Aktualizacje na programosy.pl:
Chromium • Kaspersky Rescue Disk • Vim • Free YouTube to MP3 Converter • Far Manager • Free YouTube Download • R-Undelete • GoodSync • Microsoft Safety Scanner
-
- Ogłoszenie:
Olhrwef.exe , e.exe
26 posty(ów) • Strona 2 z 2 • 1, 2
Olhrwef.exe , e.exe
przez Okocza 03 Sie 2009, 17:21
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
Olhrwef.exe , e.exe
przez FoReST333 04 Sie 2009, 09:25
log :
znowu to mi sie pojawiło:
http://img268.imageshack.us/img268/5282/blad4.jpg
jak ostatni raz robilem combofixa to usunelem ten plik ręcznie i przez 3 dni go nie widzialem a pozniej to nie wiem jak to z nim było ;p ale znow jest ;p
- Kod: Zaznacz wszystko
ComboFix 09-08-03.04 - User 2009-08-04 9:13.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1684 [GMT 2:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\ComboFix.exe
.
Następujące pliki zostały wyłączone z działania w czasie skanowania:
c:\windows\system32\sk461543.dll
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\BReWErS.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-04 07:14 . 2009-08-04 07:17 81920 ----a-w- c:\windows\system32\je461543.dll
2009-08-04 07:11 . 2009-08-04 07:13 81920 ----a-w- c:\windows\system32\sk461543.dll
2009-08-04 07:11 . 2009-08-04 07:12 81920 ----a-w- c:\windows\system32\sk461543.dll.vir
2009-08-01 10:49 . 2009-08-01 10:49 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu
2009-07-26 20:03 . 2009-08-01 10:51 81920 ----a-w- c:\windows\system32\lz461543.dll
2009-07-26 20:02 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\j{461543.dll
2009-07-25 10:06 . 2009-07-25 10:16 81920 ----a-w- c:\windows\system32\mz461543.dll
2009-07-25 09:46 . 2009-07-25 09:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ubisoft
2009-07-25 09:46 . 2009-07-25 09:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2009-07-25 09:14 . 2009-07-25 09:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-07-25 09:10 . 2009-07-25 09:10 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-25 09:10 . 2009-07-25 09:16 -------- d-----w- c:\documents and settings\User\Dane aplikacji\DAEMON Tools Lite
2009-07-22 08:10 . 2009-07-24 14:13 81920 ----a-w- c:\windows\system32\kw461543.dll
2009-07-22 07:55 . 2009-07-22 07:55 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-22 07:55 . 2009-07-22 07:55 22328 ----a-w- c:\documents and settings\User\Dane aplikacji\PnkBstrK.sys
2009-07-22 07:55 . 2009-07-22 07:55 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-22 07:55 . 2009-07-22 07:55 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-22 07:42 . 2009-07-22 07:42 -------- d-----w- c:\windows\system32\LogFiles
2009-07-21 10:47 . 2009-07-22 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Codemasters
2009-07-21 10:34 . 2009-07-21 10:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 10:14 . 2009-07-21 10:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-21 10:14 . 2009-07-21 10:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-21 10:14 . 2009-07-21 10:14 -------- d-----w- c:\program files\OpenAL
2009-07-21 07:23 . 2009-07-26 15:23 81920 ----a-w- c:\windows\system32\iu461543.dll
2009-07-20 15:42 . 2009-07-20 15:47 81920 ----a-w- c:\windows\system32\ru461543.dll
2009-07-20 15:37 . 2009-08-04 07:17 5077 ----a-w- c:\windows\system32\drivers\njklmn.sys
2009-07-20 15:36 . 2009-07-20 15:36 -------- d-----w- c:\windows\system32\%commonprogramfiles%
2009-07-20 14:29 . 2009-07-20 15:11 81920 ----a-w- c:\windows\system32\qu461543.dll
2009-07-20 08:50 . 2009-07-30 19:03 81920 ----a-w- c:\windows\system32\ik461543.dll
2009-07-20 07:43 . 2009-07-20 07:43 9240 ----a-w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-07-20 06:36 . 2009-07-20 06:36 -------- d-sh--w- c:\windows\ftpcache
2009-07-20 06:32 . 2004-04-30 07:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-07-20 06:32 . 2004-04-30 07:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-07-20 06:32 . 2009-07-20 06:32 -------- d-----w- c:\program files\Alcohol Soft
2009-07-20 06:32 . 2009-08-01 10:49 81920 ----a-w- c:\windows\system32\kl461543.dll
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Malwarebytes
2009-07-19 19:00 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-19 19:00 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\xircom
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\oobe
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\srchasst
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\msagent
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\program files\microsoft frontpage
2009-07-19 14:21 . 2009-08-04 07:12 81920 ----a-w- c:\windows\system32\qt461543.dll
2009-07-19 13:06 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\nt461543.dll
2009-07-19 11:15 . 2009-07-19 11:15 -------- d-----w- c:\windows\USB Vibration
2009-07-19 11:15 . 2009-07-19 11:15 -------- d-----w- c:\program files\USB Vibration
2009-07-19 08:23 . 2009-07-25 11:28 81920 ----a-w- c:\windows\system32\no461543.dll
2009-07-18 18:43 . 2009-07-31 21:00 81920 ----a-w- c:\windows\system32\kj461543.dll
2009-07-18 14:25 . 2009-08-03 07:01 81920 ----a-w- c:\windows\system32\jj461543.dll
2009-07-18 14:21 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\oo461543.dll
2009-07-18 14:21 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\si461543.dll
2009-07-18 14:21 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\ij461543.dll
2009-07-18 14:21 . 2009-08-04 07:18 81920 ----a-w- c:\windows\system32\ti461543.dll
2009-07-18 14:20 . 2009-08-04 06:51 81920 ----a-w- c:\windows\system32\qs461543.dll
2009-07-18 14:19 . 2009-07-18 14:19 -------- d-----w- C:\_OTL
2009-07-18 09:41 . 2008-06-16 13:28 26624 ----a-w- c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-18 09:21 . 2009-07-18 13:29 -------- d-----w- c:\program files\trend micro
2009-07-18 09:21 . 2009-07-18 09:21 -------- d-----w- C:\rsit
2009-07-18 09:17 . 2009-07-18 09:23 -------- d-----w- C:\SDFix
2009-07-16 09:07 . 2009-07-16 09:07 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Identities
2009-07-13 07:11 . 2006-11-07 08:42 5840 ----a-r- c:\windows\system32\drivers\w200whnt.sys
2009-07-13 07:11 . 2006-11-07 08:42 5840 ----a-r- c:\windows\system32\drivers\w200wh.sys
2009-07-13 07:11 . 2006-11-07 08:42 61504 ----a-r- c:\windows\system32\drivers\w200bus.sys
2009-07-11 08:12 . 2009-07-11 08:12 -------- d-----w- C:\Python24
2009-07-10 16:41 . 2009-07-10 16:41 -------- d-----w- c:\windows\Logs
2009-07-09 15:54 . 2009-07-20 13:32 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Adobe
2009-07-09 12:37 . 2009-07-09 12:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ventrilo
2009-07-09 12:04 . 2009-07-09 12:05 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Tibia
2009-07-09 10:09 . 2009-07-09 10:09 -------- d-----w- c:\program files\uTorrent
2009-07-09 10:09 . 2009-08-03 18:49 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent
2009-07-09 08:28 . 2009-04-28 20:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-09 08:28 . 2009-04-28 20:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-09 08:28 . 2009-04-28 20:20 129520 ----a-w- c:\windows\system32\pxafs.dll
2009-07-09 07:06 . 2009-07-09 07:06 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Gadu-Gadu
2009-07-09 07:05 . 2009-07-10 15:23 -------- d-----w- c:\documents and settings\User\Gadu-Gadu
2009-07-09 07:05 . 2009-07-09 07:05 -------- d-----w- c:\program files\Gadu-Gadu
2009-07-08 17:15 . 2009-07-08 17:15 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 16:29 . 2009-07-08 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 07:14 . 2009-07-08 14:34 557056 ----a-w- c:\windows\system32\mspaint.exe
2009-07-09 10:26 . 2009-07-08 16:19 -------- d-----w- c:\program files\Winamp
2009-07-08 16:31 . 2009-07-08 16:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Common Files\Real
2009-07-08 16:24 . 2009-07-08 16:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-08 16:24 . 2009-07-08 16:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Real
2009-07-08 16:23 . 2009-07-08 16:22 -------- d-----w- c:\program files\Google
2009-07-08 16:21 . 2009-07-08 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-08 15:19 . 2009-07-08 15:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-08 15:08 . 2009-07-08 15:05 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-08 15:08 . 2009-07-08 15:08 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ahead
2009-07-08 15:05 . 2009-07-08 15:05 -------- d-----w- c:\program files\Nero
2009-07-08 15:04 . 2009-07-08 15:04 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Logitech
2009-07-08 15:03 . 2009-07-08 15:03 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Leadertech
2009-07-08 15:03 . 2009-07-08 15:03 10134 ----a-r- c:\documents and settings\User\Dane aplikacji\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-07-08 15:03 . 2009-07-08 15:01 -------- d-----w- c:\program files\Common Files\Logishrd
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Logitech
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\program files\Logitech
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\User\Dane aplikacji\InstallShield
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LogiShrd
2009-07-08 14:50 . 2009-07-08 14:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-08 14:45 . 2009-07-08 14:45 -------- d-----w- c:\program files\VDOTool
2009-07-08 14:42 . 2008-06-16 13:28 47898 ----a-w- c:\windows\system32\perfc015.dat
2009-07-08 14:42 . 2008-06-16 13:28 352770 ----a-w- c:\windows\system32\perfh015.dat
2009-07-08 14:37 . 2009-07-08 14:37 -------- d-----w- c:\program files\Usługi online
2009-07-08 14:35 . 2009-07-08 14:35 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-08 14:34 . 2009-07-08 14:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-02 16:11 . 2009-07-08 16:30 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2009-07-08 16:30 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-07-08 16:30 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-22 20:16 . 2009-07-08 15:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2007-07-11 05:06 642560 CE594E18FE0D0AF804F1F3694921CE62 c:\windows\system32\user32.dll
[-] 2008-06-16 13:28 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-16 13:28 549888 335813EACD16E84F3047A3326F6E5473 c:\windows\system32\winlogon.exe
[-] 2008-07-19 00:33 2074240 0DBF1939DF18AC8F8C1E4BD63D7D4B0F c:\windows\system32\ntkrnlpa.exe
[-] 2008-07-07 09:44 2197376 37D5DAAEDA594B9BEE00C82F185CC549 c:\windows\system32\ntoskrnl.exe
[-] 2008-06-27 15:36 1482240 12B143C653DFA3F953EDA4534B1AAEA8 c:\windows\explorer.exe
[-] 2008-06-16 13:28 1420800 4678172D19476FA7D539682FCA42C942 c:\windows\system32\comres.dll
[-] 2008-06-16 13:28 724992 7F059A93D251284A8BC758327ECD3D69 c:\windows\system32\comctl32.dll
[7] 2008-06-16 13:28 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-06-16 13:28 1054208 737739FACEAD60683AA8D7FF7602FD14 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-06-16 13:28 1571840 C8BDAD4065118558B3DC360FC96D81DB c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-19_14.32.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-20 06:32 . 2009-07-20 06:32 62464 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
+ 2007-07-23 02:34 . 2007-07-23 02:34 811008 c:\windows\system32\nvcplui.exe
+ 2009-07-20 06:32 . 2009-07-20 06:32 958464 c:\windows\Installer\23c4366.msi
+ 2009-07-26 15:31 . 2009-07-26 15:31 161862 c:\windows\Installer\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\ARPPRODUCTICON.exe
+ 2009-07-20 06:32 . 2009-07-20 06:32 106496 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
+ 2009-07-26 15:30 . 2009-07-26 15:31 80038400 c:\windows\Installer\1cea44b.msi
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 151552]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-06-26 2165272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-07-23 1683456]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-06-16 124928]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-8 846352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 10:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\PES 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"f:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
S2 gupdate1c9ffe8612be232;Usługa Google Update (gupdate1c9ffe8612be232);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
S2 MCIDRV_2600_6_0;MCIDRV_2600_6_0;c:\windows\system32\drivers\njklmn.sys [2009-07-20 5077]
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:23]
2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:23]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://nasza-klasa.pl/
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\idg199yp.default\
FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - component: c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\idg199yp.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 09:17
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\sfc_os.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\scecli.dll
.
Czas ukończenia: 2009-08-04 9:21
ComboFix-quarantined-files.txt 2009-08-04 07:21
ComboFix2.txt 2009-07-20 15:47
ComboFix3.txt 2009-07-20 08:48
ComboFix4.txt 2009-07-19 17:11
ComboFix5.txt 2009-08-04 07:13
Przed: 3 715 076 096 bajtów wolnych
Po: 3 721 076 736 bajtów wolnych
251 --- E O F --- 2009-07-14 12:59
znowu to mi sie pojawiło:
http://img268.imageshack.us/img268/5282/blad4.jpg
jak ostatni raz robilem combofixa to usunelem ten plik ręcznie i przez 3 dni go nie widzialem a pozniej to nie wiem jak to z nim było ;p ale znow jest ;p
Olhrwef.exe , e.exe
przez Okocza 04 Sie 2009, 09:42
Więc tak, wyłącz przywracanie na wszystkich dyskach.
wejdź do trybu awaryjnego
Otwórz notatnik i wklej w nim:
Zapisz jako CFScript.txt i przeciągnij na ComboFix.exe
Daj log jaki powstanie
wejdź do trybu awaryjnego
Otwórz notatnik i wklej w nim:
- Kod: Zaznacz wszystko
Files::
c:\windows\system32\je461543.dll
c:\windows\system32\sk461543.dll
c:\windows\system32\sk461543.dll.vir
c:\windows\system32\lz461543.dll
c:\windows\system32\j{461543.dll
c:\windows\system32\mz461543.dll
c:\windows\system32\kw461543.dll
c:\windows\system32\iu461543.dll
c:\windows\system32\ru461543.dll
c:\windows\system32\drivers\njklmn.sys
c:\windows\system32\qu461543.dll
c:\windows\system32\ik461543.dll
c:\windows\system32\kl461543.dll
c:\windows\system32\qt461543.dll
c:\windows\system32\nt461543.dll
c:\windows\system32\no461543.dll
c:\windows\system32\kj461543.dll
c:\windows\system32\jj461543.dll
c:\windows\system32\oo461543.dll
c:\windows\system32\si461543.dll
c:\windows\system32\ij461543.dll
c:\windows\system32\ti461543.dll
c:\windows\system32\qs461543.dll
c:\windows\system32\perfc015.dat
c:\windows\system32\perfh015.dat
c:\windows\system32\emptyregdb.dat
Folders::
c:\windows\system32\%commonprogramfiles%
Zapisz jako CFScript.txt i przeciągnij na ComboFix.exe
Daj log jaki powstanie
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
Olhrwef.exe , e.exe
przez FoReST333 04 Sie 2009, 15:05
log:
tryb awaryjny mi dziala
wczesniej mialem blue screena
- Kod: Zaznacz wszystko
ComboFix 09-08-03.04 - User 2009-08-04 10:54.7.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1807 [GMT 2:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\User\Pulpit\CFScript.txt
.
Następujące pliki zostały wyłączone z działania w czasie skanowania:
c:\windows\system32\sk461543.dll
((((((((((((((((((((((((( Pliki utworzone od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-04 08:58 . 2009-08-04 09:05 81920 ----a-w- c:\windows\system32\ke461543.dll
2009-08-01 10:49 . 2009-08-01 10:49 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu
2009-07-26 20:03 . 2009-08-01 10:51 81920 ----a-w- c:\windows\system32\lz461543.dll
2009-07-26 20:02 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\j{461543.dll
2009-07-25 10:06 . 2009-07-25 10:16 81920 ----a-w- c:\windows\system32\mz461543.dll
2009-07-25 09:46 . 2009-07-25 09:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ubisoft
2009-07-25 09:46 . 2009-07-25 09:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2009-07-25 09:14 . 2009-07-25 09:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-07-25 09:10 . 2009-07-25 09:10 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-25 09:10 . 2009-07-25 09:16 -------- d-----w- c:\documents and settings\User\Dane aplikacji\DAEMON Tools Lite
2009-07-22 08:10 . 2009-07-24 14:13 81920 ----a-w- c:\windows\system32\kw461543.dll
2009-07-22 07:55 . 2009-07-22 07:55 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-22 07:55 . 2009-07-22 07:55 22328 ----a-w- c:\documents and settings\User\Dane aplikacji\PnkBstrK.sys
2009-07-22 07:55 . 2009-07-22 07:55 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-22 07:55 . 2009-07-22 07:55 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-22 07:42 . 2009-07-22 07:42 -------- d-----w- c:\windows\system32\LogFiles
2009-07-21 10:47 . 2009-07-22 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Codemasters
2009-07-21 10:34 . 2009-07-21 10:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 10:14 . 2009-07-21 10:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-21 10:14 . 2009-07-21 10:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-21 10:14 . 2009-07-21 10:14 -------- d-----w- c:\program files\OpenAL
2009-07-21 07:23 . 2009-07-26 15:23 81920 ----a-w- c:\windows\system32\iu461543.dll
2009-07-20 15:42 . 2009-07-20 15:47 81920 ----a-w- c:\windows\system32\ru461543.dll
2009-07-20 15:37 . 2009-08-04 08:52 5077 ----a-w- c:\windows\system32\drivers\njklmn.sys
2009-07-20 15:36 . 2009-07-20 15:36 -------- d-----w- c:\windows\system32\%commonprogramfiles%
2009-07-20 14:29 . 2009-07-20 15:11 81920 ----a-w- c:\windows\system32\qu461543.dll
2009-07-20 08:50 . 2009-07-30 19:03 81920 ----a-w- c:\windows\system32\ik461543.dll
2009-07-20 07:43 . 2009-07-20 07:43 9240 ----a-w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-07-20 06:36 . 2009-07-20 06:36 -------- d-sh--w- c:\windows\ftpcache
2009-07-20 06:32 . 2004-04-30 07:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-07-20 06:32 . 2004-04-30 07:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-07-20 06:32 . 2009-07-20 06:32 -------- d-----w- c:\program files\Alcohol Soft
2009-07-20 06:32 . 2009-08-04 08:06 81920 ----a-w- c:\windows\system32\kl461543.dll
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Malwarebytes
2009-07-19 19:00 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-19 19:00 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\xircom
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\oobe
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\srchasst
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\msagent
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\program files\microsoft frontpage
2009-07-19 14:21 . 2009-08-04 08:53 81920 ----a-w- c:\windows\system32\qt461543.dll
2009-07-19 13:06 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\nt461543.dll
2009-07-19 11:15 . 2009-07-19 11:15 -------- d-----w- c:\windows\USB Vibration
2009-07-19 11:15 . 2009-07-19 11:15 -------- d-----w- c:\program files\USB Vibration
2009-07-19 08:23 . 2009-07-25 11:28 81920 ----a-w- c:\windows\system32\no461543.dll
2009-07-18 18:43 . 2009-07-31 21:00 81920 ----a-w- c:\windows\system32\kj461543.dll
2009-07-18 14:25 . 2009-08-04 08:50 81920 ----a-w- c:\windows\system32\jj461543.dll
2009-07-18 14:21 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\oo461543.dll
2009-07-18 14:21 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\si461543.dll
2009-07-18 14:21 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\ij461543.dll
2009-07-18 14:21 . 2009-08-04 09:05 81920 ----a-w- c:\windows\system32\ti461543.dll
2009-07-18 14:20 . 2009-08-04 08:52 81920 ----a-w- c:\windows\system32\qs461543.dll
2009-07-18 14:19 . 2009-07-18 14:19 -------- d-----w- C:\_OTL
2009-07-18 09:41 . 2008-06-16 13:28 26624 ----a-w- c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-18 09:21 . 2009-07-18 13:29 -------- d-----w- c:\program files\trend micro
2009-07-18 09:21 . 2009-07-18 09:21 -------- d-----w- C:\rsit
2009-07-18 09:17 . 2009-07-18 09:23 -------- d-----w- C:\SDFix
2009-07-16 09:07 . 2009-07-16 09:07 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Identities
2009-07-13 07:11 . 2006-11-07 08:42 5840 ----a-r- c:\windows\system32\drivers\w200whnt.sys
2009-07-13 07:11 . 2006-11-07 08:42 5840 ----a-r- c:\windows\system32\drivers\w200wh.sys
2009-07-13 07:11 . 2006-11-07 08:42 61504 ----a-r- c:\windows\system32\drivers\w200bus.sys
2009-07-11 08:12 . 2009-07-11 08:12 -------- d-----w- C:\Python24
2009-07-10 16:41 . 2009-07-10 16:41 -------- d-----w- c:\windows\Logs
2009-07-09 15:54 . 2009-07-20 13:32 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Adobe
2009-07-09 12:37 . 2009-07-09 12:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ventrilo
2009-07-09 12:04 . 2009-07-09 12:05 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Tibia
2009-07-09 10:09 . 2009-07-09 10:09 -------- d-----w- c:\program files\uTorrent
2009-07-09 10:09 . 2009-08-03 18:49 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent
2009-07-09 08:28 . 2009-04-28 20:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-09 08:28 . 2009-04-28 20:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-09 08:28 . 2009-04-28 20:20 129520 ----a-w- c:\windows\system32\pxafs.dll
2009-07-09 07:06 . 2009-07-09 07:06 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Gadu-Gadu
2009-07-09 07:05 . 2009-07-10 15:23 -------- d-----w- c:\documents and settings\User\Gadu-Gadu
2009-07-09 07:05 . 2009-07-09 07:05 -------- d-----w- c:\program files\Gadu-Gadu
2009-07-08 17:15 . 2009-07-08 17:15 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 08:53 . 2009-08-04 07:11 81920 ----a-w- c:\windows\system32\sk461543.dll
2009-08-04 08:53 . 2009-08-04 07:11 81920 ----a-w- c:\windows\system32\sk461543.dll.vir
2009-08-04 08:08 . 2009-08-04 08:08 -------- d-----w- c:\program files\Sun
2009-08-04 08:08 . 2009-08-04 08:07 -------- d-----w- c:\program files\Java
2009-08-04 08:07 . 2009-08-04 08:07 -------- d-----w- c:\program files\Common Files\Java
2009-08-04 07:21 . 2009-08-04 07:14 81920 ----a-w- c:\windows\system32\je461543.dll
2009-07-25 16:29 . 2009-07-08 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 07:14 . 2009-07-08 14:34 557056 ----a-w- c:\windows\system32\mspaint.exe
2009-07-09 10:26 . 2009-07-08 16:19 -------- d-----w- c:\program files\Winamp
2009-07-08 16:31 . 2009-07-08 16:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Common Files\Real
2009-07-08 16:24 . 2009-07-08 16:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-08 16:24 . 2009-07-08 16:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Real
2009-07-08 16:23 . 2009-07-08 16:22 -------- d-----w- c:\program files\Google
2009-07-08 16:21 . 2009-07-08 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-08 15:19 . 2009-07-08 15:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-08 15:08 . 2009-07-08 15:05 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-08 15:08 . 2009-07-08 15:08 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ahead
2009-07-08 15:05 . 2009-07-08 15:05 -------- d-----w- c:\program files\Nero
2009-07-08 15:04 . 2009-07-08 15:04 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Logitech
2009-07-08 15:03 . 2009-07-08 15:03 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Leadertech
2009-07-08 15:03 . 2009-07-08 15:03 10134 ----a-r- c:\documents and settings\User\Dane aplikacji\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-07-08 15:03 . 2009-07-08 15:01 -------- d-----w- c:\program files\Common Files\Logishrd
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Logitech
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\program files\Logitech
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\User\Dane aplikacji\InstallShield
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LogiShrd
2009-07-08 14:50 . 2009-07-08 14:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-08 14:45 . 2009-07-08 14:45 -------- d-----w- c:\program files\VDOTool
2009-07-08 14:42 . 2008-06-16 13:28 47898 ----a-w- c:\windows\system32\perfc015.dat
2009-07-08 14:42 . 2008-06-16 13:28 352770 ----a-w- c:\windows\system32\perfh015.dat
2009-07-08 14:37 . 2009-07-08 14:37 -------- d-----w- c:\program files\Usługi online
2009-07-08 14:35 . 2009-07-08 14:35 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-08 14:34 . 2009-07-08 14:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-02 16:11 . 2009-07-08 16:30 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2009-07-08 16:30 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-07-08 16:30 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-22 20:16 . 2009-07-08 15:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2008-06-16 13:28 14336 8607D35D92528E2DF386F19A960D23CE c:\windows\system32\svchost.exe
[-] 2008-06-16 13:28 14336 8607D35D92528E2DF386F19A960D23CE c:\windows\system32\dllcache\cache\svchost.exe
[-] 2007-07-11 05:06 642560 CE594E18FE0D0AF804F1F3694921CE62 c:\windows\system32\user32.dll
[-] 2008-06-16 13:28 82432 C0AA2AB856680C44739B41E01F5BD4E9 c:\windows\system32\ws2_32.dll
[-] 2008-06-16 13:28 82432 C0AA2AB856680C44739B41E01F5BD4E9 c:\windows\system32\dllcache\cache\ws2_32.dll
[-] 2008-03-01 12:35 827392 B1DB24042F335198EAD97AAA675B1078 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-06-16 13:28 826368 ACB31B4ED243D4DFFA5268F4AD2B0D6F c:\windows\system32\wininet.dll
[-] 2008-03-01 13:02 826368 ACB31B4ED243D4DFFA5268F4AD2B0D6F c:\windows\system32\dllcache\wininet.dll
[-] 2008-06-16 13:28 826368 ACB31B4ED243D4DFFA5268F4AD2B0D6F c:\windows\system32\dllcache\cache\wininet.dll
[-] 2008-06-16 13:28 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-16 13:28 549888 335813EACD16E84F3047A3326F6E5473 c:\windows\system32\winlogon.exe
[-] 2008-06-16 13:28 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[-] 2008-06-16 13:28 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2008-06-16 13:28 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2008-06-16 13:28 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2008-07-19 00:33 2074240 0DBF1939DF18AC8F8C1E4BD63D7D4B0F c:\windows\system32\ntkrnlpa.exe
[-] 2008-07-07 09:44 2197376 37D5DAAEDA594B9BEE00C82F185CC549 c:\windows\system32\ntoskrnl.exe
[-] 2008-06-27 15:36 1482240 12B143C653DFA3F953EDA4534B1AAEA8 c:\windows\explorer.exe
[-] 2008-06-16 13:28 109056 3E3AE424E27C4CEFE4CAB368C7B570EA c:\windows\system32\services.exe
[-] 2008-06-16 13:28 109056 3E3AE424E27C4CEFE4CAB368C7B570EA c:\windows\system32\dllcache\cache\services.exe
[-] 2008-06-16 13:28 13312 88296F7943F30A1EE3AF735440B92268 c:\windows\system32\lsass.exe
[-] 2008-06-16 13:28 13312 88296F7943F30A1EE3AF735440B92268 c:\windows\system32\dllcache\cache\lsass.exe
[-] 2008-06-16 13:28 57856 DD69EC597AB942C39B950D9C3CE1375D c:\windows\system32\spoolsv.exe
[-] 2008-06-16 13:28 57856 DD69EC597AB942C39B950D9C3CE1375D c:\windows\system32\dllcache\cache\spoolsv.exe
[-] 2008-06-16 13:28 26624 2A5B37D520508BE6570A3EA79695F5B5 c:\windows\system32\userinit.exe
[-] 2008-06-16 13:28 26624 2A5B37D520508BE6570A3EA79695F5B5 c:\windows\system32\dllcache\cache\userinit.exe
[-] 2008-06-16 13:28 296448 52E0505408EDD4AB5CCC7F83B67B4299 c:\windows\system32\termsrv.dll
[-] 2008-06-16 13:28 296448 52E0505408EDD4AB5CCC7F83B67B4299 c:\windows\system32\dllcache\cache\termsrv.dll
[-] 2008-06-16 13:28 1018368 FCE4ECC34A36EDACF03DBE8DE5E28910 c:\windows\system32\kernel32.dll
[-] 2008-06-16 13:28 1018368 FCE4ECC34A36EDACF03DBE8DE5E28910 c:\windows\system32\dllcache\cache\kernel32.dll
[-] 2008-06-16 13:28 17408 414C17A2958AEDAC700BBAAFBF999F94 c:\windows\system32\powrprof.dll
[-] 2008-06-16 13:28 17408 414C17A2958AEDAC700BBAAFBF999F94 c:\windows\system32\dllcache\cache\powrprof.dll
[-] 2008-06-16 13:28 110080 2E9A03268E609917B83921EE16FD9CFB c:\windows\system32\imm32.dll
[-] 2008-06-16 13:28 110080 2E9A03268E609917B83921EE16FD9CFB c:\windows\system32\dllcache\cache\imm32.dll
[-] 2008-06-16 13:28 172032 1561430DA2F2AB81CC0CE71AF95A778D c:\windows\system32\appmgmts.dll
[-] 2008-06-16 13:28 172032 1561430DA2F2AB81CC0CE71AF95A778D c:\windows\system32\dllcache\cache\appmgmts.dll
[-] 2008-03-01 12:35 3593216 B119ED057CDCB0EA1C9235CE8AE66885 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2008-06-16 13:28 3591680 8B994BB807C03EFE52561B832204D8BA c:\windows\system32\mshtml.dll
[-] 2008-03-01 16:32 3591680 8B994BB807C03EFE52561B832204D8BA c:\windows\system32\dllcache\mshtml.dll
[-] 2008-06-16 13:28 3591680 8B994BB807C03EFE52561B832204D8BA c:\windows\system32\dllcache\cache\mshtml.dll
[-] 2008-04-14 17:50 24960 2AECA45D4AEAACBDCB77AD11184E4601 c:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2008-04-14 17:50 24960 2AECA45D4AEAACBDCB77AD11184E4601 c:\windows\system32\drivers\kbdclass.sys
[-] 2008-06-16 13:28 24960 2AECA45D4AEAACBDCB77AD11184E4601 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\kbdclass.sys
[-] 2008-04-14 17:50 24960 2AECA45D4AEAACBDCB77AD11184E4601 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\kbdclass.sys
[-] 2008-06-16 13:28 1420800 4678172D19476FA7D539682FCA42C942 c:\windows\system32\comres.dll
[-] 2008-06-16 13:28 22016 A9C89DBAD5EFF7A06B58302778674507 c:\windows\system32\lpk.dll
[-] 2008-06-16 13:28 22016 A9C89DBAD5EFF7A06B58302778674507 c:\windows\system32\dllcache\cache\lpk.dll
[-] 2008-06-16 13:28 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys
[-] 2008-06-16 13:28 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys
[-] 2008-06-16 13:28 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\cache\null.sys
[-] 2008-06-16 13:28 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys
[-] 2008-04-13 16:09 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\dllcache\cache\aec.sys
[-] 2008-04-13 16:09 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys
[-] 2008-06-16 13:28 927504 E43B998C777D43FB8624741B4567BCD9 c:\windows\system32\mfc40u.dll
[-] 2008-06-16 13:28 927504 E43B998C777D43FB8624741B4567BCD9 c:\windows\system32\dllcache\cache\mfc40u.dll
[-] 2008-06-16 13:28 399360 02396DAB9DD407B06539981F477F3FEC c:\windows\system32\rpcss.dll
[-] 2008-06-16 13:28 399360 02396DAB9DD407B06539981F477F3FEC c:\windows\system32\dllcache\cache\rpcss.dll
[-] 2008-06-16 13:28 724992 7F059A93D251284A8BC758327ECD3D69 c:\windows\system32\comctl32.dll
[-] 2008-06-16 13:28 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-06-16 13:28 1054208 737739FACEAD60683AA8D7FF7602FD14 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-06-16 13:28 12032 66A42B7DB194E24B973BBCCE840A0F3F c:\windows\system32\dllcache\cache\acpiec.sys
[-] 2008-06-16 13:28 12032 66A42B7DB194E24B973BBCCE840A0F3F c:\windows\system32\drivers\acpiec.sys
[-] 2008-06-16 13:28 5120 71C6AB6EB8CF1190BAC7075F82BD8F05 c:\windows\system32\sfc.dll
[-] 2008-06-16 13:28 5120 71C6AB6EB8CF1190BAC7075F82BD8F05 c:\windows\system32\dllcache\cache\sfc.dll
[-] 2008-06-16 13:28 407040 A6DE45FFB64CAAC26C44523CA978F819 c:\windows\system32\netlogon.dll
[-] 2008-06-16 13:28 407040 A6DE45FFB64CAAC26C44523CA978F819 c:\windows\system32\dllcache\cache\netlogon.dll
[-] 2008-06-16 13:28 409088 78200FAA6FD9C69394134C238C87FB7F c:\windows\system32\qmgr.dll
[-] 2008-06-16 13:28 409088 78200FAA6FD9C69394134C238C87FB7F c:\windows\system32\dllcache\cache\qmgr.dll
[-] 2008-06-16 13:28 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\dllcache\cache\asyncmac.sys
[-] 2008-06-16 13:28 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\drivers\asyncmac.sys
[-] 2008-06-16 13:28 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\cache\ntfs.sys
[-] 2008-06-16 13:28 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys
[-] 2008-06-16 13:28 171520 316D0E66074AE4CDE641C50D3A1C5148 c:\windows\system32\srsvc.dll
[-] 2008-06-16 13:28 171520 316D0E66074AE4CDE641C50D3A1C5148 c:\windows\system32\dllcache\cache\srsvc.dll
[-] 2008-06-16 13:28 435712 3FB5399DBB7001A80D58EDAD64C98225 c:\windows\system32\ntmssvc.dll
[-] 2008-06-16 13:28 435712 3FB5399DBB7001A80D58EDAD64C98225 c:\windows\system32\dllcache\cache\ntmssvc.dll
[-] 2008-06-16 13:28 88576 BC22C5E1238D4D36D65679E249C483C3 c:\windows\system32\rasauto.dll
[-] 2008-06-16 13:28 88576 BC22C5E1238D4D36D65679E249C483C3 c:\windows\system32\dllcache\cache\rasauto.dll
[-] 2008-06-16 13:28 1571840 C8BDAD4065118558B3DC360FC96D81DB c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-19_14.32.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-20 06:32 . 2009-07-20 06:32 62464 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
+ 2007-07-23 02:34 . 2007-07-23 02:34 811008 c:\windows\system32\nvcplui.exe
+ 2009-08-04 08:08 . 2008-06-10 00:32 139264 c:\windows\system32\javaws.exe
+ 2009-08-04 08:08 . 2008-06-09 23:21 135168 c:\windows\system32\javaw.exe
+ 2009-08-04 08:08 . 2008-06-09 23:21 135168 c:\windows\system32\java.exe
+ 2009-07-08 14:34 . 2008-06-16 13:28 174080 c:\windows\system32\calc.exe
+ 2009-08-04 08:08 . 2009-08-04 08:08 360960 c:\windows\Installer\456f1e.msi
+ 2009-08-04 08:07 . 2009-08-04 08:07 289792 c:\windows\Installer\456f17.msi
+ 2009-07-20 06:32 . 2009-07-20 06:32 958464 c:\windows\Installer\23c4366.msi
+ 2009-07-26 15:31 . 2009-07-26 15:31 161862 c:\windows\Installer\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\ARPPRODUCTICON.exe
+ 2009-07-20 06:32 . 2009-07-20 06:32 106496 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
+ 2009-07-26 15:30 . 2009-07-26 15:31 80038400 c:\windows\Installer\1cea44b.msi
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 151552]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-06-26 2165272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-07-23 1683456]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-06-16 124928]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-8 846352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 10:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\PES 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"f:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
S2 gupdate1c9ffe8612be232;Usługa Google Update (gupdate1c9ffe8612be232);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:23]
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:23]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://nasza-klasa.pl/
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\idg199yp.default\
FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 11:05
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MCIDRV_2600_6_0]
"ImagePath"="\??\c:\windows\system32\drivers\njklmn.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MCIDRV_2600_6_0]
"ImagePath"="\??\c:\windows\system32\drivers\njklmn.sys"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(264)
c:\windows\system32\sfc_os.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(320)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(1408)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\qs461543.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
.
Czas ukończenia: 2009-08-04 11:08
ComboFix-quarantined-files.txt 2009-08-04 09:08
ComboFix2.txt 2009-08-04 07:21
ComboFix3.txt 2009-07-20 15:47
ComboFix4.txt 2009-07-20 08:48
ComboFix5.txt 2009-08-04 08:53
Przed: 4 575 657 984 bajtów wolnych
Po: 4 575 186 944 bajtów wolnych
335 --- E O F --- 2009-07-14 12:59
tryb awaryjny mi dziala
wczesniej mialem blue screena Olhrwef.exe , e.exe
przez Okocza 04 Sie 2009, 15:09
FoReST333, wykonaj to jeszcze raz w trybie zwykłym.
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
-
Olhrwef.exe , e.exe
przez FoReST333 04 Sie 2009, 15:42
log:
znowu mi wyskoczylo to okienko przy combofixie ze jakis plik chce sie włamac ...
ale w sumie to tutaj pisze ;p dopiero zauwazylem ;p
- Kod: Zaznacz wszystko
ComboFix 09-08-03.A2 - User 2009-08-04 15:31.8.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1630 [GMT 2:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\ComboFix.exe
.
Następujące pliki zostały wyłączone z działania w czasie skanowania:
c:\windows\system32\sk461543.dll
((((((((((((((((((((((((( Pliki utworzone od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-04 13:34 . 2009-08-04 13:35 81920 ----a-w- c:\windows\system32\pe461543.dll
2009-08-04 09:35 . 2009-08-04 09:34 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-04 09:34 . 2009-08-04 09:34 152576 ----a-w- c:\documents and settings\User\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-04 08:58 . 2009-08-04 09:08 81920 ----a-w- c:\windows\system32\ke461543.dll
2009-08-04 08:11 . 2009-08-04 08:11 -------- d-----w- c:\windows\Sun
2009-08-04 08:08 . 2009-08-04 08:08 -------- d-----w- c:\program files\Sun
2009-08-04 08:07 . 2009-08-04 09:34 -------- d-----w- c:\program files\Java
2009-08-04 08:07 . 2009-08-04 08:07 -------- d-----w- c:\program files\Common Files\Java
2009-08-04 07:14 . 2009-08-04 07:21 81920 ----a-w- c:\windows\system32\je461543.dll
2009-08-04 07:11 . 2009-08-04 13:30 81920 ----a-w- c:\windows\system32\sk461543.dll
2009-08-04 07:11 . 2009-08-04 13:30 81920 ----a-w- c:\windows\system32\sk461543.dll.vir
2009-08-01 10:49 . 2009-08-01 10:49 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu
2009-07-26 20:03 . 2009-08-01 10:51 81920 ----a-w- c:\windows\system32\lz461543.dll
2009-07-26 20:02 . 2009-08-04 06:52 81920 ----a-w- c:\windows\system32\j{461543.dll
2009-07-25 10:06 . 2009-07-25 10:16 81920 ----a-w- c:\windows\system32\mz461543.dll
2009-07-25 09:46 . 2009-07-25 09:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ubisoft
2009-07-25 09:46 . 2009-07-25 09:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2009-07-25 09:14 . 2009-07-25 09:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-07-25 09:10 . 2009-07-25 09:10 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-25 09:10 . 2009-07-25 09:16 -------- d-----w- c:\documents and settings\User\Dane aplikacji\DAEMON Tools Lite
2009-07-22 08:10 . 2009-07-24 14:13 81920 ----a-w- c:\windows\system32\kw461543.dll
2009-07-22 07:55 . 2009-07-22 07:55 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-22 07:55 . 2009-07-22 07:55 22328 ----a-w- c:\documents and settings\User\Dane aplikacji\PnkBstrK.sys
2009-07-22 07:55 . 2009-07-22 07:55 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-22 07:55 . 2009-07-22 07:55 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-22 07:42 . 2009-07-22 07:42 -------- d-----w- c:\windows\system32\LogFiles
2009-07-21 10:47 . 2009-07-22 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Codemasters
2009-07-21 10:34 . 2009-07-21 10:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 10:14 . 2009-07-21 10:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-21 10:14 . 2009-07-21 10:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-21 10:14 . 2009-07-21 10:14 -------- d-----w- c:\program files\OpenAL
2009-07-21 07:23 . 2009-07-26 15:23 81920 ----a-w- c:\windows\system32\iu461543.dll
2009-07-20 15:42 . 2009-07-20 15:47 81920 ----a-w- c:\windows\system32\ru461543.dll
2009-07-20 15:37 . 2009-08-04 13:28 5077 ----a-w- c:\windows\system32\drivers\njklmn.sys
2009-07-20 15:36 . 2009-07-20 15:36 -------- d-----w- c:\windows\system32\%commonprogramfiles%
2009-07-20 14:29 . 2009-07-20 15:11 81920 ----a-w- c:\windows\system32\qu461543.dll
2009-07-20 08:50 . 2009-08-04 13:13 81920 ----a-w- c:\windows\system32\ik461543.dll
2009-07-20 07:43 . 2009-07-20 07:43 9240 ----a-w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-07-20 06:36 . 2009-07-20 06:36 -------- d-sh--w- c:\windows\ftpcache
2009-07-20 06:32 . 2004-04-30 07:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-07-20 06:32 . 2004-04-30 07:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-07-20 06:32 . 2009-07-20 06:32 -------- d-----w- c:\program files\Alcohol Soft
2009-07-20 06:32 . 2009-08-04 09:34 81920 ----a-w- c:\windows\system32\kl461543.dll
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Malwarebytes
2009-07-19 19:00 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 19:00 . 2009-07-19 19:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-19 19:00 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\xircom
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\system32\oobe
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\srchasst
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\windows\msagent
2009-07-19 14:30 . 2009-07-19 14:30 -------- d-----w- c:\program files\microsoft frontpage
2009-07-19 14:21 . 2009-08-04 13:30 81920 ----a-w- c:\windows\system32\qt461543.dll
2009-07-19 13:06 . 2009-08-04 09:11 81920 ----a-w- c:\windows\system32\nt461543.dll
2009-07-19 11:15 . 2009-07-19 11:15 -------- d-----w- c:\windows\USB Vibration
2009-07-19 11:15 . 2009-07-19 11:15 -------- d-----w- c:\program files\USB Vibration
2009-07-19 08:23 . 2009-07-25 11:28 81920 ----a-w- c:\windows\system32\no461543.dll
2009-07-18 18:43 . 2009-08-04 13:28 81920 ----a-w- c:\windows\system32\kj461543.dll
2009-07-18 14:25 . 2009-08-04 13:04 81920 ----a-w- c:\windows\system32\jj461543.dll
2009-07-18 14:21 . 2009-08-04 13:12 81920 ----a-w- c:\windows\system32\oo461543.dll
2009-07-18 14:21 . 2009-08-04 09:10 81920 ----a-w- c:\windows\system32\si461543.dll
2009-07-18 14:21 . 2009-08-04 09:10 81920 ----a-w- c:\windows\system32\ij461543.dll
2009-07-18 14:21 . 2009-08-04 13:35 81920 ----a-w- c:\windows\system32\ti461543.dll
2009-07-18 14:20 . 2009-08-04 09:10 81920 ----a-w- c:\windows\system32\qs461543.dll
2009-07-18 14:19 . 2009-07-18 14:19 -------- d-----w- C:\_OTL
2009-07-18 09:41 . 2008-06-16 13:28 26624 ----a-w- c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-18 09:21 . 2009-07-18 13:29 -------- d-----w- c:\program files\trend micro
2009-07-18 09:21 . 2009-07-18 09:21 -------- d-----w- C:\rsit
2009-07-18 09:17 . 2009-07-18 09:23 -------- d-----w- C:\SDFix
2009-07-16 09:07 . 2009-07-16 09:07 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Identities
2009-07-13 07:11 . 2006-11-07 08:42 5840 ----a-r- c:\windows\system32\drivers\w200whnt.sys
2009-07-13 07:11 . 2006-11-07 08:42 5840 ----a-r- c:\windows\system32\drivers\w200wh.sys
2009-07-13 07:11 . 2006-11-07 08:42 61504 ----a-r- c:\windows\system32\drivers\w200bus.sys
2009-07-11 08:12 . 2009-07-11 08:12 -------- d-----w- C:\Python24
2009-07-10 16:41 . 2009-07-10 16:41 -------- d-----w- c:\windows\Logs
2009-07-09 15:54 . 2009-07-20 13:32 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Adobe
2009-07-09 12:37 . 2009-07-09 12:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ventrilo
2009-07-09 12:04 . 2009-07-09 12:05 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Tibia
2009-07-09 10:09 . 2009-07-09 10:09 -------- d-----w- c:\program files\uTorrent
2009-07-09 10:09 . 2009-08-04 12:59 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent
2009-07-09 08:28 . 2009-04-28 20:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-09 08:28 . 2009-04-28 20:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-09 08:28 . 2009-04-28 20:20 129520 ----a-w- c:\windows\system32\pxafs.dll
2009-07-09 07:06 . 2009-07-09 07:06 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Gadu-Gadu
2009-07-09 07:05 . 2009-07-10 15:23 -------- d-----w- c:\documents and settings\User\Gadu-Gadu
2009-07-09 07:05 . 2009-07-09 07:05 -------- d-----w- c:\program files\Gadu-Gadu
2009-07-08 17:15 . 2009-07-08 17:15 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 16:29 . 2009-07-08 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 07:14 . 2009-07-08 14:34 557056 ----a-w- c:\windows\system32\mspaint.exe
2009-07-09 10:26 . 2009-07-08 16:19 -------- d-----w- c:\program files\Winamp
2009-07-08 16:31 . 2009-07-08 16:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Common Files\Real
2009-07-08 16:24 . 2009-07-08 16:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-08 16:24 . 2009-07-08 16:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 16:24 . 2009-07-08 16:24 -------- d-----w- c:\program files\Real
2009-07-08 16:23 . 2009-07-08 16:22 -------- d-----w- c:\program files\Google
2009-07-08 16:21 . 2009-07-08 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-08 15:19 . 2009-07-08 15:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-08 15:08 . 2009-07-08 15:05 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-08 15:08 . 2009-07-08 15:08 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Ahead
2009-07-08 15:05 . 2009-07-08 15:05 -------- d-----w- c:\program files\Nero
2009-07-08 15:04 . 2009-07-08 15:04 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Logitech
2009-07-08 15:03 . 2009-07-08 15:03 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Leadertech
2009-07-08 15:03 . 2009-07-08 15:03 10134 ----a-r- c:\documents and settings\User\Dane aplikacji\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-07-08 15:03 . 2009-07-08 15:01 -------- d-----w- c:\program files\Common Files\Logishrd
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-08 15:02 . 2009-07-08 15:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Logitech
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\program files\Logitech
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\User\Dane aplikacji\InstallShield
2009-07-08 15:01 . 2009-07-08 15:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LogiShrd
2009-07-08 14:50 . 2009-07-08 14:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-08 14:45 . 2009-07-08 14:45 -------- d-----w- c:\program files\VDOTool
2009-07-08 14:42 . 2008-06-16 13:28 47898 ----a-w- c:\windows\system32\perfc015.dat
2009-07-08 14:42 . 2008-06-16 13:28 352770 ----a-w- c:\windows\system32\perfh015.dat
2009-07-08 14:37 . 2009-07-08 14:37 -------- d-----w- c:\program files\Usługi online
2009-07-08 14:35 . 2009-07-08 14:35 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-08 14:34 . 2009-07-08 14:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-02 16:11 . 2009-07-08 16:30 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2009-07-08 16:30 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-07-08 16:30 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-08-04 11:16 . 2009-07-08 15:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2007-07-11 05:06 642560 CE594E18FE0D0AF804F1F3694921CE62 c:\windows\system32\user32.dll
[-] 2008-06-16 13:28 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-16 13:28 549888 335813EACD16E84F3047A3326F6E5473 c:\windows\system32\winlogon.exe
[-] 2008-07-19 00:33 2074240 0DBF1939DF18AC8F8C1E4BD63D7D4B0F c:\windows\system32\ntkrnlpa.exe
[-] 2008-07-07 09:44 2197376 37D5DAAEDA594B9BEE00C82F185CC549 c:\windows\system32\ntoskrnl.exe
[-] 2008-06-27 15:36 1482240 12B143C653DFA3F953EDA4534B1AAEA8 c:\windows\explorer.exe
[-] 2008-06-16 13:28 1420800 4678172D19476FA7D539682FCA42C942 c:\windows\system32\comres.dll
[-] 2008-06-16 13:28 724992 7F059A93D251284A8BC758327ECD3D69 c:\windows\system32\comctl32.dll
[7] 2008-06-16 13:28 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-06-16 13:28 1054208 737739FACEAD60683AA8D7FF7602FD14 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-06-16 13:28 1571840 C8BDAD4065118558B3DC360FC96D81DB c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-19_14.32.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-04 09:35 . 2009-08-04 09:35 16384 c:\windows\temp\Perflib_Perfdata_730.dat
+ 2009-07-20 06:32 . 2009-07-20 06:32 62464 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814234.exe
+ 2007-07-23 02:34 . 2007-07-23 02:34 811008 c:\windows\system32\nvcplui.exe
+ 2009-08-04 09:35 . 2009-08-04 09:34 148888 c:\windows\system32\javaws.exe
+ 2009-08-04 09:35 . 2009-08-04 09:34 144792 c:\windows\system32\javaw.exe
+ 2009-08-04 09:35 . 2009-08-04 09:34 144792 c:\windows\system32\java.exe
+ 2009-07-08 14:34 . 2008-06-16 13:28 174080 c:\windows\system32\calc.exe
+ 2009-08-04 08:08 . 2009-08-04 08:08 360960 c:\windows\Installer\456f1e.msi
+ 2009-08-04 08:07 . 2009-08-04 08:07 289792 c:\windows\Installer\456f17.msi
+ 2009-07-20 06:32 . 2009-07-20 06:32 958464 c:\windows\Installer\23c4366.msi
+ 2009-08-04 09:34 . 2009-08-04 09:34 536576 c:\windows\Installer\166889.msi
+ 2009-07-26 15:31 . 2009-07-26 15:31 161862 c:\windows\Installer\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\ARPPRODUCTICON.exe
+ 2009-07-20 06:32 . 2009-07-20 06:32 106496 c:\windows\Installer\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\IconE9F814236.exe
+ 2009-07-26 15:30 . 2009-07-26 15:31 80038400 c:\windows\Installer\1cea44b.msi
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 151552]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-06-26 2165272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-07-23 1683456]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-06-16 124928]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-8 846352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 10:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\PES 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"f:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
S2 gupdate1c9ffe8612be232;Usługa Google Update (gupdate1c9ffe8612be232);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
S2 MCIDRV_2600_6_0;MCIDRV_2600_6_0;c:\windows\system32\drivers\njklmn.sys [2009-07-20 5077]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - WMIAPSRV
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:23]
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:23]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://nasza-klasa.pl/
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\idg199yp.default\
FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 15:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\sfc_os.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\qs461543.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\program files\Gadu-Gadu\ggwhook.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Czas ukończenia: 2009-08-04 15:38
ComboFix-quarantined-files.txt 2009-08-04 13:38
ComboFix2.txt 2009-08-04 09:08
ComboFix3.txt 2009-08-04 07:21
ComboFix4.txt 2009-07-20 15:47
ComboFix5.txt 2009-08-04 13:30
Przed: 4 172 771 328 bajtów wolnych
Po: 4 150 603 776 bajtów wolnych
282 --- E O F --- 2009-07-14 12:59
znowu mi wyskoczylo to okienko przy combofixie ze jakis plik chce sie włamac ...
ale w sumie to tutaj pisze ;p dopiero zauwazylem ;p
26 posty(ów) • Strona 2 z 2 • 1, 2
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 28 gości