x-kom hosting

ComboFix log

Aaron
utworzono
utworzono
ComboFix 08-09-13.05 - Scorpion 2008-09-14 13:40:43.2 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.2854 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Scorpion\Moje dokumenty\My Completed Downloads\ComboFix.exe * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((   Pliki utworzone od 2008-08-14 do 2008-09-14  ))))))))))))))))))))))))))))))).2008-09-11 19:35 . 2008-09-11 19:35	<DIR>	d--------	C:\Documents and Settings\Scorpion\Dane aplikacji\SPORE2008-09-08 19:38 . 2008-04-08 11:50	206,191	--a------	C:\WINDOWS\system32\ati2sgav.exe2008-09-06 01:07 . 2008-09-06 01:07	<DIR>	d--------	C:\Downloads2008-09-06 01:06 . 2008-09-06 01:06	<DIR>	d--------	C:\Documents and Settings\Scorpion\Dane aplikacji\BitSpirit2008-09-03 00:41 . 2006-06-27 14:24	31,744	--a------	C:\WINDOWS\system32\drivers\AmdTools.sys2008-09-02 08:14 . 2008-09-02 08:14	283,648	--a------	C:\WINDOWS\sduninstall.exe2008-09-01 21:02 . 2008-09-13 21:44	<DIR>	d--------	C:\Temp2008-09-01 21:01 . 2008-09-01 21:01	<DIR>	d--------	C:\Program Files\Xilisoft2008-09-01 21:01 . 2008-09-01 21:01	<DIR>	d--------	C:\Program Files\QuickTime2008-09-01 09:36 . 2008-09-01 09:36	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-08-31 20:50 . 2008-08-31 20:50	<DIR>	d--------	C:\Program Files\Cucusoft2008-08-31 20:50 . 2008-08-31 20:50	<DIR>	d--------	C:\Program Files\Common Files\Download Manager2008-08-31 20:50 . 2007-03-25 00:51	3,049,984	--a------	C:\WINDOWS\system32\libavcodec.dll2008-08-31 20:50 . 2007-03-25 21:40	2,174,976	--a------	C:\WINDOWS\system32\ffdshow.ax2008-08-31 20:50 . 2003-03-18 22:20	1,060,864	--a------	C:\WINDOWS\system32\MFC71.DLL2008-08-31 20:50 . 2007-03-25 00:51	404,480	--a------	C:\WINDOWS\system32\libmplayer.dll2008-08-31 20:50 . 2007-01-01 05:30	200,704	--a------	C:\WINDOWS\system32\TomsMoComp_ff.dll2008-08-31 20:50 . 2007-03-25 00:51	114,688	--a------	C:\WINDOWS\system32\libmpeg2_ff.dll2008-08-31 20:50 . 2004-09-10 13:50	34,820	--a------	C:\WINDOWS\system32\ffdshow.reg2008-08-27 02:19 . 2008-08-27 02:20	<DIR>	d--------	C:\Documents and Settings\Scorpion\Dane aplikacji\Tibia2008-08-27 02:15 . 2008-07-22 08:57	491,550	---h-----	C:\WINDOWS\system\lcass.exe2008-08-23 11:15 . 2008-08-23 11:15	<DIR>	d--------	C:\WINDOWS\system32\pl-pl2008-08-23 11:15 . 2008-08-23 11:15	<DIR>	d--------	C:\WINDOWS\system32\pl2008-08-23 11:15 . 2008-08-23 11:15	<DIR>	d--------	C:\WINDOWS\system32\bits2008-08-23 11:15 . 2008-08-23 11:15	<DIR>	d--------	C:\WINDOWS\l2schemas2008-08-23 11:14 . 2008-08-23 11:14	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-08-23 11:12 . 2008-08-23 11:12	<DIR>	d--------	C:\WINDOWS\EHome2008-08-22 18:59 . 2008-09-13 21:59	549	--a------	C:\WINDOWS\GBAMedia.ini2008-08-21 19:09 . 1996-10-10 10:41	240,640	--a------	C:\WINDOWS\system32\IMGMAN31.dll2008-08-21 19:09 . 1996-03-23 15:24	212,480	--a------	C:\WINDOWS\system32\Pcdlib32.dll2008-08-21 19:09 . 2003-12-06 11:17	180,224	--a------	C:\WINDOWS\system32\ac3filter.CPL2008-08-21 19:09 . 2001-03-13 14:49	140,288	--a------	C:\WINDOWS\system32\comdlg32.ocx2008-08-21 19:09 . 1996-10-04 12:44	66,560	--a------	C:\WINDOWS\system32\Imocx32.ocx2008-08-21 19:09 . 2004-02-08 17:08	24,226	--a------	C:\WINDOWS\Maker.hlp2008-08-19 15:46 . 2008-08-19 16:01	525	--a------	C:\WINDOWS\QIII.INI2008-08-18 20:11 . 2008-09-10 22:55	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-08-14 08:59 . 2008-04-11 21:06	691,712	-----c---	C:\WINDOWS\system32\dllcache\inetcomm.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-14 11:14	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Hamachi2008-09-14 00:09	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-13 19:58	196,608	----a-w	C:\WINDOWS\system32\drivers\nStandard.bin2008-09-13 16:50	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Skype2008-09-13 16:49	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\skypePM2008-09-11 17:04	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-09-10 21:02	---------	d-----w	C:\Program Files\WapSter2008-09-08 17:25	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\uTorrent2008-09-08 15:38	---------	d-----w	C:\Program Files\eMule2008-09-02 22:41	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard2008-08-16 17:26	---------	d-----w	C:\Program Files\AMD2008-08-12 18:14	---------	d-----w	C:\Program Files\DAP2008-08-12 17:29	---------	d-----w	C:\Program Files\Microsoft.NET2008-08-12 17:29	---------	d-----w	C:\Program Files\Microsoft Works2008-08-12 16:31	---------	d-----w	C:\Program Files\IrfanView2008-08-12 16:24	50,688	----a-w	C:\WINDOWS\system32\wbhelp2.dll2008-08-12 16:11	---------	d-----w	C:\Program Files\HyperSnap 62008-08-12 16:09	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Thinstall2008-08-12 16:01	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2008-08-12 16:00	---------	d-----w	C:\Program Files\Winamp2008-08-12 16:00	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Winamp2008-08-12 15:59	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Gadu-Gadu2008-08-12 15:57	---------	d-----w	C:\Program Files\uTorrent2008-08-12 15:54	---------	d-----w	C:\Program Files\Skype2008-08-12 15:54	---------	d-----w	C:\Program Files\Common Files\Skype2008-08-12 15:54	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-08-12 15:28	---------	d-----w	C:\Program Files\Common Files\Adobe2008-08-12 15:19	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\LightScribe2008-08-12 14:32	---------	d-----w	C:\Program Files\Common Files\LightScribe2008-08-12 14:32	---------	d-----w	C:\Program Files\Common Files\Ahead2008-08-12 14:32	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Ahead2008-08-12 14:32	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-08-12 14:30	---------	d-----w	C:\Program Files\Nero2008-08-12 14:30	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-08-12 14:24	12,288	----a-w	C:\WINDOWS\system32\drivers\EIO64_xp.sys2008-08-12 14:24	---------	d-----w	C:\Program Files\ASUS2008-08-12 14:15	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\InstallShield2008-08-12 14:12	---------	d-----w	C:\Program Files\C-Media 6501 Sound2008-08-12 14:02	---------	d-----w	C:\Program Files\microsoft frontpage2008-08-12 14:01	---------	d-----w	C:\Program Files\Usługi online2008-08-09 17:04	---------	d-----w	C:\Program Files\Mobile Phone Manager2008-08-08 22:03	278,984	----a-w	C:\WINDOWS\system32\drivers\atksgt.sys2008-08-08 22:03	25,416	----a-w	C:\WINDOWS\system32\drivers\lirsgt.sys2008-08-06 21:41	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\XCPCSync.OEM2008-08-01 13:39	---------	d-----w	C:\Program Files\HP2008-08-01 13:39	---------	d-----w	C:\Program Files\Hewlett-Packard2008-07-26 16:23	---------	d-----w	C:\Program Files\SubEdit-Player2008-07-22 10:21	---------	d-----w	C:\Program Files\Starfuck2008-07-20 17:32	1,890	--sha-w	C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys2008-07-20 00:17	88	--sh--r	C:\Documents and Settings\All Users\Dane aplikacji\72F7C52837.sys2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe2008-07-18 20:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll2008-06-27 14:47	86,528	----a-w	C:\WINDOWS\bnetunin.exe2008-06-24 16:46	74,240	----a-w	C:\WINDOWS\system32\mscms.dll2008-06-23 15:13	668,672	----a-w	C:\WINDOWS\system32\wininet.dll2008-06-20 17:48	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-18 09:47	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]"AQQ"="C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [2008-08-12 1582064]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-14 917504]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]"amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"ati2sgav"="C:\WINDOWS\system32\ati2sgav.exe" [2008-04-08 206191]C:\Documents and Settings\Scorpion\Menu Start\Programy\Autostart\hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-07-09 624416][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= i263_32.drv"vidc.asv2"= asusasv2.dll"vidc.I263"= i263_32.drv[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]--a------ 2007-07-02 12:29 220544 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]--a------ 2008-01-22 11:52 1126400 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]--a------ 2008-08-12 18:24 3053056 C:\Program Files\DAP\DAP.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]--a------ 2007-06-25 08:47 1057064 C:\Program Files\Nero\Nero 7\InCD\InCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]--a------ 2007-08-23 17:36 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]--a------ 2007-06-25 08:47 1629480 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]-ra------ 2008-04-30 17:17 22058792 C:\Program Files\Skype\Phone\Skype.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\DAP\\Download Accelerator Plus 8.6.5.0 Multilanguage Portable.exe"="C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"="C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"="C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"="C:\\Program Files\\Hamachi\\hamachi.exe"="D:\\Gry\\Counter Strike 1.6 - www.lagownia.pl\\hl.exe"="D:\\Gry\\RTW Mods\\Rome - Total War\\RomeTW.exe"="D:\\Gry\\Battle Realms\\Battle_Realms_F.exe"="D:\\Gry\\Strangelite\\Starship Troopers\\STGame.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="D:\\Gry\\Counter Strike 1.6 - www.lagownia.pl\\hlds.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 35328]R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 12288]R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-10-23 12416]R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 1310720]R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 10752]S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-07-05 19018]S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-07-14 27008][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be2246dc-6882-11dd-b71a-806d6172696f}]\Shell\AutoRun\command - F:\Bin\assetup.exe*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"..------- Skan uzupełniający -------.FireFox -: Profile - C:\Documents and Settings\Scorpion\Dane aplikacji\Mozilla\Firefox\Profiles\4e5uw3ja.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - www.onet.plFF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-14 13:41:23Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------PROCES: C:\WINDOWS\system32\lsass.exe-> C:\Program Files\Eset\pr_imon.dll.Czas ukończenia: 2008-09-14 13:41:43ComboFix-quarantined-files.txt  2008-09-14 11:41:39ComboFix2.txt  2008-09-14 11:36:47Przed: 67,489,923,072 bajt˘w wolnychPo: 67,477,577,728 bajt˘w wolnych233	--- E O F ---	2008-09-11 06:51:11

Mateusz J.
komentarz
komentarz

Do notatnika wklej:

File::C:\WINDOWS\system32\ati2sgav.exeC:\WINDOWS\system\lcass.exeC:\WINDOWS\bnetunin.exeRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"ati2sgav"=-[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be2246dc-6882-11dd-b71a-806d6172696f}]

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

Aaron
komentarz
komentarz
ComboFix 08-09-13.05 - Scorpion 2008-09-14 18:20:32.3 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.2780 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Scorpion\Moje dokumenty\My Completed Downloads\ComboFix.exeCommand switches used :: C:\Documents and Settings\Scorpion\Moje dokumenty\My Completed Downloads\CFScript.txt * Utworzono nowy punkt przywracania * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\bnetunin.exeC:\WINDOWS\system\lcass.exeC:\WINDOWS\system32\ati2sgav.exe.(((((((((((((((((((((((((   Pliki utworzone od 2008-08-14 do 2008-09-14  ))))))))))))))))))))))))))))))).2008-09-14 15:56 . 2008-09-14 15:56	<DIR>	d--------	C:\Documents and Settings\Scorpion\Dane aplikacji\fretsonfire2008-09-11 19:35 . 2008-09-11 19:35	<DIR>	d--------	C:\Documents and Settings\Scorpion\Dane aplikacji\SPORE2008-09-06 01:07 . 2008-09-06 01:07	<DIR>	d--------	C:\Downloads2008-09-06 01:06 . 2008-09-06 01:06	<DIR>	d--------	C:\Documents and Settings\Scorpion\Dane aplikacji\BitSpirit2008-09-03 00:41 . 2006-06-27 14:24	31,744	--a------	C:\WINDOWS\system32\drivers\AmdTools.sys2008-09-02 08:14 . 2008-09-02 08:14	283,648	--a------	C:\WINDOWS\sduninstall.exe2008-09-01 21:02 . 2008-09-13 21:44	<DIR>	d--------	C:\Temp2008-09-01 21:01 . 2008-09-01 21:01	<DIR>	d--------	C:\Program Files\Xilisoft2008-09-01 21:01 . 2008-09-01 21:01	<DIR>	d--------	C:\Program Files\QuickTime2008-09-01 09:36 . 2008-09-01 09:36	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-08-31 20:50 . 2008-08-31 20:50	<DIR>	d--------	C:\Program Files\Cucusoft2008-08-31 20:50 . 2008-08-31 20:50	<DIR>	d--------	C:\Program Files\Common Files\Download Manager2008-08-31 20:50 . 2007-03-25 00:51	3,049,984	--a------	C:\WINDOWS\system32\libavcodec.dll2008-08-31 20:50 . 2007-03-25 21:40	2,174,976	--a------	C:\WINDOWS\system32\ffdshow.ax2008-08-31 20:50 . 2003-03-18 22:20	1,060,864	--a------	C:\WINDOWS\system32\MFC71.DLL2008-08-31 20:50 . 2007-03-25 00:51	404,480	--a------	C:\WINDOWS\system32\libmplayer.dll2008-08-31 20:50 . 2007-01-01 05:30	200,704	--a------	C:\WINDOWS\system32\TomsMoComp_ff.dll2008-08-31 20:50 . 2007-03-25 00:51	114,688	--a------	C:\WINDOWS\system32\libmpeg2_ff.dll2008-08-31 20:50 . 2004-09-10 13:50	34,820	--a------	C:\WINDOWS\system32\ffdshow.reg2008-08-27 02:19 . 2008-08-27 02:20	<DIR>	d--------	C:\Documents and Settings\Scorpion\Dane aplikacji\Tibia2008-08-23 11:15 . 2008-08-23 11:15	<DIR>	d--------	C:\WINDOWS\system32\pl-pl2008-08-23 11:15 . 2008-08-23 11:15	<DIR>	d--------	C:\WINDOWS\system32\pl2008-08-23 11:15 . 2008-08-23 11:15	<DIR>	d--------	C:\WINDOWS\system32\bits2008-08-23 11:15 . 2008-08-23 11:15	<DIR>	d--------	C:\WINDOWS\l2schemas2008-08-23 11:14 . 2008-08-23 11:14	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-08-23 11:12 . 2008-08-23 11:12	<DIR>	d--------	C:\WINDOWS\EHome2008-08-22 18:59 . 2008-09-13 21:59	549	--a------	C:\WINDOWS\GBAMedia.ini2008-08-21 19:09 . 1996-10-10 10:41	240,640	--a------	C:\WINDOWS\system32\IMGMAN31.dll2008-08-21 19:09 . 1996-03-23 15:24	212,480	--a------	C:\WINDOWS\system32\Pcdlib32.dll2008-08-21 19:09 . 2003-12-06 11:17	180,224	--a------	C:\WINDOWS\system32\ac3filter.CPL2008-08-21 19:09 . 2001-03-13 14:49	140,288	--a------	C:\WINDOWS\system32\comdlg32.ocx2008-08-21 19:09 . 1996-10-04 12:44	66,560	--a------	C:\WINDOWS\system32\Imocx32.ocx2008-08-21 19:09 . 2004-02-08 17:08	24,226	--a------	C:\WINDOWS\Maker.hlp2008-08-19 15:46 . 2008-08-19 16:01	525	--a------	C:\WINDOWS\QIII.INI2008-08-18 20:11 . 2008-09-10 22:55	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-08-14 08:59 . 2008-04-11 21:06	691,712	-----c---	C:\WINDOWS\system32\dllcache\inetcomm.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-14 14:04	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-14 11:14	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Hamachi2008-09-13 19:58	196,608	----a-w	C:\WINDOWS\system32\drivers\nStandard.bin2008-09-13 16:50	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Skype2008-09-13 16:49	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\skypePM2008-09-11 17:04	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-09-10 21:02	---------	d-----w	C:\Program Files\WapSter2008-09-08 17:25	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\uTorrent2008-09-08 15:38	---------	d-----w	C:\Program Files\eMule2008-09-02 22:41	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard2008-08-16 17:26	---------	d-----w	C:\Program Files\AMD2008-08-12 18:14	---------	d-----w	C:\Program Files\DAP2008-08-12 17:29	---------	d-----w	C:\Program Files\Microsoft.NET2008-08-12 17:29	---------	d-----w	C:\Program Files\Microsoft Works2008-08-12 16:31	---------	d-----w	C:\Program Files\IrfanView2008-08-12 16:24	50,688	----a-w	C:\WINDOWS\system32\wbhelp2.dll2008-08-12 16:11	---------	d-----w	C:\Program Files\HyperSnap 62008-08-12 16:09	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Thinstall2008-08-12 16:01	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2008-08-12 16:00	---------	d-----w	C:\Program Files\Winamp2008-08-12 16:00	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Winamp2008-08-12 15:59	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Gadu-Gadu2008-08-12 15:57	---------	d-----w	C:\Program Files\uTorrent2008-08-12 15:54	---------	d-----w	C:\Program Files\Skype2008-08-12 15:54	---------	d-----w	C:\Program Files\Common Files\Skype2008-08-12 15:54	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-08-12 15:28	---------	d-----w	C:\Program Files\Common Files\Adobe2008-08-12 15:19	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\LightScribe2008-08-12 14:32	---------	d-----w	C:\Program Files\Common Files\LightScribe2008-08-12 14:32	---------	d-----w	C:\Program Files\Common Files\Ahead2008-08-12 14:32	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\Ahead2008-08-12 14:32	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-08-12 14:30	---------	d-----w	C:\Program Files\Nero2008-08-12 14:30	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-08-12 14:24	12,288	----a-w	C:\WINDOWS\system32\drivers\EIO64_xp.sys2008-08-12 14:24	---------	d-----w	C:\Program Files\ASUS2008-08-12 14:15	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\InstallShield2008-08-12 14:12	---------	d-----w	C:\Program Files\C-Media 6501 Sound2008-08-12 14:02	---------	d-----w	C:\Program Files\microsoft frontpage2008-08-12 14:01	---------	d-----w	C:\Program Files\Usługi online2008-08-09 17:04	---------	d-----w	C:\Program Files\Mobile Phone Manager2008-08-08 22:03	278,984	----a-w	C:\WINDOWS\system32\drivers\atksgt.sys2008-08-08 22:03	25,416	----a-w	C:\WINDOWS\system32\drivers\lirsgt.sys2008-08-06 21:41	---------	d-----w	C:\Documents and Settings\Scorpion\Dane aplikacji\XCPCSync.OEM2008-08-01 13:39	---------	d-----w	C:\Program Files\HP2008-08-01 13:39	---------	d-----w	C:\Program Files\Hewlett-Packard2008-07-26 16:23	---------	d-----w	C:\Program Files\SubEdit-Player2008-07-22 10:21	---------	d-----w	C:\Program Files\Starfuck2008-07-20 17:32	1,890	--sha-w	C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys2008-07-20 00:17	88	--sh--r	C:\Documents and Settings\All Users\Dane aplikacji\72F7C52837.sys2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe2008-07-18 20:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll2008-06-24 16:46	74,240	----a-w	C:\WINDOWS\system32\mscms.dll2008-06-23 15:13	668,672	----a-w	C:\WINDOWS\system32\wininet.dll2008-06-20 17:48	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-18 09:47	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]"AQQ"="C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [2008-08-12 1582064]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-14 917504]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]"amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]C:\Documents and Settings\Scorpion\Menu Start\Programy\Autostart\hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-07-09 624416][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= i263_32.drv"vidc.asv2"= asusasv2.dll"vidc.I263"= i263_32.drv[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]--a------ 2007-07-02 12:29 220544 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]--a------ 2008-01-22 11:52 1126400 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]--a------ 2008-08-12 18:24 3053056 C:\Program Files\DAP\DAP.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]--a------ 2007-06-25 08:47 1057064 C:\Program Files\Nero\Nero 7\InCD\InCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]--a------ 2007-08-23 17:36 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]--a------ 2007-06-25 08:47 1629480 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]-ra------ 2008-04-30 17:17 22058792 C:\Program Files\Skype\Phone\Skype.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\DAP\\Download Accelerator Plus 8.6.5.0 Multilanguage Portable.exe"="C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"="C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"="C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"="C:\\Program Files\\Hamachi\\hamachi.exe"="D:\\Gry\\Counter Strike 1.6 - www.lagownia.pl\\hl.exe"="D:\\Gry\\RTW Mods\\Rome - Total War\\RomeTW.exe"="D:\\Gry\\Battle Realms\\Battle_Realms_F.exe"="D:\\Gry\\Strangelite\\Starship Troopers\\STGame.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="D:\\Gry\\Counter Strike 1.6 - www.lagownia.pl\\hlds.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 35328]R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 12288]R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-10-23 12416]R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 1310720]R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 10752]S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-07-05 19018]S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-07-14 27008]*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe".**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-14 18:21:42Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------PROCES: C:\WINDOWS\system32\lsass.exe-> C:\Program Files\Eset\pr_imon.dll.Czas ukończenia: 2008-09-14 18:22:03ComboFix-quarantined-files.txt  2008-09-14 16:22:01ComboFix2.txt  2008-09-14 11:41:44ComboFix3.txt  2008-09-14 11:36:47Przed: 67,163,664,384 bajt˘w wolnychPo: 67,151,257,600 bajt˘w wolnych229	--- E O F ---	2008-09-11 06:51:11
Mateusz J.
komentarz
komentarz

Log czysty.

Usuń folder C:\QooBox

Jaki powód sprawdzania logów?

Przeskanuj komputer skanerem online (Kaspersky).

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.