x-kom hosting

Prosze o sprawdzenie loga z combofixa

bogumill23
utworzono
utworzono

bardzo prosze o sprawdzenie loga z combofixa z góry dziękuje

ComboFix 09-03-26.03 - User 2009-03-27 22:38:01.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.511.299 [GMT 1:00]Uruchomiony z: d:\nowy folder\ComboFix.exe.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\User\reader_s.exec:\windows\Install.txtc:\windows\system32\200935911.dllc:\windows\system32\3.tmpc:\windows\system32\4.tmpc:\windows\system32\6.tmpc:\windows\system32\7.tmpc:\windows\system32\9.tmpc:\windows\system32\A.tmpc:\windows\system32\c++.exec:\windows\system32\comsa32.sysc:\windows\system32\drivers\protect.sysc:\windows\system32\dxonool32.sysc:\windows\system32\Install.txtc:\windows\system32\ndetect.exec:\windows\system32\reader_s.exec:\windows\system32\sopidkc.exec:\windows\system32\tpszxyd.sysc:\windows\system32\u162129646.dllc:\windows\system32\w.exec:\windows\system32\windres.exe  . . . jest zainfekowany!!  . . . jest zainfekowany!!  . . . jest zainfekowany!!.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_AFISICX-------\Legacy_DEFAULTLIB-------\Legacy_PROTECT-------\Legacy_SOFTYINFORWOW1-------\Legacy_SOPIDKC-------\Service_afisicx-------\Service_defaultlib-------\Service_protect-------\Service_restore-------\Service_softyinforwow1-------\Service_sopidkc(((((((((((((((((((((((((   Pliki utworzone od 2009-02-27 do 2009-03-27  ))))))))))))))))))))))))))))))).2009-03-27 22:41 . 2009-03-27 22:41	<DIR>	d--------	c:\windows\system32\xircom2009-03-27 22:41 . 2009-03-27 22:41	<DIR>	d--------	c:\windows\system32\oobe2009-03-27 22:41 . 2009-03-27 22:41	<DIR>	d--------	c:\windows\srchasst2009-03-27 22:41 . 2009-03-27 22:41	<DIR>	d--------	c:\windows\msagent2009-03-27 22:41 . 2009-03-27 22:41	<DIR>	d--------	c:\program files\microsoft frontpage2009-03-27 21:58 . 2009-03-27 21:58	<DIR>	d--------	c:\program files\Trend Micro2009-03-27 21:03 . 2009-03-27 22:28	<DIR>	d--------	c:\program files\mks_vir_20072009-03-27 21:03 . 2009-03-27 21:03	270	--a------	c:\windows\{6ECB6EE7-DF64-4F26-9273-9525FC11A417}_WiseFW.ini2009-03-27 20:40 . 2004-08-12 08:50	2,568,192	-ra------	c:\windows\system\cmicnfg.cpl2009-03-27 20:40 . 2004-02-17 03:51	1,478,656	-ra------	c:\windows\system\SmWizard.exe2009-03-27 20:40 . 2002-04-29 08:04	917,504	-ra------	c:\windows\system\cmids3d.dll2009-03-27 20:40 . 2004-08-23 09:21	821,760	-ra------	c:\windows\system32\drivers\cmuda.sys2009-03-27 20:40 . 2001-11-23 05:08	712,704	-ra------	c:\windows\system32\Audio3D.dll2009-03-27 20:40 . 2004-08-26 11:25	163,840	-ra------	c:\windows\system32\cmuda.dll2009-03-27 20:40 . 2003-04-24 06:29	32,768	-ra------	c:\windows\system32\udaprop.dll2009-03-27 20:39 . 2009-03-27 20:39	<DIR>	d--------	c:\program files\C-Media 3D Audio2009-03-27 20:39 . 2003-07-22 11:15	245,760	--a------	c:\windows\CmiRmRedundDir.exe2009-03-27 20:39 . 2009-03-27 20:39	171	--a------	c:\windows\system\CmiCnfg.ini2009-03-27 19:39 . 2009-03-27 20:30	<DIR>	d--------	c:\program files\Odkurzacz2009-03-24 23:09 . 2009-03-24 23:09	<DIR>	d--------	C:\Ajt Soft2009-03-23 18:36 . 2009-03-23 18:36	<DIR>	d--------	c:\program files\Nowe Gadu-Gadu2009-03-22 20:02 . 2009-03-22 20:02	<DIR>	d--hs----	c:\documents and settings\User\IECompatCache2009-03-22 20:01 . 2009-03-22 20:01	<DIR>	d--hs----	c:\documents and settings\User\PrivacIE2009-03-22 19:47 . 2009-03-23 14:01	<DIR>	d--------	c:\windows\SxsCaPendDel2009-03-22 19:37 . 2009-03-22 19:37	<DIR>	d--h-----	c:\windows\PIF2009-03-22 19:36 . 2009-03-22 19:36	<DIR>	d--hs----	c:\windows\system32\config\systemprofile\PrivacIE2009-03-22 19:36 . 2009-03-22 19:36	<DIR>	d--hs----	c:\windows\system32\config\systemprofile\IETldCache2009-03-22 19:36 . 2009-03-22 19:36	<DIR>	d--hs----	c:\documents and settings\LocalService\IETldCache2009-03-22 19:35 . 2009-03-22 19:35	<DIR>	d--hs----	c:\documents and settings\User\IETldCache2009-03-22 19:32 . 2009-01-07 18:21	26,144	--a------	c:\windows\system32\spupdsvc.exe2009-03-22 19:30 . 2009-03-22 19:32	<DIR>	d--h-c---	c:\windows\ie82009-03-22 01:29 . 2009-03-22 01:29	124	--a------	c:\windows\system32\8.tmp2009-03-21 23:00 . 2009-03-21 23:00	124	--a------	c:\windows\system32\5.tmp2009-03-21 20:37 . 2009-03-21 20:38	71,680	--a------	c:\windows\system32\5A.tmp2009-03-21 20:37 . 2009-03-21 20:37	28,672	--a------	c:\windows\system32\59.tmp2009-03-21 20:37 . 2009-03-21 20:37	124	--a------	c:\windows\system32\58.tmp2009-03-21 17:12 . 2009-03-21 17:12	64,512	--a------	c:\windows\system32\deviceemulator.exe2009-03-21 17:11 . 2009-03-21 17:11	124	--a------	c:\windows\system32\2.tmp2009-03-21 17:01 . 2009-03-21 17:01	182,656	--a------	c:\windows\system32\dllcache\ndis.sys2009-03-21 17:01 . 2009-03-21 17:01	6	--a------	c:\windows\_id.dat2009-03-21 17:00 . 2009-03-21 17:00	0	--a------	c:\windows\system32\33.tmp2009-03-21 16:59 . 2009-03-21 16:59	11,450,341	--a------	c:\windows\services.ex_2009-03-21 16:59 . 2009-03-22 19:36	130	--a------	c:\windows\adobe.bat2009-03-21 16:58 . 2009-03-21 16:59	71,680	--a------	c:\windows\system32\31.tmp2009-03-21 16:58 . 2009-03-21 10:30	9,240	--a------	c:\windows\system32\wf.exe2009-03-21 16:58 . 2009-03-21 16:58	124	--a------	c:\windows\system32\2E.tmp2009-03-19 20:56 . 2009-03-19 20:56	<DIR>	d--------	c:\documents and settings\User\Dane aplikacji\OpenOffice.org2009-03-19 20:54 . 2009-03-19 20:54	<DIR>	d--------	c:\program files\OpenOffice.org 32009-03-19 17:08 . 2009-03-19 17:08	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\222222009-03-19 00:19 . 2009-03-19 00:19	<DIR>	d--------	c:\program files\NiemPol2009-03-19 00:19 . 2008-01-06 13:44	140,288	--a------	c:\windows\system32\COMDLG32.OCX2009-03-19 00:19 . 2004-03-08 23:00	132,880	--a------	c:\windows\system32\MSINET.OCX2009-03-18 16:47 . 2009-03-18 16:47	<DIR>	d--------	c:\program files\AVIcodec2009-03-18 16:42 . 2009-03-24 15:36	1,065	--a------	c:\windows\winamp.ini2009-03-16 22:30 . 2009-03-16 22:30	<DIR>	d--hs----	C:\found.0002009-03-15 22:17 . 2009-03-18 17:38	<DIR>	d--------	c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu2009-03-13 17:25 . 2009-03-13 17:25	<DIR>	d--------	c:\program files\Ares2009-03-13 13:56 . 2009-03-13 13:56	<DIR>	d--------	c:\documents and settings\User\Dane aplikacji\AltrixSoft2009-03-12 21:05 . 2008-09-25 14:20	483,328	--a------	c:\windows\system32\actskn45.ocx2009-03-12 16:09 . 2001-10-26 13:29	89,088	--a------	c:\windows\system32\hpgt33.dll2009-03-12 16:09 . 2001-10-26 13:29	87,040	--a------	c:\windows\system32\wiafbdrv.dll2009-03-12 16:09 . 2001-10-26 13:29	48,128	--a------	c:\windows\system32\hpgt33tk.dll2009-03-12 16:09 . 2001-10-26 13:29	32,768	--a------	c:\windows\system32\hpgtmcro.dll2009-03-12 16:09 . 2008-04-13 20:15	15,104	--a------	c:\windows\system32\drivers\usbscan.sys2009-03-08 17:50 . 2009-03-08 17:50	<DIR>	d--------	c:\windows\Sun2009-03-08 17:49 . 2009-03-08 17:49	<DIR>	d--------	c:\program files\Java2009-03-08 17:49 . 2009-03-08 17:49	410,984	--a------	c:\windows\system32\deploytk.dll2009-03-08 17:49 . 2009-03-08 17:49	73,728	--a------	c:\windows\system32\javacpl.cpl2009-03-08 14:15 . 2009-03-08 14:15	1,294,336	---------	c:\windows\system32\ieframe.dll.mui2009-03-08 14:14 . 2009-03-08 14:14	53,248	---------	c:\windows\system32\msrating.dll.mui2009-03-08 14:14 . 2009-03-08 14:14	2,560	---------	c:\windows\system32\mshta.exe.mui2009-03-08 14:13 . 2009-03-08 14:13	4,096	---------	c:\windows\system32\ie4uinit.exe.mui2009-03-08 14:12 . 2009-03-08 14:12	81,920	---------	c:\windows\system32\iedkcs32.dll.mui2009-03-08 04:34 . 2009-03-08 04:34	43,008	---------	c:\windows\system32\dllcache\licmgr10.dll2009-03-08 04:33 . 2009-03-08 04:33	759,296	---------	c:\windows\system32\dllcache\VGX.dll2009-03-08 04:33 . 2009-03-08 04:33	726,528	---------	c:\windows\system32\dllcache\jscript.dll2009-03-08 04:33 . 2009-03-08 04:33	420,352	---------	c:\windows\system32\dllcache\vbscript.dll2009-03-08 04:33 . 2009-03-08 04:33	18,944	---------	c:\windows\system32\dllcache\corpol.dll2009-03-08 04:32 . 2009-03-08 04:32	94,720	---------	c:\windows\system32\dllcache\inseng.dll2009-03-08 04:32 . 2009-03-08 04:32	72,704	---------	c:\windows\system32\dllcache\admparse.dll2009-03-08 04:32 . 2009-03-08 04:32	71,680	---------	c:\windows\system32\dllcache\iesetup.dll2009-03-08 04:31 . 2009-03-08 04:31	1,638,912	---------	c:\windows\system32\dllcache\mshtml.tlb2009-03-08 04:31 . 2009-03-08 04:31	183,808	---------	c:\windows\system32\dllcache\iepeers.dll2009-03-08 04:31 . 2009-03-08 04:31	62,464	---------	c:\windows\system32\dllcache\mshta.exe2009-03-08 04:31 . 2009-03-08 04:31	48,128	---------	c:\windows\system32\dllcache\mshtmler.dll2009-03-08 04:31 . 2009-03-08 04:31	34,816	---------	c:\windows\system32\dllcache\imgutil.dll2009-03-08 04:30 . 2009-03-08 04:30	66,560	---------	c:\windows\system32\dllcache\tdc.ocx2009-03-08 04:24 . 2009-03-08 04:24	68,608	---------	c:\windows\system32\dllcache\hmmapi.dll2009-03-08 04:22 . 2009-03-08 04:22	156,160	---------	c:\windows\system32\dllcache\msls31.dll2009-03-08 01:31 . 2004-02-17 10:11	53,248	--a------	c:\windows\system32\vp6dec_settings.cpl2009-03-08 01:30 . 2009-03-08 01:31	<DIR>	d--------	c:\program files\ACE Mega CoDecS Pack2009-03-08 01:30 . 2001-10-31 10:14	1,650,688	--a------	c:\windows\system32\mplva6.dll2009-03-08 01:30 . 2001-10-31 10:14	1,581,056	--a------	c:\windows\system32\mplvw7.dll2009-03-08 01:30 . 2001-10-31 10:14	1,552,384	--a------	c:\windows\system32\mplvm6.dll2009-03-08 01:30 . 2001-10-31 10:14	1,122,304	--a------	c:\windows\system32\mplvpx.dll2009-03-08 01:30 . 2004-10-30 15:39	761,856	--a------	c:\windows\system32\xvidcore.dll2009-03-08 01:30 . 2004-05-25 16:06	417,792	--a------	c:\windows\system32\ac3filter.cpl2009-03-08 01:30 . 2003-03-25 05:49	152,064	--a------	c:\windows\system32\unrar.dll2009-03-08 01:30 . 2001-10-31 10:14	77,824	--a------	c:\windows\system32\mplaw7.dll2009-03-08 01:30 . 2001-10-31 10:14	77,824	--a------	c:\windows\system32\mplaa6.dll2009-03-08 01:30 . 2001-10-31 10:14	65,536	--a------	c:\windows\system32\mplapx.dll2009-03-08 01:30 . 2001-10-31 10:14	65,536	--a------	c:\windows\system32\mplam6.dll2009-03-08 01:30 . 2001-09-17 12:20	19,968	--a------	c:\windows\system32\cpuinf32.dll2009-03-07 00:53 . 2009-03-07 00:53	<DIR>	d--------	c:\documents and settings\User\Dane aplikacji\AdobeUM2009-03-06 15:47 . 2009-03-06 15:47	<DIR>	d--------	c:\program files\Common Files\Adobe2009-03-04 23:25 . 2009-03-04 23:25	<DIR>	d--------	c:\program files\EA SPORTS2009-03-04 20:05 . 2008-04-13 20:15	172,416	--a------	c:\windows\system32\drivers\kmixer.sys2009-03-04 20:05 . 2008-04-13 18:09	142,592	--a------	c:\windows\system32\drivers\aec.sys2009-03-04 20:05 . 2008-04-13 20:47	83,072	--a------	c:\windows\system32\drivers\wdmaud.sys2009-03-04 20:05 . 2008-04-13 20:45	60,800	--a------	c:\windows\system32\drivers\sysaudio.sys2009-03-04 20:05 . 2008-04-13 20:15	56,576	--a------	c:\windows\system32\drivers\swmidi.sys2009-03-04 20:05 . 2008-04-13 20:15	52,864	--a------	c:\windows\system32\drivers\DMusic.sys2009-03-04 20:05 . 2008-04-13 20:09	7,552	--a------	c:\windows\system32\drivers\MSKSSRV.sys2009-03-04 20:05 . 2008-04-13 20:15	6,272	--a------	c:\windows\system32\drivers\splitter.sys2009-03-04 20:05 . 2008-04-13 20:09	5,376	--a------	c:\windows\system32\drivers\MSPCLOCK.sys2009-03-04 20:05 . 2008-04-13 20:09	4,992	--a------	c:\windows\system32\drivers\MSPQM.sys2009-03-04 20:05 . 2008-04-13 20:15	2,944	--a------	c:\windows\system32\drivers\drmkaud.sys2009-03-04 20:04 . 2009-03-04 20:04	<DIR>	d--h-----	c:\program files\InstallShield Installation Information2009-03-04 20:04 . 2001-11-23 05:08	712,704	-ra------	c:\windows\system32\a3d.dll2009-03-04 20:04 . 2003-08-05 14:23	286,720	--a------	c:\windows\CMIUninstall.exe2009-03-04 20:04 . 2004-04-23 08:02	253,952	-ra------	c:\windows\system32\cmirmdrv.exe2009-03-04 20:04 . 2008-04-13 20:49	146,048	--a------	c:\windows\system32\drivers\portcls.sys2009-03-04 20:04 . 2008-04-14 18:51	129,536	--a------	c:\windows\system32\ksproxy.ax2009-03-04 20:04 . 2008-04-13 20:15	60,160	--a------	c:\windows\system32\drivers\drmk.sys2009-03-04 20:04 . 2003-02-18 11:26	28,672	-ra------	c:\windows\system32\cmirmdrv.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-25 19:35	---------	d-----w	c:\program files\Usługi online2009-03-21 16:01	182,656	----a-w	c:\windows\system32\drivers\ndis.sys2009-03-08 03:34	914,944	----a-w	c:\windows\system32\wininet.dll2009-03-08 03:34	43,008	----a-w	c:\windows\system32\licmgr10.dll2009-03-08 03:33	420,352	----a-w	c:\windows\system32\vbscript.dll2009-03-08 03:33	18,944	----a-w	c:\windows\system32\corpol.dll2009-03-08 03:32	72,704	----a-w	c:\windows\system32\admparse.dll2009-03-08 03:32	71,680	----a-w	c:\windows\system32\iesetup.dll2009-03-08 03:31	62,464	----a-w	c:\windows\system32\mshta.exe2009-03-08 03:31	48,128	----a-w	c:\windows\system32\mshtmler.dll2009-03-08 03:31	34,816	----a-w	c:\windows\system32\imgutil.dll2009-03-08 03:22	156,160	----a-w	c:\windows\system32\msls31.dll2009-03-03 17:14	---------	d-----w	c:\program files\FRISK Software2009-03-03 17:14	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\FRISK Software2009-03-03 17:02	---------	d-----w	c:\program files\Common Files\InstallShield2009-03-03 16:51	---------	d-----w	c:\program files\Windows Media Connect 22009-01-07 17:20	265,720	----a-w	c:\windows\system32\msdbg2.dll2009-01-07 17:20	26,112	----a-w	c:\windows\system32\idndl.dll2009-01-07 17:20	24,576	----a-w	c:\windows\system32\nlsdl.dll2009-01-07 17:20	23,552	----a-w	c:\windows\system32\normaliz.dll2008-07-19 00:28	113,664	----a-w	c:\windows\inf\hdaudio.sys2001-11-23 04:08	712,704	----a-r	c:\windows\inf\OTHER\AUDIO3D.DLL.------- Sigcheck -------2007-07-11 06:06  642560  ce594e18fe0d0af804f1f3694921ce62	c:\windows\system32\user32.dll2008-06-16 14:28  361344  030dc4d48cc2b894fee2f390d8e66ad5	c:\windows\system32\drivers\tcpip.sys2008-06-16 14:28  549888  335813eacd16e84f3047a3326f6e5473	c:\windows\system32\winlogon.exe2009-03-21 17:01  213120  1df7f42665c94b825322fae71721130d	c:\windows\system32\dllcache\ndis.sys2009-03-21 17:01  213120  1df7f42665c94b825322fae71721130d	c:\windows\system32\drivers\ndis.sys2008-07-19 01:33  2074240  0dbf1939df18ac8f8c1e4bd63d7d4b0f	c:\windows\system32\ntkrnlpa.exe2008-07-07 10:44  2197376  37d5daaeda594b9bee00c82f185cc549	c:\windows\system32\ntoskrnl.exe2008-06-27 16:36  1442304  41f5e2719aea48fb4696fd4cfff6ad12	c:\windows\explorer.exe2008-06-16 14:28  74752  d575a92e20b8dba5c120ea5ef69fd960	c:\windows\system32\spoolsv.exe2008-06-16 14:28  43520  f98fbb2a5a312e82d1578f2ba34bcf40	c:\windows\system32\userinit.exe.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1025536]"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 282112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"nltide_3"="advpack.dll" [2009-03-08 c:\windows\system32\advpack.dll]c:\documents and settings\User\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 401408]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 46592][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoResolveTrack"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoResolveTrack"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Userinit"="c:\windows\explorer.exe,"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll"vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll"vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll"vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]@="service"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Ares\\Ares.exe"=R0 mksidsa;mksidsa;c:\windows\system32\MksIdsa.sys [2007-05-24 6144]R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-06-16 77312]R1 mksfwallf;mksfwallf;c:\windows\system32\MksFwallf.sys [2007-05-24 13312]R1 mksfwallt;mksfwallt;c:\windows\system32\MksFwallt.sys [2007-05-24 15360]R2 afisicx;afisicx  Service;c:\windows\system32\afisicx.exe [2008-06-16 193024]R2 sopidkc;sopidkc  Service;c:\windows\system32\sopidkc.exe [2008-06-16 194560]R2 tdctxte;tdctxte  Service;c:\windows\system32\tdctxte.exe [2008-06-16 193536]S2 MksFwall;MksFwall;c:\program files\mks_vir_2007\bin\MksFwall.exe [2007-05-24 290816]S2 MksPC;MksPC;"c:\program files\mks_vir_2007\bin\MksPC.exe" --> c:\program files\mks_vir_2007\bin\MksPC.exe [?]S2 MksUpdate;MksUpdate;"c:\program files\mks_vir_2007\bin\mksupdate.exe" --> c:\program files\mks_vir_2007\bin\mksupdate.exe [?]S3 mksidsf;mksidsf;c:\windows\system32\MksIdsf.sys [2007-05-24 11776]S3 MksMonEn;MksMonEn;\??\c:\program files\mks_vir_2007\bin\MksMonEn.sys --> c:\program files\mks_vir_2007\bin\MksMonEn.sys [?]S3 MksMonEv;MksMonEv;\??\c:\program files\mks_vir_2007\bin\MksMonEv.sys --> c:\program files\mks_vir_2007\bin\MksMonEv.sys [?]S3 MksMonFd;MksMonFd;\??\c:\program files\mks_vir_2007\bin\MksMonFd.sys --> c:\program files\mks_vir_2007\bin\MksMonFd.sys [?]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - AFISICX*NewlyCreated* - HELPSVC*NewlyCreated* - SOPIDKC[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]\Shell\AutoRun\command - E:\pcformat.exe[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Zawartość folderu 'Zaplanowane zadania'2009-03-27 c:\windows\Tasks\User_Feed_Synchronization-{2E909A0B-590A-4BCC-872B-38A7EF776724}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-Gadu-Gadu - d:\gadu-gadu\gg.exeHKLM-Run-mkstray - c:\program files\mks_vir_2007\bin\mkstray.exeHKLM-Run-MKSRegmon - c:\program files\mks_vir_2007\bin\mksregmon.exeHKLM-Run-Cmaudio - cmicnfg.cplHKU-Default-Run-services - c:\windows\services.exe.------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreLSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-27 22:42:27Windows 5.1.2600 Dodatek Service Pack 3 NTFSdetected NTDLL code modification:ZwOpenFileskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  c:\windows\system32\tpszxyd.sys 214016 bytes executablec:\windows\system32\afisicx.exe 193024 bytes executableskanowanie pomyślnie ukończoneukryte pliki: 2**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,ef,0b,fa,14,68,74,4f,a5,c7,fa,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,ef,0b,fa,14,68,74,4f,a5,c7,fa,\.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(636)c:\windows\system32\sfc_os.dllc:\windows\system32\cscui.dllc:\windows\system32\COMRes.dllc:\program files\mks_vir_2007\bin\mkslsp.dllc:\program files\mks_vir_2007\bin\mksfwallweb.dll- - - - - - - > 'lsass.exe'(696)c:\windows\system32\scecli.dllc:\program files\mks_vir_2007\bin\mkslsp.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Java\jre6\bin\jqs.exec:\windows\system32\rundll32.exec:\windows\system32\rundll32.exec:\windows\system32\tpszxyd.sysc:\program files\Internet Explorer\iexplore.exec:\program files\Internet Explorer\iexplore.exec:\windows\system32\dpcxool64.sys.**************************************************************************.Czas ukończenia: 2009-03-27 22:44:44 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-03-27 21:44:40Przed: 2 676 269 056 bajtów wolnychPo: 2,842,193,920 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect355

Gość
komentarz
komentarz

Nie wiem, czy opłaca się ratować...

Użyj (w Trybie Awaryjnym)-->SDFix. (niżej na stronie linku).

Pokaż Report.txt znajdujący się w folderze SDFix.

detected NTDLL code modification:ZwOpenFile

Przeskanuj tym: Dr.WEB CureIt!. (Pełne Skanowanie).

.

bogumill23
komentarz
komentarz

o to raport z SDFixa

[b]SDFix: Version 1.240 [/b]Run by User on 2009-03-28 at 16:07Microsoft Windows XP [Wersja 5.1.2600]Running From: C:\SDFix[b]Checking Services [/b]:Restoring Default Security ValuesRestoring Default Hosts FileRebooting[b]Checking Files [/b]: Trojan Files Found:C:\WINDOWS\system32\2.tmp - DeletedC:\WINDOWS\system32\5.tmp - DeletedC:\WINDOWS\system32\8.tmp - DeletedC:\WINDOWS\system32\2.tmp - DeletedC:\WINDOWS\system32\2E.tmp - DeletedC:\WINDOWS\system32\comsa32.sys - DeletedRemoving Temp Files[b]ADS Check [/b]:								 [b]Final Check [/b]:catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-28 16:11:17Windows 5.1.2600 Dodatek Service Pack 3 NTFSdetected NTDLL code modification:ZwOpenFilescanning hidden processes ...

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.