Witam,
czy mógł by ktoś sprawdzić mojego loga z combofixa?
Z góry dzięki za sprawdzenie!
ComboFix 08-12-13.03 - SKORUPSCY 2008-12-14 11:14:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2047.1492 [GMT 1:00]
Uruchomiony z: c:\documents and settings\SKORUPSCY\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\system32\mfc45.dll
c:\windows\system32\TDSSosvd.dat
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Pliki utworzone od 2008-11-14 do 2008-12-14 )))))))))))))))))))))))))))))))
.
2008-12-14 10:56 . 2008-12-14 11:15
2008-12-14 10:56 . 2008-12-14 10:56
2008-12-14 10:56 . 2008-08-27 12:27
2008-12-14 10:56 . 2008-12-14 10:57
2008-12-14 10:56 . 2008-12-14 10:56
2008-12-14 10:56 . 2008-08-27 13:23
2008-12-14 10:56 . 2008-12-14 10:56
2008-12-14 10:56 . 2008-12-14 10:56
2008-12-14 09:34 . 2008-12-14 09:34 266 --a------ c:\windows\wininit.ini
2008-12-14 09:20 . 2008-12-14 09:45
2008-12-14 09:00 . 2008-12-14 09:00
2008-12-13 19:45 . 2008-12-13 19:45
2008-12-13 19:26 . 2008-12-13 19:26
2008-12-13 19:23 . 2008-12-13 19:46
2008-12-13 19:18 . 2008-12-13 19:18
2008-12-13 19:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 19:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 15:52 . 2008-12-13 15:53
2008-12-12 15:21 . 2008-12-12 15:21 38 --a------ c:\windows\AviSplitter.INI
2008-12-11 11:43 . 2008-10-16 21:33 6,066,176 --------- c:\windows\system32\SET18.tmp
2008-12-11 11:43 . 2008-10-16 21:33 1,160,192 --------- c:\windows\system32\SET11.tmp
2008-12-11 11:43 . 2008-10-16 21:33 826,368 --------- c:\windows\system32\SETF.tmp
2008-12-11 11:43 . 2008-10-16 21:33 459,264 --------- c:\windows\system32\SET16.tmp
2008-12-11 11:43 . 2008-10-16 21:33 383,488 --------- c:\windows\system32\SET19.tmp
2008-12-11 11:43 . 2008-10-16 21:33 267,776 --------- c:\windows\system32\SET17.tmp
2008-12-11 11:43 . 2008-10-16 21:33 233,472 --------- c:\windows\system32\SET10.tmp
2008-12-11 11:43 . 2008-10-16 21:33 105,984 --------- c:\windows\system32\SET12.tmp
2008-12-11 11:43 . 2008-10-16 21:33 63,488 --------- c:\windows\system32\SET1A.tmp
2008-12-11 11:43 . 2008-10-16 21:33 52,224 --------- c:\windows\system32\SET15.tmp
2008-12-11 11:39 . 2008-12-11 12:13
2008-12-11 11:39 . 2008-10-03 11:04 247,326 -----c— c:\windows\system32\dllcache\strmdll.dll
2008-12-08 16:57 . 2008-12-08 16:57
2008-12-08 09:53 . 2008-12-08 09:53 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2008-12-08 09:51 . 2008-12-08 09:51
2008-12-08 09:51 . 2008-12-04 16:44 935,776 --a------ c:\windows\system32\Incinerator.dll
2008-12-08 09:50 . 2008-12-08 09:50
2008-12-08 09:50 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2008-12-08 09:50 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2008-12-08 09:16 . 2008-12-08 10:04
2008-12-08 09:16 . 2008-12-08 09:53
2008-12-07 18:00 . 2008-12-07 17:59 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-06 10:42 . 2008-12-06 10:42
2008-12-06 08:32 . 2008-12-13 18:05
2008-12-03 14:36 . 2008-12-03 14:36
2008-12-03 14:36 . 2008-12-03 14:36 35 --a------ c:\windows\A5W.INI
2008-12-03 13:55 . 2008-12-03 13:55
2008-12-03 13:46 . 2008-12-03 14:43
2008-11-30 15:23 . 2008-11-30 15:23
2008-11-30 15:22 . 2003-07-21 04:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-11-30 15:22 . 2005-01-04 19:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-11-28 11:04 . 2008-11-28 11:04
2008-11-28 10:56 . 2008-12-12 12:29
2008-11-27 17:27 . 1998-04-30 14:56 129,024 --a------ c:\program files\UNWISE.EXE
2008-11-27 17:02 . 2008-11-27 17:02
2008-11-27 16:52 . 2008-11-27 17:21
2008-11-25 21:12 . 2008-11-25 21:12 45 —h----- c:\windows\dsez3090.dat
2008-11-24 20:34 . 2005-04-20 12:32 2,916,352 --------- c:\windows\UNNMP.exe
2008-11-24 20:34 . 2006-05-23 17:30 47,894 --------- c:\windows\UNNMP.cfg
2008-11-24 20:33 . 2006-01-12 16:40 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-24 20:32 . 2005-07-29 16:12 2,977,792 --------- c:\windows\UNNeroVision.exe
2008-11-24 20:32 . 2006-05-23 17:30 179,288 --------- c:\windows\UNNeroVision.cfg
2008-11-24 20:31 . 2008-11-24 20:31
2008-11-24 20:31 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-11-24 20:31 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-11-24 20:31 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-11-24 20:31 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2008-11-24 20:31 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-11-24 20:31 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-24 20:31 . 2001-06-26 08:15 38,912 --------- c:\windows\system32\picn20.dll
2008-11-24 12:07 . 2008-11-24 12:07
2008-11-23 22:12 . 2008-11-24 19:36
2008-11-20 20:09 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2008-11-20 19:59 . 2008-11-20 20:03
2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys
2008-11-17 13:55 . 2008-11-17 13:55 4,096 --a------ c:\windows\d3dx.dat
2008-11-14 21:35 . 2008-12-13 13:10 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-11-14 21:35 . 2008-12-13 13:07 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
2008-11-14 21:35 . 2008-11-14 21:35 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
2008-11-14 21:34 . 2008-11-14 21:34
2008-11-14 21:34 . 2008-11-14 21:34
2008-11-14 20:08 . 2008-11-14 21:34
2008-11-14 20:08 . 2008-11-14 21:34
2008-11-14 20:08 . 2008-12-12 07:45
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 14:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-13 12:12 68,424 ----a-w c:\windows\system32\drivers\GRD.sys
2008-12-13 12:07 48,712 ----a-w c:\windows\system32\drivers\MiniIcpt.sys
2008-12-09 20:58 --------- d–h--w c:\program files\InstallShield Installation Information
2008-12-07 16:59 --------- d-----w c:\program files\Java
2008-11-20 18:20 --------- d-----w c:\program files\NAPI-PROJEKT
2008-11-19 12:52 --------- d-----w c:\program files\Google
2008-11-16 12:11 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-14 07:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\fssg
2008-11-10 01:25 --------- d-----w c:\documents and settings\SKORUPSCY\Dane aplikacji\Skype
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:03 --------- d-----w c:\documents and settings\SKORUPSCY\Dane aplikacji\winamp
2008-10-15 16:55 --------- d-----w c:\program files\MSBuild
2008-10-15 16:52 --------- d-----w c:\program files\Reference Assemblies
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“G DATA AntiVirus Trayapplication”=“c:\program files\G DATA\NotebookSecurity\AVKTray\AVKTray.exe” [2008-12-01 955464]
“GDFirewallTray”=“c:\program files\G DATA\NotebookSecurity\Firewall\GDFirewallTray.exe” [2008-09-09 1037992]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]
c:\documents and settings\SKORUPSCY\Menu Start\Programy\Autostart\
Secunia PSI.lnk - d:\programy\PSI secunia\PSI\psi.exe [2008-11-25 728408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoFileAssociate”= 0 (0x0)
“NoResolveTrack”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.XFR1”= xfcodec.dll
“msacm.ac3filter”= ac3filter.acm
“msacm.avis”= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“d:\programy\gadugadu\Gadu-Gadu\gg.exe”=
“d:\gry\counet-strike\hl.exe”=
“c:\Program Files\Winamp Remote\bin\Orb.exe”=
“c:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“d:\gry\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe”=
“d:\gry\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“20013:TCP”= 20013:TCP:BitComet 20013 TCP
“20013:UDP”= 20013:UDP:BitComet 20013 UDP
R0 AFPAnsi;G-DATA Hidder Ansi;c:\windows\system32\Drivers\AFPAnsi.sys [2008-10-10 43904]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-11-14 22272]
R0 TS4nt;TS4nt driver;c:\windows\system32\Drivers\TS4nt.sys [2008-01-29 116088]
R1 GLogin;GLogin;c:\windows\system32\drivers\GLogin.sys [2008-10-10 39544]
R1 GRD;G DATA Rootkit Detector Driver;??\c:\windows\system32\drivers\GRD.sys [2008-10-28 68424]
R2 AVKProxy;G DATA AntiVirus Proxy;“c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe” [2008-09-08 1015880]
R2 AVKService;G DATA Scheduler;c:\program files\G DATA\NotebookSecurity\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Strażnik AntiVirus;c:\program files\G DATA\NotebookSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]
R2 GDTdiInterceptor;GDTdiInterceptor;??\c:\windows\system32\drivers\GDTdiIcpt.sys [2008-11-14 51016]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-08 596336]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-08 596336]
R2 KbdLockService;G DATA Keyboard Protector Service;“c:\windows\system32\KbdLockService.exe” [2008-01-29 173432]
R2 TSNxGService;TopSecret Next Generation Service;“c:\program files\G DATA\NotebookSecurity\TSNxG\TSNxGService.exe” [2008-09-08 304712]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-08-27 84992]
R3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\NotebookSecurity\Firewall\GDFwSvc.exe [2008-08-15 1407976]
R3 GDMnIcpt;GDMnIcpt;??\c:\windows\system32\drivers\MiniIcpt.sys [2008-09-07 48712]
R3 HookCentre;HookCentre;??\c:\windows\system32\drivers\HookCentre.sys [2008-11-14 32328]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys []
S3 G DATA Backup Service;G DATA Backup Service;c:\program files\G DATA\NotebookSecurity\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\NotebookSecurity\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
S3 TfNetMon;TfNetMon;??\c:\windows\system32\drivers\TfNetMon.sys []
.
.
------- Skan uzupełniający -------
.
c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
.
.
------- Skojarzenia plików -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 11:17:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(692)
-
-
-
-
-
c:\windows\system32\Ati2evxx.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\G DATA\NotebookSecurity\Firewall\Admin.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-14 11:18:37 - komputer został uruchomiony ponownie [Administrator-sp3]
ComboFix-quarantined-files.txt 2008-12-14 10:18:35
Przed: 39 831 662 592 bajtów wolnych
Po: 39,796,367,360 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /fastdetect /NoExecute=AlwaysOff
237 — E O F — 2008-12-11 13:12:41