ToMaSs1986

Użytkownik

Pokaż profil Zobacz aktywność

Postów
4
Dołączył
4 Września 2008
Ostatnia wizyta
16 Września 2008

Osiągnięcia ToMaSs1986

Newbie (1/14)

Reputacja

Trojan-spy.win32.keylogger.aa

ToMaSs1986 odpowiedział(a) na s3in temat w Centrum Bezpieczeństwa

Rzeczywiście póki co jest okey ! Także bardzo dziękuję ! 8O Jeszcze mam też takie pytanie. Na dziewczyny kompie podobny wirus wyskakuje, po oczyszczaniu i po combo zabardzo nic nie pomagało i zrobiła reinstalacje. Myśleliśmy, że to pomoże, a ku naszemu zdziwieniu, przy ściągnięciu Opery wirus znów się uaktywnił. Czy jest to możliwe? Teraz zrobiła na nowo reinstalacje i boi się czego kolwiek wgrywać. Jeżeli znów będzie coś podobnego zrobie Logi jak u siebie i wstawię. Tylko zasadnicze pytanie czy one się uaktywniają nawet po reinstalacji? Jeszcze raz dzięki !
- 6 Września 2008
- 14 odpowiedzi
Trojan-spy.win32.keylogger.aa

ToMaSs1986 odpowiedział(a) na s3in temat w Centrum Bezpieczeństwa

Witam. Przez jakiś czas nie działał mi po wszytskim internet. Włączyłem Combofixa jesczze raz i zadziałał. Wrzucam Loga z SdFixa oraz nowy z Combo. Zostawiłem Avasta jako antywirusa. Może jakaś inna propozycja? Pozdrawiam narazie niby wirusów nie widzi. Zobaczymy czy na długo. Oczywiście bardzo dziękuję za poświecony mi czas! » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "SDFix: Version 1.221 Run by x on 2008-09-05 at 17:36 Microsoft Windows XP [Wersja 5.1.2600 Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found ]SDFix: Version 1.221 Run by x on 2008-09-05 at 17:36 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 08-09-04.09 - x 2008-09-05 17:17:22.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1491 [GMT 2:00 Running from: C:\Documents and Settings\x\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\x\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\MS Antivirus C:\Program Files\MS Antivirus\MSA.ooo C:\Program Files\MS Antivirus\msa0.dat C:\Program Files\MS Antivirus\msa1.dat C:\WINDOWS\system32\jgzynqre.exe . ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-05 17:08 . 2008-09-03 05:41 <DIR> d-------- C:\SDFix 2008-09-04 11:55 . 2008-09-04 11:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-03 19:02 . 2008-09-04 01:53 <DIR> d-------- C:\Program Files\Radio Decoder 2008-09-02 22:24 . 2008-09-02 22:24 11 -ra------ C:\WINDOWS\amunres.lsl 2008-08-29 17:43 . 2008-08-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Go Go Gourmet 2008-08-29 17:42 . 2008-08-29 17:42 <DIR> d-------- C:\Program Files\Gamenext 2008-08-29 17:42 . 2008-08-29 17:42 <DIR> d-------- C:\Program Files\Common Files\Oberon Media 2008-08-16 10:58 . 2008-08-16 12:38 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-08-16 10:30 . 2008-08-16 10:30 <DIR> d-------- C:\Documents and Settings\LocalService\Pulpit 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\system32\pl 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-16 10:22 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-14 05:18 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 14:14 . 2008-08-13 14:14 <DIR> d-------- C:\Program Files\Cake Mania 2008-08-13 14:14 . 2008-08-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games 2008-08-13 14:13 . 2008-08-13 14:13 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-08-07 23:23 . 2008-08-07 23:23 <DIR> d-------- C:\Program Files\Lonely Cat Games 2008-08-07 19:48 . 2008-09-04 13:51 <DIR> d-------- C:\Program Files\SkanerOnline 2008-08-07 19:22 . 2008-08-07 19:24 <DIR> d-------- C:\Program Files\Valve . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 15:19 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Skype 2008-09-05 14:04 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\skypePM 2008-09-05 12:48 57,344 ----a-w C:\WINDOWS\system32\userinit.exe 2008-09-04 13:11 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-09-03 23:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-09-02 20:28 --------- d-----w C:\Program Files\Zylom Games 2008-09-02 20:26 --------- d-----w C:\Program Files\Hotel dla zwierzaków 2008-08-29 16:43 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-21 19:44 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Zylom 2008-08-16 11:29 --------- d-----w C:\Program Files\Bonjour 2008-08-16 08:33 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-07 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-16 19:19 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Nokia 2008-07-16 17:55 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Datalayer 2008-07-16 17:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-07-16 17:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll . ------- Sigcheck ------- 2004-08-04 00:44 25088 bd768099b4c44aa631728cb74eb54396 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe 2008-04-14 19:21 26624 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2008-09-05 14:48 57344 b5bfcf3c4dfe120d2bb0f9736a17c065 C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-30_10.35.20.54 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 17:21:45 26,624 ----a-w C:\WINDOWS\system32\init32.exe + 2008-09-05 13:54:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_574.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "Gadu-Gadu"="C:\Documents and Settings\x\Pulpit\Gadu-Gadu\gg.exe" [2004-09-28 774144] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 68856] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341] "Skype"="C:\Documents and Settings\x\Pulpit\Phone\Skype.exe" [2008-05-30 21718312] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-19 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171520] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 19:21 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-06-28 18:43 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI] --a------ 2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\x\\Pulpit\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\sopvod.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"= "C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\SightSpeed\\SightSpeed.exe"= "C:\\Documents and Settings\\x\\Pulpit\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10330:TCP"= 10330:TCP:BitComet 10330 TCP "10330:UDP"= 10330:UDP:BitComet 10330 UDP R0 pe3aq44b;Hotel dla zwierzakow Environment Driver (pe3aq44b);C:\WINDOWS\system32\drivers\pe3aq44b.sys [2008-03-17 69256] R0 pf2aq44b;Hotel dla zwierzakow File System Driver (pf2aq44b);C:\WINDOWS\system32\drivers\pf2aq44b.sys [2008-03-17 83592] R0 ps7aq44b;Hotel dla zwierzakow Synchronization Driver (ps7aq44b);C:\WINDOWS\system32\drivers\ps7aq44b.sys [2008-03-17 68752] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416] R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752] S4 pr2aq44b;Hotel dla zwierzakow Drivers Auto Removal (pr2aq44b);C:\WINDOWS\system32\pr2aq44b.exe svc [ ] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-ProcDbUi - C:\WINDOWS\system32\jgzynqre.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 17:19:10 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-05 17:19:43 ComboFix-quarantined-files.txt 2008-09-05 15:19:36 ComboFix2.txt 2008-09-05 13:40:02 ComboFix3.txt 2008-09-04 08:15:04 ComboFix4.txt 2008-09-04 08:06:23 ComboFix5.txt 2008-09-05 15:17:03 Pre-Run: 84,743,712,768 bajtów wolnych Post-Run: 84,743,122,944 bajtów wolnych 176 --- E O F --- 2008-08-17 10:44:09 "]ComboFix 08-09-04.09 - x 2008-09-05 17:17:22.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1491 [GMT 2:00] Running from: C:\Documents and Settings\x\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\x\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\MS Antivirus C:\Program Files\MS Antivirus\MSA.ooo C:\Program Files\MS Antivirus\msa0.dat C:\Program Files\MS Antivirus\msa1.dat C:\WINDOWS\system32\jgzynqre.exe . ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-05 17:08 . 2008-09-03 05:41 <DIR> d-------- C:\SDFix 2008-09-04 11:55 . 2008-09-04 11:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-03 19:02 . 2008-09-04 01:53 <DIR> d-------- C:\Program Files\Radio Decoder 2008-09-02 22:24 . 2008-09-02 22:24 11 -ra------ C:\WINDOWS\amunres.lsl 2008-08-29 17:43 . 2008-08-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Go Go Gourmet 2008-08-29 17:42 . 2008-08-29 17:42 <DIR> d-------- C:\Program Files\Gamenext 2008-08-29 17:42 . 2008-08-29 17:42 <DIR> d-------- C:\Program Files\Common Files\Oberon Media 2008-08-16 10:58 . 2008-08-16 12:38 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-08-16 10:30 . 2008-08-16 10:30 <DIR> d-------- C:\Documents and Settings\LocalService\Pulpit 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\system32\pl 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-16 10:22 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-14 05:18 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 14:14 . 2008-08-13 14:14 <DIR> d-------- C:\Program Files\Cake Mania 2008-08-13 14:14 . 2008-08-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games 2008-08-13 14:13 . 2008-08-13 14:13 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-08-07 23:23 . 2008-08-07 23:23 <DIR> d-------- C:\Program Files\Lonely Cat Games 2008-08-07 19:48 . 2008-09-04 13:51 <DIR> d-------- C:\Program Files\SkanerOnline 2008-08-07 19:22 . 2008-08-07 19:24 <DIR> d-------- C:\Program Files\Valve . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 15:19 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Skype 2008-09-05 14:04 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\skypePM 2008-09-05 12:48 57,344 ----a-w C:\WINDOWS\system32\userinit.exe 2008-09-04 13:11 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-09-03 23:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-09-02 20:28 --------- d-----w C:\Program Files\Zylom Games 2008-09-02 20:26 --------- d-----w C:\Program Files\Hotel dla zwierzaków 2008-08-29 16:43 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-21 19:44 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Zylom 2008-08-16 11:29 --------- d-----w C:\Program Files\Bonjour 2008-08-16 08:33 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-07 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-16 19:19 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Nokia 2008-07-16 17:55 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Datalayer 2008-07-16 17:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-07-16 17:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll . ------- Sigcheck ------- 2004-08-04 00:44 25088 bd768099b4c44aa631728cb74eb54396 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe 2008-04-14 19:21 26624 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2008-09-05 14:48 57344 b5bfcf3c4dfe120d2bb0f9736a17c065 C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-30_10.35.20.54 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 17:21:45 26,624 ----a-w C:\WINDOWS\system32\init32.exe + 2008-09-05 13:54:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_574.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "Gadu-Gadu"="C:\Documents and Settings\x\Pulpit\Gadu-Gadu\gg.exe" [2004-09-28 774144] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 68856] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341] "Skype"="C:\Documents and Settings\x\Pulpit\Phone\Skype.exe" [2008-05-30 21718312] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-19 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171520] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 19:21 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-06-28 18:43 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI] --a------ 2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\x\\Pulpit\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\sopvod.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"= "C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\SightSpeed\\SightSpeed.exe"= "C:\\Documents and Settings\\x\\Pulpit\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10330:TCP"= 10330:TCP:BitComet 10330 TCP "10330:UDP"= 10330:UDP:BitComet 10330 UDP R0 pe3aq44b;Hotel dla zwierzakow Environment Driver (pe3aq44b);C:\WINDOWS\system32\drivers\pe3aq44b.sys [2008-03-17 69256] R0 pf2aq44b;Hotel dla zwierzakow File System Driver (pf2aq44b);C:\WINDOWS\system32\drivers\pf2aq44b.sys [2008-03-17 83592] R0 ps7aq44b;Hotel dla zwierzakow Synchronization Driver (ps7aq44b);C:\WINDOWS\system32\drivers\ps7aq44b.sys [2008-03-17 68752] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416] R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752] S4 pr2aq44b;Hotel dla zwierzakow Drivers Auto Removal (pr2aq44b);C:\WINDOWS\system32\pr2aq44b.exe svc [ ] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-ProcDbUi - C:\WINDOWS\system32\jgzynqre.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 17:19:10 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-05 17:19:43 ComboFix-quarantined-files.txt 2008-09-05 15:19:36 ComboFix2.txt 2008-09-05 13:40:02 ComboFix3.txt 2008-09-04 08:15:04 ComboFix4.txt 2008-09-04 08:06:23 ComboFix5.txt 2008-09-05 15:17:03 Pre-Run: 84,743,712,768 bajtów wolnych Post-Run: 84,743,122,944 bajtów wolnych 176 --- E O F --- 2008-08-17 10:44:09
- 5 Września 2008
- 14 odpowiedzi
Trojan-spy.win32.keylogger.aa

ToMaSs1986 odpowiedział(a) na s3in temat w Centrum Bezpieczeństwa

Witam ponownie wstawiłem do Combo. Niestesty teraz wirusy mi zaczęły strony blokować. wstawiam Log z Combo po zmianie. Pozdrawiam » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 08-09-04.09 - x 2008-09-05 15:37:06.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1499 [GMT 2:00 Running from: C:\Documents and Settings\x\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\x\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\.security C:\Documents and Settings\All Users\Dane aplikacji\ujozwfaj\ C:\Documents and Settings\All Users\Dane aplikacji\ujozwfaj\\crilkhuf.exe C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.security C:\Documents and Settings\x\Cookies\x@tradedoubler[1].txt C:\Documents and Settings\x\Menu Start\Programy\Autostart\.security C:\Program Files\PC-Antispy C:\Program Files\PC-Antispy\ASpyStBlk.dll C:\Program Files\PC Clean Pro C:\Program Files\PC Clean Pro\com\pcprosd.dll C:\Program Files\PC Clean Pro\Uninstall.exe C:\temp C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome.manifest C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome\su.jar C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\install.rdf C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\su.reg C:\WINDOWS\.security C:\WINDOWS\system32\msxml71.dll C:\WINDOWS\system32\orshahsh.exe C:\WINDOWS\system32\ujmfgded.exe . ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-04 13:37 . 2008-09-04 13:37 90,112 --a------ C:\WINDOWS\system32\jgzynqre.exe 2008-09-04 12:18 . 2008-09-04 12:18 <DIR> d-------- C:\Program Files\HakerzyNET AntiVirus 2008-09-04 11:55 . 2008-09-04 11:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-04 02:26 . 2008-09-04 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-09-04 02:25 . 2008-09-04 02:25 <DIR> d-------- C:\Program Files\Panda Security 2008-09-04 02:25 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-09-04 02:19 . 2008-09-04 03:55 <DIR> d-------- C:\Program Files\MS Antivirus 2008-09-04 02:00 . 2008-09-04 04:00 <DIR> d-------- C:\Program Files\SAV 2008-09-03 19:02 . 2008-09-04 01:53 <DIR> d-------- C:\Program Files\Radio Decoder 2008-09-02 22:24 . 2008-09-02 22:24 11 -ra------ C:\WINDOWS\amunres.lsl 2008-08-29 17:43 . 2008-08-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Go Go Gourmet 2008-08-29 17:42 . 2008-08-29 17:42 <DIR> d-------- C:\Program Files\Gamenext 2008-08-29 17:42 . 2008-08-29 17:42 <DIR> d-------- C:\Program Files\Common Files\Oberon Media 2008-08-16 11:36 . 2008-08-16 11:36 <DIR> d-------- C:\Program Files\AVG 2008-08-16 11:36 . 2008-09-04 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg8 2008-08-16 10:58 . 2008-08-16 12:38 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-08-16 10:30 . 2008-08-16 10:30 <DIR> d-------- C:\Documents and Settings\LocalService\Pulpit 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\system32\pl 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-16 10:22 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-14 05:18 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 14:14 . 2008-08-13 14:14 <DIR> d-------- C:\Program Files\Cake Mania 2008-08-13 14:14 . 2008-08-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games 2008-08-13 14:13 . 2008-08-13 14:13 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-08-07 23:23 . 2008-08-07 23:23 <DIR> d-------- C:\Program Files\Lonely Cat Games 2008-08-07 19:48 . 2008-09-04 13:51 <DIR> d-------- C:\Program Files\SkanerOnline 2008-08-07 19:22 . 2008-08-07 19:24 <DIR> d-------- C:\Program Files\Valve . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 13:37 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Skype 2008-09-05 12:48 57,344 ----a-w C:\WINDOWS\system32\userinit.exe 2008-09-05 12:48 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\skypePM 2008-09-04 13:11 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-09-03 23:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-09-02 20:28 --------- d-----w C:\Program Files\Zylom Games 2008-09-02 20:26 --------- d-----w C:\Program Files\Hotel dla zwierzaków 2008-08-29 16:43 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-21 19:44 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Zylom 2008-08-16 11:29 --------- d-----w C:\Program Files\Bonjour 2008-08-16 08:33 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-07 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-16 19:19 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Nokia 2008-07-16 17:55 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Datalayer 2008-07-16 17:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-07-16 17:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll . ------- Sigcheck ------- 2004-08-04 00:44 25088 bd768099b4c44aa631728cb74eb54396 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe 2008-04-14 19:21 26624 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2008-09-05 14:48 57344 b5bfcf3c4dfe120d2bb0f9736a17c065 C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-30_10.35.20.54 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-30 08:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll + 2008-04-14 17:21:45 26,624 ----a-w C:\WINDOWS\system32\init32.exe + 2008-09-05 12:47:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_630.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "Gadu-Gadu"="C:\Documents and Settings\x\Pulpit\Gadu-Gadu\gg.exe" [2004-09-28 774144] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 68856] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341] "Skype"="C:\Documents and Settings\x\Pulpit\Phone\Skype.exe" [2008-05-30 21718312] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "ProcDbUi"="C:\WINDOWS\system32\jgzynqre.exe" [2008-09-04 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-19 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 19:21 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-06-28 18:43 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI] --a------ 2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\x\\Pulpit\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\sopvod.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"= "C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\SightSpeed\\SightSpeed.exe"= "C:\\Documents and Settings\\x\\Pulpit\\Phone\\Skype.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10330:TCP"= 10330:TCP:BitComet 10330 TCP "10330:UDP"= 10330:UDP:BitComet 10330 UDP R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544] R0 pe3aq44b;Hotel dla zwierzakow Environment Driver (pe3aq44b);C:\WINDOWS\system32\drivers\pe3aq44b.sys [2008-03-17 69256] R0 pf2aq44b;Hotel dla zwierzakow File System Driver (pf2aq44b);C:\WINDOWS\system32\drivers\pf2aq44b.sys [2008-03-17 83592] R0 ps7aq44b;Hotel dla zwierzakow Synchronization Driver (ps7aq44b);C:\WINDOWS\system32\drivers\ps7aq44b.sys [2008-03-17 68752] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416] R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752] S4 pr2aq44b;Hotel dla zwierzakow Drivers Auto Removal (pr2aq44b);C:\WINDOWS\system32\pr2aq44b.exe svc [ ] *Newly Created Service* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 15:39:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-05 15:40:01 ComboFix-quarantined-files.txt 2008-09-05 13:39:48 ComboFix2.txt 2008-09-04 08:15:04 ComboFix3.txt 2008-09-04 08:06:23 ComboFix4.txt 2008-08-30 08:36:36 Pre-Run: 84,706,402,304 bajtów wolnych Post-Run: 84,756,033,536 bajtów wolnych 202 --- E O F --- 2008-08-17 10:44:09 "]ComboFix 08-09-04.09 - x 2008-09-05 15:37:06.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1499 [GMT 2:00] Running from: C:\Documents and Settings\x\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\x\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\.security C:\Documents and Settings\All Users\Dane aplikacji\ujozwfaj\ C:\Documents and Settings\All Users\Dane aplikacji\ujozwfaj\\crilkhuf.exe C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.security C:\Documents and Settings\x\Cookies\x@tradedoubler[1].txt C:\Documents and Settings\x\Menu Start\Programy\Autostart\.security C:\Program Files\PC-Antispy C:\Program Files\PC-Antispy\ASpyStBlk.dll C:\Program Files\PC Clean Pro C:\Program Files\PC Clean Pro\com\pcprosd.dll C:\Program Files\PC Clean Pro\Uninstall.exe C:\temp C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome.manifest C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\chrome\su.jar C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\install.rdf C:\temp\{871ce3c5-6e97-3363-a174-3208198ce6fd}\su.reg C:\WINDOWS\.security C:\WINDOWS\system32\msxml71.dll C:\WINDOWS\system32\orshahsh.exe C:\WINDOWS\system32\ujmfgded.exe . ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-04 13:37 . 2008-09-04 13:37 90,112 --a------ C:\WINDOWS\system32\jgzynqre.exe 2008-09-04 12:18 . 2008-09-04 12:18 <DIR> d-------- C:\Program Files\HakerzyNET AntiVirus 2008-09-04 11:55 . 2008-09-04 11:55 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-04 02:26 . 2008-09-04 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-09-04 02:25 . 2008-09-04 02:25 <DIR> d-------- C:\Program Files\Panda Security 2008-09-04 02:25 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-09-04 02:19 . 2008-09-04 03:55 <DIR> d-------- C:\Program Files\MS Antivirus 2008-09-04 02:00 . 2008-09-04 04:00 <DIR> d-------- C:\Program Files\SAV 2008-09-03 19:02 . 2008-09-04 01:53 <DIR> d-------- C:\Program Files\Radio Decoder 2008-09-02 22:24 . 2008-09-02 22:24 11 -ra------ C:\WINDOWS\amunres.lsl 2008-08-29 17:43 . 2008-08-29 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Go Go Gourmet 2008-08-29 17:42 . 2008-08-29 17:42 <DIR> d-------- C:\Program Files\Gamenext 2008-08-29 17:42 . 2008-08-29 17:42 <DIR> d-------- C:\Program Files\Common Files\Oberon Media 2008-08-16 11:36 . 2008-08-16 11:36 <DIR> d-------- C:\Program Files\AVG 2008-08-16 11:36 . 2008-09-04 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg8 2008-08-16 10:58 . 2008-08-16 12:38 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-08-16 10:30 . 2008-08-16 10:30 <DIR> d-------- C:\Documents and Settings\LocalService\Pulpit 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\system32\pl 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-16 10:24 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-16 10:22 . 2008-08-16 10:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-14 05:18 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 14:14 . 2008-08-13 14:14 <DIR> d-------- C:\Program Files\Cake Mania 2008-08-13 14:14 . 2008-08-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games 2008-08-13 14:13 . 2008-08-13 14:13 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-08-07 23:23 . 2008-08-07 23:23 <DIR> d-------- C:\Program Files\Lonely Cat Games 2008-08-07 19:48 . 2008-09-04 13:51 <DIR> d-------- C:\Program Files\SkanerOnline 2008-08-07 19:22 . 2008-08-07 19:24 <DIR> d-------- C:\Program Files\Valve . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 13:37 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Skype 2008-09-05 12:48 57,344 ----a-w C:\WINDOWS\system32\userinit.exe 2008-09-05 12:48 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\skypePM 2008-09-04 13:11 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-09-03 23:53 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-09-02 20:28 --------- d-----w C:\Program Files\Zylom Games 2008-09-02 20:26 --------- d-----w C:\Program Files\Hotel dla zwierzaków 2008-08-29 16:43 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-21 19:44 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Zylom 2008-08-16 11:29 --------- d-----w C:\Program Files\Bonjour 2008-08-16 08:33 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-07 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-16 19:19 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Nokia 2008-07-16 17:55 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Datalayer 2008-07-16 17:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-07-16 17:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll . ------- Sigcheck ------- 2004-08-04 00:44 25088 bd768099b4c44aa631728cb74eb54396 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe 2008-04-14 19:21 26624 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2008-09-05 14:48 57344 b5bfcf3c4dfe120d2bb0f9736a17c065 C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-30_10.35.20.54 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-30 08:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll + 2008-04-14 17:21:45 26,624 ----a-w C:\WINDOWS\system32\init32.exe + 2008-09-05 12:47:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_630.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "Gadu-Gadu"="C:\Documents and Settings\x\Pulpit\Gadu-Gadu\gg.exe" [2004-09-28 774144] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 68856] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341] "Skype"="C:\Documents and Settings\x\Pulpit\Phone\Skype.exe" [2008-05-30 21718312] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "ProcDbUi"="C:\WINDOWS\system32\jgzynqre.exe" [2008-09-04 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-19 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 19:21 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-06-28 18:43 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI] --a------ 2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\x\\Pulpit\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\sopvod.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"= "C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\SightSpeed\\SightSpeed.exe"= "C:\\Documents and Settings\\x\\Pulpit\\Phone\\Skype.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10330:TCP"= 10330:TCP:BitComet 10330 TCP "10330:UDP"= 10330:UDP:BitComet 10330 UDP R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544] R0 pe3aq44b;Hotel dla zwierzakow Environment Driver (pe3aq44b);C:\WINDOWS\system32\drivers\pe3aq44b.sys [2008-03-17 69256] R0 pf2aq44b;Hotel dla zwierzakow File System Driver (pf2aq44b);C:\WINDOWS\system32\drivers\pf2aq44b.sys [2008-03-17 83592] R0 ps7aq44b;Hotel dla zwierzakow Synchronization Driver (ps7aq44b);C:\WINDOWS\system32\drivers\ps7aq44b.sys [2008-03-17 68752] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416] R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752] S4 pr2aq44b;Hotel dla zwierzakow Drivers Auto Removal (pr2aq44b);C:\WINDOWS\system32\pr2aq44b.exe svc [ ] *Newly Created Service* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 15:39:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-05 15:40:01 ComboFix-quarantined-files.txt 2008-09-05 13:39:48 ComboFix2.txt 2008-09-04 08:15:04 ComboFix3.txt 2008-09-04 08:06:23 ComboFix4.txt 2008-08-30 08:36:36 Pre-Run: 84,706,402,304 bajtów wolnych Post-Run: 84,756,033,536 bajtów wolnych 202 --- E O F --- 2008-08-17 10:44:09
- 5 Września 2008
- 14 odpowiedzi
Trojan-spy.win32.keylogger.aa

ToMaSs1986 odpowiedział(a) na s3in temat w Centrum Bezpieczeństwa

Mam podobny problem jak możecie to pomóżcie wstawiam loga z Hijcacka mam Combofixa i co muszę zrobić żeby nei mieć tego badziewia:(:/?? Jestem tu nowy jakbym zrobił coś żle to poprawcie i przepraszam. Czekam na jakąś pomoc 8O Log z ComboFixa Log z Hijacka Jeszcze raz sory, że nie dokładnie zrobiłem. Mam nadzieję że teraz jest ok
- 4 Września 2008
- 14 odpowiedzi

Zaloguj się

ToMaSs1986

Postów

Dołączył

Ostatnia wizyta

Osiągnięcia ToMaSs1986

Newbie (1/14)

Reputacja

Trojan-spy.win32.keylogger.aa

Trojan-spy.win32.keylogger.aa

Trojan-spy.win32.keylogger.aa

Trojan-spy.win32.keylogger.aa

Przeglądaj

Cała aktywność