Skocz do zawartości
Nadchodzące zmiany w logowaniu

lukasplotka

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    1

  • Dołączył

  • Ostatnia wizyta

 Typ zawartości 

Odpowiedzi opublikowane przez lukasplotka

  1. Combofix

    w Dział pomocy doraźnej

    Opublikowano

    Pomimo użycia programu Combofix, system nadal jest zawirusowany. Przesyłam skan systemu. Proszę o pomoc, co z tym zrobić.

     

    ComboFix 10-08-25.01 - ania 2010-08-26 20:55:08.1.1 - x86

    Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.152 [GMT 2:00]

    Uruchomiony z: D:\ComboFix.exe

    .

     

    ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    .

    ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    -------\Legacy_ABP470N5

    -------\Service_abp470n5

     

     

    ((((((((((((((((((((((((( Pliki utworzone od 2010-07-26 do 2010-08-26 )))))))))))))))))))))))))))))))

    .

     

    2010-08-26 14:31 . 2010-08-26 14:45 -------- d-----w- c:\windows\system32\CatRoot_bak

    2010-08-26 14:28 . 2010-08-26 14:28 -------- d-----w- c:\windows\ServicePackFiles

    2010-08-26 14:25 . 2010-08-26 14:26 -------- d-----w- c:\documents and settings\dzieci\Dane aplikacji\Media Player Classic

    2010-08-25 21:09 . 2010-02-16 19:35 2182656 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

    2010-08-25 21:09 . 2010-02-16 19:35 2138624 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

    2010-08-25 21:09 . 2010-02-16 19:35 2059648 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

    2010-08-25 21:09 . 2010-02-16 19:35 2018304 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

    2010-08-25 19:38 . 2010-02-12 10:03 371200 ------w- c:\windows\system32\browserchoice.exe

    2010-08-25 19:09 . 2008-06-14 18:01 273024 -c----w- c:\windows\system32\dllcache\bthport.sys

    2010-08-25 19:09 . 2008-06-14 18:01 273024 ------w- c:\windows\system32\drivers\bthport.sys

    2010-08-25 18:06 . 2007-07-27 21:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe

    2010-08-25 17:37 . 2010-08-25 17:37 -------- d-----w- c:\windows\system32\NtmsData

    2010-08-25 15:17 . 2010-08-25 17:55 -------- d-sh--w- C:\DrWeb Quarantine

    2010-08-25 15:09 . 2010-08-25 15:17 -------- d-----w- c:\documents and settings\ania\DoctorWeb

    2010-08-25 15:09 . 2010-08-25 17:57 -------- d-----w- c:\program files\DrWeb

    2010-08-25 14:53 . 2010-08-25 14:53 -------- d-----w- c:\program files\Alwil Software

    2010-08-25 14:53 . 2010-08-25 14:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Alwil Software

    2010-08-25 14:23 . 2010-08-25 15:05 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP

    2010-08-24 20:30 . 2010-08-24 20:30 0 ----a-w- c:\windows\nsreg.dat

    2010-08-24 20:30 . 2010-08-24 20:30 -------- d-----w- c:\documents and settings\ania\Ustawienia lokalne\Dane aplikacji\Mozilla

    2010-08-24 14:41 . 2010-08-24 14:41 -------- d-----w- c:\documents and settings\ania\Ustawienia lokalne\Dane aplikacji\Identities

    2010-08-24 10:57 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

    2010-08-24 10:05 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys

    2010-08-24 10:04 . 2004-08-04 00:35 58624 ----a-w- c:\windows\system32\drivers\redbook.sys

    2010-08-24 10:04 . 2005-02-24 05:32 3454144 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys

    2010-08-24 10:04 . 2005-02-24 05:32 3454144 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

    2010-08-24 10:04 . 2005-02-24 05:32 3973888 ----a-w- c:\windows\system32\nv4_disp.dll

    2010-08-24 10:04 . 2004-08-03 23:07 41088 ----a-w- c:\windows\system32\drivers\SISAGP.SYS

    2010-08-24 10:04 . 2004-08-04 00:44 77312 ----a-w- c:\windows\system32\usbui.dll

    2010-08-24 10:03 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys

    2010-08-24 09:58 . 2010-08-24 08:15 -------- d--h--r- c:\documents and settings\Default User.WINDOWS\Dane aplikacji

    2010-08-24 09:58 . 2010-08-25 17:55 -------- d--h--r- c:\documents and settings\All Users.WINDOWS\Dane aplikacji

    2010-08-24 09:58 . 2010-08-24 08:15 -------- d--h--w- c:\documents and settings\Default User.WINDOWS

    2010-08-24 09:58 . 2010-08-24 08:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS

    2010-08-24 09:37 . 2010-08-24 09:37 -------- d-----w- c:\documents and settings\ania\Dane aplikacji\Media Player Classic

    2010-08-24 09:20 . 2010-08-24 09:20 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint

    2010-08-24 09:20 . 2010-08-24 09:20 -------- d-----w- c:\program files\ABBYY FineReader 6.0

    2010-08-24 09:19 . 2002-05-14 14:50 11264 ------w- c:\windows\system32\Spool\prtprocs\w32x86\wfxprint2000.dll

    2010-08-24 09:18 . 2010-08-24 09:19 -------- d-----w- c:\program files\FaxTools

    2010-08-24 09:18 . 2010-08-24 09:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\BVRP Software

    2010-08-24 09:16 . 2010-08-26 16:24 -------- d-----w- c:\program files\Lexmark X1100 Series

    2010-08-24 09:16 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

    2010-08-24 09:16 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

    2010-08-24 09:16 . 2001-10-26 15:29 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

    2010-08-24 09:16 . 2001-10-26 15:29 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

    2010-08-24 09:14 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

    2010-08-24 09:14 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

    2010-08-24 09:11 . 2010-08-24 09:11 -------- d-----w- c:\documents and settings\ania\WINDOWS

    2010-08-24 09:05 . 2004-08-03 21:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys

    2010-08-24 09:04 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys

    2010-08-24 09:00 . 2005-02-24 05:32 176128 ----a-w- c:\windows\system32\nvudisp.exe

    2010-08-24 08:27 . 2010-08-24 08:27 12328 ----a-w- c:\documents and settings\ania\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

    2010-08-24 08:20 . 2010-08-24 08:20 -------- d-sh--w- c:\documents and settings\LocalService.ZARZĄDZANIE NT

    2010-08-24 08:20 . 2010-08-24 08:20 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT

    2010-08-24 08:18 . 2004-08-03 20:32 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe

    2010-08-24 08:17 . 2004-08-03 22:44 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll

    2010-08-24 08:16 . 2001-10-26 18:29 33792 -c--a-w- c:\windows\system32\dllcache\controt.dll

    2010-08-24 08:14 . 2010-08-24 08:15 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM

    2010-08-24 08:11 . 2010-08-24 08:11 21856 ----a-w- c:\windows\system32\emptyregdb.dat

    2010-08-24 08:11 . 2001-10-26 18:30 5632 -c--a-w- c:\windows\system32\dllcache\write.exe

    2010-08-24 08:11 . 2001-10-26 18:30 5632 ----a-w- c:\windows\system32\write.exe

    2010-08-22 07:28 . 2010-08-22 07:28 -------- d-----w- c:\documents and settings\mati\Dane aplikacji\Media Player Classic

    2010-08-20 22:27 . 2010-08-20 22:27 -------- d-----w- c:\documents and settings\mati\Ustawienia lokalne\Dane aplikacji\Mozilla

    2010-08-20 20:18 . 2010-08-20 20:18 -------- d-----w- c:\documents and settings\ala\WINDOWS

    2010-08-20 20:16 . 2010-08-20 20:16 -------- d-----w- c:\program files\Psxpad Drivers

    2010-08-20 20:14 . 2010-08-20 20:14 -------- d-----w- c:\program files\IrfanView

    2010-08-20 20:05 . 2010-08-20 20:05 -------- d-----w- c:\program files\HWDoctor

    2010-08-20 19:44 . 2010-08-20 19:44 -------- d-----w- c:\documents and settings\ala\Ustawienia lokalne\Dane aplikacji\Mozilla

    2010-08-20 19:19 . 2010-08-24 09:13 -------- d-----w- c:\windows\nview

    2010-08-20 19:18 . 2010-08-20 19:18 -------- d-----w- C:\NVIDIA

    2010-08-20 19:13 . 2010-08-20 19:13 -------- d-----w- c:\windows\OPTIONS

    2010-08-20 15:33 . 2010-08-20 15:33 -------- d-----w- c:\program files\Netropa

    2010-08-20 15:28 . 2010-08-20 15:28 12328 ----a-w- c:\documents and settings\ala\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

    2010-08-20 15:21 . 2010-08-20 15:21 -------- d-----w- c:\program files\Codec Pack - All In 1

    2010-08-20 15:17 . 2010-08-20 15:17 -------- d-----w- c:\program files\C-Media

    2010-08-20 15:17 . 2010-08-24 09:19 -------- d--h--w- c:\program files\InstallShield Installation Information

    2010-08-20 15:17 . 2010-08-20 19:29 -------- d-----w- c:\program files\sisagp

    2010-08-20 15:17 . 2010-08-20 15:33 -------- d-----w- c:\program files\Common Files\InstallShield

    2010-08-20 15:15 . 2010-08-26 18:37 -------- d-----w- c:\program files\DScaler

    2010-08-20 15:11 . 2010-08-20 15:11 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\Media Player Classic

    2010-08-20 15:10 . 2010-08-24 09:07 -------- d-----w- c:\program files\Real Alternative

    2010-08-20 15:10 . 2010-08-24 09:07 -------- d-----w- c:\program files\Media Player Classic

    2010-08-20 15:00 . 2010-08-20 15:00 -------- d-----w- c:\program files\XviD

    2010-08-20 14:59 . 2010-08-20 14:59 -------- d-----w- c:\program files\DivX

     

    .

    (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-08-24 09:08 . 2010-08-24 09:07 -------- d-----w- c:\program files\ffdshow

    2010-08-24 09:07 . 2010-08-24 09:07 -------- d-----w- c:\program files\K-Lite Codec Pack

    2010-08-24 08:58 . 2010-08-24 08:14 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

    2010-08-24 08:23 . 2001-10-26 17:15 49492 ----a-w- c:\windows\system32\perfc015.dat

    2010-08-24 08:23 . 2001-10-26 17:15 355486 ----a-w- c:\windows\system32\perfh015.dat

    2010-08-20 10:59 . 2010-08-20 10:59 -------- d-----w- c:\program files\microsoft frontpage

    2010-08-20 10:57 . 2010-08-20 10:57 -------- d-----w- c:\program files\Usługi online

    2010-06-14 14:30 . 2010-08-24 08:12 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

    2004-08-03 22:44 . 2004-08-03 22:44 166693 --sha-r- c:\windows\system32\xtoucpp.dll

    .

     

    ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

    REGEDIT4

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]

    "nwiz"="nwiz.exe" [2005-02-24 1667072]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]

    "C-Media Mixer"="Mixer.exe" [2001-09-12 1236992]

    "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableTaskMgr"= 1 (0x1)

    "DisableRegistryTools"= 1 (0x1)

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "AntiVirusOverride"=dword:00000001

    "AntiVirusDisableNotify"=dword:00000001

    "FirewallDisableNotify"=dword:00000001

    "FirewallOverride"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

    "UacDisableNotify"=dword:00000001

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=

    "c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Engine\\6\\INTEL3~1\\IKernel.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\WINDOWS\\system32\\nwiz.exe"=

    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=

    "c:\\WINDOWS\\Mixer.exe"=

    "c:\\Program Files\\DScaler\\DScaler.exe"=

    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "5090:TCP"= 5090:TCP:ikwktkz

     

    S2 qpxuisvq;Windows Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

     

    --- Inne Usługi/Sterowniki w Pamięci ---

     

    *NewlyCreated* - ABP470N5

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    qpxuisvq

    .

    .

    ------- Skan uzupełniający -------

    .

    uStart Page = hxxp://www.amnezja.org/

    FF - ProfilePath - c:\documents and settings\ania\Dane aplikacji\Mozilla\Firefox\Profiles\vxnndt69.default\

    FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

    FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

     

    ---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    .

     

    **************************************************************************

     

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-08-26 21:00

    Windows 5.1.2600 Dodatek Service Pack 2 NTFS

     

    skanowanie ukrytych procesów ...

     

    skanowanie ukrytych wpisów autostartu ...

     

    skanowanie ukrytych plików ...

     

    skanowanie pomyślnie ukończone

    ukryte pliki: 0

     

    **************************************************************************

     

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qpxuisvq]

    "ServiceDll"="c:\windows\system32\xtoucpp.dll"

    .

    ------------------------ Pozostałe uruchomione procesy ------------------------

    .

    c:\windows\system32\LEXBCES.EXE

    c:\windows\system32\LEXPPS.EXE

    c:\windows\system32\nvsvc32.exe

    c:\windows\system32\RUNDLL32.EXE

    c:\windows\Mixer.exe

    c:\program files\Lexmark X1100 Series\lxbkbmon.exe

    c:\windows\system32\imapi.exe

    .

    **************************************************************************

    .

    Czas ukończenia: 2010-08-26 21:01:49 - komputer został uruchomiony ponownie

    ComboFix-quarantined-files.txt 2010-08-26 19:01

     

    Przed: 5 258 989 568 bajtów wolnych

    Po: 5 315 260 416 bajtów wolnych

     

    WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

     

    - - End Of File - - F1F4926954A874AED0A48F16ABC8EA25

×
×
  • Dodaj nową pozycję...