Witaj Jessika.Nie wiem czy dobrze wszystko zrozumialem czytając Twoje rady ale zrobiłem tak jak zalecałaś. Użyłem ComboFixa.Tu jest wynik skanowania. Czy mogłabyś przejżeć? http://www.wklej.org/id/39691/
wstaw.org - hosting obrazków
… i przekaż dalej
ściągnij wklejkę wersja plain text 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230 ComboFix 09-01-13.04 - Piotr 2009-01-15 20:07:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1535.1080 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Piotr\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-15 do 2009-01-15 )))))))))))))))))))))))))))))))
.
2009-01-12 11:13 . 2009-01-12 11:13
2009-01-10 19:11 . 2009-01-10 19:11
2009-01-07 23:06 . 2009-01-07 23:14
2009-01-02 18:28 . 2009-01-02 18:31
2008-12-31 18:14 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-12-31 18:14 . 2008-12-31 18:14 421 --a------ c:\windows\ODBC.INI
2008-12-31 18:12 . 2008-12-31 18:13
2008-12-31 18:10 . 2008-12-31 18:10
2008-12-31 14:03 . 2009-01-04 18:21
2008-12-30 12:49 . 2008-12-30 12:49
2008-12-30 12:49 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
2008-12-28 23:45 . 2008-12-28 23:45 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-12-28 23:45 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2008-12-26 21:38 . 2008-12-26 21:38 25 --a------ c:\windows\CDESX100DEFGIPS.ini
2008-12-24 22:23 . 2008-12-24 22:23
2008-12-24 22:23 . 2008-12-24 22:47
2008-12-24 15:56 . 2008-12-24 15:56
2008-12-24 15:55 . 2008-12-24 15:55
2008-12-24 15:55 . 2008-12-24 15:55
2008-12-24 15:52 . 2008-12-24 15:52
2008-12-24 15:48 . 2008-12-24 15:48
2008-12-23 18:25 . 2007-07-13 00:00 71,680 --a------ c:\windows\system32\escwiad.dll
2008-12-23 17:47 . 2008-12-26 22:08
2008-12-23 16:38 . 2008-12-24 15:48
2008-12-23 16:36 . 2008-12-27 15:53
2008-12-23 16:35 . 2008-12-23 16:35
2008-12-23 16:18 . 2007-12-07 03:08 86,528 --a------ c:\windows\system32\E_FLBEDE.DLL
2008-12-23 16:18 . 2007-12-07 03:01 78,848 --a------ c:\windows\system32\E_FD4BEDE.DLL
2008-12-23 16:18 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-23 16:18 . 2008-04-13 20:45 32,128 --a–c— c:\windows\system32\dllcache\usbccgp.sys
2008-12-23 16:18 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-23 16:18 . 2008-04-13 20:47 25,856 --a–c— c:\windows\system32\dllcache\usbprint.sys
2008-12-23 16:18 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-23 16:18 . 2008-04-13 20:45 15,104 --a–c— c:\windows\system32\dllcache\usbscan.sys
2008-12-23 16:18 . 2007-04-10 02:06 8,192 --a------ c:\windows\system32\E_DCINST.DLL
2008-12-23 16:16 . 2008-12-31 13:45
2008-12-23 16:16 . 2008-12-26 22:06
2008-12-23 16:15 . 2008-12-23 16:15 26 --a------ c:\windows\CDESX100EXPORT.ini
2008-12-23 14:37 . 2008-12-23 14:37
2008-12-23 14:37 . 2003-02-24 16:20 827,392 -ra------ c:\windows\system32\Flash.ocx
2008-12-23 14:37 . 2006-08-28 17:12 13,312 --a------ c:\windows\system32\drivers\MTictwl.sys
2008-12-22 16:27 . 2008-12-22 16:27
2008-12-21 21:37 . 2008-12-28 23:45
2008-12-21 21:37 . 2008-12-21 21:37
2008-12-21 21:37 . 2008-12-21 21:37
2008-12-21 21:37 . 2008-12-28 23:45 603,904 --a------ c:\windows\system32\TUProgSt.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 19:03 --------- d-----w c:\program files\WinClamAVShield
2009-01-15 19:03 --------- d-----w c:\documents and settings\Piotr\Dane aplikacji\skypePM
2009-01-15 19:03 --------- d-----w c:\documents and settings\Piotr\Dane aplikacji\Skype
2009-01-15 17:44 --------- d-----w c:\program files\NAPI-PROJEKT
2009-01-15 17:43 --------- d-----w c:\program files\a-squared Free
2009-01-14 18:57 --------- d-----w c:\documents and settings\Piotr\Dane aplikacji\Spyware Terminator
2009-01-13 18:16 --------- d-----w c:\documents and settings\Piotr\Dane aplikacji\MiniLyrics
2009-01-10 23:10 --------- d–h--w c:\program files\InstallShield Installation Information
2009-01-08 17:41 --------- d-----w c:\program files\Spyware Terminator
2008-12-24 14:55 --------- d-----w c:\program files\iTunes
2008-12-24 14:55 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 17:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 20:03 --------- d-----w c:\documents and settings\Piotr\Dane aplikacji\Lavasoft
2008-12-04 21:38 --------- d-----w c:\documents and settings\Piotr\Dane aplikacji\GanymedeNet
2008-11-30 20:01 --------- d-----w c:\program files\Rapid Express
2008-11-27 19:47 --------- d-----w c:\program files\Common Files\DirectX
2008-11-26 17:29 --------- d-----w c:\program files\Ganymede
2008-11-25 18:56 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-25 18:56 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-25 18:56 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-25 18:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-25 18:29 --------- d–h--r c:\documents and settings\Piotr\Dane aplikacji\SecuROM
2008-11-25 18:15 --------- d-----w c:\program files\Electronic Arts
2008-11-16 19:23 --------- d-----w c:\program files\Internet Download Manager
2008-11-16 19:22 --------- d-----w c:\documents and settings\Piotr\Dane aplikacji\IDM
2008-11-16 19:21 --------- d-----w c:\documents and settings\Piotr\Dane aplikacji\DMCache
2008-11-12 06:54 6 ----a-w C:\settings.dat
2008-11-12 06:54 360 ----a-w C:\scores.dat
2008-11-11 12:53 2,739,456 ----a-w c:\windows\Help\IDMAN515.EXE
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:02 668,672 ----a-w c:\windows\system32\wininet.dll
2008-10-01 17:34 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-09-23 21872936]
“Gadu-Gadu”=“d:_kopia dysku c\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 2111176]
“IncrediMail”=“c:\program files\IncrediMail\bin\IncMail.exe” [2008-10-13 243072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2007-11-23 1410304]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-05-03 13529088]
“SpywareTerminator”=“c:\program files\Spyware Terminator\SpywareTerminatorShield.exe” [2008-10-12 1783808]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-05-03 86016]
“SoundMan”=“SOUNDMAN.EXE” [2005-06-14 c:\windows\SOUNDMAN.EXE]
“nwiz”=“nwiz.exe” [2008-05-03 c:\windows\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“DAEMON Tools”=“c:\program files\DAEMON Tools\daemon.exe” -lang 1033
“Magentic”=c:\progra~1\Magentic\bin\Magentic.exe /c
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe”
“SpybotSD TeaTimer”=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” /background
“EPSON SX100 Series”=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU “c:\windows\TEMP\E_SCB.tmp” /EF “HKCU”
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” -atboottime
“NeroFilterCheck”=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
“RemoteControl”=“c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
“WinampAgent”=“c:\program files\Winamp\winampa.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“d:\_KOPIA DYSKU C\Program Files\Gadu-Gadu\gg.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe”=
“c:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe”=
“c:\Program Files\IncrediMail\bin\IncMail.exe”=
“c:\Program Files\IncrediMail\bin\ImApp.exe”=
“c:\Program Files\IncrediMail\bin\ImpCnt.exe”=
“c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“d:\GRY\nfs\speed2.exe”=
“c:\Program Files\Magentic\bin\MgImp.exe”=
“c:\Program Files\Magentic\bin\Magentic.exe”=
“c:\Program Files\Magentic\bin\MgApp.exe”=
“c:\Program Files\Opera\opera.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-01 30728]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-12 141312]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-10-01 178913]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-11-23 455936]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-21 603904]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu ‘Zaplanowane zadania’
2009-01-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://mystart.magentic.com/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 20:08:02
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
c:\windows\explorer.exe [2404] 0x88E6E370
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-01-15 20:09:10
ComboFix-quarantined-files.txt 2009-01-15 19:09:05
Przed: 20 195 835 904 bajtów wolnych
Po: 20,581,744,640 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
202 — E O F — 2009-01-14 19:04:08
wkleił: piosam5 @ 20:14 15.01.2009 (0 minuty temu)
Na razie nie ma żadnych odpowiedzi na wklejkę
Odpowiedz na wklejkę: cytuj wklejkę puste pole
bugs | info | api | skrypt | reklama
© wklej.org 2006-2008 (v0.2) | Valid XHTML 1.0 Strict!
Wklej.org nie ponosi odpowiedzialności za zamieszczone dane.
Co to za zagadka? Dwie kule i wklejarka.