rebul4 Opublikowano 23 Stycznia 2009 Zgłoś Opublikowano 23 Stycznia 2009 (edytowane) Tak jak w temacie problem z trojanem którego nie moge niczym usunąć » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 09-01-21.04 - Master 2009-01-23 11:34:45.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1482 [GMT 1:00 Uruchomiony z: e:\programy\nod32 nowy\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: Zapora osobista *enabled* . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 ))))))))))))))))))))))))))))))) . 2009-01-23 00:58 . 2009-01-23 00:58 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\ESET 2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\program files\ESET 2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET 2009-01-22 23:54 . 2009-01-23 11:24 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll 2009-01-22 23:48 . 2009-01-23 01:27 107,882 -r-hs---- C:\w98.com 2009-01-22 23:48 . 2009-01-23 01:27 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll 2009-01-22 21:58 . 2009-01-22 21:58 <DIR> d-------- C:\Temp 2009-01-22 19:13 . 2009-01-23 01:27 107,882 -r-hs---- c:\windows\system32\olhrwef.exe 2009-01-13 21:43 . 2009-01-13 21:43 <DIR> d-------- c:\program files\THQ 2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\Webshots 2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\agi 2009-01-13 18:34 . 2009-01-13 19:23 <DIR> d-------- c:\program files\Webshots 2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\agi 2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\agi 2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\AGI 2009-01-13 18:33 . 2009-01-13 18:33 2,117,632 --a------ c:\windows\system32\python25.dll 2009-01-13 18:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip 2009-01-13 18:33 . 2009-01-13 18:33 339,968 --a------ c:\windows\system32\pythoncom25.dll 2009-01-13 18:33 . 2009-01-13 18:33 114,688 --a------ c:\windows\system32\pywintypes25.dll 2009-01-13 00:10 . 2009-01-13 10:14 <DIR> d-------- c:\program files\OSCAR Editor 2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\OscarData 2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\Oscar 2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Norton Security Scan 2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Common Files\Symantec Shared 2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\windows\system32\Adobe 2009-01-07 21:54 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll 2009-01-05 15:05 . 2009-01-05 15:05 410,984 --a------ c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 22:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-01-16 02:30 --------- d-----w c:\program files\DC++ 2009-01-13 19:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 19:47 --------- d-----w c:\program files\Rockstar Games 2009-01-12 11:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-08 12:41 --------- d-----w c:\program files\Valve 2009-01-05 14:05 --------- d-----w c:\program files\Java 2008-12-16 00:12 606,848 ----a-w c:\windows\flashax.exe 2008-12-16 00:12 503,808 ----a-w c:\windows\leogeo_timebeat.scr 2008-12-16 00:12 12,288 ----a-w c:\windows\impborl.dll 2008-12-11 12:06 --------- d-----w c:\program files\Real Alternative 2008-12-11 12:06 --------- d-----w c:\program files\Real 2008-12-11 12:06 --------- d-----w c:\program files\Common Files\Real 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-06 23:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-06 23:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-12-04 02:57 --------- d--h--r c:\documents and settings\Master\Dane aplikacji\SecuROM 2008-12-04 02:23 --------- d-----w c:\program files\Reference Assemblies 2008-12-03 15:27 --------- d-----w c:\program files\Wiedźmin 2008-12-03 14:05 --------- d-----w c:\documents and settings\Master\Dane aplikacji\ATI 2008-12-03 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2008-12-01 21:04 --------- d-----w c:\program files\NAPI-PROJEKT 2008-11-23 21:15 --------- d-----w c:\program files\BumpTop 2008-11-23 21:15 --------- d-----w c:\documents and settings\Master\Dane aplikacji\Bump Technologies, Inc 2008-11-21 16:57 188,928 ----a-w c:\windows\system32\XPTable.dll 2008-11-21 16:57 141,312 ----a-w c:\windows\system32\YgoowCore.dll 2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll 2008-10-23 17:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2008-10-23 17:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2009-01-22 18:31 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-22 18:31 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-22 18:31 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-22 18:31 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-22 18:31 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-10-07 10:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100720081008\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 68856] "cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-23 107882] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "GrooveMonitor"="d:\program files\Office12\GrooveMonitor.exe" [2006-10-27 31016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-11-23 1410304] "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program files\\Office12\\OUTLOOK.EXE"= "d:\\Program files\\Office12\\GROOVE.EXE"= "d:\\Program files\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-13 10240] R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-11-23 455936] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-21 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-21 13312] . Zawartość folderu 'Zaplanowane zadania' 2009-01-21 c:\windows\Tasks\Norton Security Scan for Master.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Master\Dane aplikacji\Mozilla\Firefox\Profiles\vq932jzl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 11:35:36 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\SecuROM\License information*] "datasecu"=hex:cb,aa,52,09,9f,5a,bc,a5,5b,fd,30,99,85,64,f0,73,85,f5,8d,1e,65, ce,a9,f8,b5,56,01,5d,d6,6e,21,7c,84,75,e1,c1,5f,18,15,0c,72,3d,e9,f0,81,52,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-01-23 11:36:26 ComboFix-quarantined-files.txt 2009-01-23 10:36:24 ComboFix2.txt 2009-01-23 00:42:38 Przed: 5 933 621 248 bajtów wolnych Po: 5,921,808,384 bajtów wolnych 172 --- E O F --- 2009-01-23 02:00:22"]ComboFix 09-01-21.04 - Master 2009-01-23 11:34:45.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1482 [GMT 1:00] Uruchomiony z: e:\programy\nod32 nowy\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: Zapora osobista *enabled* . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 ))))))))))))))))))))))))))))))) . 2009-01-23 00:58 . 2009-01-23 00:58 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\ESET 2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\program files\ESET 2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET 2009-01-22 23:54 . 2009-01-23 11:24 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll 2009-01-22 23:48 . 2009-01-23 01:27 107,882 -r-hs---- C:\w98.com 2009-01-22 23:48 . 2009-01-23 01:27 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll 2009-01-22 21:58 . 2009-01-22 21:58 <DIR> d-------- C:\Temp 2009-01-22 19:13 . 2009-01-23 01:27 107,882 -r-hs---- c:\windows\system32\olhrwef.exe 2009-01-13 21:43 . 2009-01-13 21:43 <DIR> d-------- c:\program files\THQ 2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\Webshots 2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\agi 2009-01-13 18:34 . 2009-01-13 19:23 <DIR> d-------- c:\program files\Webshots 2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\agi 2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\agi 2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\AGI 2009-01-13 18:33 . 2009-01-13 18:33 2,117,632 --a------ c:\windows\system32\python25.dll 2009-01-13 18:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip 2009-01-13 18:33 . 2009-01-13 18:33 339,968 --a------ c:\windows\system32\pythoncom25.dll 2009-01-13 18:33 . 2009-01-13 18:33 114,688 --a------ c:\windows\system32\pywintypes25.dll 2009-01-13 00:10 . 2009-01-13 10:14 <DIR> d-------- c:\program files\OSCAR Editor 2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\OscarData 2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\Oscar 2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Norton Security Scan 2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Common Files\Symantec Shared 2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\windows\system32\Adobe 2009-01-07 21:54 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll 2009-01-05 15:05 . 2009-01-05 15:05 410,984 --a------ c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 22:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-01-16 02:30 --------- d-----w c:\program files\DC++ 2009-01-13 19:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 19:47 --------- d-----w c:\program files\Rockstar Games 2009-01-12 11:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-08 12:41 --------- d-----w c:\program files\Valve 2009-01-05 14:05 --------- d-----w c:\program files\Java 2008-12-16 00:12 606,848 ----a-w c:\windows\flashax.exe 2008-12-16 00:12 503,808 ----a-w c:\windows\leogeo_timebeat.scr 2008-12-16 00:12 12,288 ----a-w c:\windows\impborl.dll 2008-12-11 12:06 --------- d-----w c:\program files\Real Alternative 2008-12-11 12:06 --------- d-----w c:\program files\Real 2008-12-11 12:06 --------- d-----w c:\program files\Common Files\Real 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-06 23:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-06 23:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-12-04 02:57 --------- d--h--r c:\documents and settings\Master\Dane aplikacji\SecuROM 2008-12-04 02:23 --------- d-----w c:\program files\Reference Assemblies 2008-12-03 15:27 --------- d-----w c:\program files\Wiedźmin 2008-12-03 14:05 --------- d-----w c:\documents and settings\Master\Dane aplikacji\ATI 2008-12-03 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2008-12-01 21:04 --------- d-----w c:\program files\NAPI-PROJEKT 2008-11-23 21:15 --------- d-----w c:\program files\BumpTop 2008-11-23 21:15 --------- d-----w c:\documents and settings\Master\Dane aplikacji\Bump Technologies, Inc 2008-11-21 16:57 188,928 ----a-w c:\windows\system32\XPTable.dll 2008-11-21 16:57 141,312 ----a-w c:\windows\system32\YgoowCore.dll 2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll 2008-10-23 17:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2008-10-23 17:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2009-01-22 18:31 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-22 18:31 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-22 18:31 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-22 18:31 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-22 18:31 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-10-07 10:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100720081008\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 68856] "cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-23 107882] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "GrooveMonitor"="d:\program files\Office12\GrooveMonitor.exe" [2006-10-27 31016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-11-23 1410304] "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program files\\Office12\\OUTLOOK.EXE"= "d:\\Program files\\Office12\\GROOVE.EXE"= "d:\\Program files\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-13 10240] R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-11-23 455936] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-21 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-21 13312] . Zawartość folderu 'Zaplanowane zadania' 2009-01-21 c:\windows\Tasks\Norton Security Scan for Master.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Master\Dane aplikacji\Mozilla\Firefox\Profiles\vq932jzl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 11:35:36 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\SecuROM\License information*] "datasecu"=hex:cb,aa,52,09,9f,5a,bc,a5,5b,fd,30,99,85,64,f0,73,85,f5,8d,1e,65, ce,a9,f8,b5,56,01,5d,d6,6e,21,7c,84,75,e1,c1,5f,18,15,0c,72,3d,e9,f0,81,52,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-01-23 11:36:26 ComboFix-quarantined-files.txt 2009-01-23 10:36:24 ComboFix2.txt 2009-01-23 00:42:38 Przed: 5 933 621 248 bajtów wolnych Po: 5,921,808,384 bajtów wolnych 172 --- E O F --- 2009-01-23 02:00:22 Edytowane 23 Stycznia 2009 przez rebul4 Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 23 Stycznia 2009 Zgłoś Opublikowano 23 Stycznia 2009 (edytowane) Uzyj EDYTUJ, popraw bledy w swoim jedynym zdaniu, ktore napisales oraz daj log w spoilerze. Podlacz zainfekowane nosniki, uzyj Flash Disinfector. Uzyj CFScript.txt: File:: c:\windows\system32\nmdfgds0.dll C:\w98.com D:\w98.com E:\w98.com c:\windows\system32\nmdfgds1.dll c:\windows\system32\olhrwef.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"=- Po wykonaniu daj nowy log. Zablokuj tez dostep do klucza mountpoints2 i pomysl nad wylaczeniem autorun.inf w rejestrze: http://www.searchengines.pl/Infekcje-z-pen...ych-t94761.html (opis na dole strony). Edytowane 23 Stycznia 2009 przez Kolobos Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
rebul4 Opublikowano 23 Stycznia 2009 Zgłoś Opublikowano 23 Stycznia 2009 (edytowane) Chyba sie udalo to dziadostwo wywalic 8O Pendrajwa od którego mialem ta niespodzianke juz nie mam . tutaj jeszcze log wykonany po restarcie kompa: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 09-01-21.04 - Master 2009-01-23 13:03:11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1530 [GMT 1:00 Uruchomiony z: e:\programy\nod32 nowy\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: Zapora osobista *disabled* . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 ))))))))))))))))))))))))))))))) . 2009-01-23 12:07 . 2009-01-23 12:08 <DIR> d-------- c:\program files\Spyware Doctor 2009-01-23 12:07 . 2009-01-23 12:07 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\PC Tools 2009-01-23 12:07 . 2009-01-23 12:10 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-01-23 12:07 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2009-01-23 12:07 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2009-01-23 12:07 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2009-01-23 12:07 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2009-01-23 00:58 . 2009-01-23 00:58 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\ESET 2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\program files\ESET 2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET 2009-01-22 21:58 . 2009-01-22 21:58 <DIR> d-------- C:\Temp 2009-01-13 21:43 . 2009-01-13 21:43 <DIR> d-------- c:\program files\THQ 2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\Webshots 2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\agi 2009-01-13 18:34 . 2009-01-13 19:23 <DIR> d-------- c:\program files\Webshots 2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\agi 2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\agi 2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\AGI 2009-01-13 18:33 . 2009-01-13 18:33 2,117,632 --a------ c:\windows\system32\python25.dll 2009-01-13 18:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip 2009-01-13 18:33 . 2009-01-13 18:33 339,968 --a------ c:\windows\system32\pythoncom25.dll 2009-01-13 18:33 . 2009-01-13 18:33 114,688 --a------ c:\windows\system32\pywintypes25.dll 2009-01-13 00:10 . 2009-01-13 10:14 <DIR> d-------- c:\program files\OSCAR Editor 2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\OscarData 2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\Oscar 2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Norton Security Scan 2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Common Files\Symantec Shared 2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\windows\system32\Adobe 2009-01-07 21:54 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll 2009-01-05 15:05 . 2009-01-05 15:05 410,984 --a------ c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 22:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-01-16 02:30 --------- d-----w c:\program files\DC++ 2009-01-13 19:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 19:47 --------- d-----w c:\program files\Rockstar Games 2009-01-12 11:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-08 12:41 --------- d-----w c:\program files\Valve 2009-01-05 14:05 --------- d-----w c:\program files\Java 2008-12-16 00:12 606,848 ----a-w c:\windows\flashax.exe 2008-12-16 00:12 503,808 ----a-w c:\windows\leogeo_timebeat.scr 2008-12-16 00:12 12,288 ----a-w c:\windows\impborl.dll 2008-12-11 12:06 --------- d-----w c:\program files\Real Alternative 2008-12-11 12:06 --------- d-----w c:\program files\Real 2008-12-11 12:06 --------- d-----w c:\program files\Common Files\Real 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-06 23:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-06 23:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-12-04 02:57 --------- d--h--r c:\documents and settings\Master\Dane aplikacji\SecuROM 2008-12-04 02:23 --------- d-----w c:\program files\Reference Assemblies 2008-12-03 15:27 --------- d-----w c:\program files\Wiedźmin 2008-12-03 14:05 --------- d-----w c:\documents and settings\Master\Dane aplikacji\ATI 2008-12-03 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2008-12-01 21:04 --------- d-----w c:\program files\NAPI-PROJEKT 2008-11-23 21:15 --------- d-----w c:\program files\BumpTop 2008-11-23 21:15 --------- d-----w c:\documents and settings\Master\Dane aplikacji\Bump Technologies, Inc 2008-11-21 16:57 188,928 ----a-w c:\windows\system32\XPTable.dll 2008-11-21 16:57 141,312 ----a-w c:\windows\system32\YgoowCore.dll 2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll 2008-10-23 17:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2008-10-23 17:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2009-01-22 18:31 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-22 18:31 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-22 18:31 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-22 18:31 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-22 18:31 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-10-07 10:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100720081008\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-23_12.52.57,75 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-23 12:00:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_20c.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "GrooveMonitor"="d:\program files\Office12\GrooveMonitor.exe" [2006-10-27 31016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-11-23 1410304] "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program files\\Office12\\OUTLOOK.EXE"= "d:\\Program files\\Office12\\GROOVE.EXE"= "d:\\Program files\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-13 10240] R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-11-23 455936] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-21 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-21 13312] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920] . Zawartość folderu 'Zaplanowane zadania' 2009-01-21 c:\windows\Tasks\Norton Security Scan for Master.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . - - - - USUNIĘTO PUSTE WPISY - - - - URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Master\Dane aplikacji\Mozilla\Firefox\Profiles\vq932jzl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 13:03:57 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\SecuROM\License information*] "datasecu"=hex:cb,aa,52,09,9f,5a,bc,a5,5b,fd,30,99,85,64,f0,73,85,f5,8d,1e,65, ce,a9,f8,b5,56,01,5d,d6,6e,21,7c,84,75,e1,c1,5f,18,15,0c,72,3d,e9,f0,81,52,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-01-23 13:04:38 ComboFix-quarantined-files.txt 2009-01-23 12:04:36 ComboFix2.txt 2009-01-23 11:53:24 ComboFix3.txt 2009-01-23 10:36:27 ComboFix4.txt 2009-01-23 00:42:38 Przed: 5 800 640 512 bajtów wolnych Po: 5,788,905,472 bajtów wolnych 177 --- E O F --- 2009-01-23 11:58:36 "]ComboFix 09-01-21.04 - Master 2009-01-23 13:03:11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1530 [GMT 1:00] Uruchomiony z: e:\programy\nod32 nowy\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: Zapora osobista *disabled* . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 ))))))))))))))))))))))))))))))) . 2009-01-23 12:07 . 2009-01-23 12:08 <DIR> d-------- c:\program files\Spyware Doctor 2009-01-23 12:07 . 2009-01-23 12:07 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\PC Tools 2009-01-23 12:07 . 2009-01-23 12:10 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-01-23 12:07 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2009-01-23 12:07 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2009-01-23 12:07 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2009-01-23 12:07 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2009-01-23 00:58 . 2009-01-23 00:58 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\ESET 2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\program files\ESET 2009-01-23 00:57 . 2009-01-23 00:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET 2009-01-22 21:58 . 2009-01-22 21:58 <DIR> d-------- C:\Temp 2009-01-13 21:43 . 2009-01-13 21:43 <DIR> d-------- c:\program files\THQ 2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\Webshots 2009-01-13 18:35 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\agi 2009-01-13 18:34 . 2009-01-13 19:23 <DIR> d-------- c:\program files\Webshots 2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\Master\Dane aplikacji\agi 2009-01-13 18:34 . 2009-01-13 18:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\agi 2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\AGI 2009-01-13 18:33 . 2009-01-13 18:33 2,117,632 --a------ c:\windows\system32\python25.dll 2009-01-13 18:33 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip 2009-01-13 18:33 . 2009-01-13 18:33 339,968 --a------ c:\windows\system32\pythoncom25.dll 2009-01-13 18:33 . 2009-01-13 18:33 114,688 --a------ c:\windows\system32\pywintypes25.dll 2009-01-13 00:10 . 2009-01-13 10:14 <DIR> d-------- c:\program files\OSCAR Editor 2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\OscarData 2009-01-13 00:10 . 2009-01-13 00:10 <DIR> d-------- C:\Oscar 2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Norton Security Scan 2009-01-08 00:55 . 2009-01-23 01:46 <DIR> d-------- c:\program files\Common Files\Symantec Shared 2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\windows\system32\Adobe 2009-01-07 21:54 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll 2009-01-05 15:05 . 2009-01-05 15:05 410,984 --a------ c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 22:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-01-16 02:30 --------- d-----w c:\program files\DC++ 2009-01-13 19:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 19:47 --------- d-----w c:\program files\Rockstar Games 2009-01-12 11:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-08 12:41 --------- d-----w c:\program files\Valve 2009-01-05 14:05 --------- d-----w c:\program files\Java 2008-12-16 00:12 606,848 ----a-w c:\windows\flashax.exe 2008-12-16 00:12 503,808 ----a-w c:\windows\leogeo_timebeat.scr 2008-12-16 00:12 12,288 ----a-w c:\windows\impborl.dll 2008-12-11 12:06 --------- d-----w c:\program files\Real Alternative 2008-12-11 12:06 --------- d-----w c:\program files\Real 2008-12-11 12:06 --------- d-----w c:\program files\Common Files\Real 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-06 23:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-06 23:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-12-04 02:57 --------- d--h--r c:\documents and settings\Master\Dane aplikacji\SecuROM 2008-12-04 02:23 --------- d-----w c:\program files\Reference Assemblies 2008-12-03 15:27 --------- d-----w c:\program files\Wiedźmin 2008-12-03 14:05 --------- d-----w c:\documents and settings\Master\Dane aplikacji\ATI 2008-12-03 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2008-12-01 21:04 --------- d-----w c:\program files\NAPI-PROJEKT 2008-11-23 21:15 --------- d-----w c:\program files\BumpTop 2008-11-23 21:15 --------- d-----w c:\documents and settings\Master\Dane aplikacji\Bump Technologies, Inc 2008-11-21 16:57 188,928 ----a-w c:\windows\system32\XPTable.dll 2008-11-21 16:57 141,312 ----a-w c:\windows\system32\YgoowCore.dll 2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll 2008-10-23 17:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2008-10-23 17:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2009-01-22 18:31 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-22 18:31 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-22 18:31 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-22 18:31 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-22 18:31 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-10-07 10:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100720081008\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-23_12.52.57,75 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-23 12:00:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_20c.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "GrooveMonitor"="d:\program files\Office12\GrooveMonitor.exe" [2006-10-27 31016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-11-23 1410304] "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program files\\Office12\\OUTLOOK.EXE"= "d:\\Program files\\Office12\\GROOVE.EXE"= "d:\\Program files\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-13 10240] R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-11-23 455936] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-21 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-21 13312] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920] . Zawartość folderu 'Zaplanowane zadania' 2009-01-21 c:\windows\Tasks\Norton Security Scan for Master.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . - - - - USUNIĘTO PUSTE WPISY - - - - URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Master\Dane aplikacji\Mozilla\Firefox\Profiles\vq932jzl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 13:03:57 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\SecuROM\License information*] "datasecu"=hex:cb,aa,52,09,9f,5a,bc,a5,5b,fd,30,99,85,64,f0,73,85,f5,8d,1e,65, ce,a9,f8,b5,56,01,5d,d6,6e,21,7c,84,75,e1,c1,5f,18,15,0c,72,3d,e9,f0,81,52,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-01-23 13:04:38 ComboFix-quarantined-files.txt 2009-01-23 12:04:36 ComboFix2.txt 2009-01-23 11:53:24 ComboFix3.txt 2009-01-23 10:36:27 ComboFix4.txt 2009-01-23 00:42:38 Przed: 5 800 640 512 bajtów wolnych Po: 5,788,905,472 bajtów wolnych 177 --- E O F --- 2009-01-23 11:58:36 Edytowane 23 Stycznia 2009 przez rebul4 Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 23 Stycznia 2009 Zgłoś Opublikowano 23 Stycznia 2009 Wszystko wyglada ok, popraw tylko bledy w swoim postatnim poscie. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
