či tam nieje niejaky vir alebo čo ja sa do toho nevyznam poradil mi to jeden kamarat meho otce že to čisty pc od spyware a od virov
Preco si myslis ze tam mas viry?
podozrive su napr. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ fpprlehk] "ImagePath"="\??\c:\windows\system32\01.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ dnomvv] "ServiceDll"="c:\windows\system32\elrqzqek.dll" je nutne skontrolovat poriadne ze co to je.
A este d:\fxdrv32.sys
A toto je vir nabeton "mncvawhSrv"="c:\windows\inf\mncvawh.vbe" nechapem preco si vsetci instaluju tie miner viry.
vir je asi aj "MSStp"="c:\windows\system32\msstp.vbe"
a ako to mam odstranit može to spomalovat pc ?
a poradiš ako to mam skontrolovat lebo ja som fakt laik
Ano spomaluje to PC. Odstranis to napriklad rucne. Idealne k tomu pouzivat aj mozog a zapnut nudzak cez F8 po starte a mazat to v nom. (cestu tam mas napisanu)
idealne to najprv len presunut niekam inam napr. do C:\temp, alebo premenovat, aby si to vedel pripadne dat nazad az zistis co to je (plati pre tie dalsie veci u ktorych si nie som isty). Co to je sa da zistit prescanovanim na virustotal alebo niekedy pomocou pravy klik - vlastnosti apod.
diky idem to fakt pozriet
Niekedy je jednoduchsie spustit eset scanner (byval na eset.sk uyplne dole nejaky "online scanner" zdarma) a superantispyware. Obe v nudzaku. Po teste ich zas odinstalovat nech sa to tam nesere zbytocne do systemu. Ale antiviry nenajdu vsetko, to len tak pisem mozes skusit a potom si pozret znova log ze co z toho co som pisal odtial zmizlo (a zbytok riesit resp. identifikovat a pripadne presunut rucne)
ten msstp bol fakt virus našiel som to na google diky moc
Aj ten vo windows\inf je vir nabeton. Tie dalsie co som pisal predtym vyssie su podozrive ale je nutne ich preskumat (zacnes pravy klik vlastnosti)
take vbe . to su fakt viri našiel som to a mažem
a ako sa mam sem dostat c:\windows\inf\mncvawh.vbe" ked otvorim zložku windows nieje tam zložka inf
v ovl.panely moznosti zlozky si zaskrtnes zobrazit skryte subory a dalsie zaskrtavatko nizsie zobrazit skryte systemove subory.
text je priliš dlhy mohol by som ho tu dat po odsekoch ?
ComboFix 13-12-31.01 - Tomeček 23.03.2014 16:28:05.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.944 [GMT 0:00]
Running from: c:\documents and settings\TomeŔek\My Documents\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\MUI\041b\tourstart.exe
c:\windows\system32\SET292.tmp
c:\windows\system32\SET296.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BE.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-02-23 to 2014-03-23 )))))))))))))))))))))))))))))))
.
.
2014-03-19 19:15 . 2014-03-19 19:16 -------- d-----w- C:\9b5006ade449065a869aeffa
2014-03-16 12:18 . 2014-03-16 13:03 -------- d-----w- C:\$AVG
2014-03-09 16:50 . 2014-03-09 16:50 -------- d-----w- C:\Games
2014-03-07 01:14 . 2014-03-07 01:14 -------- d-----w- C:\amd
2014-03-06 19:39 . 2014-03-06 19:39 -------- d-----r- C:\MSOCache
2014-03-05 16:51 . 2014-03-05 16:51 -------- d-----w- C:\Intel
2014-03-05 16:22 . 2014-03-05 16:22 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2014-03-06 19:34 . 2002-01-07 09:33 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll" [2014-02-19 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220- 9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2014-02-19 12:17 1398592 ----a-w- c:\program files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll" [2014-02-19 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220- 9b52b641cdb1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-27 98304]
"MSStp"="c:\windows\system32\msstp.vbe" [2014-01-19 1419]
"mncvawhSrv"="c:\windows\inf\mncvawh.vbe" [2014-01-19 1342]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LiveUpdate 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2014-03-05 322544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu rrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2014-02-26 19:57 3814736 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2014-02-19 20:17 1387328 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallp olicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\War Thunder\\launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Hawken\\Binaries\ \Win32\\HawkenGame-Win32-Shipping.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\EA Games\\Battlefield Play4Free\\BFP4f.exe"=
"c:\\Documents and Settings\\Tomeček\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOpsMP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallp olicy\standardprofile\GloballyOpenPorts\List]
"3130:TCP"= 3130:TCP:xwfvbcfx
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [7.1.2002 9:33 243128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.2.2014 20:13 807800]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26.2.2014 9:50 375056]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [19.3.2014 18:36 103040]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [16.3.2014 11:41 7680]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [8.3.2014 19:56 27136]
S2 dnomvv;System Manager;c:\windows\system32\svchost.exe -k netsvcs [28.2.2006 12:00 14336]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [26.2.2014 19:57 1678672]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [21.3.2014 18:33 2151200]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 8:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [7.3.2014 16:59 1691480]
S3 fpprlehk;fpprlehk;c:\windows\system32\01.tmp [17.3.2014 18:01 4096]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [8.3.2014 19:56 758224]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_0_4
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dnomvv
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2014-03-07 17:52]
.
.
------- Supplementary Scan -------
.
TCP: Interfaces\{2815F065-5CFB-4E11-99E4-CF1350353D0D}: NameServer = 80.87.208.29 80.87.208.166
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net
Rootkit scan 2014-03-23 16:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ fpprlehk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ dnomvv]
"ServiceDll"="c:\windows\system32\elrqzqek.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2014-03-23 16:36:05
ComboFix-quarantined-files.txt 2014-03-23 16:36
.
Pre-Run: 144 723 230 720 bytes free Post-Run: 144 742 334 464 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe . - - End Of File - - DB714F3F0546543BB04AB96C91D54670 8F558EB6672622401DA993E1E865C861
A jaky mas problem?
či tam nieje niejaky vir alebo čo ja sa do toho nevyznam poradil mi to jeden kamarat meho otce že to čisty pc od spyware a od virov
Preco si myslis ze tam mas viry?
podozrive su napr.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ fpprlehk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ dnomvv]
"ServiceDll"="c:\windows\system32\elrqzqek.dll"
je nutne skontrolovat poriadne ze co to je.
A este d:\fxdrv32.sys
A toto je vir nabeton
"mncvawhSrv"="c:\windows\inf\mncvawh.vbe"
nechapem preco si vsetci instaluju tie miner viry.
vir je asi aj
"MSStp"="c:\windows\system32\msstp.vbe"
a ako to mam odstranit može to spomalovat pc ?
a poradiš ako to mam skontrolovat lebo ja som fakt laik
Ano spomaluje to PC. Odstranis to napriklad rucne. Idealne k tomu pouzivat aj mozog a zapnut nudzak cez F8 po starte a mazat to v nom. (cestu tam mas napisanu)
idealne to najprv len presunut niekam inam napr. do C:\temp, alebo premenovat, aby si to vedel pripadne dat nazad az zistis co to je (plati pre tie dalsie veci u ktorych si nie som isty). Co to je sa da zistit prescanovanim na virustotal alebo niekedy pomocou pravy klik - vlastnosti apod.
diky idem to fakt pozriet
Niekedy je jednoduchsie spustit eset scanner (byval na eset.sk uyplne dole nejaky "online scanner" zdarma) a superantispyware. Obe v nudzaku. Po teste ich zas odinstalovat nech sa to tam nesere zbytocne do systemu. Ale antiviry nenajdu vsetko, to len tak pisem mozes skusit a potom si pozret znova log ze co z toho co som pisal odtial zmizlo (a zbytok riesit resp. identifikovat a pripadne presunut rucne)
ten msstp bol fakt virus našiel som to na google diky moc
Aj ten vo windows\inf je vir nabeton. Tie dalsie co som pisal predtym vyssie su podozrive ale je nutne ich preskumat (zacnes pravy klik vlastnosti)
take vbe . to su fakt viri našiel som to a mažem
a ako sa mam sem dostat c:\windows\inf\mncvawh.vbe" ked otvorim zložku windows nieje tam zložka inf
v ovl.panely moznosti zlozky si zaskrtnes zobrazit skryte subory a dalsie zaskrtavatko nizsie zobrazit skryte systemove subory.
dakujem