^^ Te stronki to sam zablokowałem (przekierowane na google) aby brat nie wchodził więc chyba może zostać.
Zrobilem on/off przywracanie systemu>
Log z CF
PS. Mimo to już się rozlazł na kilka innych plików , nod jest chyba sparaliżowany, tylko online kaspersky cos wykrywa.
- Kod: Zaznacz wszystko
ComboFix 08-07-12.2 - Janusz 2008-07-14 8:03:58.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.191 [GMT 2:00]
Running from: C:\Documents and Settings\Janusz\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.
2008-07-13 21:55 . 2008-07-13 21:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-04 14:35 . 2007-10-16 17:21 76,800 --a------ C:\WINDOWS\system32\viscomrmencoder.dll
2008-07-04 14:35 . 2006-05-02 22:16 60,416 --a------ C:\WINDOWS\system32\viscomtran.dll
2008-07-04 14:35 . 2003-08-19 04:31 52,736 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-07-04 14:34 . 2008-03-17 22:18 713,728 --a------ C:\WINDOWS\system32\viscommpgenc.dll
2008-07-04 14:34 . 2008-01-26 22:48 712,704 --a------ C:\WINDOWS\system32\viscomflvenc.dll
2008-07-04 14:34 . 2008-02-28 16:20 712,192 --a------ C:\WINDOWS\system32\viscomflashenc.dll
2008-07-04 14:34 . 2007-09-22 00:00 705,536 --a------ C:\WINDOWS\system32\viscomdata2.dll
2008-07-04 14:34 . 2008-03-21 15:09 387,584 --a------ C:\WINDOWS\system32\viscomflvdec.dll
2008-07-04 14:34 . 2007-12-05 13:48 117,760 --a------ C:\WINDOWS\system32\viscommpgdec.dll
2008-07-04 14:34 . 2007-03-04 17:54 54,272 --a------ C:\WINDOWS\system32\viscomframe.dll
2008-07-04 14:32 . 2001-08-18 20:00 262,144 --a------ C:\WINDOWS\system32\mpg4ds32.axu
2008-07-04 14:32 . 2004-02-26 02:08 236,544 --a------ C:\WINDOWS\system32\divxdec.ax
2008-07-04 14:32 . 2003-08-19 15:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-04 14:32 . 2000-06-30 17:40 139,264 --a------ C:\WINDOWS\system32\Mpeg2Decoder.ax
2008-07-04 14:32 . 2004-02-10 19:15 128,512 --a------ C:\WINDOWS\system32\xvid.dll
2008-07-04 14:32 . 2000-06-26 13:13 94,208 --a------ C:\WINDOWS\system32\Mpeg2Parser.ax
2008-07-04 14:32 . 2004-04-05 13:46 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-03 17:16 . 2008-07-03 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-01 15:29 . 2008-07-05 20:12 <DIR> d-------- C:\Program Files\Gran Paradiso
2008-06-28 00:16 . 2008-07-11 21:16 <DIR> d-------- C:\Documents and Settings\Janusz\Dane aplikacji\foobar2000
2008-06-27 21:51 . 2008-06-27 21:51 <DIR> d-------- C:\WINDOWS\system32\1337logs
2008-06-27 21:51 . 2008-06-27 21:51 587,830 --a------ C:\WINDOWS\aaa.GIF
2008-06-27 21:51 . 2008-06-27 21:51 39,324 --a------ C:\WINDOWS\system\svhost.sd
2008-06-27 21:51 . 2008-06-27 21:51 32,770 --a------ C:\WINDOWS\system\svhost.sd7
2008-06-27 21:51 . 2008-06-27 21:51 29,496 --a------ C:\WINDOWS\system\wuaclt.sd
2008-06-27 21:51 . 2008-06-27 21:51 24,580 --a------ C:\WINDOWS\system\wuaclt.sd7
2008-06-27 21:51 . 2008-06-27 21:51 24,580 --a------ C:\WINDOWS\system\wuaclt.exe
2008-06-27 21:51 . 2008-06-27 21:51 127 --a------ C:\WINDOWS\1337.ini
2008-06-27 21:45 . 2008-06-27 21:48 127 --a------ C:\1337.ini
2008-06-26 22:10 . 2008-06-26 22:10 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-20 14:08 . 2008-06-20 14:08 <DIR> d-------- C:\Documents and Settings\Janusz\Dane aplikacji\tor
2008-06-18 19:48 . 2008-06-18 19:48 <DIR> d-------- C:\Program Files\PIXELA
2008-06-18 19:48 . 2005-04-30 17:02 86,016 --------- C:\WINDOWS\system32\bgsvcgen.exe
2008-06-18 19:48 . 2005-04-30 17:09 57,344 --------- C:\WINDOWS\system32\GenSvcInst.exe
2008-06-18 19:48 . 2005-05-01 14:41 49,152 --------- C:\WINDOWS\system32\setupsvc.dll
2008-06-18 19:48 . 2005-05-11 00:33 32,256 --------- C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2008-06-18 19:40 . 2008-06-18 19:58 <DIR> d-------- C:\Documents and Settings\Janusz\Dane aplikacji\FUJIFILM
2008-06-18 19:38 . 2008-07-07 21:27 <DIR> d-------- C:\Program Files\FinePixViewer
2008-06-18 19:38 . 2008-06-18 19:38 <DIR> d-------- C:\Documents and Settings\Janusz\Dane aplikacji\InstallShield
2008-06-18 19:38 . 2003-09-03 16:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-06-18 19:38 . 2006-07-12 14:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-06-18 19:38 . 2004-07-24 21:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-06-18 19:37 . 2008-06-18 19:37 <DIR> d-------- C:\Program Files\REGSHAVE
2008-06-18 19:37 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-06-18 19:37 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-06-18 19:37 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-06-18 19:37 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-06-18 19:37 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-06-18 19:30 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-18 19:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-18 19:30 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-18 19:30 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-15 16:03 . 2008-06-15 16:04 <DIR> d-------- C:\Program Files\QuickTime
2008-06-15 16:02 . 2008-06-15 16:02 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-15 16:02 . 2008-06-15 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-06-15 15:40 . 2008-06-15 15:42 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-06-15 15:31 . 2008-06-15 15:42 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-15 15:27 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-15 15:27 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-15 15:27 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-15 15:27 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-15 15:27 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-15 15:27 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-15 15:27 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-15 15:27 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-15 15:27 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-15 15:26 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 19:46 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-13 20:04 --------- d-----w C:\Documents and Settings\Janusz\Dane aplikacji\Xfire
2008-07-13 20:03 --------- d-s---w C:\Program Files\Xfire
2008-07-12 14:24 --------- d-----w C:\Documents and Settings\Janusz\Dane aplikacji\Skype
2008-07-12 14:00 --------- d-----w C:\Documents and Settings\Janusz\Dane aplikacji\skypePM
2008-07-05 21:36 --------- d-----w C:\Documents and Settings\Janusz\Dane aplikacji\teamspeak2
2008-07-03 15:35 --------- d-----w C:\Program Files\Eset
2008-07-03 15:26 --------- d-----w C:\Program Files\Alwil Software
2008-06-27 21:06 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-18 17:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 14:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-15 12:53 --------- d-----w C:\Program Files\Steam
2008-06-15 12:53 --------- d-----w C:\Program Files\Real Alternative
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-05-26 17:01 --------- d-----w C:\Program Files\ivo
2008-01-28 12:42 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-09-12 12:47 83 ----a-w C:\Program Files\setsms.INI
2007-05-13 22:17 21,888 ----a-w C:\WINDOWS\inf\hopperp.sys
2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
------- Sigcheck -------
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 19:49 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2005-03-31 11:18 790528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"WheelMouse"="D:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 11:14 163840]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"TWCU"="C:\Documents and Settings\Janusz\Pulpit\Symfonia\TWCU.exe" [2006-03-29 16:12 364544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.iac2"= D:\PROGRA~1\REPLAY~1\iac25_32.ax
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ExifLauncher2.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ExifLauncher2.lnk
backup=C:\WINDOWS\pss\ExifLauncher2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Janusz^Menu Start^Programy^Autostart^Messenger-PRO 3.lnk]
path=C:\Documents and Settings\Janusz\Menu Start\Programy\Autostart\Messenger-PRO 3.lnk
backup=C:\WINDOWS\pss\Messenger-PRO 3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Janusz^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk]
path=C:\Documents and Settings\Janusz\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 09:20 222080 D:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 D:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 03:17 443968 D:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 16:08 21686568 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19392:TCP"= 19392:TCP:BitComet 19392 TCP
"19392:UDP"= 19392:UDP:BitComet 19392 UDP
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []
S3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 10:47]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 09:06:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-1337 - C:\WINDOWS\system\svhost.exe
MSConfigStartUp-DAEMON Tools - D:\Program Files\DAEMON Tools\daemon.exe
MSConfigStartUp-Domowy Keylogger - C:\WINDOWS\System32\domowykeylogger.exe
MSConfigStartUp-HomeKeyLogger - D:\Program Files\HomeKeylogger\KeyLogger.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 08:09:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\Program Files\Gadu-Gadu\ggwhook.dll
.
Completion time: 2008-07-14 8:13:17
ComboFix-quarantined-files.txt 2008-07-14 06:12:34
ComboFix2.txt 2007-12-21 10:36:23
Pre-Run: 3,971,076,096 bajtów wolnych
Post-Run: 5,135,589,376 bajtów wolnych
229
