LOgi :
- Kod: Zaznacz wszystko
ComboFix 09-01-31.01 - opsakpoiasp 2009-02-01 12:02:06.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.681 [GMT 1:00]
Uruchomiony z: c:\documents and settings\opsakpoiasp\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\copy.exe
C:\host.exe
c:\windows\autorun.inf
c:\windows\svchost.exe
c:\windows\system32\temp1.exe
c:\windows\system32\temp2.exe
c:\windows\xcopy.exe
D:\Autorun.inf
D:\copy.exe
D:\host.exe
E:\Autorun.inf
E:\copy.exe
E:\host.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-01 do 2009-02-01 )))))))))))))))))))))))))))))))
.
2009-01-12 19:52 . 2009-01-12 19:52 <DIR> d-------- c:\program files\FREEUOP
2009-01-07 23:46 . 2009-01-07 23:46 <DIR> d-------- c:\documents and settings\opsakpoiasp\Dane aplikacji\GanymedeNet
2009-01-07 23:46 . 2009-01-07 23:46 4 --a------ c:\windows\system32\proc1794749374.bin
2009-01-07 13:48 . 2009-01-07 13:48 <DIR> d--h----- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 16:27 --------- d-----w c:\program files\ToggleEN
2008-12-28 16:27 --------- d-----w c:\program files\Conduit
2008-12-28 00:21 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-27 15:37 --------- d-----w c:\program files\MSECache
2008-12-14 18:09 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 18:09 --------- d-----w c:\program files\Java
2008-12-07 17:00 --------- d-----w c:\documents and settings\opsakpoiasp\Dane aplikacji\Winamp
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-12-19 21:50 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 21:50 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-12-19 21:50 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 21:50 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 21:50 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 23:03 1784856 --a------ c:\program files\ToggleEN\tbTogg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="d:\program files\Ares\Ares.exe" [2008-12-13 882176]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006-12-29 363008]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.23\aaCenter.exe" [2007-01-05 597504]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-01-11 1423360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"nwiz"="nwiz.exe" [2007-04-12 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Steam\\steamapps\\junior43\\counter-strike\\hl.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\RivChat2\\RivChat.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\opsakpoiasp\\Pulpit\\utorrent.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"e:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"d:\\Steam\\Steam.exe"=
"d:\\Program Files\\BomberFUN\\bin\\BomberFUN.exe"=
"c:\\Documents and Settings\\opsakpoiasp\\Pulpit\\azereus_4.38_gameback\\gback\\azereus.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:Mezzmo Media Sharing Service
"6139:TCP"= 6139:TCP:WWW
"1355:UDP"= 1355:UDP:Windows Media Format SDK (ipla.exe)
"1354:UDP"= 1354:UDP:Windows Media Format SDK (ipla.exe)
"1357:UDP"= 1357:UDP:Windows Media Format SDK (ipla.exe)
R3 Smcpwr2n;Sterownik karty SMC EtherPower II 10/100 Ethernet Adapter ;c:\windows\system32\drivers\smcpwr2n.sys [2007-11-20 25034]
S4 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [2006-12-21 5904]
S4 frcpowcj;frcpowcj;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
frcpowcj
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
FF - ProfilePath - c:\documents and settings\opsakpoiasp\Dane aplikacji\Mozilla\Firefox\Profiles\d3r9r3r6.default\
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 12:02:52
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1844237615-573735546-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,1a,30,1c,8c,4a,32,b7,4e,34,0c,bc,51,13,e7,fb,a0,af,18,4c,b1,d8,00,
d3,c2,ee,5d,8f,03,52,06,b5,27,17,58,dd,65,45,3e,1c,8c,83,38,8b,a3,65,f0,f6,\
"??"=hex:45,77,e2,8f,ee,0c,ae,c6,b4,b5,05,0f,34,67,94,af
.
Czas ukończenia: 2009-02-01 12:03:38
ComboFix-quarantined-files.txt 2009-02-01 11:03:38
Przed: 2 843 795 456 bajtów wolnych
Po: 2,838,429,696 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
153
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:08, on 2009-02-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Ares\Ares.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\opsakpoiasp\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3837 bytes
Z góry dziękuje za POMOC
