nod wykryl dzis
win32/psw.onlinegames.nmy
mialem wczesniej juz problemy z innymi wersjami onlinegames ale jakos format pomagal.
proszę o sprawdzenie poniższego loga.
wygererowalem loga z combofixa i oto on:
- Kod: Zaznacz wszystko
ComboFix 08-11-19.08 - User 2008-11-20 21:53:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.273 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-20 do 2008-11-20 )))))))))))))))))))))))))))))))
.
2008-11-19 19:28 . 2008-11-19 19:28 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\skypePM
2008-11-19 19:28 . 2008-11-19 19:28 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-19 19:27 . 2008-11-19 19:27 <DIR> d-------- c:\program files\Skype
2008-11-19 19:27 . 2008-11-19 19:27 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-19 19:27 . 2008-11-19 21:18 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Skype
2008-11-19 19:27 . 2008-11-19 19:27 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype
2008-11-16 22:10 . 2008-11-16 22:10 <DIR> d-------- c:\program files\NAPI-PROJEKT
2008-11-16 12:57 . 2008-11-16 13:02 <DIR> d-------- c:\program files\uTorrent
2008-11-16 12:57 . 2008-11-19 22:47 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\uTorrent
2008-11-12 14:30 . 2008-11-12 14:30 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Media Player Classic
2008-11-12 14:30 . 2008-11-16 22:10 49 --a------ c:\windows\NeroDigital.ini
2008-11-11 18:44 . 2008-11-11 21:13 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Apple Computer
2008-11-11 18:42 . 2008-11-11 18:48 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-11 15:45 . 2008-11-11 15:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-11 15:45 . 2008-11-11 18:53 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-11-11 15:22 . 2008-11-11 15:22 108,507 -r-hs---- C:\ogcikeq.com
2008-11-11 15:13 . 2008-11-11 15:13 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\SRS Labs
2008-11-11 15:12 . 2007-07-26 09:25 47,360 -ra------ c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2008-11-11 15:12 . 2007-07-26 09:25 47,104 -ra------ c:\windows\system32\drivers\tshd4_kern_i386.sys
2008-11-11 15:12 . 2007-07-26 09:25 42,112 -ra------ c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2008-11-11 15:12 . 2007-07-26 09:25 39,808 -ra------ c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2008-11-11 15:12 . 2007-07-26 09:25 32,000 -ra------ c:\windows\system32\drivers\wowhd_kern_i386.sys
2008-11-11 15:11 . 2008-11-11 15:11 <DIR> d-------- c:\program files\SRS Labs
2008-11-11 13:29 . 2008-11-11 13:29 <DIR> d-------- c:\program files\QuickTime
2008-11-11 13:29 . 2008-11-11 18:42 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-11 13:28 . 2008-11-11 13:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-11 13:28 . 2008-11-11 13:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-11 13:13 . 2001-08-17 20:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2008-11-11 13:12 . 2008-04-14 20:35 58,880 --a------ c:\windows\system32\drivers\redbook.sys
2008-11-11 13:12 . 2001-08-17 19:12 16,074 --a------ c:\windows\system32\drivers\FA312nd5.sys
2008-11-11 13:12 . 2001-08-17 20:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-11-11 13:11 . 2008-04-14 21:50 77,312 --a------ c:\windows\system32\usbui.dll
2008-11-11 13:11 . 2008-04-13 23:06 14,208 --a------ c:\windows\system32\drivers\battc.sys
2008-11-11 13:11 . 2008-04-13 23:06 13,952 --a------ c:\windows\system32\drivers\CmBatt.sys
2008-11-11 13:11 . 2008-04-13 23:06 10,240 --a------ c:\windows\system32\drivers\compbatt.sys
2008-11-11 13:11 . 2008-04-14 20:46 5,504 --a------ c:\windows\system32\drivers\intelide.sys
2008-11-11 13:10 . 2008-11-11 13:10 <DIR> d-------- c:\program files\Java
2008-11-11 13:10 . 2008-11-11 13:10 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-11 13:10 . 2008-11-11 13:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-11 13:09 . 2008-11-11 13:09 <DIR> dr-h----- c:\documents and settings\Default User\Ustawienia lokalne
2008-11-11 13:09 . 2008-11-11 13:09 <DIR> d-------- c:\documents and settings\Default User\Ulubione
2008-11-11 13:09 . 2008-11-11 12:15 <DIR> d--h----- c:\documents and settings\Default User\Szablony
2008-11-11 13:09 . 2008-11-11 13:09 <DIR> d-------- c:\documents and settings\Default User\Pulpit
2008-11-11 13:09 . 2008-11-11 13:09 <DIR> d-------- c:\documents and settings\Default User\Moje dokumenty
2008-11-11 13:09 . 2008-11-11 13:09 <DIR> dr------- c:\documents and settings\Default User\Menu Start
2008-11-11 13:09 . 2008-11-11 13:09 <DIR> d-------- c:\documents and settings\All Users\Ulubione
2008-11-11 13:09 . 2008-11-11 13:09 <DIR> d--h----- c:\documents and settings\All Users\Szablony
2008-11-11 13:09 . 2008-11-19 20:12 <DIR> d-------- c:\documents and settings\All Users\Pulpit
2008-11-11 13:09 . 2008-11-19 20:13 <DIR> dr------- c:\documents and settings\All Users\Menu Start
2008-11-11 13:09 . 2008-11-11 12:18 <DIR> dr------- c:\documents and settings\All Users\Dokumenty
2008-11-11 13:08 . 2008-11-18 13:25 <DIR> d-------- c:\windows\system32\CatRoot2
2008-11-11 13:08 . 2008-11-11 18:40 <DIR> d-------- c:\windows\system32\CatRoot
2008-11-11 13:08 . 2008-11-11 13:09 <DIR> dr-h----- c:\documents and settings\Default User\Dane aplikacji
2008-11-11 13:08 . 2008-11-11 12:21 <DIR> d--h----- c:\documents and settings\Default User
2008-11-11 13:08 . 2008-11-19 19:27 <DIR> dr-h----- c:\documents and settings\All Users\Dane aplikacji
2008-11-11 13:08 . 2008-11-11 12:19 <DIR> d-------- c:\documents and settings\All Users
2008-11-11 13:08 . 2008-11-11 12:22 <DIR> d-------- C:\Documents and Settings
2008-11-11 13:08 . 2008-06-16 02:28 1,246,357 -ra------ c:\windows\SET3.tmp
2008-11-11 13:08 . 2008-06-16 02:28 1,088,840 -ra------ c:\windows\SET4.tmp
2008-11-11 13:08 . 2008-06-16 02:28 16,825 -ra------ c:\windows\SET8.tmp
2008-11-11 13:07 . 2008-11-11 12:21 1,193 --a------ c:\windows\system32\$winnt$.inf
2008-11-11 13:03 . 2004-03-22 15:17 24,816 --a------ c:\windows\system32\mdimon.dll
2008-11-11 13:03 . 2008-11-11 13:03 421 --a------ c:\windows\ODBC.INI
2008-11-11 13:01 . 2008-11-11 13:01 <DIR> d-------- c:\windows\SHELLNEW
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 20:51 --------- d-----w c:\documents and settings\User\Dane aplikacji\foobar2000
2008-11-16 15:10 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 11:57 --------- d-----w c:\program files\Ahead
2008-11-11 11:56 --------- d-----w c:\program files\Common Files\Ahead
2008-11-11 11:54 --------- d-----w c:\program files\foobar2000
2008-11-11 11:50 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-11 11:45 --------- d-----w c:\program files\CCleaner
2008-11-11 11:44 --------- d-----w c:\documents and settings\User\Dane aplikacji\Gadu-Gadu
2008-11-11 11:43 --------- d-----w c:\program files\Gadu-Gadu
2008-11-11 11:39 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-11 11:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 11:39 --------- d-----w c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-11-11 11:34 --------- d-----w c:\program files\NSC
2008-11-11 11:33 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-11 11:32 --------- d-----w c:\program files\VIA Technologies, INC
2008-11-11 11:26 --------- d-----w c:\program files\ESET
2008-11-11 11:26 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET
2008-11-11 11:18 --------- d-----w c:\program files\Usługi online
2008-11-11 11:15 --------- d-----w c:\program files\Windows Media Connect 2
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2008-07-05 3158016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-09-16 1447168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-16 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\A311.sys [2008-11-11 31287]
R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\A310.sys [2008-11-11 33335]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\DP83815.SYS [2003-05-28 18392]
S3 FA312;Sterownik karty NETGEAR FA330/FA312/FA311 Fast Ethernet;c:\windows\system32\DRIVERS\FA312nd5.sys [2008-11-11 16074]
*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'
2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-11 13:32]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\m5mfagur.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl
FF -: plugin - c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 21:56:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-11-20 21:57:33
ComboFix-quarantined-files.txt 2008-11-20 20:57:27
Przed: 10 232 934 400 bajtów wolnych
Po: 10,225,913,856 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
177
bartek_k3
~user
Posty: 115
Dołączenie: 20.07.2006 21:46:57
Góra
