Mam ostrego wirusa. Kasuje mi programy (ie, firefox). Zablokował mi dostęp do cmd.
Wirus się przerzuca na inne pliczki. Mam na kompie 3 windowsy i wszystkie są zawirowane -_-
Daję loga z ComboFix
Proszę o analizę, z góry pozdrawiam dobrych ludzi
- Kod: Zaznacz wszystko
ComboFix 09-01-19.05 - KONRAD 2009-01-20 10:29:57.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3327.2518 [GMT 1:00]
Uruchomiony z: c:\documents and settings\KONRAD\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\KONRAD\Dane aplikacji\addon.dat
c:\program files\Bifrost
c:\program files\bifrost\klog.dat
c:\program files\bifrost\server.exe
c:\program files\p2pmax
c:\program files\p2pmax\p2pmaxu.exe
c:\program files\ppcbooster
c:\program files\ppcbooster\ppcbu_32.exe
c:\windows\nohh06760.exe
c:\windows\system32\_mnssibcsupmztn.dll
c:\windows\system32\mnssibcsupmztn.dll
c:\windows\system32\tmp90.tmp
c:\windows\system32\tmp94.tmp
c:\windows\system32\tmp95.tmp
c:\windows\system32\win.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-20 do 2009-01-20 )))))))))))))))))))))))))))))))
.
2009-01-20 10:35 . 2009-01-20 10:37 110 -rahs---- C:\autorun.inf
2009-01-19 22:52 . 2009-01-20 10:37 10,518,574 -rahs---- C:\winfile.jpg
2009-01-19 21:20 . 2009-01-19 21:20 <DIR> d-------- c:\program files\SkanerOnline
2009-01-19 20:45 . 2009-01-19 20:45 <DIR> d--hs---- C:\FOUND.053
2009-01-19 18:03 . 2009-01-20 10:35 10,518,574 -rahs---- c:\windows\system32\winjpg.jpg
2009-01-14 21:32 . 2009-01-14 21:33 1,905 --a------ c:\windows\diagwrn.xml
2009-01-14 21:32 . 2009-01-14 21:33 1,905 --a------ c:\windows\diagerr.xml
2009-01-13 17:46 . 2009-01-13 17:46 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-01-13 17:45 . 2009-01-13 17:45 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-01-08 21:55 . 2009-01-08 21:55 <DIR> d-------- c:\program files\EA Games
2009-01-08 20:33 . 2009-01-08 20:33 <DIR> d--hs---- C:\FOUND.052
2009-01-07 20:03 . 2009-01-07 20:03 <DIR> d--hs---- C:\FOUND.051
2009-01-03 20:58 . 2009-01-03 20:58 <DIR> d--hs---- C:\FOUND.050
2009-01-03 15:30 . 2009-01-03 15:31 <DIR> d-------- c:\program files\thriXXX
2009-01-03 14:28 . 2009-01-03 14:28 <DIR> d--hs---- C:\FOUND.049
2009-01-02 23:51 . 2009-01-02 23:51 <DIR> d--hs---- C:\FOUND.048
2009-01-02 19:56 . 2009-01-02 19:56 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-01-02 19:55 . 2009-01-02 19:55 <DIR> d---s---- c:\documents and settings\All Users\Dane aplikacji\Memeo
2008-12-26 13:13 . 2008-12-26 13:13 <DIR> d-------- C:\VIO
2008-12-26 13:13 . 2008-12-26 13:13 <DIR> d-------- c:\program files\Vio Video Converter
2008-12-26 13:13 . 2008-12-26 13:13 67 --a------ C:\ioVIO.ini
2008-12-25 14:34 . 2008-12-25 14:34 <DIR> d--hs---- C:\FOUND.047
2008-12-24 11:24 . 2008-12-24 11:24 <DIR> d-------- c:\documents and settings\KONRAD\WINDOWS
2008-12-24 11:23 . 2008-12-24 11:23 <DIR> d-------- c:\documents and settings\KONRAD\Dane aplikacji\DAEMON Tools Pro
2008-12-24 11:22 . 2008-12-24 11:22 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-24 11:22 . 2008-12-24 11:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2008-12-24 02:05 . 2008-12-24 02:05 <DIR> d-------- c:\documents and settings\KONRAD\Dane aplikacji\DAEMON Tools Lite
2008-12-24 00:57 . 2008-12-24 00:57 <DIR> d-------- c:\program files\E-Zsoft
2008-12-24 00:51 . 2008-12-24 00:51 66 --a------ c:\windows\avitoiPodconverter.ini
2008-12-24 00:50 . 2008-12-24 00:51 1 --a------ c:\windows\system32\SysAVItoiPod.dat
2008-12-24 00:49 . 2008-12-24 00:49 <DIR> d-------- c:\program files\popsoftware
2008-12-23 20:34 . 2008-12-23 20:34 <DIR> d-------- c:\program files\uTorrent
2008-12-23 20:34 . 2008-12-23 20:34 <DIR> d-------- c:\documents and settings\KONRAD\Dane aplikacji\uTorrent
2008-12-23 15:22 . 2008-12-23 15:22 <DIR> d--hs---- C:\FOUND.046
2008-12-21 15:57 . 2008-12-21 15:57 <DIR> d-------- c:\program files\runit
2008-12-21 15:57 . 2008-12-21 16:07 905,544 --a------ c:\windows\ykgee3362.exe
2008-12-21 15:57 . 2008-12-21 16:07 196,444 --a------ c:\windows\pn8.exe
2008-12-21 15:57 . 2008-12-21 16:07 69,531 --a------ c:\windows\hw5305.exe
2008-12-21 15:57 . 2008-12-21 15:57 53,942 --a------ c:\windows\system32\cont_adsoftinc-remove.exe
2008-12-21 15:57 . 2008-12-21 16:07 47,578 --a------ c:\windows\system32\dhzgbwelhdzemr.exe
2008-12-20 19:13 . 2008-12-15 21:17 205,268 --a------ c:\windows\system32\nvapps.nvb
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 09:31 544 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-20 09:31 3,616 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-20 09:31 1,124 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-20 09:31 1,124 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-19 13:27 202,000 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-19 13:27 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-18 16:03 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-24 01:05 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-14 17:18 --------- d-----w c:\program files\TomTom HOME
2008-12-13 14:47 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-06 14:24 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-06 13:36 --------- d-----w c:\program files\Rockstar Games
2008-12-05 18:29 --------- d-----w c:\program files\RivaTuner v2.20
2008-12-02 22:11 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-02 16:29 676,352 ----a-w c:\windows\system32\nsg5A.dll
2008-12-02 09:13 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-11-29 20:59 --------- d-----w c:\program files\Common Files\Skype
2008-11-21 21:00 --------- d-----w c:\program files\iPod
2008-11-21 20:59 --------- d-----w c:\program files\Apple Software Update
2008-11-21 20:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-17 16:02 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-11-17 16:02 22,328 ----a-w c:\documents and settings\KONRAD\Dane aplikacji\PnkBstrK.sys
2008-11-12 13:54 6,188,320 ----a-w c:\windows\system32\dllcache\nv4_mini.sys
2008-11-12 13:54 6,148,864 ----a-w c:\windows\system32\dllcache\nv4_disp.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2007-11-18 22:01 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-12-02 16:29 641,536 ----a-w c:\program files\mozilla firefox\components\nsadsoftinc.dll
2008-07-18 21:11 16,006 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-12-11 19:52 56 --sh--r c:\windows\system32\5B77E792AD.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"BearShare"="c:\program files\BearShare\BearShare.exe" [2006-08-01 3313664]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-04-24 1421824]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"ASUS Energy Saving"="c:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" [2007-12-24 2134528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-15 13680640]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.20\RivaTuner.exe" [2008-11-19 2727936]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-15 86016]
"CTFMON"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
"nwiz"="nwiz.exe" [2008-12-15 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\KONRAD\Menu Start\Programy\Autostart\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]
runit_32.lnk - c:\program files\runit\runit_32.exe [2008-12-19 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSConfig.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp.exe]
"Debugger"=\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Gniew Kane'a\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\AVP.EXE"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Gniew Kane'a\\RetailExe\\1.1\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 MSHUSBVideo;NX6000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2006-08-24 30512]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2008-05-05 19020]
R3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2007-11-18 20864]
R3 SNXPSERX;Sunix PCI Serial Port Driver;c:\windows\system32\drivers\snxpserx.sys [2007-11-18 54528]
R4 UacFlt;Philips Composite Class Filter Driver;c:\windows\system32\drivers\uacbflt.sys [2002-06-14 21276]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-12-04 4224]
S3 cpuz129;cpuz129;\??\c:\docume~1\KONRAD\USTAWI~1\Temp\cpuz_x32.sys --> c:\docume~1\KONRAD\USTAWI~1\Temp\cpuz_x32.sys [?]
S3 cpuz131;cpuz131;\??\c:\docume~1\KONRAD\USTAWI~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\KONRAD\USTAWI~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);c:\windows\system32\drivers\ctlsb16.sys [2008-03-24 96256]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-05-05 21888]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2008-02-06 23040]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDD90C2E-FEC4-2D3C-0937-324378B155F4}]
c:\program files\Bifrost\server.exe s
.
Zawartość folderu 'Zaplanowane zadania'
2008-11-30 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2008-09-20 14:13]
2009-01-17 c:\windows\Tasks\NeroLiveEpgUpdate-INTEL3000_KONRAD.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51]
2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
HKLM-Run-QFan Help - c:\program files\ASUS\AI Suite\QFan\QFanHelp.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-regdiit - c:\windows\system32\win.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
Notify-WgaLogon - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uWindow Title = .-~= Hacked by X4X =~-.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.conduit.com/Results.aspx?q=%s&meta=all&hl=fr&gl=fr&SelfSearch=1&SearchSourceOrigin=1&ctid=CT1472949
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\KONRAD\Dane aplikacji\Mozilla\Firefox\Profiles\xkovf4ql.default\
FF - prefs.js: browser.startup.homepage - ogame.pl
FF - component: c:\program files\Mozilla Firefox\components\nsadsoftinc.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll
.
.
------- Skojarzenia plików -------
.
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 10:34:14
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *a*n*d* *C*o*n*q*u*e*r* *3* *W*o*j*n*y* *o* *t*y*b*e*r*i*u*m*"!\Pomoc]
"Order"=hex:08,00,00,00,02,00,00,00,b8,02,00,00,01,00,00,00,04,00,00,00,9c,00,
00,00,00,00,00,00,8e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,\
[HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b4,4c,81,d0,67,18,f4,1d,76,38,8d,2f,9a,0b,8e,df,12,19,de,b7,13,7f,3f,
0d,db,d0,1f,24,9b,4d,cb,ff,b7,6f,5e,52,76,cb,36,1d,cd,dd,1c,4f,72,13,ad,29,\
"??"=hex:25,65,bb,27,8b,92,55,34,10,3f,d9,49,2f,0e,31,37
[HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:cf,3d,48,10,32,e9,58,38,8d,fc,cc,66,ed,53,23,ad,5e,1c,27,7a,5c,
65,a7,c5,f0,10,f9,7a,df,f5,71,f1,b9,1f,cf,4d,d7,34,86,9e,9b,f1,b9,82,8e,5e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1120)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1176)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
- - - - - - - > 'explorer.exe'(2776)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\MOUSE DRIVER\KMPROCESS.EXE
c:\program files\ASUS\AASP\1.00.63\AACENTER.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\MICROSOFT LIFECAM\MSCAMS32.EXE
c:\program files\COMMON FILES\NERO\NERO BACKITUP 4\NBSERVICE.EXE
c:\program files\NVIDIA CORPORATION\NTUNE\NTUNESERVICE.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Last.fm\LastFM.exe
c:\program files\iTunes\iTunes.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-20 10:40:02 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-01-20 09:39:58
Przed: 75 735 924 736 bajtów wolnych
Po: 84,320,550,912 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
350 --- E O F --- 2009-01-14 19:10:26
Pozdrawiam,
GeXeM
