Logi-komp zainfekowany

natarcie1 · 7 Październik 2008 19:00

ello

podejrzewam że mam coś w systemie daje log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:58:31, on 2008-10-07

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\BearShare\BearShare.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Kalendarz XP\Kalendarz.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM…\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”

O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ares] “C:\Program Files\Ares\Ares.exe” -h

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 2541904035

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

–

End of file - 7202 bytes

log Combofix

ComboFix 08-10-07.01 - Oliver 2008-10-07 21:07:34.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1320 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\Oliver\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-07 do 2008-10-07 )))))))))))))))))))))))))))))))

.

2008-10-07 20:58 . 2008-10-07 20:58

2008-10-07 19:39 . 2008-10-07 19:39

2008-10-07 13:32 . 2008-10-07 21:09

2008-10-07 13:19 . 2008-10-07 13:19

2008-10-07 07:41 . 2008-10-07 07:53

2008-10-06 20:56 . 2008-10-06 20:57

2008-10-06 20:56 . 2008-10-07 08:12

2008-10-06 20:04 . 2008-10-06 20:48

2008-10-05 17:04 . 2008-10-05 17:05

2008-10-05 17:04 . 2008-10-05 17:04

2008-10-05 10:05 . 2008-10-05 10:05

2008-10-04 17:15 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-10-04 17:02 . 2008-10-04 17:04

2008-10-04 17:02 . 2008-10-04 17:05

2008-10-04 14:58 . 2008-10-04 17:07 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-10-04 14:58 . 2008-10-04 17:07 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-10-04 14:57 . 2008-10-07 15:11

2008-10-04 14:57 . 2008-10-07 15:12

2008-10-04 14:53 . 2008-10-04 14:53

2008-10-03 14:39 . 2008-10-04 14:44

2008-10-02 19:50 . 2008-04-14 19:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-10-02 19:50 . 2008-04-14 18:20 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-10-02 19:50 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-10-02 19:50 . 2008-04-13 20:45 10,368 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys

2008-10-02 19:14 . 2008-10-03 18:32

2008-10-01 21:25 . 2008-10-01 21:25

2008-10-01 21:24 . 2008-10-01 21:24

2008-10-01 21:24 . 2008-10-01 21:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-10-01 21:24 . 2008-10-01 21:24 1,409 --a------ C:\WINDOWS\QTFont.for

2008-10-01 21:23 . 2008-10-01 21:25

2008-10-01 21:23 . 2008-10-01 21:23

2008-10-01 18:33 . 2008-10-01 18:34

2008-10-01 06:51 . 2008-10-01 06:51

2008-09-30 08:19 . 2008-09-12 16:00 95,888 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys

2008-09-30 08:19 . 2008-09-12 16:00 41,680 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys

2008-09-30 08:18 . 2008-09-30 08:18

2008-09-29 20:55 . 2008-09-29 21:07

2008-09-29 17:52 . 2008-09-29 17:52

2008-09-29 17:51 . 2008-09-29 17:51

2008-09-28 08:50 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-09-28 08:50 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-09-27 21:47 . 2008-09-27 21:47

2008-09-27 21:15 . 2008-10-07 21:09 3,021,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-09-27 21:15 . 2008-10-07 21:09 294,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-09-27 21:15 . 2008-10-07 21:09 42,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-09-27 21:15 . 2008-10-07 21:09 10,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-09-27 21:01 . 2008-09-27 21:01

2008-09-27 20:57 . 2008-09-27 20:57

2008-09-27 19:02 . 2008-10-04 23:02

2008-09-27 19:02 . 2008-09-27 19:03

2008-09-27 11:21 . 2008-09-27 11:21

2008-09-27 11:16 . 2008-09-27 11:16 175 --a------ C:\WINDOWS\AvDetected.ini

2008-09-26 18:06 . 2008-09-26 18:06

2008-09-24 20:15 . 2008-09-24 20:15

2008-09-24 20:15 . 2008-09-24 20:15 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-09-24 19:39 . 2008-09-24 19:42

2008-09-24 19:38 . 2008-10-01 21:25

2008-09-24 19:34 . 2008-09-24 19:34

2008-09-22 17:03 . 2008-10-01 17:40

2008-09-22 17:03 . 2005-02-26 07:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-09-22 15:17 . 2008-09-27 11:42

2008-09-22 14:53 . 2008-09-22 14:53

2008-09-22 14:53 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-22 14:51 . 2008-09-22 14:51

2008-09-22 13:03 . 2008-09-22 15:17

2008-09-22 13:03 . 2008-09-22 13:05

2008-09-21 19:12 . 2008-09-21 19:12

2008-09-20 10:45 . 2008-10-07 21:08

2008-09-20 10:45 . 2008-09-20 10:45

2008-09-20 10:45 . 2008-09-13 19:26

2008-09-20 10:45 . 2008-09-13 21:19

2008-09-20 10:45 . 2008-09-20 10:45

2008-09-20 10:45 . 2008-09-13 21:19

2008-09-20 10:45 . 2008-10-01 18:33

2008-09-20 10:45 . 2008-10-03 21:48

2008-09-19 21:09 . 2008-09-13 21:12 124,853 --a------ C:\WINDOWS_detmp.1

2008-09-19 21:09 . 2001-08-22 19:15 81,920 --a------ C:\WINDOWS_detmp.2

2008-09-19 21:09 . 2008-10-02 07:38 48,932 --a------ C:\WINDOWS\system32%LocalXml%

2008-09-18 21:22 . 2008-10-04 22:33

2008-09-18 11:15 . 2008-10-04 23:00

2008-09-18 11:15 . 2008-09-18 11:23

2008-09-18 11:15 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-09-17 20:49 . 2008-09-17 20:49

2008-09-17 20:49 . 2008-10-07 13:23

2008-09-15 18:56 . 2008-10-06 19:04 13,030 --a------ C:\PDOXUSRS.NET

2008-09-15 15:26 . 2008-09-27 11:42

2008-09-14 16:05 . 2008-09-14 16:05

2008-09-14 12:44 . 2008-09-16 20:42 30 --a------ C:\WINDOWS\TextSpy.ini

2008-09-13 22:17 . 2008-09-13 22:17

2008-09-13 20:54 . 2008-10-04 11:50

2008-09-13 20:54 . 2008-09-13 20:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-09-13 20:53 . 2008-09-13 20:53

2008-09-13 20:53 . 2008-10-04 11:51

2008-09-13 20:53 . 2008-09-13 20:53

2008-09-13 20:51 . 2008-09-13 20:51

2008-09-13 20:51 . 2008-10-07 07:50

2008-09-13 20:33 . 2008-09-13 20:33 0 --a------ C:\WINDOWS\nsreg.dat

2008-09-13 20:32 . 2008-09-27 11:53

2008-09-13 20:27 . 2008-09-13 20:27

2008-09-13 20:26 . 2008-09-18 20:14

2008-09-13 20:18 . 2008-10-07 08:15

2008-09-13 20:15 . 2008-09-13 20:15 404 --a------ C:\WINDOWS\BRWMARK.INI

2008-09-13 20:15 . 2008-09-13 20:15 27 --a------ C:\WINDOWS\BRPP2KA.INI

2008-09-13 20:14 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-09-13 20:14 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-09-13 20:10 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll

2008-09-13 20:10 . 2004-12-03 01:26 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL

2008-09-13 20:10 . 2005-06-02 01:09 86,016 --------- C:\WINDOWS\system32\BrWebIns.dll

2008-09-13 20:10 . 2005-06-02 01:08 69,632 --------- C:\WINDOWS\system32\BRWEBUP.EXE

2008-09-13 20:10 . 2006-02-27 10:09 54,272 --a------ C:\WINDOWS\system32\brinsstr.dll

2008-09-13 20:10 . 2005-12-13 10:53 38,912 --a------ C:\WINDOWS\system32\BrUsi06a.dll

2008-09-13 20:10 . 2004-10-15 12:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys

2008-09-13 20:10 . 2008-09-13 20:10 50 --a------ C:\WINDOWS\system32\bridf06a.dat

2008-09-13 20:09 . 2008-09-13 20:10

2008-09-13 20:09 . 2008-09-13 20:09

2008-09-13 20:09 . 2004-12-10 16:35 147,456 --------- C:\WINDOWS\brunin03.dll

2008-09-13 20:09 . 2004-10-21 01:00 6,222 --------- C:\WINDOWS\CVRPAGE.BMP

2008-09-13 20:06 . 2003-02-21 18:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-09-13 20:06 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-09-13 20:06 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-09-13 20:05 . 2008-09-13 20:05

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-27 16:56 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys

2008-09-27 16:56 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys

2008-09-27 09:42 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-09-24 17:38 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-13 17:46 14,656 ----a-w C:\WINDOWS\gdrv.sys

2008-09-13 17:43 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-09-13 17:43 --------- d-----w C:\Program Files\Realtek

2008-09-13 17:43 --------- d-----w C:\Program Files\DIFX

2008-09-13 17:37 --------- d-----w C:\Documents and Settings\Oliver\Dane aplikacji\InstallShield

2008-09-13 17:36 --------- d-----w C:\Program Files\Yahoo!

2008-09-13 17:30 --------- d-----w C:\Program Files\microsoft frontpage

2008-09-13 17:29 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-31 7634944]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-10-31 86016]

“BrMfcWnd”=“C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe” [2006-03-28 622592]

“SetDefPrt”=“C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe” [2005-01-26 49152]

“ControlCenter3”=“C:\Program Files\Brother\ControlCenter3\brctrcen.exe” [2006-04-10 61440]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-08-04 36352]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]

“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-09-06 413696]

“BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 3313664]

“AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2008-07-29 206088]

“nwiz”=“nwiz.exe” [2006-10-31 C:\WINDOWS\system32\nwiz.exe]

“SkyTel”=“SkyTel.EXE” [2006-05-16 C:\WINDOWS\SkyTel.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2007-01-30 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-10-07 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\BearShare Applications\BearShare\BearShare.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Bonjour\mDNSResponder.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

“C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Polish\setup.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“1611:UDP”= 1611:UDP:Windows Media Format SDK (firefox.exe)

“1610:UDP”= 1610:UDP:Windows Media Format SDK (firefox.exe)

“1619:UDP”= 1619:UDP:Windows Media Format SDK (firefox.exe)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]

R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b03025cf-81c5-11dd-9209-806d6172696f}]

\Shell\AutoRun\command - E:\Run.exe

.

Zawartość folderu ‘Zaplanowane zadania’

2008-10-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-07 C:\WINDOWS\Tasks\MP Scheduled Scan.job

C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

- - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-ares - C:\Program Files\Ares\Ares.exe

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Documents and Settings\Oliver\Dane aplikacji\Mozilla\Firefox\Profiles\64xj99x3.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - epuls.pl

FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\browser\nppdf32.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-07 21:10:40

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Czas ukończenia: 2008-10-07 21:13:41 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-10-07 19:13:38

Przed: 29 947 707 392 bajtów wolnych

Po: 30,707,564,544 bajtów wolnych

252 — E O F — 2008-10-05 09:44:53

addmir · 7 Październik 2008 19:08

FIX:

Poza tym nic nie widać.

Pokaż log z ComboFix