQToolbar(2)
2008-03-09 14:31 . 2008-03-11 16:23 <DIR> d-------- C:\Documents and Settings\Zdeněk\Data aplikací\ICQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 20:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-09 17:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-03-09 13:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 16:53 --------- d-----w C:\Program Files\DivX
2005-12-14 17:50 211,272 -c----w C:\Documents and Settings\Zdeněk\Data aplikací\GDIPFONTCACHEV1.DAT
2005-08-22 00:37 36,937 -c--a-w C:\Program Files\czk.lng
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 03:43 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 15:50 4112384]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 06:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 23:49 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"WinampAgent"=D:\Games\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Games\\Phone\\Skype.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14131:TCP"= 14131:TCP:BitComet 14131 TCP
"14131:UDP"= 14131:UDP:BitComet 14131 UDP
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-17 23:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 07:04]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:18:13 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 16:31:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 16:32:51
ComboFix-quarantined-files.txt 2008-03-20 15:32:40
.
2008-03-12 16:43:37 --- E O F ---
ComboFix 08-03-18.1 - Zdeněk 2008-03-20 16:29:19.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.54 [GMT 1:00]
Running from: C:\Documents and Settings\Zdeněk\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\egdaccess.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\nchezfbwd.dat
C:\WINDOWS\system32\nchezfbwd_nav.dat
C:\WINDOWS\system32\nchezfbwd_navps.dat
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.
2008-03-14 20:49 . 2008-03-14 20:49 <DIR> d-------- C:\Documents and Settings\Zdeněk\Data aplikací\ICQ Toolbar
2008-03-09 20:11 . 2008-03-19 19:13 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-09 20:09 . 2008-03-09 20:20 <DIR> d-------- C:\Program Files\ICQ6
2008-03-09 14:32 . 2008-03-09 18:41 <DIR> d-------- C:\Program Files\ICQToolbar(2)
2008-03-09 14:31 . 2008-03-11 16:23 <DIR> d-------- C:\Documents and Settings\Zdeněk\Data aplikací\ICQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 20:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-09 17:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-03-09 13:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 16:53 --------- d-----w C:\Program Files\DivX
2005-12-14 17:50 211,272 -c----w C:\Documents and Settings\Zdeněk\Data aplikací\GDIPFONTCACHEV1.DAT
2005-08-22 00:37 36,937 -c--a-w C:\Program Files\czk.lng
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 03:43 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 15:50 4112384]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 06:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 23:49 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"WinampAgent"=D:\Games\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Games\\Phone\\Skype.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14131:TCP"= 14131:TCP:BitComet 14131 TCP
"14131:UDP"= 14131:UDP:BitComet 14131 UDP
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-17 23:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 07:04]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:18:13 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 16:31:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 16:32:51
ComboFix-quarantined-files.txt 2008-03-20 15:32:40
.
2008-03-12 16:43:37 --- E O F ---
