Skocz do zawartości
rebul4

Prosze O Sprawdzenie Loga Z Combofix

Rekomendowane odpowiedzi

Tak jak w temacie

problem z trojanem którego nie moge niczym usunąć

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 09-01-21.04 - Master 2009-01-23 11:34:45.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1482 [GMT 1:00

Uruchomiony z: e:\programy\nod32 nowy\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *enabled*

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

D:\Autorun.inf

E:\Autorun.inf

 

.

((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))

.

 

2009-01-23 00:58 . 2009-01-23 00:58 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\ESET

2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\program files\ESET

2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET

2009-01-22 23:54 . 2009-01-23 11:24 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll

2009-01-22 23:48 . 2009-01-23 01:27 107,882 -r-hs---- C:\w98.com

2009-01-22 23:48 . 2009-01-23 01:27 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll

2009-01-22 21:58 . 2009-01-22 21:58 <DIR> d-------- C:\Temp

2009-01-22 19:13 . 2009-01-23 01:27 107,882 -r-hs---- c:\windows\system32\olhrwef.exe

2009-01-13 21:43 . 2009-01-13 21:43 <DIR> d-------- c:\program files\THQ

2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\Webshots

2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\agi

2009-01-13 18:34 . 2009-01-13 19:23 <DIR> d-------- c:\program files\Webshots

2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\agi

2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\agi

2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\AGI

2009-01-13 18:33 . 2009-01-13 18:33 2,117,632 --a------ c:\windows\system32\python25.dll

2009-01-13 18:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip

2009-01-13 18:33 . 2009-01-13 18:33 339,968 --a------ c:\windows\system32\pythoncom25.dll

2009-01-13 18:33 . 2009-01-13 18:33 114,688 --a------ c:\windows\system32\pywintypes25.dll

2009-01-13 00:10 . 2009-01-13 10:14 <DIR> d-------- c:\program files\OSCAR Editor

2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\OscarData

2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\Oscar

2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Norton Security Scan

2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\windows\system32\Adobe

2009-01-07 21:54 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll

2009-01-05 15:05 . 2009-01-05 15:05 410,984 --a------ c:\windows\system32\deploytk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-22 22:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-01-16 02:30 --------- d-----w c:\program files\DC++

2009-01-13 19:47 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-13 19:47 --------- d-----w c:\program files\Rockstar Games

2009-01-12 11:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-01-08 12:41 --------- d-----w c:\program files\Valve

2009-01-05 14:05 --------- d-----w c:\program files\Java

2008-12-16 00:12 606,848 ----a-w c:\windows\flashax.exe

2008-12-16 00:12 503,808 ----a-w c:\windows\leogeo_timebeat.scr

2008-12-16 00:12 12,288 ----a-w c:\windows\impborl.dll

2008-12-11 12:06 --------- d-----w c:\program files\Real Alternative

2008-12-11 12:06 --------- d-----w c:\program files\Real

2008-12-11 12:06 --------- d-----w c:\program files\Common Files\Real

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-06 23:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2008-12-06 23:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-12-04 02:57 --------- d--h--r c:\documents and settings\Master\Dane aplikacji\SecuROM

2008-12-04 02:23 --------- d-----w c:\program files\Reference Assemblies

2008-12-03 15:27 --------- d-----w c:\program files\Wiedźmin

2008-12-03 14:05 --------- d-----w c:\documents and settings\Master\Dane aplikacji\ATI

2008-12-03 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI

2008-12-01 21:04 --------- d-----w c:\program files\NAPI-PROJEKT

2008-11-23 21:15 --------- d-----w c:\program files\BumpTop

2008-11-23 21:15 --------- d-----w c:\documents and settings\Master\Dane aplikacji\Bump Technologies, Inc

2008-11-21 16:57 188,928 ----a-w c:\windows\system32\XPTable.dll

2008-11-21 16:57 141,312 ----a-w c:\windows\system32\YgoowCore.dll

2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll

2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll

2008-10-23 17:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll

2008-10-23 17:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll

2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll

2009-01-22 18:31 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2009-01-22 18:31 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-22 18:31 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2009-01-22 18:31 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2009-01-22 18:31 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-07 10:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100720081008\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 68856]

"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-23 107882]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

"GrooveMonitor"="d:\program files\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-11-23 1410304]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"d:\\Program files\\Office12\\OUTLOOK.EXE"=

"d:\\Program files\\Office12\\GROOVE.EXE"=

"d:\\Program files\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

 

R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-13 10240]

R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-11-23 455936]

S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-21 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-21 13312]

.

Zawartość folderu 'Zaplanowane zadania'

 

2009-01-21 c:\windows\Tasks\Norton Security Scan for Master.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND

IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Master\Dane aplikacji\Mozilla\Firefox\Profiles\vq932jzl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-23 11:35:36

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:cb,aa,52,09,9f,5a,bc,a5,5b,fd,30,99,85,64,f0,73,85,f5,8d,1e,65,

ce,a9,f8,b5,56,01,5d,d6,6e,21,7c,84,75,e1,c1,5f,18,15,0c,72,3d,e9,f0,81,52,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'winlogon.exe'(992)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-01-23 11:36:26

ComboFix-quarantined-files.txt 2009-01-23 10:36:24

ComboFix2.txt 2009-01-23 00:42:38

 

Przed: 5 933 621 248 bajtów wolnych

Po: 5,921,808,384 bajtów wolnych

 

172 --- E O F --- 2009-01-23 02:00:22"]ComboFix 09-01-21.04 - Master 2009-01-23 11:34:45.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1482 [GMT 1:00]

Uruchomiony z: e:\programy\nod32 nowy\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *enabled*

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

D:\Autorun.inf

E:\Autorun.inf

 

.

((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))

.

 

2009-01-23 00:58 . 2009-01-23 00:58 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\ESET

2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\program files\ESET

2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET

2009-01-22 23:54 . 2009-01-23 11:24 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll

2009-01-22 23:48 . 2009-01-23 01:27 107,882 -r-hs---- C:\w98.com

2009-01-22 23:48 . 2009-01-23 01:27 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll

2009-01-22 21:58 . 2009-01-22 21:58 <DIR> d-------- C:\Temp

2009-01-22 19:13 . 2009-01-23 01:27 107,882 -r-hs---- c:\windows\system32\olhrwef.exe

2009-01-13 21:43 . 2009-01-13 21:43 <DIR> d-------- c:\program files\THQ

2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\Webshots

2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\agi

2009-01-13 18:34 . 2009-01-13 19:23 <DIR> d-------- c:\program files\Webshots

2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\agi

2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\agi

2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\AGI

2009-01-13 18:33 . 2009-01-13 18:33 2,117,632 --a------ c:\windows\system32\python25.dll

2009-01-13 18:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip

2009-01-13 18:33 . 2009-01-13 18:33 339,968 --a------ c:\windows\system32\pythoncom25.dll

2009-01-13 18:33 . 2009-01-13 18:33 114,688 --a------ c:\windows\system32\pywintypes25.dll

2009-01-13 00:10 . 2009-01-13 10:14 <DIR> d-------- c:\program files\OSCAR Editor

2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\OscarData

2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\Oscar

2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Norton Security Scan

2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\windows\system32\Adobe

2009-01-07 21:54 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll

2009-01-05 15:05 . 2009-01-05 15:05 410,984 --a------ c:\windows\system32\deploytk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-22 22:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-01-16 02:30 --------- d-----w c:\program files\DC++

2009-01-13 19:47 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-13 19:47 --------- d-----w c:\program files\Rockstar Games

2009-01-12 11:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-01-08 12:41 --------- d-----w c:\program files\Valve

2009-01-05 14:05 --------- d-----w c:\program files\Java

2008-12-16 00:12 606,848 ----a-w c:\windows\flashax.exe

2008-12-16 00:12 503,808 ----a-w c:\windows\leogeo_timebeat.scr

2008-12-16 00:12 12,288 ----a-w c:\windows\impborl.dll

2008-12-11 12:06 --------- d-----w c:\program files\Real Alternative

2008-12-11 12:06 --------- d-----w c:\program files\Real

2008-12-11 12:06 --------- d-----w c:\program files\Common Files\Real

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-06 23:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2008-12-06 23:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-12-04 02:57 --------- d--h--r c:\documents and settings\Master\Dane aplikacji\SecuROM

2008-12-04 02:23 --------- d-----w c:\program files\Reference Assemblies

2008-12-03 15:27 --------- d-----w c:\program files\Wiedźmin

2008-12-03 14:05 --------- d-----w c:\documents and settings\Master\Dane aplikacji\ATI

2008-12-03 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI

2008-12-01 21:04 --------- d-----w c:\program files\NAPI-PROJEKT

2008-11-23 21:15 --------- d-----w c:\program files\BumpTop

2008-11-23 21:15 --------- d-----w c:\documents and settings\Master\Dane aplikacji\Bump Technologies, Inc

2008-11-21 16:57 188,928 ----a-w c:\windows\system32\XPTable.dll

2008-11-21 16:57 141,312 ----a-w c:\windows\system32\YgoowCore.dll

2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll

2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll

2008-10-23 17:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll

2008-10-23 17:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll

2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll

2009-01-22 18:31 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2009-01-22 18:31 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-22 18:31 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2009-01-22 18:31 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2009-01-22 18:31 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-07 10:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100720081008\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 68856]

"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-23 107882]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

"GrooveMonitor"="d:\program files\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-11-23 1410304]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"d:\\Program files\\Office12\\OUTLOOK.EXE"=

"d:\\Program files\\Office12\\GROOVE.EXE"=

"d:\\Program files\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

 

R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-13 10240]

R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-11-23 455936]

S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-21 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-21 13312]

.

Zawartość folderu 'Zaplanowane zadania'

 

2009-01-21 c:\windows\Tasks\Norton Security Scan for Master.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND

IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Master\Dane aplikacji\Mozilla\Firefox\Profiles\vq932jzl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-23 11:35:36

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:cb,aa,52,09,9f,5a,bc,a5,5b,fd,30,99,85,64,f0,73,85,f5,8d,1e,65,

ce,a9,f8,b5,56,01,5d,d6,6e,21,7c,84,75,e1,c1,5f,18,15,0c,72,3d,e9,f0,81,52,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'winlogon.exe'(992)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-01-23 11:36:26

ComboFix-quarantined-files.txt 2009-01-23 10:36:24

ComboFix2.txt 2009-01-23 00:42:38

 

Przed: 5 933 621 248 bajtów wolnych

Po: 5,921,808,384 bajtów wolnych

 

172 --- E O F --- 2009-01-23 02:00:22

Edytowane przez rebul4

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Uzyj EDYTUJ, popraw bledy w swoim jedynym zdaniu, ktore napisales oraz daj log w spoilerze.

 

 

Podlacz zainfekowane nosniki, uzyj Flash Disinfector.

 

Uzyj CFScript.txt:

 

File::

c:\windows\system32\nmdfgds0.dll

C:\w98.com

D:\w98.com

E:\w98.com

c:\windows\system32\nmdfgds1.dll

c:\windows\system32\olhrwef.exe

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdoosoft"=-

 

Po wykonaniu daj nowy log.

 

Zablokuj tez dostep do klucza mountpoints2 i pomysl nad wylaczeniem autorun.inf w rejestrze:

http://www.searchengines.pl/Infekcje-z-pen...ych-t94761.html (opis na dole strony).

Edytowane przez Kolobos

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Chyba sie udalo to dziadostwo wywalic 8O

Pendrajwa od którego mialem ta niespodzianke juz nie mam .

 

tutaj jeszcze log wykonany po restarcie kompa:

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 09-01-21.04 - Master 2009-01-23 13:03:11.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1530 [GMT 1:00

Uruchomiony z: e:\programy\nod32 nowy\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *disabled*

.

 

((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))

.

 

2009-01-23 12:07 . 2009-01-23 12:08 <DIR> d-------- c:\program files\Spyware Doctor

2009-01-23 12:07 . 2009-01-23 12:07 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\PC Tools

2009-01-23 12:07 . 2009-01-23 12:10 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-01-23 12:07 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2009-01-23 12:07 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2009-01-23 12:07 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2009-01-23 12:07 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2009-01-23 00:58 . 2009-01-23 00:58 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\ESET

2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\program files\ESET

2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET

2009-01-22 21:58 . 2009-01-22 21:58 <DIR> d-------- C:\Temp

2009-01-13 21:43 . 2009-01-13 21:43 <DIR> d-------- c:\program files\THQ

2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\Webshots

2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\agi

2009-01-13 18:34 . 2009-01-13 19:23 <DIR> d-------- c:\program files\Webshots

2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\agi

2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\agi

2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\AGI

2009-01-13 18:33 . 2009-01-13 18:33 2,117,632 --a------ c:\windows\system32\python25.dll

2009-01-13 18:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip

2009-01-13 18:33 . 2009-01-13 18:33 339,968 --a------ c:\windows\system32\pythoncom25.dll

2009-01-13 18:33 . 2009-01-13 18:33 114,688 --a------ c:\windows\system32\pywintypes25.dll

2009-01-13 00:10 . 2009-01-13 10:14 <DIR> d-------- c:\program files\OSCAR Editor

2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\OscarData

2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\Oscar

2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Norton Security Scan

2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\windows\system32\Adobe

2009-01-07 21:54 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll

2009-01-05 15:05 . 2009-01-05 15:05 410,984 --a------ c:\windows\system32\deploytk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-22 22:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-01-16 02:30 --------- d-----w c:\program files\DC++

2009-01-13 19:47 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-13 19:47 --------- d-----w c:\program files\Rockstar Games

2009-01-12 11:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-01-08 12:41 --------- d-----w c:\program files\Valve

2009-01-05 14:05 --------- d-----w c:\program files\Java

2008-12-16 00:12 606,848 ----a-w c:\windows\flashax.exe

2008-12-16 00:12 503,808 ----a-w c:\windows\leogeo_timebeat.scr

2008-12-16 00:12 12,288 ----a-w c:\windows\impborl.dll

2008-12-11 12:06 --------- d-----w c:\program files\Real Alternative

2008-12-11 12:06 --------- d-----w c:\program files\Real

2008-12-11 12:06 --------- d-----w c:\program files\Common Files\Real

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-06 23:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2008-12-06 23:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-12-04 02:57 --------- d--h--r c:\documents and settings\Master\Dane aplikacji\SecuROM

2008-12-04 02:23 --------- d-----w c:\program files\Reference Assemblies

2008-12-03 15:27 --------- d-----w c:\program files\Wiedźmin

2008-12-03 14:05 --------- d-----w c:\documents and settings\Master\Dane aplikacji\ATI

2008-12-03 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI

2008-12-01 21:04 --------- d-----w c:\program files\NAPI-PROJEKT

2008-11-23 21:15 --------- d-----w c:\program files\BumpTop

2008-11-23 21:15 --------- d-----w c:\documents and settings\Master\Dane aplikacji\Bump Technologies, Inc

2008-11-21 16:57 188,928 ----a-w c:\windows\system32\XPTable.dll

2008-11-21 16:57 141,312 ----a-w c:\windows\system32\YgoowCore.dll

2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll

2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll

2008-10-23 17:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll

2008-10-23 17:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll

2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll

2009-01-22 18:31 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2009-01-22 18:31 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-22 18:31 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2009-01-22 18:31 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2009-01-22 18:31 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-07 10:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100720081008\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-23_12.52.57,75 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-23 12:00:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_20c.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

"GrooveMonitor"="d:\program files\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-11-23 1410304]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"d:\\Program files\\Office12\\OUTLOOK.EXE"=

"d:\\Program files\\Office12\\GROOVE.EXE"=

"d:\\Program files\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

 

R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-13 10240]

R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-11-23 455936]

S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-21 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-21 13312]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920]

.

Zawartość folderu 'Zaplanowane zadania'

 

2009-01-21 c:\windows\Tasks\Norton Security Scan for Master.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

 

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

 

 

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND

IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Master\Dane aplikacji\Mozilla\Firefox\Profiles\vq932jzl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-23 13:03:57

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:cb,aa,52,09,9f,5a,bc,a5,5b,fd,30,99,85,64,f0,73,85,f5,8d,1e,65,

ce,a9,f8,b5,56,01,5d,d6,6e,21,7c,84,75,e1,c1,5f,18,15,0c,72,3d,e9,f0,81,52,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'winlogon.exe'(1000)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-01-23 13:04:38

ComboFix-quarantined-files.txt 2009-01-23 12:04:36

ComboFix2.txt 2009-01-23 11:53:24

ComboFix3.txt 2009-01-23 10:36:27

ComboFix4.txt 2009-01-23 00:42:38

 

Przed: 5 800 640 512 bajtów wolnych

Po: 5,788,905,472 bajtów wolnych

 

177 --- E O F --- 2009-01-23 11:58:36

"]ComboFix 09-01-21.04 - Master 2009-01-23 13:03:11.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1530 [GMT 1:00]

Uruchomiony z: e:\programy\nod32 nowy\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *disabled*

.

 

((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))

.

 

2009-01-23 12:07 . 2009-01-23 12:08 <DIR> d-------- c:\program files\Spyware Doctor

2009-01-23 12:07 . 2009-01-23 12:07 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\PC Tools

2009-01-23 12:07 . 2009-01-23 12:10 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-01-23 12:07 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2009-01-23 12:07 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2009-01-23 12:07 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2009-01-23 12:07 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2009-01-23 00:58 . 2009-01-23 00:58 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\ESET

2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\program files\ESET

2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET

2009-01-22 21:58 . 2009-01-22 21:58 <DIR> d-------- C:\Temp

2009-01-13 21:43 . 2009-01-13 21:43 <DIR> d-------- c:\program files\THQ

2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\Webshots

2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\agi

2009-01-13 18:34 . 2009-01-13 19:23 <DIR> d-------- c:\program files\Webshots

2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\agi

2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\agi

2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\AGI

2009-01-13 18:33 . 2009-01-13 18:33 2,117,632 --a------ c:\windows\system32\python25.dll

2009-01-13 18:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip

2009-01-13 18:33 . 2009-01-13 18:33 339,968 --a------ c:\windows\system32\pythoncom25.dll

2009-01-13 18:33 . 2009-01-13 18:33 114,688 --a------ c:\windows\system32\pywintypes25.dll

2009-01-13 00:10 . 2009-01-13 10:14 <DIR> d-------- c:\program files\OSCAR Editor

2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\OscarData

2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\Oscar

2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Norton Security Scan

2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\windows\system32\Adobe

2009-01-07 21:54 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll

2009-01-05 15:05 . 2009-01-05 15:05 410,984 --a------ c:\windows\system32\deploytk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-22 22:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-01-16 02:30 --------- d-----w c:\program files\DC++

2009-01-13 19:47 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-13 19:47 --------- d-----w c:\program files\Rockstar Games

2009-01-12 11:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-01-08 12:41 --------- d-----w c:\program files\Valve

2009-01-05 14:05 --------- d-----w c:\program files\Java

2008-12-16 00:12 606,848 ----a-w c:\windows\flashax.exe

2008-12-16 00:12 503,808 ----a-w c:\windows\leogeo_timebeat.scr

2008-12-16 00:12 12,288 ----a-w c:\windows\impborl.dll

2008-12-11 12:06 --------- d-----w c:\program files\Real Alternative

2008-12-11 12:06 --------- d-----w c:\program files\Real

2008-12-11 12:06 --------- d-----w c:\program files\Common Files\Real

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-06 23:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2008-12-06 23:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-12-04 02:57 --------- d--h--r c:\documents and settings\Master\Dane aplikacji\SecuROM

2008-12-04 02:23 --------- d-----w c:\program files\Reference Assemblies

2008-12-03 15:27 --------- d-----w c:\program files\Wiedźmin

2008-12-03 14:05 --------- d-----w c:\documents and settings\Master\Dane aplikacji\ATI

2008-12-03 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI

2008-12-01 21:04 --------- d-----w c:\program files\NAPI-PROJEKT

2008-11-23 21:15 --------- d-----w c:\program files\BumpTop

2008-11-23 21:15 --------- d-----w c:\documents and settings\Master\Dane aplikacji\Bump Technologies, Inc

2008-11-21 16:57 188,928 ----a-w c:\windows\system32\XPTable.dll

2008-11-21 16:57 141,312 ----a-w c:\windows\system32\YgoowCore.dll

2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll

2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll

2008-10-23 17:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll

2008-10-23 17:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll

2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll

2009-01-22 18:31 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2009-01-22 18:31 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-22 18:31 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2009-01-22 18:31 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2009-01-22 18:31 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-07 10:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100720081008\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-23_12.52.57,75 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-23 12:00:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_20c.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

"GrooveMonitor"="d:\program files\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-11-23 1410304]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"d:\\Program files\\Office12\\OUTLOOK.EXE"=

"d:\\Program files\\Office12\\GROOVE.EXE"=

"d:\\Program files\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

 

R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-13 10240]

R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-11-23 455936]

S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-21 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-21 13312]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920]

.

Zawartość folderu 'Zaplanowane zadania'

 

2009-01-21 c:\windows\Tasks\Norton Security Scan for Master.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

 

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

 

 

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND

IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Master\Dane aplikacji\Mozilla\Firefox\Profiles\vq932jzl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-23 13:03:57

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:cb,aa,52,09,9f,5a,bc,a5,5b,fd,30,99,85,64,f0,73,85,f5,8d,1e,65,

ce,a9,f8,b5,56,01,5d,d6,6e,21,7c,84,75,e1,c1,5f,18,15,0c,72,3d,e9,f0,81,52,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'winlogon.exe'(1000)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-01-23 13:04:38

ComboFix-quarantined-files.txt 2009-01-23 12:04:36

ComboFix2.txt 2009-01-23 11:53:24

ComboFix3.txt 2009-01-23 10:36:27

ComboFix4.txt 2009-01-23 00:42:38

 

Przed: 5 800 640 512 bajtów wolnych

Po: 5,788,905,472 bajtów wolnych

 

177 --- E O F --- 2009-01-23 11:58:36

Edytowane przez rebul4

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Dołącz do dyskusji

Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.

Gość
Dodaj odpowiedź do tematu...

×   Wklejono zawartość z formatowaniem.   Przywróć formatowanie

  Dozwolonych jest tylko 75 emoji.

×   Odnośnik został automatycznie osadzony.   Przywróć wyświetlanie jako odnośnik

×   Przywrócono poprzednią zawartość.   Wyczyść edytor

×   Nie możesz bezpośrednio wkleić grafiki. Dodaj lub załącz grafiki z adresu URL.

Ładowanie


×
×
  • Dodaj nową pozycję...