Forum IDG.pl - miejsce dyskusji o IT: Niewidoczna partycja - Forum IDG.pl - miejsce dyskusji o IT

ComboFix 11-12-28.02 - Admin 2011-12-28 10:15:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.0.1250.48.1045.18.639.426 [GMT 1:00]
Uruchomiony z: f:\documents and settings\Admin\Pulpit\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\i8ikdjwt.exe
E:\autorun.inf
E:\i8ikdjwt.exe
E:\Setup.exe
F:\autorun.inf
f:\documents and settings\Admin\6fn1d4e1ffvgf5fa66.tmp
F:\i8ikdjwt.exe
f:\program files\WinPCap
f:\program files\WinPCap\LICENSE
f:\program files\WinPCap\rpcapd.exe
f:\program files\WinPCap\uninstall.exe
f:\windows\system32\arking0.dll
f:\windows\system32\arking1.dll
f:\windows\system32\VIRepair
f:\windows\system32\VIRepair\vi.sif
.
f:\windows\system32\qmgr.dll . . . jest zainfekowany!!
.
f:\windows\system32\drivers\usbehci.sys . . . brak pliku!!
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-11-28 do 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-28 08:45 . 2011-12-28 08:45 -------- d-----w- f:\windows\system32\wbem\Repository
2011-11-28 21:21 . 2011-11-28 21:21 -------- d-----w- f:\documents and settings\Admin\.gstreamer-0.10
2011-11-28 21:20 . 2011-11-28 21:30 -------- d-----w- f:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\ChomikBox
2011-11-28 21:20 . 2011-11-28 21:21 -------- d-----w- f:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Temp
2011-11-28 21:19 . 2011-11-28 21:20 -------- d-----w- f:\program files\ChomikBox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 19:25 . 2011-11-13 19:26 737280 ----a-w- f:\windows\iun6002.exe
2011-11-07 15:24 . 2011-04-25 21:43 168960 --sh--r- f:\windows\system32\arking.exe
2011-10-03 04:06 . 2011-05-01 17:54 472808 ----a-w- f:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-05-01 17:54 73728 ----a-w- f:\windows\system32\javacpl.cpl
2010-10-16 11:50 . 2010-11-11 18:48 3056008 ----a-w- f:\program files\Common Files\AskToolbarInstaller.exe
2010-01-26 10:11 . 2010-11-11 18:48 444283 ----a-w- f:\program files\Common Files\WinPcapNmap.exe
2011-11-10 21:33 . 2011-04-25 22:17 134104 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2001-10-26 . 197E3E2AF9E2FD00216FDA4364E59494 . 3171328 . . [6.00.2600.0000] . . f:\windows\system32\mshtml.dll
[7] 2001-10-26 . EDC508540F70F7DF54B079272D4F195A . 2793984 . . [6.00.2600.0000] . . f:\windows\system32\dllcache\mshtml.dll
[7] 2001-10-26 . EDC508540F70F7DF54B079272D4F195A . 2793984 . . [6.00.2600.0000] . . f:\windows\system32\VITrans\mshtml.dll
.
[-] 2001-10-26 . 741EEE0D735D093C5062B8179EBB8454 . 1392640 . . [6.00.2600.0000] . . f:\windows\explorer.exe
[7] 2001-10-26 . 0B6CB4ABB3166E1717BDA7895F2029D8 . 1002496 . . [6.00.2600.0000] . . f:\windows\system32\dllcache\explorer.exe
[7] 2001-10-26 . 0B6CB4ABB3166E1717BDA7895F2029D8 . 1002496 . . [6.00.2600.0000] . . f:\windows\system32\VITrans\explorer.exe
.
[-] 2001-10-26 . 2594273531053D5DCD009B7DAD05357C . 215040 . . [5.1.2600.0] . . f:\windows\regedit.exe
[7] 2001-10-26 . 1620DA7A7C05360A8500197D9BB84E3F . 137216 . . [5.1.2600.0] . . f:\windows\system32\dllcache\regedit.exe
[7] 2001-10-26 . 1620DA7A7C05360A8500197D9BB84E3F . 137216 . . [5.1.2600.0] . . f:\windows\system32\VITrans\regedit.exe
.
.
.
[-] 2001-10-26 . FDB189C7974F0696E38B95F6CB3C0AC9 . 1903872 . . [5.1.2600.0] . . f:\windows\system32\ntkrnlpa.exe
[7] 2001-10-26 . 0BF3B27C8DF71E13D1759A7C820C21FC . 1898112 . . [5.1.2600.0] . . f:\windows\system32\VITrans\ntkrnlpa.exe
.
[-] 2004-07-09 02:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . f:\windows\system32\d3d9.dll
.
[7] 2001-10-26 . 0FB41F8015E51B7E2DF639FDFBC11D45 . 91136 . . [6.00.2600.0000] . . f:\windows\system32\dllcache\iexplore.exe
[7] 2001-10-26 . 0FB41F8015E51B7E2DF639FDFBC11D45 . 91136 . . [6.00.2600.0000] . . f:\windows\system32\VITrans\IEXPLORE.EXE
.
[-] 2001-10-26 . 88E32DA20B89086C1882A4535E563440 . 1989376 . . [5.1.2600.0] . . f:\windows\system32\ntoskrnl.exe
[7] 2001-10-26 . 7BE0777D592CBB55712CEAD4598DA88E . 1983616 . . [5.1.2600.0] . . f:\windows\system32\VITrans\ntoskrnl.exe
.
f:\windows\System32\wscntfy.exe ... - brak elementu
f:\windows\System32\xmlprov.dll ... - brak elementu
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nowe Gadu-Gadu"="f:\program files\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]
"Cmngni"="f:\documents and settings\Admin\Dane aplikacji\Cmngni.exe" [2011-09-13 187904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="f:\windows\System32\NvCpl.dll" [2005-03-30 5898240]
"nwiz"="nwiz.exe" [2005-03-30 1519616]
"NvMediaCenter"="f:\windows\System32\NvMcTray.dll" [2005-03-30 86016]
"C-Media Mixer"="Mixer.exe" [2001-09-12 1134592]
"DrvIcon"="f:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"NeroCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2001-10-26 13312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [2011-04-26 715248]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.windowsxlive.net
IE: Add to Google Photos Screensa&ver - f:\windows\System32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - f:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\54wiy9w7.default\
FF - prefs.js: browser.startup.homepage - facebook.pl
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 10:22
Windows 5.1.2600 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
f:\windows\system32\MSGINA.dll
f:\windows\system32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(704)
f:\windows\system32\SETUPAPI.dll
f:\windows\system32\mswsock.dll
f:\windows\System32\wshtcpip.dll
f:\windows\System32\dssenh.dll
.
Czas ukończenia: 2011-12-28 10:24:39
ComboFix-quarantined-files.txt 2011-12-28 09:24
.
Przed: 5 257 420 800 bajtów wolnych
Po: 5 741 473 792 bajtów wolnych
.
WinXP_PL_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 7801D72129C0902757D0DF56350BE9AC