x-kom hosting

Log z combofixa do sprawdzenia

kubassksiezpol
utworzono
utworzono (edytowane)

Witam.
Na kompie w bibliotece w mojej szkole parę trojanów się wkradło. Przeskanowałem combofixem. Proszę o sprawdzenie loga. :)
[log]ComboFix 09-10-13.01 - Administrator 2006-07-30 0:05.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.503.170 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Moje dokumenty\Pobieranie\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\ADMINI~1\USTAWI~1\Temp\cvasds0.dll
c:\docume~1\ADMINI~1\USTAWI~1\Temp\cvasds1.dll
c:\documents and settings\Administrator\Cookies\administrator@managerzone[2].txt
c:\documents and settings\Administrator\Ustawienia lokalne\Temp\cvasds0.dll
C:\dogyx90.exe
C:\gclwpivc.cmd
C:\mje12tni.exe
C:\s3ek.exe
C:\t2hjo0.exe
C:\ucivd6xi.bat
c:\windows\AhnRpta.exe
c:\windows\system\ACD.CMD
c:\windows\system\ACD2.CMD
c:\windows\system32\e8main0.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\scrrntr.dll
C:\yudald.bat

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys


((((((((((((((((((((((((( Pliki utworzone od 2006-06-28 do 2006-07-29 )))))))))))))))))))))))))))))))
.

2009-01-07 17:20 . 2009-01-07 17:20 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 17:20 . 2009-01-07 17:20 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-09-30 07:26 . 2008-09-30 07:26 -------- d-----w- c:\windows\system32\CatRoot_bak
2008-09-11 08:41 . 2008-09-11 08:41 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Symantec
2008-09-11 08:40 . 2008-09-11 08:40 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Symantec_Corporation
2008-09-11 07:48 . 2007-03-28 18:12 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-09-11 07:48 . 2007-03-28 18:12 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2008-09-11 07:48 . 2007-03-28 18:49 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2008-09-11 07:48 . 2007-03-28 18:23 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2008-09-11 07:48 . 2007-03-28 18:29 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys
2008-09-11 07:48 . 2008-09-11 07:48 -------- dc----w- c:\windows\system32\DRVSTORE
2008-09-11 07:48 . 2007-03-28 18:29 131944 ----a-w- c:\windows\system32\drivers\symsnap.sys
2008-09-11 07:46 . 2008-09-11 07:47 -------- d-----w- c:\program files\Norton Ghost
2008-09-11 07:45 . 2008-09-11 07:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Symantec
2008-09-11 07:45 . 2008-09-11 07:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2008-09-11 07:45 . 2008-09-11 07:45 -------- d-----w- c:\program files\Symantec
2008-09-11 07:31 . 2008-09-11 07:31 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera
2008-09-11 07:31 . 2008-09-11 07:31 -------- d-----w- c:\program files\Opera
2008-06-13 11:02 . 2006-07-09 22:56 -------- d-----w- c:\windows\system32\Adobe
2008-06-13 05:38 . 2008-06-14 18:01 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2008-06-13 05:38 . 2008-06-14 18:01 273024 ------w- c:\windows\system32\drivers\bthport.sys
2008-06-09 07:08 . 2009-03-08 03:39 11063808 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2008-06-09 07:08 . 2009-03-08 03:32 594432 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
2008-06-09 07:08 . 2009-03-08 03:32 1985024 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
2008-06-09 07:08 . 2009-03-08 03:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2008-06-09 07:08 . 2009-03-08 03:31 55296 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2008-06-09 07:08 . 2009-03-08 03:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2008-06-09 07:08 . 2009-02-06 20:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2008-06-09 07:08 . 2008-08-25 08:38 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2008-06-09 07:08 . 2006-02-21 00:59 -------- d-----w- c:\windows\system32\pl-pl
2008-06-06 10:30 . 2008-06-06 10:30 -------- d-----w- c:\program files\QuickTime
2008-04-18 12:34 . 2008-04-18 12:34 -------- d-----w- c:\program files\Common Files\Lingea Shared
2008-04-18 12:33 . 2008-04-18 12:33 -------- d-----w- c:\program files\Oxford
2008-04-08 07:46 . 2008-04-08 07:46 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help
2008-04-08 06:02 . 2008-04-08 06:02 -------- d-----w- c:\program files\Educat
2008-01-12 18:17 . 2006-07-30 17:00 86016 ----a-r- c:\windows\system32\ZSPOOL.DLL
2008-01-12 18:17 . 2006-07-30 17:00 28672 ----a-r- c:\windows\system32\IMF32.DLL
2008-01-12 18:17 . 2006-07-30 17:00 24576 ----a-r- c:\windows\system32\ZTAG32.DLL
2008-01-12 18:17 . 2006-07-30 17:00 102400 ----a-r- c:\windows\system32\zlhp1018.dll
2008-01-12 18:17 . 2006-07-30 17:00 28672 ----a-r- c:\windows\system32\zlm.dll
2008-01-12 18:17 . 2006-07-30 17:00 106496 ----a-r- c:\windows\system32\vshp1018.dll
2008-01-12 18:17 . 2006-07-30 17:00 442368 ----a-r- c:\windows\system32\zshp1018.exe
2008-01-12 18:17 . 2008-01-12 18:17 -------- d-----w- c:\program files\Hewlett-Packard
2008-01-12 18:17 . 2008-01-12 18:17 -------- d--h--w- c:\program files\Zenographics
2008-01-07 06:42 . 2008-01-07 06:42 -------- d-----w- c:\program files\DITel
2007-12-14 13:16 . 2007-03-21 18:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2007-12-14 13:16 . 2007-03-21 18:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2007-12-14 13:16 . 2007-03-21 18:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2007-12-14 13:16 . 2007-12-14 13:16 -------- d-----w- c:\program files\Alwil Software
2007-12-14 10:04 . 2007-12-14 10:10 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe
2007-12-14 10:04 . 2007-12-14 10:04 -------- d-----w- c:\program files\Common Files\Adobe
2007-12-07 10:19 . 2007-12-07 10:19 -------- d-----w- C:\SaveFolder
2007-12-07 10:18 . 2007-12-07 10:18 -------- d-----w- c:\program files\RemoteAgent
2007-12-07 10:18 . 2006-09-27 13:56 110592 ----a-w- c:\windows\system32\vcmimm4.dll
2007-11-14 08:26 . 2007-11-14 08:26 -------- d-----w- C:\spoolerlogs
2007-11-13 13:11 . 2008-05-28 06:31 -------- d-----w- C:\Jan Michonski
2007-09-19 11:30 . 2007-09-19 11:30 -------- d-----w- c:\windows\system32\LogFiles
2007-05-08 14:03 . 2007-05-08 14:03 1275392 ----a-w- c:\windows\system32\msxml4.dll
2007-04-16 07:16 . 2007-04-16 07:16 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\VULCAN
2007-04-16 07:15 . 2007-04-16 07:15 -------- d-----w- c:\program files\VULCAN
2007-04-16 07:15 . 2007-04-16 07:15 -------- d-----w- c:\program files\Common Files\VULCAN
2007-04-16 07:15 . 2007-04-16 07:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\VULCAN
2007-02-28 16:04 . 2008-08-14 13:46 2181632 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2007-02-28 16:04 . 2008-08-14 13:46 2059008 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2007-02-28 16:04 . 2008-08-14 13:46 2017280 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2007-02-28 16:04 . 2008-08-14 13:46 2137600 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2006-11-21 07:20 . 2006-11-21 07:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\.Beniamin
2006-11-20 06:39 . 2006-11-20 06:39 -------- d-----w- c:\program files\MSXML 4.0
2006-11-20 06:39 . 2006-11-20 06:39 -------- d-----w- C:\464e63ee97b13cf492bc59ef8d0fa2
2006-09-20 15:35 . 2006-09-20 15:35 441136 -c----w- c:\windows\system32\dllcache\WgaLogon.dll
2006-09-20 15:35 . 2006-09-20 15:35 280368 -c----w- c:\windows\system32\dllcache\WgaTray.exe
2006-09-07 11:41 . 2006-09-07 11:41 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Ahead
2006-08-02 22:15 . 2004-08-05 13:58 65536 ----a-w- c:\windows\system32\NeroCo.dll
2006-07-28 00:29 . 2006-07-28 00:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee
2006-07-28 00:29 . 2006-07-28 00:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan
2006-07-28 00:29 . 2006-07-28 00:29 -------- d-----w- c:\program files\McAfee Security Scan
2006-07-28 00:22 . 2006-07-28 00:23 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google
2006-07-28 00:19 . 2006-07-28 00:19 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla
2006-07-18 00:51 . 2006-07-18 00:51 -------- d-----w- c:\program files\Paint.NET
2006-07-18 00:51 . 2006-07-18 00:53 -------- d-----w- c:\documents and settings\B@Q\Ustawienia lokalne\Dane aplikacji\Paint.NET
2006-07-18 00:19 . 2006-07-18 00:19 0 ----a-w- c:\windows\nsreg.dat
2006-07-18 00:19 . 2006-07-18 00:19 -------- d-----w- c:\documents and settings\B@Q\Ustawienia lokalne\Dane aplikacji\Mozilla
2006-07-11 13:09 . 2006-07-11 13:12 -------- d-----w- C:\windist
2006-07-11 12:22 . 2006-07-11 10:03 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\PWNEncy2005
2006-07-11 12:22 . 2006-07-11 08:53 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\SmarThru4
2006-07-11 12:16 . 2006-07-11 12:16 262144 ----a-w- c:\windows\system32\default_user_class.dat
2006-07-11 11:27 . 2006-07-11 11:27 -------- d--h--w- c:\windows\system32\GroupPolicy
2006-07-11 11:15 . 2006-07-11 11:15 35840 ----a-w- c:\windows\system32\cenzorupg.exe
2006-07-11 11:15 . 2004-08-04 12:00 194560 ----a-w- c:\windows\system32\ws2icp.dll
2006-07-11 11:15 . 2004-08-04 12:00 17632 ----a-w- c:\windows\system32\drivers\mscsrv.sys
2006-07-11 11:15 . 2002-07-15 17:18 8704 ----a-w- c:\windows\system32\sporder.dll
2006-07-11 10:03 . 2006-07-11 10:03 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\PWNEncy2005
2006-07-11 09:12 . 2001-04-04 12:00 245760 ----a-w- c:\windows\system32\DECO_32.DLL
2006-07-11 09:12 . 2006-07-11 10:22 -------- d-----w- c:\program files\PWN
2006-07-11 08:52 . 2006-07-11 09:00 -------- d-----w- c:\program files\Readiris
2006-07-11 08:52 . 2006-07-11 09:00 -------- d-----w- c:\program files\SmarThru 4
2006-07-11 08:49 . 2006-07-11 08:49 -------- d-----w- c:\windows\system32\drivers\Samsung
2006-07-11 08:49 . 2005-07-06 12:00 41984 ----a-w- c:\windows\system32\drivers\DgivEcp.sys
2006-07-11 08:49 . 2006-07-11 08:49 -------- d-----w- c:\program files\Samsung
2006-07-11 08:49 . 2005-03-03 04:32 151552 ----a-w- c:\windows\system32\scx420ci.exe
2006-07-11 08:49 . 2004-11-09 03:14 10077 ----a-w- c:\windows\system32\scx420lm.DLL
2006-07-11 08:49 . 2004-10-12 05:25 57344 ----a-w- c:\windows\system32\scx420ci.dll
2006-07-11 08:47 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2006-07-11 08:47 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2006-07-11 08:47 . 2005-07-06 12:00 69632 ----a-w- c:\windows\system32\ssdevm.dll
2006-07-11 08:47 . 2005-06-23 13:34 49152 ----a-r- c:\windows\system32\WIASTIIO.dll
2006-07-11 08:47 . 2005-03-24 11:58 53315 ----a-r- c:\windows\system32\Sswiadrv.dll
2006-07-11 08:47 . 2005-02-02 04:39 81920 ----a-r- c:\windows\system32\WIAEH.dll
2006-07-11 08:47 . 2004-11-17 09:16 77824 ----a-r- c:\windows\system32\WIAIPH.dll
2006-07-11 08:47 . 2004-11-09 03:14 49152 ----a-w- c:\windows\system32\ssusbpn.dll
2006-07-11 08:47 . 2004-05-17 01:45 45056 ----a-r- c:\windows\system32\Ssuiext.dll
2006-07-11 08:47 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2006-07-11 08:47 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2006-07-11 08:46 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2006-07-11 08:46 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2006-07-11 07:53 . 2004-03-22 14:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2006-07-11 07:52 . 2006-07-11 07:52 -------- d-----w- c:\program files\Microsoft.NET
2006-07-11 07:50 . 2006-07-11 07:52 -------- d-----w- c:\windows\SHELLNEW
2006-07-10 13:03 . 2006-06-30 17:29 12328 ----a-w- c:\documents and settings\czytelnik02a\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2006-07-10 11:18 . 2006-07-10 11:18 -------- d-----w- c:\program files\Microsoft Shared Computer Toolkit
2006-07-10 11:09 . 2006-07-10 11:10 -------- d-----w- c:\program files\UPHClean
2006-07-10 10:55 . 2006-07-11 10:03 -------- d--h--r- c:\documents and settings\Default User\Dane aplikacji
2006-07-10 10:44 . 2005-09-01 09:03 127488 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2006-07-10 10:44 . 2005-09-01 09:03 5888 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2006-07-10 10:36 . 2006-07-10 10:36 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 03:34 . 2004-08-04 12:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-04 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-04 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-04 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-04 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-04 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-04 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-04 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-01-07 17:21 . 2006-06-30 17:33 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-01-07 17:20 . 2006-06-28 15:59 24576 ----a-w- c:\windows\system32\nlsdl.dll
2009-01-07 17:20 . 2006-06-29 06:05 26112 ----a-w- c:\windows\system32\idndl.dll
2009-01-07 17:20 . 2006-06-29 06:05 23552 ----a-w- c:\windows\system32\normaliz.dll
2008-10-23 16:09 . 2008-10-23 16:08 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Winamp
2008-10-23 16:09 . 2008-10-23 16:08 -------- d-----w- c:\program files\Winamp
2008-10-16 13:13 . 2006-06-30 17:23 202776 ----a-w- c:\windows\system32\wuweb.dll
2008-10-16 13:13 . 2006-06-30 17:23 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2008-10-16 13:12 . 2006-06-30 17:23 323608 ----a-w- c:\windows\system32\wucltui.dll
2008-10-16 13:12 . 2006-06-30 17:23 561688 ----a-w- c:\windows\system32\wuapi.dll
2008-10-16 13:09 . 2006-06-30 17:23 51224 ----a-w- c:\windows\system32\wuauclt.exe
2008-10-16 13:09 . 2005-05-26 02:16 43544 ----a-w- c:\windows\system32\wups2.dll
2008-10-16 13:09 . 2004-08-04 12:00 92696 ----a-w- c:\windows\system32\cdm.dll
2008-10-16 13:08 . 2006-06-30 17:23 34328 ----a-w- c:\windows\system32\wups.dll
2008-09-15 15:40 . 2004-08-04 12:00 1846272 ----a-w- c:\windows\system32\win32k.sys
2008-09-11 07:39 . 2006-06-30 17:33 -------- d-----w- c:\program files\Common Files\InstallShield
2008-08-28 10:04 . 2004-08-04 12:00 333056 ----a-w- c:\windows\system32\drivers\srv.sys
2008-08-14 13:46 . 2004-08-04 00:38 2059008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-08-14 13:46 . 2004-08-04 12:00 2181632 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-08-14 09:51 . 2004-08-04 12:00 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:33 . 2004-08-04 12:00 253952 ----a-w- c:\windows\system32\es.dll
2008-06-24 16:24 . 2004-08-04 12:00 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:42 . 2004-08-04 12:00 246784 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 10:45 . 2004-08-04 12:00 360320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 09:52 . 2004-08-04 12:00 225920 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-05-08 12:28 . 2004-08-04 12:00 202752 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-07 05:16 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-04-11 18:51 . 2006-06-30 17:23 683520 ----a-w- c:\windows\system32\inetcomm.dll
2008-03-25 04:52 . 2004-08-04 12:00 621344 ----a-w- c:\windows\system32\mswstr10.dll
2008-03-25 04:52 . 2004-08-04 12:00 178976 ----a-w- c:\windows\system32\msjint40.dll
2008-02-26 12:01 . 2004-08-04 12:00 294912 ----a-w- c:\windows\system32\msctf.dll
2008-02-20 06:51 . 2004-08-04 12:00 282624 ----a-w- c:\windows\system32\gdi32.dll
2008-02-20 05:38 . 2004-08-04 12:00 45568 ----a-w- c:\windows\system32\dnsrslvr.dll
2007-12-18 09:51 . 2004-08-04 12:00 179584 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2007-12-04 18:42 . 2004-08-04 12:00 550912 ----a-w- c:\windows\system32\oleaut32.dll
2007-11-13 13:31 . 2006-06-30 17:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2007-11-13 10:25 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2007-11-07 09:29 . 2004-08-04 12:00 723968 ----a-w- c:\windows\system32\lsasrv.dll
2007-10-25 09:00 . 2004-08-04 12:00 230912 ----a-w- c:\windows\system32\wmasf.dll
2007-07-09 13:11 . 2004-08-04 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-06 12:51 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2007-07-06 12:51 . 2004-08-04 12:00 660992 ----a-w- c:\windows\system32\mqqm.dll
2007-07-06 12:51 . 2004-08-04 12:00 512000 ----a-w- c:\windows\system32\mqutil.dll
2007-07-06 12:51 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2007-07-06 12:51 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2007-07-06 12:51 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2007-07-06 12:51 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2007-07-06 12:51 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2007-07-06 10:05 . 2004-08-04 12:00 72960 ----a-w- c:\windows\system32\drivers\mqac.sys
2007-06-26 06:10 . 2004-08-04 12:00 1104896 ----a-w- c:\windows\system32\msxml3.dll
2007-06-13 13:23 . 2004-08-04 12:00 1034752 ------w- c:\windows\explorer.exe
2007-04-25 14:23 . 2004-08-04 12:00 144896 ----a-w- c:\windows\system32\schannel.dll
2007-04-23 10:32 . 2004-08-04 12:00 364160 ----a-w- c:\windows\system32\drivers\update.sys
2007-04-18 16:14 . 2004-08-04 12:00 2854400 ----a-w- c:\windows\system32\msi.dll
2007-03-17 13:45 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2007-03-08 15:38 . 2004-08-04 12:00 579072 ----a-w- c:\windows\system32\user32.dll
2007-03-08 15:38 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\mf3216.dll
2007-03-07 23:51 . 2008-10-23 16:08 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2007-03-07 23:51 . 2008-10-23 16:08 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2007-03-07 23:51 . 2008-10-23 16:08 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2007-03-07 23:51 . 2008-10-23 16:08 129784 ------w- c:\windows\system32\pxafs.dll
2007-02-09 11:10 . 2004-08-04 12:00 574464 ----a-w- c:\windows\system32\drivers\ntfs.sys
2007-02-05 20:19 . 2004-08-04 12:00 185856 ----a-w- c:\windows\system32\upnphost.dll
2006-11-17 07:22 . 2006-06-30 17:29 42944 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2006-11-01 19:19 . 2004-08-04 12:00 927504 ----a-w- c:\windows\system32\mfc40u.dll
2006-10-20 01:39 . 2004-08-04 12:00 714240 ----a-w- c:\windows\system32\sxs.dll
2006-10-16 16:16 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\oledlg.dll
2006-10-14 08:13 . 2004-08-04 12:00 981760 ----a-w- c:\windows\system32\mfc42u.dll
2006-10-13 12:41 . 2004-08-04 12:00 65536 ----a-w- c:\windows\system32\nwwks.dll
2006-10-13 12:41 . 2004-08-04 12:00 64000 ----a-w- c:\windows\system32\nwapi32.dll
2006-10-13 12:41 . 2004-08-04 12:00 143872 ----a-w- c:\windows\system32\nwprovau.dll
2006-10-13 10:23 . 2004-08-04 12:00 163584 ----a-w- c:\windows\system32\drivers\nwrdr.sys
2006-08-25 15:51 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2006-08-24 12:19 . 2004-08-04 12:00 246814 ----a-w- c:\windows\system32\strmdll.dll
2006-08-24 12:18 . 2004-08-04 12:00 499766 ----a-w- c:\windows\system32\dxmasf.dll
2006-08-21 12:28 . 2006-06-30 17:23 16896 ----a-w- c:\windows\system32\fltlib.dll
2006-08-21 09:14 . 2006-06-30 17:23 23040 ----a-w- c:\windows\system32\fltmc.exe
2006-08-21 09:14 . 2006-06-30 17:23 128896 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2006-08-17 12:30 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2006-08-16 11:59 . 2004-08-04 12:00 100352 ----a-w- c:\windows\system32\6to4svc.dll
2006-08-02 22:15 . 2006-06-30 11:43 -------- d-----w- c:\program files\Ahead
2006-07-29 22:05 . 2004-08-04 12:00 75706 ----a-w- c:\windows\system32\perfc015.dat
2006-07-29 22:05 . 2004-08-04 12:00 451564 ----a-w- c:\windows\system32\perfh015.dat
2006-07-29 21:56 . 2006-02-20 23:16 -------- d-----w- c:\program files\PC Tools AntiVirus
2006-07-29 21:52 . 2006-02-20 23:16 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2006-07-21 08:29 . 2004-08-04 12:00 72704 ----a-w- c:\windows\system32\hlink.dll
2006-07-11 11:35 . 2006-07-08 23:35 42168 ----a-w- c:\documents and settings\B@Q\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2006-07-11 10:03 . 2006-07-08 23:35 -------- d-----w- c:\documents and settings\B@Q\Dane aplikacji\PWNEncy2005
2006-07-11 08:53 . 2006-07-11 08:53 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\SmarThru4
2006-07-11 08:53 . 2006-07-08 23:35 -------- d-----w- c:\documents and settings\B@Q\Dane aplikacji\SmarThru4
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-07-09 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"R2Plus_S2P"="c:\program files\Samsung\Samsung SCX-4x20 Series\PSU\Scan2pc.exe" [2005-07-01 69632]
"NSCSysTrayUI"="c:\program files\Samsung\Samsung SCX-4x20 Series\NetworkScan\NSCSysTrayUI.exe" [2005-06-22 266240]
"DemonStarter"="c:\program files\PWN\Definicje\Bin\Starter.exe" [2004-09-17 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-06 413696]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2006-02-24 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-02-20 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\windows\system32\config\systemprofile\Menu Start\Programy\Autostart\
Check Windows Disk Protection.lnk - c:\program files\Microsoft Shared Computer Toolkit\CheckWDP.hta [2006-2-23 6181]

c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
Check Windows Disk Protection.lnk - c:\program files\Microsoft Shared Computer Toolkit\CheckWDP.hta [2006-2-23 6181]

c:\documents and settings\B@Q\Menu Start\Programy\Autostart\
Check Windows Disk Protection.lnk - c:\program files\Microsoft Shared Computer Toolkit\CheckWDP.hta [2006-2-23 6181]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Samsung\\Samsung SCX-4x20 Series\\NetworkScan\\NSCSysTrayUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 ewf;ewf;c:\windows\system32\drivers\ewf.sys [2006-02-23 46976]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-09-11 554352]
R2 mscsrv;mscsrv;c:\windows\system32\drivers\mscsrv.sys [2006-07-11 17632]
S2 CenzorUpgrade;Cenzor Upgrade;c:\windows\system32\cenzorupg.exe [2006-07-11 35840]
S2 SCTThresholdMon;SCTThresholdMonitor;c:\program files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE [2006-02-23 8192]
S2 WDPOperations;WDPOperations;c:\program files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE [2006-02-23 8192]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - uphcleanhlp
.
Zawartość folderu 'Zaplanowane zadania'

2006-07-29 c:\windows\Tasks\User_Feed_Synchronization-{1375DBBF-1456-453D-8457-D9EF20CCA570}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: ws2icp.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fbzxyt2o.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2006-07-30 00:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-731500479-826713397-767345452-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,30,3a,3d,10,1e,ba,40,a5,91,cc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,30,3a,3d,10,1e,ba,40,a5,91,cc,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\ws2icp.dll

- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\browselc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2006-07-29 0:14 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2006-07-29 22:14

Przed: 146 977 255 424 bajtów wolnych
Po: 147 008 786 432 bajtów wolnych

368 --- E O F --- 2005-12-31 22:17
[/log]

MarekM25
komentarz
komentarz

Daj loga z [url="http://www.forumpc.pl/index.php?showtopic=104338"]OTListIt2[/url]. Następnym razem nie używaj combofixa.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.