Zacinające się filmy na internecie

Dla specjalistów Bezpieczeństwo
#1

Ostatnio filmy na na necie zaczeły mi się zacinać po jakimś czasie, po odświeżeniu strony jest wszystko normalnie, ale komu by sie chcialo co 5 minut film odpalac od nowa ;p. Proszę o sprawdzenie loga.

OTL- http://wklej.to/7EuV2

Combofix

ComboFix 11-01-03.01 - Kubix 2011-01-04 0:12.21.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1347 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Kubix\Moje dokumenty\Downloads\ComboFix.exe

.


((((((((((((((((((((((((( Pliki utworzone od 2010-12-03 do 2011-01-03 )))))))))))))))))))))))))))))))

.


2010-12-31 00:43 . 2010-12-31 00:43	--------	d-----w-	C:\Poker

2010-12-26 00:28 . 2010-12-26 00:28	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\TEMP

2010-12-25 14:39 . 2011-01-02 02:25	--------	d-----w-	c:\documents and settings\postgres

2010-12-25 14:36 . 2010-12-25 14:36	--------	d-----w-	c:\program files\PostgreSQL

2010-12-22 13:54 . 2010-12-24 18:05	--------	d-----w-	c:\documents and settings\Kubix\PARTYPokerDir

2010-12-21 15:41 . 2010-12-21 20:58	--------	d-----w-	c:\documents and settings\Kubix\Ustawienia lokalne\Dane aplikacji\FullTiltPoker

2010-12-19 20:20 . 2010-12-19 20:20	--------	d-----w-	c:\documents and settings\Kubix\Dane aplikacji\HighPulse

2010-12-19 20:17 . 2010-12-20 11:56	--------	d-----w-	c:\program files\High Pulse

2010-12-18 11:57 . 2010-12-18 11:57	--------	d-----w-	c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google

2010-12-18 11:52 . 2010-12-18 11:52	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google

2010-12-14 22:39 . 2010-12-14 23:04	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Blizzard Entertainment


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-05 17:04 . 2010-03-20 20:59	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll

.


((((((((((((((((((((((((((((( SnapShot_2011-01-02_17.24.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-03 11:40 . 2011-01-03 11:40	16384 c:\windows\temp\Perflib_Perfdata_58c.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]


[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Kubix\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-10-21 133104]

"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704]

"igndlm.exe"="d:\program files\Download Manager\DLM.exe" [2009-02-25 1103216]

"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-09-12 12653152]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"nwiz"="nwiz.exe" [2007-06-28 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"HostManager"="c:\program files\Common Files\AOL\1229271297\ee\AOLSoftware.exe" [2007-05-25 42032]

"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]

"CloneCDTray"="d:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


c:\documents and settings\Kubix\Menu Start\Programy\Autostart\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\aol\\1229271297\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"d:\\Program Files\\Steam\\steamapps\\kubixpwner\\counter-strike\\hl.exe"=

"d:\\Program Files\\Gadu-Gadu\\gg.exe"=

"d:\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Program Files\\mIRC\\mirc.exe"=

"d:\\Program Files\\Infinite Loop\\Tzar\\Tzar.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"d:\\Program Files\\BBProject\\Enemy Flag\\efserver.exe"=

"d:\\gPotato.eu\\Allods Online\\bin\\Launcher.exe"=

"d:\\gPotato.eu\\Allods Online\\bin\\AOgame.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"d:\\flashget download\\Downloads2\\utorrent.exe"=

"d:\\homm\\homm_v1000 (1).exe"=

"d:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=

"d:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=

"d:\\Program Files\\League of Legends\\Air\\LolClient.exe"=

"d:\\Program Files\\League of Legends\\Game\\League of Legends.exe"=

"c:\\NetmarbleGlobal\\GlbNetmarbleDownLoader\\glbNMDownload.exe"=

"d:\\Program Files\\Stunlock Studios\\Bloodline Champions Beta\\Binary\\BloodlineChampionsLoader.exe"=

"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"d:\\Dzony-Loker\\mirc.exe"=

"d:\\games\\AOE\\AOE\\EMPIRESX.EXE"=

"d:\\Program Files\\Microsoft Games\\Age of Empires Expansion Trial\\empiresx.exe"=

"d:\\Program Files\\Dawn of Magic\\DawnOfMagic.exe"=

"d:\\Program Files\\Black Isle\\Baldur's Gate 2\\BGMain.exe"=

"d:\\Program Files\\Hamachi2\\hamachi.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12398:TCP"= 12398:TCP:BitComet 12398 TCP

"12398:UDP"= 12398:UDP:BitComet 12398 UDP

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"8370:TCP"= 8370:TCP:League of Legends Launcher

"8370:UDP"= 8370:UDP:League of Legends Launcher

"8371:TCP"= 8371:TCP:League of Legends Launcher

"8371:UDP"= 8371:UDP:League of Legends Launcher

"8372:TCP"= 8372:TCP:League of Legends Launcher

"8372:UDP"= 8372:UDP:League of Legends Launcher

"8373:TCP"= 8373:TCP:League of Legends Launcher

"8373:UDP"= 8373:UDP:League of Legends Launcher

"8374:TCP"= 8374:TCP:League of Legends Launcher

"8374:UDP"= 8374:UDP:League of Legends Launcher

"8375:TCP"= 8375:TCP:League of Legends Launcher

"8375:UDP"= 8375:UDP:League of Legends Launcher

"8376:TCP"= 8376:TCP:League of Legends Launcher

"8376:UDP"= 8376:UDP:League of Legends Launcher

"8377:TCP"= 8377:TCP:League of Legends Launcher

"8377:UDP"= 8377:UDP:League of Legends Launcher

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8394:TCP"= 8394:TCP:League of Legends Launcher

"8394:UDP"= 8394:UDP:League of Legends Launcher


R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-03-11 436792]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2010-03-20 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2010-03-20 141792]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]

R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-05-29 4096]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-03-20 312584]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-03-20 88480]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys --> c:\windows\system32\drivers\mfetdi2k.sys [?]

S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 136176]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-03-20 55456]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Kubix\USTAWI~1\Temp\FWD42.tmp --> c:\docume~1\Kubix\USTAWI~1\Temp\FWD42.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-03-20 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-20 83496]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-10-26 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2008-10-26 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2008-10-26 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2008-10-26 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2008-10-26 100008]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]

.

Zawartość folderu 'Zaplanowane zadania'


2009-05-13 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21234385022.job

- d:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 19:38]


2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 11:52]


2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-18 11:52]


2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1123561945-839522115-1003Core.job

- c:\documents and settings\Kubix\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-10-21 13:52]


2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1123561945-839522115-1003UA.job

- c:\documents and settings\Kubix\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-10-21 13:52]


2011-01-03 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-08-19 20:18]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s

IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: &Download All by FlashGet - d:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

IE: &Download by FlashGet - d:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Trusted Zone: internet

Trusted Zone: mcafee.com

FF - ProfilePath - c:\documents and settings\Kubix\Dane aplikacji\Mozilla\Firefox\Profiles\y9u1uxuz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://www.ask.com/?o=13928&l=dis

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com

FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

FF - Ext: BitComet Download Helper: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-04 00:16

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Kubix\USTAWI~1\Temp\FWD42.tmp"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ţ»Ów*]

"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""

.

Czas ukończenia: 2011-01-04 00:18:47

ComboFix-quarantined-files.txt 2011-01-03 23:18

ComboFix2.txt 2011-01-02 17:25

ComboFix3.txt 2010-12-19 14:26

ComboFix4.txt 2010-11-30 21:41

ComboFix5.txt 2011-01-03 23:11


Przed: 2 078 625 792 bajtów wolnych

Po: 2 257 121 280 bajtów wolnych


- - End Of File - - 98259060A2020105D830B7845CC75A39

Dodane 09.01.2011 (N) 3:27

bump !