witam proszę o sprawdzenie LOG'u
ComboFix 10-01-20.05 - siewna 2010-01-21 11:00:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1279.973 [GMT 1:00]
Uruchomiony z: c:\documents and settings\siewna\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:qw6vege.exe
C:\2id9.exe
C:\3exi.exe
C:\8xcrbho6.exe
C:\9b9w3.exe
C:\9fo3ar0j.exe
C:\9g86.exe
C:\9xf8.exe
C:\anoataly.exe
C:\Autorun.inf
C:\cs6phv6d.exe
C:\curqp.exe
c:\docume~1\siewna\USTAWI~1\Temp\cvasds0.dll
c:\docume~1\siewna\USTAWI~1\Temp\cvasds1.dll
c:\docume~1\siewna\USTAWI~1\Temp\herss.exe
C:\e9naq.exe
C:\f2kmj.exe
C:\h0.exe
C:\i9bwjpqc.exe
C:\imghyva6.exe
C:\k0maw.exe
C:\k8jc.exe
C:\kmj.exe
C:\lphfa.exe
C:\mbdm.exe
C:\mbvd.exe
C:\mh.exe
C:\ngp8l.exe
C:\nqdymj.exe
C:\nx.exe
C:\olu392qj.exe
C:\opdux.exe
c:\program files\Java\jre6\bin\jucheck.exe
C:\q3kku.exe
C:\q93fi6kf.exe
c:\recycler\S-1-5-21-0243556031-888888379-781863308-1455
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1859
c:\recycler\S-1-5-21-0423240602-0497523971-265974951-0638
c:\recycler\S-1-5-21-3626691309-4446267464-405309730-0968
c:\recycler\S-1-5-21-7020515669-1922652352-467680827-0126
C:\sywyrl0q.exe
C:\t8g.exe
C:\u16sqrqn.exe
C:\wfx062.exe
c:\windows\system\services.exe
c:\windows\system32\EXPLORER.EXE
c:\windows\system32\ieuinit.inf
C:\wisf1.exe
C:\wu1n.exe
C:\yu3.exe
E:qw6vege.exe
E:\2id9.exe
E:\3exi.exe
E:\8xcrbho6.exe
E:\9b9w3.exe
E:\9g86.exe
E:\9xf8.exe
E:\anoataly.exe
E:\Autorun.inf
E:\cs6phv6d.exe
E:\curqp.exe
E:\e9naq.exe
E:\f2kmj.exe
E:\h0.exe
E:\imghyva6.exe
E:\k0maw.exe
E:\k8jc.exe
E:\kmj.exe
E:\lphfa.exe
E:\mbdm.exe
E:\mbvd.exe
E:\mh.exe
E:\ngp8l.exe
E:\nqdymj.exe
E:\nx.exe
E:\olu392qj.exe
E:\opdux.exe
E:\q3kku.exe
E:\q93fi6kf.exe
E:\sywyrl0q.exe
E:\t8g.exe
E:\u16sqrqn.exe
E:\wfx062.exe
E:\wisf1.exe
E:\wu1n.exe
E:\yu3.exe
F:qw6vege.exe
F:\2id9.exe
F:\3exi.exe
F:\8xcrbho6.exe
F:\9b9w3.exe
F:\9g86.exe
F:\9xf8.exe
F:\anoataly.exe
F:\autorun.inf
F:\cs6phv6d.exe
F:\curqp.exe
F:\e9naq.exe
F:\f2kmj.exe
F:\h0.exe
F:\imghyva6.exe
F:\k0maw.exe
F:\k8jc.exe
F:\kmj.exe
F:\lphfa.exe
F:\mbdm.exe
F:\mbvd.exe
F:\mh.exe
F:\ngp8l.exe
F:\nqdymj.exe
F:\nx.exe
F:\olu392qj.exe
F:\opdux.exe
F:\q3kku.exe
F:\q93fi6kf.exe
F:\sywyrl0q.exe
F:\t8g.exe
F:\u16sqrqn.exe
F:\wfx062.exe
F:\wisf1.exe
F:\wu1n.exe
F:\yu3.exe
G:qw6vege.exe
G:\2id9.exe
G:\3exi.exe
G:\8xcrbho6.exe
G:\9b9w3.exe
G:\9g86.exe
G:\9xf8.exe
G:\anoataly.exe
G:\Autorun.inf
G:\cs6phv6d.exe
G:\curqp.exe
G:\e9naq.exe
G:\f2kmj.exe
G:\h0.exe
G:\imghyva6.exe
G:\k0maw.exe
G:\k8jc.exe
G:\kmj.exe
G:\lphfa.exe
G:\mbdm.exe
G:\mbvd.exe
G:\mh.exe
G:\ngp8l.exe
G:\nqdymj.exe
G:\nx.exe
G:\olu392qj.exe
G:\opdux.exe
G:\q3kku.exe
G:\q93fi6kf.exe
G:\sywyrl0q.exe
G:\t8g.exe
G:\u16sqrqn.exe
G:\wfx062.exe
G:\wisf1.exe
G:\wu1n.exe
G:\yu3.exe
H:qw6vege.exe
H:\2id9.exe
H:\3exi.exe
H:\8xcrbho6.exe
H:\9b9w3.exe
H:\9g86.exe
H:\9xf8.exe
H:\anoataly.exe
H:\Autorun.inf
H:\cs6phv6d.exe
H:\curqp.exe
H:\e9naq.exe
H:\f2kmj.exe
H:\h0.exe
H:\imghyva6.exe
H:\k0maw.exe
H:\k8jc.exe
H:\kmj.exe
H:\lphfa.exe
H:\mbdm.exe
H:\mbvd.exe
H:\mh.exe
H:\ngp8l.exe
H:\nqdymj.exe
H:\nx.exe
H:\olu392qj.exe
H:\opdux.exe
H:\q3kku.exe
H:\q93fi6kf.exe
H:\sywyrl0q.exe
H:\t8g.exe
H:\u16sqrqn.exe
H:\wfx062.exe
H:\wisf1.exe
H:\wu1n.exe
H:\yu3.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 09:47 . 2010-01-21 09:47 95744 --sh--r- C:\qkm.exe
2010-01-09 16:11 . 2010-01-09 09:47 114688 --sh--r- C:\31lyx.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 16:12 . 2009-03-13 22:14 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-12-25 10:57 . 2008-11-17 09:26 -------- d-----w- c:\documents and settings\siewna\Dane aplikacji\uTorrent
2009-12-22 08:00 . 2009-12-22 08:01 121316 --sh--r- C:\nymdik.exe
2009-12-20 08:37 . 2008-11-09 16:02 164816 ----a-w- c:\documents and settings\siewna\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-17 14:13 . 2008-11-09 16:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-12-11 23:17 . 2009-12-11 23:17 -------- d-----w- c:\documents and settings\siewna\Dane aplikacji\ipla
2009-12-11 23:17 . 2009-12-11 23:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-12-11 23:17 . 2009-12-11 23:17 -------- d-----w- c:\program files\ipla
2009-10-25 08:51 . 2001-10-26 16:15 75486 ----a-w- c:\windows\system32\perfc015.dat
2009-10-25 08:51 . 2001-10-26 16:15 451352 ----a-w- c:\windows\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\siewna\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-11 113664]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-11-9 614400]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"j:\\setup.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19594:TCP"= 19594:TCP:BitComet 19594 TCP
"19594:UDP"= 19594:UDP:BitComet 19594 UDP
"20386:TCP"= 20386:TCP:BitComet 20386 TCP
"20386:UDP"= 20386:UDP:BitComet 20386 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-10-20 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-10-20 5248]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-02-03 36928]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-11-21 721904]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.pajacyk.pl/
IE: Dodaj do blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\siewna\Dane aplikacji\Mozilla\Firefox\Profiles\s1w15frl.default\
FF - prefs.js: browser.startup.homepage - www.pajacyk.pl
FF - plugin: c:\documents and settings\siewna\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Opera\program\plugins\npganymedenet.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-AllerCalc - c:\program files\AllerCalc\AllerCalc.exe
HKCU-Run-wsctf.exe - wsctf.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-01-21 11:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89F14008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf7587cb8
\Driver\atapi -> 0x89f14008
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: Ralink Turbo Wireless LAN Card -> SendCompleteHandler -> NDIS.sys @ 0xf7881af9
PacketIndicateHandler -> NDIS.sys @ 0xf788cb21
SendHandler -> NDIS.sys @ 0xf7881938
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Czas ukończenia: 2010-01-21 11:19:18 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-01-21 10:19
Przed: 38 115 520 512 bajtów wolnych
Po: 41 544 167 424 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - AAB3656F2EFA9B92F66D231D6210DBBC
Zaloguj się
Rejestracja
Pomoc
Ten temat jest zamknięty
Oto szczegóły telewizora OLED TV LG - 55EM960V.
