Prosze o sprawdzenie loga ( chyba swinie )

szubert · 28 Styczeń 2009 11:24

Peosze o popatrzenie na loga z kompa bo nie pokazuje mi plikow ukrytych wiec pewnie mam swinstwo. Z gory dzieki za pomoc.

OTO LOG:

http://www.wklejto.pl/24265

ComboFix 09-01-21.04 - szubert 2009-01-27 14:10:54.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1654 [GMT 1:00]

Uruchomiony z: e:\filmy\90210\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090127-0] *On-access scanning enabled* (Updated)

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((( Pliki utworzone od 2008-12-27 do 2009-01-27 )))))))))))))))))))))))))))))))

.

2009-01-27 01:24 . 2009-01-27 01:24

2009-01-27 01:24 . 2009-01-27 01:25

2009-01-27 01:24 . 2009-01-27 01:24 26,808 --a------ c:\windows\system32\drivers\pxark.sys

2009-01-25 07:01 . 2009-01-25 12:48 664 --a------ c:\windows\system32\d3d9caps.dat

2009-01-20 20:30 . 2009-01-20 20:30

2009-01-20 20:00 . 2009-01-20 20:00

2009-01-20 11:06 . 2009-01-20 11:06

2009-01-20 11:05 . 2009-01-20 11:05

2009-01-20 10:30 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2009-01-20 10:30 . 2009-01-20 10:30 421 --a------ c:\windows\ODBC.INI

2009-01-20 10:29 . 2009-01-20 10:30

2009-01-20 10:29 . 2009-01-20 10:29

2009-01-17 23:44 . 2009-01-17 23:44

2009-01-17 23:44 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll

2009-01-17 23:03 . 2009-01-17 23:03

2009-01-17 23:03 . 1997-08-26 12:06 315,904 --a------ c:\windows\IsUninst.exe

2009-01-17 22:28 . 2009-01-17 22:28

2009-01-17 22:24 . 2009-01-17 22:47

2009-01-17 22:24 . 2005-05-20 03:51 305,908 --a------ c:\windows\ETOSU.EXE

2009-01-17 22:23 . 2009-01-17 22:24 137 --a------ c:\windows\ETOSP.INI

2009-01-17 19:21 . 2009-01-17 19:21

2009-01-17 17:33 . 2009-01-20 19:18

2009-01-16 20:04 . 2009-01-27 13:54

2009-01-16 19:59 . 2009-01-16 19:59

2009-01-16 19:59 . 2009-01-17 19:17

2009-01-15 21:21 . 2009-01-15 21:21

2009-01-15 21:04 . 2009-01-15 21:04

2009-01-15 20:24 . 2009-01-15 20:24

2009-01-15 18:18 . 2009-01-15 18:18 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2009-01-15 18:17 . 2009-01-15 21:20

2009-01-15 17:54 . 2009-01-15 17:54

2009-01-15 17:52 . 2009-01-15 17:52

2009-01-15 17:52 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2009-01-15 17:48 . 2009-01-15 17:48

2009-01-15 17:45 . 2009-01-15 17:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-01-15 17:44 . 2009-01-15 17:44

2009-01-15 17:36 . 2009-01-15 17:36

2009-01-15 17:36 . 2009-01-17 11:09

2009-01-15 17:31 . 2009-01-15 17:33

2009-01-15 17:31 . 2009-01-27 01:37 2,124 --a------ c:\windows\wincmd.ini

2009-01-15 17:31 . 2008-07-29 07:04 545 --a------ c:\windows\UC.PIF

2009-01-15 17:31 . 2008-07-29 07:04 545 --a------ c:\windows\RAR.PIF

2009-01-15 17:31 . 2008-07-29 07:04 545 --a------ c:\windows\PKZIP.PIF

2009-01-15 17:31 . 2008-07-29 07:04 545 --a------ c:\windows\PKUNZIP.PIF

2009-01-15 17:31 . 2008-07-29 07:04 545 --a------ c:\windows\NOCLOSE.PIF

2009-01-15 17:31 . 2008-07-29 07:04 545 --a------ c:\windows\LHA.PIF

2009-01-15 17:31 . 2008-07-29 07:04 545 --a------ c:\windows\ARJ.PIF

2009-01-15 16:42 . 2008-06-14 18:36 273,024 --------- c:\windows\system32\drivers\bthport.sys

2009-01-15 16:42 . 2008-06-14 18:36 273,024 --------- c:\windows\system32\dllcache\bthport.sys

2009-01-15 16:40 . 2009-01-20 22:50

2009-01-15 16:39 . 2009-01-15 16:39

2009-01-15 16:38 . 2009-01-15 16:39

2009-01-15 16:38 . 2003-03-19 04:14 499,712 --a------ c:\windows\system32\msvcp71.dll

2009-01-15 16:38 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll

2009-01-15 16:36 . 2008-08-14 14:26 2,190,464 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2009-01-15 16:36 . 2008-08-14 14:26 2,146,816 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-01-15 16:36 . 2008-08-14 14:26 2,067,328 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-01-15 16:36 . 2008-08-14 14:26 2,025,472 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2009-01-15 16:36 . 2008-09-15 16:27 1,846,656 --------- c:\windows\system32\dllcache\win32k.sys

2009-01-15 16:36 . 2008-05-27 18:26 765,952 --------- c:\windows\system32\dllcache\vgx.dll

2009-01-15 16:34 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

2009-01-15 16:34 . 2008-12-11 11:57 333,952 --------- c:\windows\system32\dllcache\srv.sys

2009-01-15 16:34 . 2008-05-08 15:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys

2009-01-15 16:33 . 2008-04-11 20:06 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll

2009-01-15 16:23 . 2008-10-03 11:04 247,326 --------- c:\windows\system32\dllcache\strmdll.dll

2009-01-15 16:22 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

2009-01-15 16:22 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2009-01-15 15:41 . 2005-06-28 10:21 22,752 --a------ c:\windows\system32\spupdsvc.exe

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-20 19:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-15 20:10 --------- d–h--w c:\program files\InstallShield Installation Information

2009-01-15 10:02 --------- d-----w c:\program files\AGEIA Technologies

2009-01-15 09:59 --------- d-----w c:\program files\Analog Devices

2009-01-15 09:58 --------- d-----w c:\program files\DIFX

2009-01-15 09:57 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-15 09:49 --------- d-----w c:\program files\Usługi online

2009-01-15 09:47 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll

2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2008-04-01 486856]

“RGSC”=“d:\gry\gta\Rockstar Games Social Club\RGSCLauncher.exe” [2009-01-15 306088]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 868352]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-12-26 13680640]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-12-26 86016]

“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 34672]

“nwiz”=“nwiz.exe” [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_2”=“shell32” [X]

“nltide_3”=“advpack.dll” [2008-10-16 c:\windows\system32\advpack.dll]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“d:\gry\gta\Rockstar Games Social Club\RGSCLauncher.exe”=

“d:\gry\gta\Grand Theft Auto IV\LaunchGTAIV.exe”=

“e:\Civ4\Civilization4.exe”=

“d:\gry\gta\Grand Theft Auto IV\GTAIV.exe”=

“e:\Civ4\Beyond the Sword\Civ4BeyondSword.exe”=

“e:\Civ4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe”=

“d:\gry\steam\SteamApps\sub_pl\counter-strike\hl.exe”=

“c:\Program Files\FlashGet\flashget.exe”=

“d:\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE”=

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2009-01-27 26808]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-17 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-17 20560]

R4 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2009-01-27 927288]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{26aa2456-ec07-11dd-ab5d-001e8c255f53}]

\Shell\AutoRun\command - H:\je26200.com

\Shell\explore\Command - H:\je26200.com

\Shell\open\Command - H:\je26200.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f4a0f294-e339-11dd-ab49-001e8c255f53}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f4a0f295-e339-11dd-ab49-001e8c255f53}]

\Shell\AutoRun\command - I:\2.exe

\Shell\open\Command - I:\2.exe

.

- - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-27 14:11:43

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-746137067-682003330-1003\Software\SecuROM\License information*]

“datasecu”=hex:1f,0d,58,44,73,57,ad,4a,04,64,2b,fb,37,07,8e,9a,13,c1,b1,b4,69,

a5,2e,fa,94,af,ac,59,f5,1e,a5,8f,2e,ea,62,ab,d3,14,95,aa,09,bf,43,64,49,c3,\

“rkeysecu”=hex:13,00,7d,ed,d5,a6,0a,06,8d,b4,79,2c,00,f1,44,84

.

Czas ukończenia: 2009-01-27 14:12:16

ComboFix-quarantined-files.txt 2009-01-27 13:12:15

Przed: 3 506 700 288 bajtów wolnych

Po: 3,605,934,080 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect /usepmtimer

181 — E O F — 2009-01-20 08:52:03

huber2t · 28 Styczeń 2009 11:41

Do wyleczenia pendrive z wirusów użyj tych programów

otwórz notatnik i wklej

Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.

Przeczyść system Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum