WITAM PROSZĘ O SPRAWDZENIE LOGA Z COMBOFIXA, miałam trojany które powodowały zamykanie niektórych plików, a potem problemy z otwarciem plików .Po przeskanowaniu combofixem pomogło, czy dalej coś jeszcze trzeba usunąć.
- Kod: Zaznacz wszystko
ComboFix 09-03-14.02 - User01 2009-03-15 19:24:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1535.687 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User01\Pulpit\ComboFix.exe
AV: G DATA InternetSecurity 2009 *On-access scanning disabled* (Updated)
FW: G DATA Personal Firewall *disabled*
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\uxkl0apt.bat
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
D:\uxkl0apt.bat
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-15 do 2009-03-15 )))))))))))))))))))))))))))))))
.
2009-03-15 11:52 . 2009-03-15 11:54 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-10 21:27 . 2009-03-10 21:27 <DIR> d-------- c:\documents and settings\Kasia\Dane aplikacji\Apple Computer
2009-03-10 21:01 . 2009-03-10 21:01 994 --a------ c:\documents and settings\Kasia\Dane aplikacji\filterclsid.dat
2009-03-09 22:38 . 2009-03-09 22:38 <DIR> d-------- c:\documents and settings\Kasia\Dane aplikacji\Samsung
2009-03-09 22:15 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-09 22:14 . 2009-03-09 22:14 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-09 22:14 . 2007-05-02 11:12 109,704 --a------ c:\windows\system32\drivers\ssm_mdm.sys
2009-03-09 22:14 . 2007-05-02 11:12 83,592 --a------ c:\windows\system32\drivers\ssm_bus.sys
2009-03-09 22:14 . 2007-05-02 11:12 15,112 --a------ c:\windows\system32\drivers\ssm_mdfl.sys
2009-03-09 22:14 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_whnt.sys
2009-03-09 22:14 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_wh.sys
2009-03-09 22:14 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cmnt.sys
2009-03-09 22:14 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cm.sys
2009-03-09 22:14 . 2009-03-09 22:35 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-09 22:14 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-09 22:13 . 2009-03-09 22:13 <DIR> d-------- c:\program files\Samsung
2009-03-08 19:10 . 2009-03-08 19:10 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-03-08 19:09 . 2009-03-08 19:09 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-08 19:09 . 2009-03-08 19:09 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-03-03 18:49 . 2009-03-15 11:31 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-02 21:13 . 2009-03-02 20:43 205,186 --a------ c:\windows\hpdj5100.hi2
2009-03-02 21:13 . 2009-03-02 20:43 10,463 --a------ c:\windows\hpdj5100.bu2
2009-03-02 20:44 . 2009-03-02 21:13 191,233 --a------ c:\windows\hpdj5100.hi1
2009-03-02 20:44 . 2009-03-02 21:13 10,001 --a------ c:\windows\hpdj5100.bu1
2009-03-02 20:43 . 2003-03-26 07:14 266,240 --a------ c:\windows\system32\hpdj
2009-03-02 20:32 . 2009-03-02 21:20 43,987 --a------ c:\windows\hpdj5100.his
2009-03-02 20:32 . 2009-03-02 21:20 744 --a------ c:\windows\hpdj5100.ini
2009-03-01 10:37 . 2009-03-01 10:37 <DIR> d-------- c:\documents and settings\Kasia\Dane aplikacji\OpenOffice.org
2009-02-21 10:46 . 2009-02-21 10:47 <DIR> d-------- c:\documents and settings\Kris\Dane aplikacji\ZipGenius
2009-02-19 21:11 . 2009-02-19 21:11 <DIR> d-------- c:\documents and settings\User01\Dane aplikacji\Shareaza
2009-02-16 07:35 . 2009-02-16 07:36 <DIR> d-------- c:\documents and settings\Kris\Dane aplikacji\Nowe Gadu-Gadu
2009-02-15 19:55 . 2009-02-15 19:55 <DIR> d-------- c:\program files\Shareaza
2009-02-15 19:55 . 2009-02-15 19:55 <DIR> d-------- c:\documents and settings\Kasia\Dane aplikacji\Shareaza
2009-02-15 19:11 . 2009-02-15 19:19 <DIR> d-------- c:\documents and settings\Kasia\Dane aplikacji\ZipGenius
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 18:29 --------- d-----w c:\documents and settings\User01\Dane aplikacji\Skype
2009-03-15 17:50 --------- d-----w c:\documents and settings\User01\Dane aplikacji\skypePM
2009-03-15 10:53 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-03-14 18:26 --------- d-----w c:\documents and settings\Kris\Dane aplikacji\Skype
2009-03-14 18:12 --------- d-----w c:\documents and settings\Kris\Dane aplikacji\skypePM
2009-03-09 21:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 18:03 --------- d-----w c:\program files\Google
2009-03-03 17:49 --------- d-----w c:\program files\Hewlett-Packard
2009-02-15 18:20 --------- d-----w c:\program files\QSuite
2009-02-14 19:16 --------- d-----w c:\documents and settings\Kasia\Dane aplikacji\Talkback
2009-02-14 12:30 --------- d-----w c:\documents and settings\Kasia\Dane aplikacji\Nowe Gadu-Gadu
2009-02-14 12:02 --------- d-----w c:\program files\Nowe Gadu-Gadu
2009-02-11 20:35 --------- d-----w c:\documents and settings\Kris\Dane aplikacji\Gadu-Gadu
2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:47 --------- d-----w c:\documents and settings\Kris\Dane aplikacji\Apple Computer
2009-02-04 17:00 --------- d-----w c:\program files\Norton Security Scan
2009-02-01 16:55 --------- d-----w c:\documents and settings\Kris\Dane aplikacji\Talkback
2009-01-31 19:15 --------- d-----w c:\program files\StepMania
2009-01-25 18:16 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-27 13:15 118,784 ----a-w c:\windows\SeaMonkeyUninstall.exe
2008-12-27 13:15 118,784 ----a-w c:\windows\GREUninstall.exe
2008-12-27 13:13 13,077,195 ----a-w C:\seamonkey-1.1.14.pl-PL.win32.installer.exe
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-19 22:40 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-19 21:23 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-03 16:40 13,056,743 ----a-w c:\program files\seamonkey-1.1.12.pl-PL.win32.installer.exe
2008-11-02 19:49 460,312 ----a-w c:\program files\RealPlayer11GOLD.exe
2008-11-02 19:46 607,640 ----a-w c:\program files\jre-6u10-windows-i586-p-iftw.exe
2008-11-02 19:44 1,851,544 ----a-w c:\program files\install_flash_player.exe
2006-05-31 12:05 49,152 ----a-w c:\program files\za.1, za.2.xls
2006-05-31 12:05 44,032 ----a-w c:\program files\za.3.xls
2006-05-31 12:05 437,248 ----a-w c:\program files\zaĄcznik-4.doc
2006-05-31 12:05 1,666,048 ----a-w c:\program files\RPDZ-ostateczny.doc
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-09-08 993864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-19 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kasia\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\User01\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-17 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-23 68296]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 651336]
R2 AVKService;G DATA Scheduler;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Strażnik AntiVirus;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-17 50888]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-17 84992]
R3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-08-15 1395616]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-17 50888]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-17 32200]
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-15 c:\windows\Tasks\Norton Security Scan for User01.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 19:28:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
c:\windows\TEMP\Perflib_Perfdata_45c.dat 16384 bytes
skanowanie pomyślnie ukończone
ukryte pliki: 1
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-15 19:31:50 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-15 18:31:46
Przed: 5 532 315 648 bajtów wolnych
Po: 5,649,190,912 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
214 --- E O F --- 2009-03-14 18:35:04
oraz skasuj folder C:\
