Problem ze spywareguard 2008 ktory zostawił po sobie syf


(system) #1

Witam,

czy mógł by ktoś sprawdzić mojego loga z combofixa?

Z góry dzięki za sprawdzenie!

ComboFix 08-12-13.03 - SKORUPSCY 2008-12-14 11:14:31.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2047.1492 [GMT 1:00]

Uruchomiony z: c:\documents and settings\SKORUPSCY\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\INSTALL.LOG

c:\windows\system32\mfc45.dll

c:\windows\system32\TDSSosvd.dat

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TDSSSERV.SYS

-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Pliki utworzone od 2008-11-14 do 2008-12-14 )))))))))))))))))))))))))))))))

.

2008-12-14 10:56 . 2008-12-14 11:15

2008-12-14 10:56 . 2008-12-14 10:56

2008-12-14 10:56 . 2008-08-27 12:27

2008-12-14 10:56 . 2008-12-14 10:57

2008-12-14 10:56 . 2008-12-14 10:56

2008-12-14 10:56 . 2008-08-27 13:23

2008-12-14 10:56 . 2008-12-14 10:56

2008-12-14 10:56 . 2008-12-14 10:56

2008-12-14 09:34 . 2008-12-14 09:34 266 --a------ c:\windows\wininit.ini

2008-12-14 09:20 . 2008-12-14 09:45

2008-12-14 09:00 . 2008-12-14 09:00

2008-12-13 19:45 . 2008-12-13 19:45

2008-12-13 19:26 . 2008-12-13 19:26

2008-12-13 19:23 . 2008-12-13 19:46

2008-12-13 19:18 . 2008-12-13 19:18

2008-12-13 19:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-13 19:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-13 15:52 . 2008-12-13 15:53

2008-12-12 15:21 . 2008-12-12 15:21 38 --a------ c:\windows\AviSplitter.INI

2008-12-11 11:43 . 2008-10-16 21:33 6,066,176 --------- c:\windows\system32\SET18.tmp

2008-12-11 11:43 . 2008-10-16 21:33 1,160,192 --------- c:\windows\system32\SET11.tmp

2008-12-11 11:43 . 2008-10-16 21:33 826,368 --------- c:\windows\system32\SETF.tmp

2008-12-11 11:43 . 2008-10-16 21:33 459,264 --------- c:\windows\system32\SET16.tmp

2008-12-11 11:43 . 2008-10-16 21:33 383,488 --------- c:\windows\system32\SET19.tmp

2008-12-11 11:43 . 2008-10-16 21:33 267,776 --------- c:\windows\system32\SET17.tmp

2008-12-11 11:43 . 2008-10-16 21:33 233,472 --------- c:\windows\system32\SET10.tmp

2008-12-11 11:43 . 2008-10-16 21:33 105,984 --------- c:\windows\system32\SET12.tmp

2008-12-11 11:43 . 2008-10-16 21:33 63,488 --------- c:\windows\system32\SET1A.tmp

2008-12-11 11:43 . 2008-10-16 21:33 52,224 --------- c:\windows\system32\SET15.tmp

2008-12-11 11:39 . 2008-12-11 12:13

2008-12-11 11:39 . 2008-10-03 11:04 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll

2008-12-08 16:57 . 2008-12-08 16:57

2008-12-08 09:53 . 2008-12-08 09:53 406 --a------ c:\windows\system32\ioloBootDefrag.cfg

2008-12-08 09:51 . 2008-12-08 09:51

2008-12-08 09:51 . 2008-12-04 16:44 935,776 --a------ c:\windows\system32\Incinerator.dll

2008-12-08 09:50 . 2008-12-08 09:50

2008-12-08 09:50 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe

2008-12-08 09:50 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe

2008-12-08 09:16 . 2008-12-08 10:04

2008-12-08 09:16 . 2008-12-08 09:53

2008-12-07 18:00 . 2008-12-07 17:59 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-06 10:42 . 2008-12-06 10:42

2008-12-06 08:32 . 2008-12-13 18:05

2008-12-03 14:36 . 2008-12-03 14:36

2008-12-03 14:36 . 2008-12-03 14:36 35 --a------ c:\windows\A5W.INI

2008-12-03 13:55 . 2008-12-03 13:55

2008-12-03 13:46 . 2008-12-03 14:43

2008-11-30 15:23 . 2008-11-30 15:23

2008-11-30 15:22 . 2003-07-21 04:17 5,174 --a------ c:\windows\system32\nppt9x.vxd

2008-11-30 15:22 . 2005-01-04 19:43 4,682 --a------ c:\windows\system32\npptNT2.sys

2008-11-28 11:04 . 2008-11-28 11:04

2008-11-28 10:56 . 2008-12-12 12:29

2008-11-27 17:27 . 1998-04-30 14:56 129,024 --a------ c:\program files\UNWISE.EXE

2008-11-27 17:02 . 2008-11-27 17:02

2008-11-27 16:52 . 2008-11-27 17:21

2008-11-25 21:12 . 2008-11-25 21:12 45 ---h----- c:\windows\dsez3090.dat

2008-11-24 20:34 . 2005-04-20 12:32 2,916,352 --------- c:\windows\UNNMP.exe

2008-11-24 20:34 . 2006-05-23 17:30 47,894 --------- c:\windows\UNNMP.cfg

2008-11-24 20:33 . 2006-01-12 16:40 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-11-24 20:32 . 2005-07-29 16:12 2,977,792 --------- c:\windows\UNNeroVision.exe

2008-11-24 20:32 . 2006-05-23 17:30 179,288 --------- c:\windows\UNNeroVision.cfg

2008-11-24 20:31 . 2008-11-24 20:31

2008-11-24 20:31 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-11-24 20:31 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-11-24 20:31 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-11-24 20:31 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2008-11-24 20:31 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-11-24 20:31 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-11-24 20:31 . 2001-06-26 08:15 38,912 --------- c:\windows\system32\picn20.dll

2008-11-24 12:07 . 2008-11-24 12:07

2008-11-23 22:12 . 2008-11-24 19:36

2008-11-20 20:09 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2008-11-20 19:59 . 2008-11-20 20:03

2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys

2008-11-17 13:55 . 2008-11-17 13:55 4,096 --a------ c:\windows\d3dx.dat

2008-11-14 21:35 . 2008-12-13 13:10 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys

2008-11-14 21:35 . 2008-12-13 13:07 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys

2008-11-14 21:35 . 2008-11-14 21:35 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys

2008-11-14 21:34 . 2008-11-14 21:34

2008-11-14 21:34 . 2008-11-14 21:34

2008-11-14 20:08 . 2008-11-14 21:34

2008-11-14 20:08 . 2008-11-14 21:34

2008-11-14 20:08 . 2008-12-12 07:45

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-13 14:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-13 12:12 68,424 ----a-w c:\windows\system32\drivers\GRD.sys

2008-12-13 12:07 48,712 ----a-w c:\windows\system32\drivers\MiniIcpt.sys

2008-12-09 20:58 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-07 16:59 --------- d-----w c:\program files\Java

2008-11-20 18:20 --------- d-----w c:\program files\NAPI-PROJEKT

2008-11-19 12:52 --------- d-----w c:\program files\Google

2008-11-16 12:11 --------- d-----w c:\program files\Windows Live Safety Center

2008-11-14 07:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\fssg

2008-11-10 01:25 --------- d-----w c:\documents and settings\SKORUPSCY\Dane aplikacji\Skype

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-24 11:03 --------- d-----w c:\documents and settings\SKORUPSCY\Dane aplikacji\winamp

2008-10-15 16:55 --------- d-----w c:\program files\MSBuild

2008-10-15 16:52 --------- d-----w c:\program files\Reference Assemblies

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\NotebookSecurity\AVKTray\AVKTray.exe" [2008-12-01 955464]

"GDFirewallTray"="c:\program files\G DATA\NotebookSecurity\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\SKORUPSCY\Menu Start\Programy\Autostart\

Secunia PSI.lnk - d:\programy\PSI secunia\PSI\psi.exe [2008-11-25 728408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFileAssociate"= 0 (0x0)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"msacm.ac3filter"= ac3filter.acm

"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"d:\programy\gadugadu\Gadu-Gadu\gg.exe"=

"d:\gry\counet-strike\hl.exe"=

"c:\Program Files\Winamp Remote\bin\Orb.exe"=

"c:\Program Files\Winamp Remote\bin\OrbTray.exe"=

"c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"=

"d:\gry\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"=

"d:\gry\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"=

"c:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20013:TCP"= 20013:TCP:BitComet 20013 TCP

"20013:UDP"= 20013:UDP:BitComet 20013 UDP

R0 AFPAnsi;G-DATA Hidder Ansi;c:\windows\system32\Drivers\AFPAnsi.sys [2008-10-10 43904]

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-11-14 22272]

R0 TS4nt;TS4nt driver;c:\windows\system32\Drivers\TS4nt.sys [2008-01-29 116088]

R1 GLogin;GLogin;c:\windows\system32\drivers\GLogin.sys [2008-10-10 39544]

R1 GRD;G DATA Rootkit Detector Driver;\??\c:\windows\system32\drivers\GRD.sys [2008-10-28 68424]

R2 AVKProxy;G DATA AntiVirus Proxy;"c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe" [2008-09-08 1015880]

R2 AVKService;G DATA Scheduler;c:\program files\G DATA\NotebookSecurity\AVK\AVKService.exe [2008-09-08 386120]

R2 AVKWCtl;Strażnik AntiVirus;c:\program files\G DATA\NotebookSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]

R2 GDTdiInterceptor;GDTdiInterceptor;\??\c:\windows\system32\drivers\GDTdiIcpt.sys [2008-11-14 51016]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-08 596336]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-08 596336]

R2 KbdLockService;G DATA Keyboard Protector Service;"c:\windows\system32\KbdLockService.exe" [2008-01-29 173432]

R2 TSNxGService;TopSecret Next Generation Service;"c:\program files\G DATA\NotebookSecurity\TSNxG\TSNxGService.exe" [2008-09-08 304712]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-08-27 84992]

R3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\NotebookSecurity\Firewall\GDFwSvc.exe [2008-08-15 1407976]

R3 GDMnIcpt;GDMnIcpt;\??\c:\windows\system32\drivers\MiniIcpt.sys [2008-09-07 48712]

R3 HookCentre;HookCentre;\??\c:\windows\system32\drivers\HookCentre.sys [2008-11-14 32328]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys []

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys []

S3 G DATA Backup Service;G DATA Backup Service;c:\program files\G DATA\NotebookSecurity\AVKBackup\AVKBackupService.exe [2008-08-22 880200]

S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\NotebookSecurity\AVKTuner\AVKTunerService.exe [2008-08-19 925768]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys []

.

.

------- Skan uzupełniający -------

.

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}

hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

c:\windows\Downloaded Program Files\SkanerOnline.inf

.

.

------- Skojarzenia plików -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-14 11:17:47

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • > 'winlogon.exe'(692)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\G DATA\NotebookSecurity\Firewall\Admin.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2008-12-14 11:18:37 - komputer został uruchomiony ponownie [Administrator-sp3]

ComboFix-quarantined-files.txt 2008-12-14 10:18:35

Przed: 39 831 662 592 bajtów wolnych

Po: 39,796,367,360 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=AlwaysOff

237 --- E O F --- 2008-12-11 13:12:41


(Gutek) #2

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Wklej do Notatnika:

File::

c:\windows\wininit.ini

c:\windows\system32\SET18.tmp

c:\windows\system32\SET11.tmp

c:\windows\system32\SETF.tmp

c:\windows\system32\SET16.tmp

c:\windows\system32\SET19.tmp

c:\windows\system32\SET17.tmp

c:\windows\system32\SET10.tmp

c:\windows\system32\SET12.tmp

c:\windows\system32\SET1A.tmp

c:\windows\system32\SET15.tmp


Folder::

C:\aaa


Driver::

TfFsMon

TfSysMon

TfNetMon

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo oraz skan http://www.kaspersky.pl/virusscanner.html


(system) #3

A to log po usunieciu tych plików

ComboFix 08-12-13.03 - SKORUPSCY 2008-12-14 17:09:09.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2047.1555 [GMT 1:00]

Uruchomiony z: c:\documents and settings\SKORUPSCY\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\SKORUPSCY\Pulpit\CFScript.txt

* Utworzono nowy punkt przywracania

FILE ::

c:\windows\system32\SET10.tmp

c:\windows\system32\SET11.tmp

c:\windows\system32\SET12.tmp

c:\windows\system32\SET15.tmp

c:\windows\system32\SET16.tmp

c:\windows\system32\SET17.tmp

c:\windows\system32\SET18.tmp

c:\windows\system32\SET19.tmp

c:\windows\system32\SET1A.tmp

c:\windows\system32\SETF.tmp

c:\windows\wininit.ini

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\aaa

c:\aaa\nircmd.com

c:\aaa\XPRD.NFO

c:\windows\system32\SET10.tmp

c:\windows\system32\SET11.tmp

c:\windows\system32\SET12.tmp

c:\windows\system32\SET15.tmp

c:\windows\system32\SET16.tmp

c:\windows\system32\SET17.tmp

c:\windows\system32\SET18.tmp

c:\windows\system32\SET19.tmp

c:\windows\system32\SET1A.tmp

c:\windows\system32\SETF.tmp

c:\windows\wininit.ini

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TFFSMON

-------\Legacy_TFNETMON

-------\Legacy_TFSYSMON

-------\Service_TfFsMon

-------\Service_TfNetMon

-------\Service_TfSysMon

((((((((((((((((((((((((( Pliki utworzone od 2008-11-14 do 2008-12-14 )))))))))))))))))))))))))))))))

.

2008-12-14 11:58 . 2008-12-14 11:58

2008-12-14 11:57 . 2008-12-14 11:58

2008-12-14 10:56 . 2008-12-14 17:09

2008-12-14 10:56 . 2008-12-14 10:56

2008-12-14 10:56 . 2008-08-27 12:27

2008-12-14 10:56 . 2008-12-14 16:57

2008-12-14 10:56 . 2008-12-14 10:56

2008-12-14 10:56 . 2008-08-27 13:23

2008-12-14 10:56 . 2008-12-14 16:57

2008-12-14 10:56 . 2008-12-14 11:57

2008-12-14 09:20 . 2008-12-14 09:45

2008-12-14 09:00 . 2008-12-14 09:00

2008-12-13 19:45 . 2008-12-13 19:45

2008-12-13 19:23 . 2008-12-13 19:46

2008-12-13 19:18 . 2008-12-13 19:18

2008-12-13 19:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-13 19:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-13 15:52 . 2008-12-13 15:53

2008-12-12 15:21 . 2008-12-12 15:21 38 --a------ c:\windows\AviSplitter.INI

2008-12-11 11:39 . 2008-12-11 12:13

2008-12-11 11:39 . 2008-10-03 11:04 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll

2008-12-08 16:57 . 2008-12-08 16:57

2008-12-08 09:53 . 2008-12-08 09:53 406 --a------ c:\windows\system32\ioloBootDefrag.cfg

2008-12-08 09:51 . 2008-12-08 09:51

2008-12-08 09:51 . 2008-12-04 16:44 935,776 --a------ c:\windows\system32\Incinerator.dll

2008-12-08 09:50 . 2008-12-08 09:50

2008-12-08 09:50 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe

2008-12-08 09:50 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe

2008-12-08 09:16 . 2008-12-08 10:04

2008-12-08 09:16 . 2008-12-08 09:53

2008-12-07 18:00 . 2008-12-07 17:59 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-06 10:42 . 2008-12-06 10:42

2008-12-06 08:32 . 2008-12-13 18:05

2008-12-03 14:36 . 2008-12-03 14:36

2008-12-03 14:36 . 2008-12-03 14:36 35 --a------ c:\windows\A5W.INI

2008-12-03 13:55 . 2008-12-03 13:55

2008-12-03 13:46 . 2008-12-03 14:43

2008-11-30 15:23 . 2008-11-30 15:23

2008-11-30 15:22 . 2003-07-21 04:17 5,174 --a------ c:\windows\system32\nppt9x.vxd

2008-11-30 15:22 . 2005-01-04 19:43 4,682 --a------ c:\windows\system32\npptNT2.sys

2008-11-28 11:04 . 2008-11-28 11:04

2008-11-28 10:56 . 2008-12-12 12:29

2008-11-27 17:27 . 1998-04-30 14:56 129,024 --a------ c:\program files\UNWISE.EXE

2008-11-27 17:02 . 2008-11-27 17:02

2008-11-27 16:52 . 2008-11-27 17:21

2008-11-25 21:12 . 2008-11-25 21:12 45 ---h----- c:\windows\dsez3090.dat

2008-11-24 20:34 . 2005-04-20 12:32 2,916,352 --------- c:\windows\UNNMP.exe

2008-11-24 20:34 . 2006-05-23 17:30 47,894 --------- c:\windows\UNNMP.cfg

2008-11-24 20:33 . 2006-01-12 16:40 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-11-24 20:32 . 2005-07-29 16:12 2,977,792 --------- c:\windows\UNNeroVision.exe

2008-11-24 20:32 . 2006-05-23 17:30 179,288 --------- c:\windows\UNNeroVision.cfg

2008-11-24 20:31 . 2008-11-24 20:31

2008-11-24 20:31 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-11-24 20:31 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-11-24 20:31 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-11-24 20:31 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2008-11-24 20:31 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-11-24 20:31 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-11-24 20:31 . 2001-06-26 08:15 38,912 --------- c:\windows\system32\picn20.dll

2008-11-24 12:07 . 2008-11-24 12:07

2008-11-23 22:12 . 2008-11-24 19:36

2008-11-20 20:09 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2008-11-20 19:59 . 2008-11-20 20:03

2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys

2008-11-17 13:55 . 2008-11-17 13:55 4,096 --a------ c:\windows\d3dx.dat

2008-11-14 21:35 . 2008-12-13 13:10 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys

2008-11-14 21:35 . 2008-12-13 13:07 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys

2008-11-14 21:35 . 2008-11-14 21:35 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys

2008-11-14 21:34 . 2008-11-14 21:34

2008-11-14 21:34 . 2008-11-14 21:34

2008-11-14 20:08 . 2008-11-14 21:34

2008-11-14 20:08 . 2008-11-14 21:34

2008-11-14 20:08 . 2008-12-12 07:45

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-13 14:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-13 12:12 68,424 ----a-w c:\windows\system32\drivers\GRD.sys

2008-12-13 12:07 48,712 ----a-w c:\windows\system32\drivers\MiniIcpt.sys

2008-12-09 20:58 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-07 16:59 --------- d-----w c:\program files\Java

2008-11-20 18:20 --------- d-----w c:\program files\NAPI-PROJEKT

2008-11-19 12:52 --------- d-----w c:\program files\Google

2008-11-16 12:11 --------- d-----w c:\program files\Windows Live Safety Center

2008-11-14 07:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\fssg

2008-11-10 01:25 --------- d-----w c:\documents and settings\SKORUPSCY\Dane aplikacji\Skype

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-24 11:03 --------- d-----w c:\documents and settings\SKORUPSCY\Dane aplikacji\winamp

2008-10-15 16:55 --------- d-----w c:\program files\MSBuild

2008-10-15 16:52 --------- d-----w c:\program files\Reference Assemblies

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Revo Uninstaller"="d:\programy\rewo uninstaller\Revo Uninstaller\revouninstaller.exe" [2008-10-06 431616]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Gadu-Gadu"="d:\programy\gadugadu\Gadu-Gadu\gg.exe" [2007-11-14 2131392]

"SpybotSD TeaTimer"="d:\programy\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\NotebookSecurity\AVKTray\AVKTray.exe" [2008-12-01 955464]

"GDFirewallTray"="c:\program files\G DATA\NotebookSecurity\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\SKORUPSCY\Menu Start\Programy\Autostart\

Secunia PSI.lnk - d:\programy\PSI secunia\PSI\psi.exe [2008-11-25 728408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFileAssociate"= 0 (0x0)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"msacm.ac3filter"= ac3filter.acm

"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"d:\programy\gadugadu\Gadu-Gadu\gg.exe"=

"d:\gry\counet-strike\hl.exe"=

"c:\Program Files\Winamp Remote\bin\Orb.exe"=

"c:\Program Files\Winamp Remote\bin\OrbTray.exe"=

"c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"=

"d:\gry\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"=

"d:\gry\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"=

"c:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20013:TCP"= 20013:TCP:BitComet 20013 TCP

"20013:UDP"= 20013:UDP:BitComet 20013 UDP

R0 AFPAnsi;G-DATA Hidder Ansi;c:\windows\system32\Drivers\AFPAnsi.sys [2008-10-10 43904]

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-11-14 22272]

R0 TS4nt;TS4nt driver;c:\windows\system32\Drivers\TS4nt.sys [2008-01-29 116088]

R1 GLogin;GLogin;c:\windows\system32\drivers\GLogin.sys [2008-10-10 39544]

R1 GRD;G DATA Rootkit Detector Driver;\??\c:\windows\system32\drivers\GRD.sys [2008-10-28 68424]

R2 AVKProxy;G DATA AntiVirus Proxy;"c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe" [2008-09-08 1015880]

R2 AVKService;G DATA Scheduler;c:\program files\G DATA\NotebookSecurity\AVK\AVKService.exe [2008-09-08 386120]

R2 AVKWCtl;Strażnik AntiVirus;c:\program files\G DATA\NotebookSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]

R2 GDTdiInterceptor;GDTdiInterceptor;\??\c:\windows\system32\drivers\GDTdiIcpt.sys [2008-11-14 51016]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-08 596336]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-08 596336]

R2 KbdLockService;G DATA Keyboard Protector Service;"c:\windows\system32\KbdLockService.exe" [2008-01-29 173432]

R2 TSNxGService;TopSecret Next Generation Service;"c:\program files\G DATA\NotebookSecurity\TSNxG\TSNxGService.exe" [2008-09-08 304712]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-08-27 84992]

R3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\NotebookSecurity\Firewall\GDFwSvc.exe [2008-08-15 1407976]

R3 GDMnIcpt;GDMnIcpt;\??\c:\windows\system32\drivers\MiniIcpt.sys [2008-09-07 48712]

R3 HookCentre;HookCentre;\??\c:\windows\system32\drivers\HookCentre.sys [2008-11-14 32328]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]

S3 G DATA Backup Service;G DATA Backup Service;c:\program files\G DATA\NotebookSecurity\AVKBackup\AVKBackupService.exe [2008-08-22 880200]

S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\NotebookSecurity\AVKTuner\AVKTunerService.exe [2008-08-19 925768]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &D&ownload &with BitComet - d:\programy\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - d:\programy\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - d:\programy\bitcomet\BitComet.exe/AddAllLink.htm

IE: &Search - ?p=ZNman000

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}

hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

c:\windows\Downloaded Program Files\SkanerOnline.inf

FF - ProfilePath - c:\documents and settings\SKORUPSCY\Dane aplikacji\Mozilla\Firefox\Profiles\38499vtw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: d:\programy\adobe reader\Reader\browser\nppdf32.dll

FF - plugin: d:\programy\mozilla firefox 2\plugins\np32dsw.dll

FF - plugin: d:\programy\mozilla firefox 2\plugins\npBitCometAgent.dll

FF - plugin: d:\programy\mozilla firefox 2\plugins\npdeploytk.dll

FF - plugin: d:\programy\mozilla firefox 2\plugins\npnul32.dll

FF - plugin: d:\programy\mozilla firefox 2\plugins\nppdf32.dll

FF - plugin: d:\programy\real alternative\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: d:\programy\real alternative\Real Alternative\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-14 17:12:29

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • > 'winlogon.exe'(700)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\G DATA\NotebookSecurity\Firewall\Admin.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2008-12-14 17:13:44 - komputer został uruchomiony ponownie [sKORUPSCY]

ComboFix-quarantined-files.txt 2008-12-14 16:13:42

ComboFix2.txt 2008-12-14 10:31:10

Przed: 39,861,874,688 bajtów wolnych

Po: 39,912,820,736 bajtów wolnych

265 --- E O F --- 2008-12-11 13:12:41


(Gutek) #4

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Optymalizacja XP: viewtopic.php?t=76580

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509


(system) #5

Dzieki za pomoc! !!