Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
Infekcja bifrost, winexit - help • programosy.pl

  • Ogłoszenie:

Infekcja bifrost, winexit - help

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Infekcja bifrost, winexit - help

Postprzez mateusznokian 03 Sty 2009, 14:09

reklama
Witam
skanujac ostatnio moj komputer znalazlem 3 virusy jeden to winexit, drugi pokazuje mi jako jakis Bifrost i pokazuje mi tylko klucz w rejestrze hkey_current_user\software\wget , a trzeci proxy.agent.df siedzial w recycler na C:\ co prawda usunalem klucz o ktorym napisalem wyzej, usunalem pliki ktore pokazaly antyviry, do tego plik rsysinst.exe (przeczytalem w googlach że to plik wirusa albo jego instalka). Ktoś pomoze oczyscic kompa z resztek tego syfu?? dodam ze ten bifrost (infekcja wykryta za pomoca programu Exterminate It) pokazuje mi sie za kazdym razem kiedy zrobie restart kompa.

A oto logi

hijackthis
Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:33, on 2009-01-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
D:\bluetooth\BTNtService.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Gadu-Gadu\gg.exe
D:\Office\Office\OSA.EXE
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/mati/Moje%20dokumenty/startowa.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Office\Office\FINDFAST.EXE
O4 - Global Startup: Uruchamianie pakietu Office.lnk = D:\Office\Office\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6564221D-CBEB-4F4E-9A3A-9FBBBBC5994F}: NameServer = 192.168.100.254 192.168.100.254
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\bluetooth\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 6179 bytes



Combofix
Kod: Zaznacz wszystko
ComboFix 09-01-01.01 - mati 2009-01-02 14:57:42.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.511.260 [GMT 1:00]
Uruchomiony z: c:\documents and settings\mati\Pulpit\ComboFix.exe

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


(((((((((((((((((((((((((   Pliki utworzone od 2008-12-02 do 2009-01-02  )))))))))))))))))))))))))))))))
.

2009-01-02 02:15 . 2009-01-02 02:46   <DIR>   d--------   c:\program files\Exterminate It!
2009-01-02 00:52 . 2009-01-02 00:52   119   --a------   c:\windows\wininit.ini
2008-12-19 16:26 . 2008-12-19 16:26   <DIR>   d--------   c:\program files\SystemRequirementsLab
2008-12-19 16:25 . 2008-12-19 16:25   <DIR>   d--------   c:\documents and settings\mati\SystemRequirementsLab
2008-12-19 12:58 . 2008-12-19 12:58   0   --a------   c:\windows\nsreg.dat

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 19:14   ---------   d--h--w   c:\program files\InstallShield Installation Information
2005-02-08 08:25   599,552   -c--a-w   c:\program files\Manual_USB_E.doc
2004-03-11 11:27   40,960   -c--a-w   c:\program files\Uninstall_CDS.exe
2003-11-07 14:30   2,217   -c--a-w   c:\program files\mtdv2ks3.inf
2003-10-15 07:07   12,288   -c--a-w   c:\program files\mtdv2ku2.sys
2003-10-10 22:39   11,648   -c--a-w   c:\program files\mtdv2ks2.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Gadu-Gadu"="e:\gadu-gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-30 5898240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-03-30 86016]
"nwiz"="nwiz.exe" [2005-03-30 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Find Fast.lnk - d:\office\Office\FINDFAST.EXE [1997-10-06 111376]
Uruchamianie pakietu Office.lnk - d:\office\Office\OSA.EXE [1997-10-06 51984]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2004-05-11 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2005-03-24 18:28 983040 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--------- 2007-03-12 13:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2007-01-26 14:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 d:\daemon\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 2004-06-14 10:54 200704 c:\program files\Gigabyte\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 e:\gadu-gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2007-01-29 20:10 46632 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2007-01-29 20:12 30248 c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-02-06 13:57 19432488 d:\skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 d:\spybot - search & destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a--c--- 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\bluetooth\\BlueSoleil.exe"=
"e:\\Gadu-Gadu\\gg.exe"=
"d:\\BearShare\\BearShare.exe"=
"h:\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\skype\\Phone\\Skype.exe"=
"f:\\gry\\Tom Clancy's Splinter Cell Chaos Theory\\System\\SplinterCell3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2007-05-19 31424]
S3 BIOSCHK;BIOSCHK;\??\c:\docume~1\mati\USTAWI~1\Temp\TII1E.tmp\disk1\BIOSCHK.SYS []
S3 EnumChip;EnumChip;\??\g:\driver\Gart\EnumChip.sys []
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\Gigabyte\ET5\markfun.w32 [2008-08-29 8236]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\DRIVERS\pfc027.sys []
S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D.sys []
S3 WFsys;WinFox Control I/O Driver;c:\windows\system32\DRIVERS\wfsys.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa22c3a-0861-11dc-95c6-0013d300bbf9}]
\Shell\AutoRun\command - L:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db23c0a8-05ff-11dc-95b9-806d6172696f}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f193b482-af29-11dc-96d1-000feab71d44}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

SSODL-ahRVfZbVGkdvfT-{FCCAC42F-5660-6E85-4E67-4C8EC7FB64E9} - c:\windows\system32\tphvf.dll


.
------- Skan uzupełniający -------
.
uStart Page = file:///C:/Documents%20and%20Settings/mati/Moje%20dokumenty/startowa.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
TCP: {6564221D-CBEB-4F4E-9A3A-9FBBBBC5994F} = 192.168.100.254 192.168.100.254

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
FF - ProfilePath - c:\documents and settings\mati\Dane aplikacji\Mozilla\Firefox\Profiles\jyf6va6c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 15:00:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\ATKKBService.exe
d:\bluetooth\BTNtService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\MicroStar\WLANUtility\WLAN_Service.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-02 15:01:33 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-01-02 14:01:22
ComboFix2.txt  2008-09-05 21:09:35

Przed: 1 748 492 288 bajtów wolnych
Po: 1,700,610,048 bajtów wolnych

163   --- E O F ---   2008-12-20 18:01:15


a no i moze da sie jeszcze cos zrobic z tym
C:\Documents and Settings\mati\Cookies\mati@hit.gemius[1].txt
C:\Documents and Settings\mati\Cookies\mati@hit.stat[1].txt
sa to jakies Tracking cookies
mateusznokian
~user
 
Posty: 34
Dołączenie: 21 Lis 2008, 21:12



Infekcja bifrost, winexit - help

Postprzez wojtas 03 Sty 2009, 18:45

te plik/i :

c:\program files\mtdv2ku2.sys
c:\program files\mtdv2ks2.sys

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f193b482-af29-11dc-96d1-000feab71d44}]


w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

i skasuj:

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)


i wroc z nowymi logami i raportami.. tak wogole to nie znam tego programu co Ci wykrywa wirusa wiec nie byl bym pewien jego...
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656



Re: infekcja bifrost, winexit - help

Postprzez mateusznokian 04 Sty 2009, 01:41

Kod: Zaznacz wszystko
File:      mtdv2ks2.sys
Status:    
OK
MD5:    a25b4cec85388f2e88567b4d629aa6e4
Packers detected:    
-
Scanner results
Scan taken on 03 Jan 2009 23:14:58 (GMT)
A-Squared    
Found nothing
AntiVir    
Found nothing
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found nothing
BitDefender    
Found nothing
ClamAV    
Found nothing
CPsecure    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
F-Secure Anti-Virus    
Found nothing
G DATA    
Found nothing
Ikarus    
Found nothing
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
Panda Antivirus    
Found nothing
Sophos Antivirus    
Found nothing
VirusBuster    
Found nothing
VBA32    
Found nothing


ten drugi plik tak samo



a teraz z totala
Kod: Zaznacz wszystko
Plik mtdv2ku2.sys otrzymany 2009.01.04 00:18:22 (CET)
Obecny status: zakończono
Wynik: 0/38 (0%)

odatkowe informacje
File size: 12288 bytes
MD5...: cd3c06f56104bac9268587bf1c25a84c
SHA1..: 9b72886ad0976aa512095f0236d80b04546ce7f7
SHA256: ca353a8a8727b5479eedb0df90076ce2d519e70e9df33fe38a043d7445956bde
SHA512: 3a35c21845b25047ad5c791da16feb1ed00362a523c050d7dd34bc8bb3ecbdf9
94aa7eadd3bf5f6614d5368f87f5bb5cd7d5a9200c942c45c1a777bb653ef45b
ssdeep: 192:NfvnT9fYQo9EuIEhKVEdVsxP95FK69Tf5+Bf/YZf/lvo7OQdPX1r4:NfPT72
3jVu95D9UBoLo7r9r4
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10896
timedatestamp.....: 0x3f8c0328 (Tue Oct 14 14:07:36 2003)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x1f11 0x1f80 6.38 3689bf60b5c9471e0fd61bd0d0c7ab30
.rdata 0x2280 0x137 0x180 3.94 4d7b0ecb4a2fe4fc92fbe81834a386cc
.data 0x2400 0x24 0x80 0.00 f09f35a5637839458e462e6350ecbce4
INIT 0x2480 0x43e 0x480 4.83 fa8b1fb77c1221c160f4737da90a7aad
.rsrc 0x2900 0x4b8 0x500 3.18 89b4593145cb399706429c61b24e0e02
.reloc 0x2e00 0x1ba 0x200 4.93 83699a5e1fd47876b55420a9afbcbcb6

( 3 imports )
> NTOSKRNL.EXE: KeInitializeEvent, IoCreateDevice, KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, ExAllocatePoolWithTag, KeInitializeSpinLock, KeSetEvent, InterlockedDecrement, RtlFreeUnicodeString, KeClearEvent, InterlockedIncrement, IoRegisterDeviceInterface, IoAttachDeviceToDeviceStack, IoDeleteDevice, IoDetachDevice, RtlInitUnicodeString, IofCompleteRequest, PoCallDriver, PoStartNextPowerIrp, IoFreeIrp, IoAllocateIrp, PoRequestPowerIrp, KeReleaseMutex, IoFreeMdl, IoCancelIrp, IoBuildPartialMdl, IoAllocateMdl, IoSetDeviceInterfaceState, KeInitializeMutex, ExFreePool
> HAL.DLL: ExReleaseFastMutex, ExAcquireFastMutex, KfAcquireSpinLock, KfReleaseSpinLock
> USBD.SYS: USBD_ParseConfigurationDescriptorEx, USBD_GetUSBDIVersion, USBD_CreateConfigurationRequestEx

( 0 exports )



Kod: Zaznacz wszystko
Plik mtdv2ks2.sys otrzymany 2009.01.04 00:23:03 (CET)
Obecny status: Ładowanie ... w kolejce oczekuje skanowanie zakończono NIE ZNALEZIONO ZATRZYMANE
Wynik: 0/38 (0%)
Ładowanie informacji serwera...
Twój plik czeka w kolejce na pozycji: ___.
Oczekiwany czas rozpoczęcia zawiera się między ___ i ___ .
Nie zamykaj tego okna, dopóki skanowanie nie zostanie ukończone.
Skaner nie odpowiada, trwają próby odzyskania wyników skanowania.
Jeśli potrwa to dłużej niż 5 minut, wyślik plik ponownie.
Twój plik jest obecnie skanowany, wyniki będą pojawiać się stopniowo.
Zwięzły Zwięzły
Drukuj wyniki Drukuj wyniki
Twój plik wygasł lub nie istnieje.
Usługa została wstrzymana. Twój plik będzie czekać na skanowanie (na pozycji: ) przez nieokreślony czas.

Możesz czekać na odpowiedź (automatyczne przeładowanie) lub podać swój email poniżej i kliknąć "przypomnij", wtedy system poinformuje Cię o zakończeniu skanowania wysyłając email.
Przypomnij:    
   
Antywirus    Wersja    Ostatnia aktualizacja    Wynik
a-squared   4.0.0.73   2009.01.03   -
AhnLab-V3   2008.12.31.0   2009.01.03   -
AntiVir   7.9.0.45   2009.01.03   -
Authentium   5.1.0.4   2009.01.03   -
Avast   4.8.1281.0   2009.01.03   -
AVG   8.0.0.199   2009.01.03   -
BitDefender   7.2   2009.01.03   -
CAT-QuickHeal   10.00   2009.01.03   -
ClamAV   0.94.1   2009.01.03   -
Comodo   869   2009.01.03   -
DrWeb   4.44.0.09170   2009.01.04   -
eTrust-Vet   31.6.6287   2009.01.01   -
Ewido   4.0   2008.12.31   -
F-Prot   4.4.4.56   2009.01.03   -
F-Secure   8.0.14470.0   2009.01.03   -
Fortinet   3.117.0.0   2009.01.03   -
GData   19   2009.01.03   -
Ikarus   T3.1.1.45.0   2009.01.03   -
K7AntiVirus   7.10.575   2009.01.03   -
Kaspersky   7.0.0.125   2009.01.03   -
McAfee   5483   2009.01.03   -
McAfee+Artemis   5483   2009.01.03   -
Microsoft   1.4205   2009.01.03   -
NOD32   3734   2009.01.03   -
Norman   5.80.02   2009.01.02   -
Panda   9.0.0.4   2009.01.03   -
PCTools   4.4.2.0   2009.01.03   -
Prevx1   V2   2009.01.04   -
Rising   21.10.22.00   2008.12.31   -
SecureWeb-Gateway   6.7.6   2009.01.03   -
Sophos   4.37.0   2009.01.03   -
Sunbelt   3.2.1809.2   2008.12.22   -
Symantec   10   2009.01.04   -
TheHacker   6.3.1.4.204   2009.01.02   -
TrendMicro   8.700.0.1004   2009.01.02   -
VBA32   3.12.8.10   2009.01.03   -
ViRobot   2009.1.3.1541   2009.01.03   -
VirusBuster   4.5.11.0   2009.01.03   -
Dodatkowe informacje
File size: 11648 bytes
MD5...: a25b4cec85388f2e88567b4d629aa6e4
SHA1..: 917c03bbebe111463cee0a729309fec21b129f32
SHA256: 17e8f72e9929bccd0e9b05ea337b9e274d3d29aceb9601e321609c3f06611f2b
SHA512: 4a2281aa3df5d0cde4f26bd491b5b6b82c680f801c21fb8ffcb8dc61498bd8ed
013633a1b04ae9f3f79f55b4c315f25d3c8066ca4d706ed754882b56814a229b
ssdeep: 192:80Cl/+WhCK0qEbTfoNprWacxh7/hj4S0NghczgUG7OVdsA:jCl3hCKTEbcTQ
xV/hkPNghcUUG78
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x103ec
timedatestamp.....: 0x3f864626 (Fri Oct 10 05:39:50 2003)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x1924 0x1980 6.27 80001b187aeea9635fce534feadc420f
.rdata 0x1c80 0x147 0x180 4.17 7af027c233986aed1cdd6c9232d418f3
.data 0x1e00 0x260 0x280 3.01 3e5b1511da4ffc42e70bf384c99ec6bb
INIT 0x2080 0x4b2 0x500 4.90 c93bb4d50065fe25fa6946ced32fc02e
.rsrc 0x2580 0x4c0 0x500 3.19 52b91f8b7d4825eec0a5004dbfd327d1
.reloc 0x2a80 0x292 0x300 4.02 a12958c51696768286ed82194f5e587d

( 2 imports )
> NTOSKRNL.EXE: InterlockedDecrement, KeSetEvent, KeClearEvent, InterlockedIncrement, IoAttachDeviceToDeviceStack, IofCompleteRequest, KeInitializeEvent, KeWaitForSingleObject, PoStartNextPowerIrp, RtlAppendUnicodeStringToString, ExAllocatePoolWithTag, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, IoCreateDevice, IoDeleteDevice, ExFreePool, IoDetachDevice, PoCallDriver, IoBuildSynchronousFsdRequest, KeInitializeSpinLock, IoQueueWorkItem, IoAllocateWorkItem, IoFreeIrp, IoAllocateIrp, RtlInitUnicodeString, IoFreeWorkItem, KeTickCount, KeQueryTimeIncrement, MmMapLockedPagesSpecifyCache, ZwQueryValueKey, RtlAppendUnicodeToString, RtlDeleteRegistryValue, IoDeleteSymbolicLink, RtlWriteRegistryValue, IoCreateSymbolicLink, wcslen, ZwClose, IoOpenDeviceRegistryKey, IoBuildDeviceIoControlRequest, IofCallDriver
> HAL.DLL: KfLowerIrql, KfRaiseIrql, KfReleaseSpinLock, KfAcquireSpinLock

( 0 exports )


combofix
Kod: Zaznacz wszystko
ComboFix 09-01-02.01 - mati 2009-01-04  0:48:08.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.511.196 [GMT 1:00]
Uruchomiony z: c:\documents and settings\mati\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-12-03 do 2009-01-03  )))))))))))))))))))))))))))))))
.

2009-01-03 13:28 . 2009-01-03 13:28   <DIR>   d--------   c:\windows\system32\Kaspersky Lab
2009-01-03 13:28 . 2009-01-03 13:28   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-03 13:18 . 2009-01-03 13:23   <DIR>   d--------   c:\program files\Hide IP NG
2009-01-03 13:18 . 2009-01-03 13:23   <DIR>   d--------   c:\documents and settings\mati\Dane aplikacji\Hide IP NG
2009-01-03 13:16 . 2009-01-03 13:16   <DIR>   d--------   c:\windows\ERUNT
2009-01-03 13:16 . 2009-01-03 13:16   <DIR>   d--------   C:\ERDNT
2009-01-03 13:16 . 2009-01-03 13:16   <DIR>   d--------   C:\!FixIEDef
2009-01-03 12:51 . 2009-01-03 12:51   <DIR>   d--------   c:\program files\Trend Micro
2009-01-03 01:50 . 2009-01-03 01:50   <DIR>   d--------   c:\program files\Trojan Remover
2009-01-03 01:38 . 2009-01-03 01:50   <DIR>   d--------   c:\documents and settings\mati\Dane aplikacji\Simply Super Software
2009-01-03 01:38 . 2009-01-03 01:38   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2009-01-03 01:38 . 2006-05-25 14:52   162,304   --a------   c:\windows\system32\ztvunrar36.dll
2009-01-03 01:38 . 2003-02-02 19:06   153,088   --a------   c:\windows\system32\unrar3.dll
2009-01-03 01:38 . 2005-08-26 00:50   77,312   --a------   c:\windows\system32\ztvunace26.dll
2009-01-03 01:38 . 2002-03-06 00:00   75,264   --a------   c:\windows\system32\unacev2.dll
2009-01-03 01:38 . 2006-06-19 12:01   69,632   --a------   c:\windows\system32\ztvcabinet.dll
2009-01-02 02:15 . 2009-01-04 00:27   <DIR>   d--------   c:\program files\Exterminate It!
2009-01-02 00:52 . 2009-01-02 00:52   119   --a------   c:\windows\wininit.ini
2008-12-25 04:47 . 2008-05-08 02:03   453,632   --a------   c:\windows\system32\SetACL.ocx
2008-12-19 16:26 . 2008-12-19 16:26   <DIR>   d--------   c:\program files\SystemRequirementsLab
2008-12-19 16:25 . 2008-12-19 16:25   <DIR>   d--------   c:\documents and settings\mati\SystemRequirementsLab
2008-12-19 12:58 . 2008-12-19 12:58   0   --a------   c:\windows\nsreg.dat

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 22:41   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-21 19:14   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 10:39   662,016   ----a-w   c:\windows\system32\wininet.dll
2008-10-03 10:17   247,326   ----a-w   c:\windows\system32\strmdll.dll
2005-02-08 08:25   599,552   -c--a-w   c:\program files\Manual_USB_E.doc
2004-03-11 11:27   40,960   -c--a-w   c:\program files\Uninstall_CDS.exe
2003-11-07 14:30   2,217   -c--a-w   c:\program files\mtdv2ks3.inf
2003-10-15 07:07   12,288   -c--a-w   c:\program files\mtdv2ku2.sys
2003-10-10 22:39   11,648   -c--a-w   c:\program files\mtdv2ks2.sys
1999-06-30 13:06   151,552   -c--a-r   c:\windows\inf\Agfa\Message.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Gadu-Gadu"="e:\gadu-gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-30 5898240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-03-30 86016]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-01-01 1231752]
"nwiz"="nwiz.exe" [2005-03-30 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Find Fast.lnk - d:\office\Office\FINDFAST.EXE [1997-10-06 111376]
Uruchamianie pakietu Office.lnk - d:\office\Office\OSA.EXE [1997-10-06 51984]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2004-05-11 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2005-03-24 18:28 983040 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--------- 2007-03-12 13:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2007-01-26 14:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 d:\daemon\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 2004-06-14 10:54 200704 c:\program files\Gigabyte\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 e:\gadu-gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2007-01-29 20:10 46632 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2007-01-29 20:12 30248 c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-02-06 13:57 19432488 d:\skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 d:\spybot - search & destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a--c--- 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\bluetooth\\BlueSoleil.exe"=
"e:\\Gadu-Gadu\\gg.exe"=
"d:\\BearShare\\BearShare.exe"=
"h:\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\skype\\Phone\\Skype.exe"=
"f:\\gry\\Tom Clancy's Splinter Cell Chaos Theory\\System\\SplinterCell3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2007-05-19 31424]
S3 BIOSCHK;BIOSCHK;\??\c:\docume~1\mati\USTAWI~1\Temp\TII1E.tmp\disk1\BIOSCHK.SYS --> c:\docume~1\mati\USTAWI~1\Temp\TII1E.tmp\disk1\BIOSCHK.SYS [?]
S3 EnumChip;EnumChip;\??\g:\driver\Gart\EnumChip.sys --> g:\driver\Gart\EnumChip.sys [?]
S3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5\MARKFUN.W32 [2008-08-29 8236]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D.sys --> c:\windows\system32\Drivers\Video3D.sys [?]
S3 WFsys;WinFox Control I/O Driver;c:\windows\system32\DRIVERS\wfsys.sys --> c:\windows\system32\DRIVERS\wfsys.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa22c3a-0861-11dc-95c6-0013d300bbf9}]
\Shell\AutoRun\command - L:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db23c0a8-05ff-11dc-95b9-806d6172696f}]
\Shell\AutoRun\command - K:\Autorun.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = file:///C:/Documents%20and%20Settings/mati/Moje%20dokumenty/startowa.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
TCP: {6564221D-CBEB-4F4E-9A3A-9FBBBBC5994F} = 192.168.100.254 192.168.100.254

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
FF - ProfilePath - c:\documents and settings\mati\Dane aplikacji\Mozilla\Firefox\Profiles\jyf6va6c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 00:48:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
Czas ukończenia: 2009-01-04  0:49:31
ComboFix-quarantined-files.txt  2009-01-03 23:49:17
ComboFix2.txt  2009-01-02 14:01:34

Przed: 1 676 181 504 bajtów wolnych
Po: 1,668,734,976 bajtów wolnych

169   --- E O F ---   2008-12-20 18:01:15


a teraz Hijackthis
Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:29, on 2009-01-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
D:\bluetooth\BTNtService.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Gadu-Gadu\gg.exe
D:\Office\Office\OSA.EXE
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/mati/Moje%20dokumenty/startowa.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Office\Office\FINDFAST.EXE
O4 - Global Startup: Uruchamianie pakietu Office.lnk = D:\Office\Office\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6564221D-CBEB-4F4E-9A3A-9FBBBBC5994F}: NameServer = 192.168.100.254 192.168.100.254
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\bluetooth\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 6430 bytes
mateusznokian
~user
 
Posty: 34
Dołączenie: 21 Lis 2008, 21:12



Infekcja bifrost, winexit - help

Postprzez wojtas 04 Sty 2009, 12:04

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp :) oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 4 gości