![AJO.PL – społeczność nowej generacji [gry, muzyka, filmy, forum]](/images/menu_logo.jpg){kind=logo}
rootkit pomocy!!
A A A
Początkujący
reputacja: 0
posty: 1
offline
24.10.11 21:27
|
#2706713
|
(link)
|
zgłoś naruszenie
Witam! mam problem, przy włączaniu komputera wyskakuje mi taki komunikat:
W systemie wykryto podejrzany,ukryty obiekt (rootkit). Moze to oznaczac zarazenie szkodliwym oprogramowaniem. Zaleca sie natychmiastowe usuniecie obiektu
Plik: MBR: \\\\.\\PHYSICALDRIVE0
Typ: Rootkit: ukryty plik
antywirus avast 4
usunięcie tego pliku nic nie daje, komunikat dalej sie wyswietla,
prosze o pomoc.
skan ComboFix:
ComboFix 11-10-24.03 - Acer 2011-10-24 20:53:14.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.1977.881 [GMT 2:00]
Uruchomiony z: c:\\users\\Acer\\Desktop\\USB\\ComboFix2.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\\windows\\system32\\spsys.log
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-09-24 do 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 19:09 . 2011-10-24 19:11 -------- d-----w- c:\\users\\Acer\\AppData\\Local\\temp
2011-10-24 19:09 . 2011-10-24 19:09 -------- d-----w- c:\\users\\Gość\\AppData\\Local\\temp
2011-10-24 19:09 . 2011-10-24 19:09 -------- d-----w- c:\\users\\Default\\AppData\\Local\\temp
2011-10-24 18:30 . 2011-10-24 18:38 -------- d-----w- C:\\ComboFix
2011-10-24 18:22 . 2011-10-24 18:23 -------- d-----w- C:\\## aswSnx private storage
2011-10-24 16:36 . 2011-10-24 16:36 -------- d-----w- c:\\program files\\Lavalys
2011-10-22 14:57 . 2011-10-22 14:57 -------- d-----w- c:\\programdata\\2D14A
2011-09-26 18:33 . 2011-09-26 18:33 -------- d-----w- c:\\program files\\PlayReady
2011-09-25 18:42 . 2011-09-25 18:42 -------- d-----w- c:\\programdata\\RDRM
2011-09-25 18:42 . 2011-10-18 20:42 -------- d-----w- c:\\users\\Acer\\AppData\\Roaming\\ipla
2011-09-25 18:42 . 2011-09-26 18:34 -------- d-----w- c:\\programdata\\ipla
2011-09-25 18:42 . 2010-03-15 09:31 165376 ----a-w- c:\\windows\\system32\\unrar.dll
2011-09-25 18:41 . 2011-09-25 18:41 -------- d-----w- c:\\program files\\ipla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 11:54 . 2011-07-27 12:58 134104 ----a-w- c:\\program files\\mozilla firefox\\components\\browsercomps.dll
2010-08-09 22:15 . 2010-08-09 22:15 119808 ----a-w- c:\\program files\\mozilla firefox\\components\\GoogleDesktopMozilla.dll
2006-05-03 09:06 163328 --sha-r- c:\\windows\\System32\\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\\windows\\System32\\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\\windows\\System32\\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-05-30 13:35 89008 ----a-w- c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\ToolBar\\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-06-01 17:17 1236360 ----a-w- c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\ToolBar\\imeshdtxmltbpi.dll" [2011-05-30 89008]
.
[HKEY_CLASSES_ROOT\\clsid\\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
"Nowe Gadu-Gadu"="c:\\program files\\Nowe Gadu-Gadu\\gg.exe" [2009-08-31 11391592]
.
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
"ccApp"="c:\\program files\\Common Files\\Symantec Shared\\ccApp.exe" [2008-10-17 51048]
"WarReg_PopUp"="c:\\program files\\eMachines\\WR_PopUp\\WarReg_PopUp.exe" [2008-05-09 49152]
"LManager"="c:\\progra~1\\LAUNCH~1\\LManager.exe" [2008-07-25 768520]
"Apoint"="c:\\program files\\Apoint2K\\Apoint.exe" [2007-07-21 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"NeroFilterCheck"="c:\\windows\\system32\\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\\windows\\system32\\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\\windows\\system32\\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\\windows\\system32\\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\\program files\\Common Files\\Java\\Java Update\\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\\program files\\K-Lite Codec Pack\\QuickTime\\QTTask.exe" [2011-07-05 421888]
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows]
"AppInit_DLLs"=c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\datamngr.dll c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\IEBHO.dll c:\\progra~1\\Google\\GOOGLE~1\\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\Wdf01000.sys]
@="Driver"
.
[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\\programdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk
backup=c:\\windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Oprogramowanie Kodak EasyShare.lnk]
path=c:\\programdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Oprogramowanie Kodak EasyShare.lnk
backup=c:\\windows\\pss\\Oprogramowanie Kodak EasyShare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\\~\\startupfolder\\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\\users\\Acer\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\\windows\\pss\\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
2007-03-08 02:38 40048 ----a-w- c:\\program files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AutoStartNPSAgent]
2009-11-05 16:25 116056 ----a-w- c:\\program files\\Samsung\\Samsung New PC Studio\\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\\program files\\NewTech Infosystems\\NTI Backup Now 5\\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\\program files\\DAEMON Tools Lite\\DTLite.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Google Desktop Search]
2010-08-09 22:14 30192 ----a-w- c:\\program files\\Google\\Google Desktop Search\\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\\program files\\HP\\HP Software Update\\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Kookos]
2010-12-17 16:16 94720 ----a-w- c:\\users\\Acer\\AppData\\Local\\Kookos\\kookos.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Nowe Gadu-Gadu]
2009-08-31 16:07 11391592 ----a-w- c:\\program files\\Nowe Gadu-Gadu\\gg.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\osCheck]
2008-02-25 15:50 988512 ----a-w- c:\\program files\\Norton 360\\osCheck.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\\program files\\K-Lite Codec Pack\\QuickTime\\QTTask.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Skype]
2009-10-09 11:11 25623336 ----a-r- c:\\program files\\Skype\\Phone\\Skype.exe
.
S2 Akamai;Akamai NetSession Interface;c:\\windows\\System32\\svchost.exe [2008-01-21 21504]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Zawartość folderu ''Zaplanowane zadania''
.
2011-10-24 c:\\windows\\Tasks\\GoogleUpdateTaskMachineCore.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-10-16 20:24]
.
2011-10-24 c:\\windows\\Tasks\\GoogleUpdateTaskMachineUA.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-10-16 20:24]
.
2011-10-23 c:\\windows\\Tasks\\Norton Security Scan for Acer.job
- c:\\progra~1\\NORTON~3\\Engine\\301~1.8\\Nss.exe [2011-01-13 02:19]
.
2011-10-24 c:\\windows\\Tasks\\User_Feed_Synchronization-{AFA833B8-1CFA-4D9B-B146-697935B86ADB}.job
- c:\\windows\\system32\\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://ics.asksearch.com/?cfg=2-441-0-...
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0415&s=2&o=vb32&d=0809&m=e720
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\\windows\\system32\\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.8.1 10.0.0.1
DPF: {B4891BE9-835D-471B-B495-F5F3E6A8BBD7} - hxxp://cdn.vod4net.pl/1791/viv-3.5.27.1/player/player_ocx.jpeg
FF - ProfilePath - c:\\users\\Acer\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\wghg0rge.default\\
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=427&systemid=1&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-10 - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NPSStartup - (no file)
HKLM-Run-4StoryPrePatch - c:\\users\\Acer\\Nowy folder\\4story\\4Story\\PrePatch.exe
AddRemove-4StoryPL_is1 - c:\\users\\Acer\\Nowy folder\\4story\\4Story\\unins000.exe
AddRemove-PoPWW_is1 - c:\\program files\\MoorHunt\\Downloads\\PofP Dusza Wojownika\\Prince of Persia - Dusza Wojownika\\unins000.exe
AddRemove-_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051} - c:\\program files\\Corel\\CorelDRAW Graphics Suite X5\\Setup\\SetupARP.exe
AddRemove-01_Simmental - c:\\program files\\SAMSUNG\\USB Drivers\\01_Simmental\\Uninstall.exe
AddRemove-02_Siberian - c:\\program files\\SAMSUNG\\USB Drivers\\02_Siberian\\Uninstall.exe
AddRemove-03_Swallowtail - c:\\program files\\SAMSUNG\\USB Drivers\\03_Swallowtail\\Uninstall.exe
AddRemove-04_semseyite - c:\\program files\\SAMSUNG\\USB Drivers\\04_semseyite\\Uninstall.exe
AddRemove-05_Sloan - c:\\program files\\SAMSUNG\\USB Drivers\\05_Sloan\\Uninstall.exe
AddRemove-06_Spencer - c:\\program files\\SAMSUNG\\USB Drivers\\06_Spencer\\Uninstall.exe
AddRemove-07_Schorl - c:\\program files\\SAMSUNG\\USB Drivers\\07_Schorl\\Uninstall.exe
AddRemove-08_EMPChipset - c:\\program files\\SAMSUNG\\USB Drivers\\08_EMPChipset\\Uninstall.exe
AddRemove-09_Hsp - c:\\program files\\SAMSUNG\\USB Drivers\\09_Hsp\\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\\program files\\SAMSUNG\\USB Drivers\\11_HSP_Plus_Default\\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\\program files\\SAMSUNG\\USB Drivers\\12_Symbian_USB_Download_Driver\\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\\program files\\SAMSUNG\\USB Drivers\\15_Symbian_Samsung_PC_DLC_Driver\\Uninstall.exe
AddRemove-16_Shrewsbury - c:\\program files\\SAMSUNG\\USB Drivers\\16_Shrewsbury\\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\\program files\\SAMSUNG\\USB Drivers\\17_EMP_Chipset2\\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\\program files\\SAMSUNG\\USB Drivers\\18_Zinia_Serial_Driver\\Uninstall.exe
AddRemove-19_VIA_driver - c:\\program files\\SAMSUNG\\USB Drivers\\19_VIA_driver\\Uninstall.exe
AddRemove-20_NXP_Driver - c:\\program files\\SAMSUNG\\USB Drivers\\20_NXP_Driver\\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 21:10
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001
.
CreateFile("\\\\.\\PHYSICALDRIVE0"): Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\\system\\ControlSet001\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0000\\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\\system\\ControlSet001\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0001\\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2011-10-24 21:17:48
ComboFix-quarantined-files.txt 2011-10-24 19:17
.
Przed: 15 947 182 080 bajtów wolnych
Po: 18 072 018 944 bajtów wolnych
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - DE2E5A768213BD6FBE0F8F4364D7CDAC
W systemie wykryto podejrzany,ukryty obiekt (rootkit). Moze to oznaczac zarazenie szkodliwym oprogramowaniem. Zaleca sie natychmiastowe usuniecie obiektu
Plik: MBR: \\\\.\\PHYSICALDRIVE0
Typ: Rootkit: ukryty plik
antywirus avast 4
usunięcie tego pliku nic nie daje, komunikat dalej sie wyswietla,
prosze o pomoc.
skan ComboFix:
ComboFix 11-10-24.03 - Acer 2011-10-24 20:53:14.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.1977.881 [GMT 2:00]
Uruchomiony z: c:\\users\\Acer\\Desktop\\USB\\ComboFix2.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\\windows\\system32\\spsys.log
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-09-24 do 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 19:09 . 2011-10-24 19:11 -------- d-----w- c:\\users\\Acer\\AppData\\Local\\temp
2011-10-24 19:09 . 2011-10-24 19:09 -------- d-----w- c:\\users\\Gość\\AppData\\Local\\temp
2011-10-24 19:09 . 2011-10-24 19:09 -------- d-----w- c:\\users\\Default\\AppData\\Local\\temp
2011-10-24 18:30 . 2011-10-24 18:38 -------- d-----w- C:\\ComboFix
2011-10-24 18:22 . 2011-10-24 18:23 -------- d-----w- C:\\## aswSnx private storage
2011-10-24 16:36 . 2011-10-24 16:36 -------- d-----w- c:\\program files\\Lavalys
2011-10-22 14:57 . 2011-10-22 14:57 -------- d-----w- c:\\programdata\\2D14A
2011-09-26 18:33 . 2011-09-26 18:33 -------- d-----w- c:\\program files\\PlayReady
2011-09-25 18:42 . 2011-09-25 18:42 -------- d-----w- c:\\programdata\\RDRM
2011-09-25 18:42 . 2011-10-18 20:42 -------- d-----w- c:\\users\\Acer\\AppData\\Roaming\\ipla
2011-09-25 18:42 . 2011-09-26 18:34 -------- d-----w- c:\\programdata\\ipla
2011-09-25 18:42 . 2010-03-15 09:31 165376 ----a-w- c:\\windows\\system32\\unrar.dll
2011-09-25 18:41 . 2011-09-25 18:41 -------- d-----w- c:\\program files\\ipla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 11:54 . 2011-07-27 12:58 134104 ----a-w- c:\\program files\\mozilla firefox\\components\\browsercomps.dll
2010-08-09 22:15 . 2010-08-09 22:15 119808 ----a-w- c:\\program files\\mozilla firefox\\components\\GoogleDesktopMozilla.dll
2006-05-03 09:06 163328 --sha-r- c:\\windows\\System32\\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\\windows\\System32\\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\\windows\\System32\\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-05-30 13:35 89008 ----a-w- c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\ToolBar\\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-06-01 17:17 1236360 ----a-w- c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\ToolBar\\imeshdtxmltbpi.dll" [2011-05-30 89008]
.
[HKEY_CLASSES_ROOT\\clsid\\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
"Nowe Gadu-Gadu"="c:\\program files\\Nowe Gadu-Gadu\\gg.exe" [2009-08-31 11391592]
.
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
"ccApp"="c:\\program files\\Common Files\\Symantec Shared\\ccApp.exe" [2008-10-17 51048]
"WarReg_PopUp"="c:\\program files\\eMachines\\WR_PopUp\\WarReg_PopUp.exe" [2008-05-09 49152]
"LManager"="c:\\progra~1\\LAUNCH~1\\LManager.exe" [2008-07-25 768520]
"Apoint"="c:\\program files\\Apoint2K\\Apoint.exe" [2007-07-21 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"NeroFilterCheck"="c:\\windows\\system32\\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\\windows\\system32\\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\\windows\\system32\\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\\windows\\system32\\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\\program files\\Common Files\\Java\\Java Update\\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\\program files\\K-Lite Codec Pack\\QuickTime\\QTTask.exe" [2011-07-05 421888]
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows]
"AppInit_DLLs"=c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\datamngr.dll c:\\progra~1\\IMESHA~1\\MediaBar\\Datamngr\\IEBHO.dll c:\\progra~1\\Google\\GOOGLE~1\\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\Wdf01000.sys]
@="Driver"
.
[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\\programdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk
backup=c:\\windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Oprogramowanie Kodak EasyShare.lnk]
path=c:\\programdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Oprogramowanie Kodak EasyShare.lnk
backup=c:\\windows\\pss\\Oprogramowanie Kodak EasyShare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\\~\\startupfolder\\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\\users\\Acer\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\\windows\\pss\\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
2007-03-08 02:38 40048 ----a-w- c:\\program files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AutoStartNPSAgent]
2009-11-05 16:25 116056 ----a-w- c:\\program files\\Samsung\\Samsung New PC Studio\\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\\program files\\NewTech Infosystems\\NTI Backup Now 5\\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\\program files\\DAEMON Tools Lite\\DTLite.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Google Desktop Search]
2010-08-09 22:14 30192 ----a-w- c:\\program files\\Google\\Google Desktop Search\\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\\program files\\HP\\HP Software Update\\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Kookos]
2010-12-17 16:16 94720 ----a-w- c:\\users\\Acer\\AppData\\Local\\Kookos\\kookos.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Nowe Gadu-Gadu]
2009-08-31 16:07 11391592 ----a-w- c:\\program files\\Nowe Gadu-Gadu\\gg.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\osCheck]
2008-02-25 15:50 988512 ----a-w- c:\\program files\\Norton 360\\osCheck.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\\program files\\K-Lite Codec Pack\\QuickTime\\QTTask.exe
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Skype]
2009-10-09 11:11 25623336 ----a-r- c:\\program files\\Skype\\Phone\\Skype.exe
.
S2 Akamai;Akamai NetSession Interface;c:\\windows\\System32\\svchost.exe [2008-01-21 21504]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Zawartość folderu ''Zaplanowane zadania''
.
2011-10-24 c:\\windows\\Tasks\\GoogleUpdateTaskMachineCore.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-10-16 20:24]
.
2011-10-24 c:\\windows\\Tasks\\GoogleUpdateTaskMachineUA.job
- c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-10-16 20:24]
.
2011-10-23 c:\\windows\\Tasks\\Norton Security Scan for Acer.job
- c:\\progra~1\\NORTON~3\\Engine\\301~1.8\\Nss.exe [2011-01-13 02:19]
.
2011-10-24 c:\\windows\\Tasks\\User_Feed_Synchronization-{AFA833B8-1CFA-4D9B-B146-697935B86ADB}.job
- c:\\windows\\system32\\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://ics.asksearch.com/?cfg=2-441-0-...
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0415&s=2&o=vb32&d=0809&m=e720
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\\windows\\system32\\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.8.1 10.0.0.1
DPF: {B4891BE9-835D-471B-B495-F5F3E6A8BBD7} - hxxp://cdn.vod4net.pl/1791/viv-3.5.27.1/player/player_ocx.jpeg
FF - ProfilePath - c:\\users\\Acer\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\wghg0rge.default\\
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=427&systemid=1&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-10 - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NPSStartup - (no file)
HKLM-Run-4StoryPrePatch - c:\\users\\Acer\\Nowy folder\\4story\\4Story\\PrePatch.exe
AddRemove-4StoryPL_is1 - c:\\users\\Acer\\Nowy folder\\4story\\4Story\\unins000.exe
AddRemove-PoPWW_is1 - c:\\program files\\MoorHunt\\Downloads\\PofP Dusza Wojownika\\Prince of Persia - Dusza Wojownika\\unins000.exe
AddRemove-_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051} - c:\\program files\\Corel\\CorelDRAW Graphics Suite X5\\Setup\\SetupARP.exe
AddRemove-01_Simmental - c:\\program files\\SAMSUNG\\USB Drivers\\01_Simmental\\Uninstall.exe
AddRemove-02_Siberian - c:\\program files\\SAMSUNG\\USB Drivers\\02_Siberian\\Uninstall.exe
AddRemove-03_Swallowtail - c:\\program files\\SAMSUNG\\USB Drivers\\03_Swallowtail\\Uninstall.exe
AddRemove-04_semseyite - c:\\program files\\SAMSUNG\\USB Drivers\\04_semseyite\\Uninstall.exe
AddRemove-05_Sloan - c:\\program files\\SAMSUNG\\USB Drivers\\05_Sloan\\Uninstall.exe
AddRemove-06_Spencer - c:\\program files\\SAMSUNG\\USB Drivers\\06_Spencer\\Uninstall.exe
AddRemove-07_Schorl - c:\\program files\\SAMSUNG\\USB Drivers\\07_Schorl\\Uninstall.exe
AddRemove-08_EMPChipset - c:\\program files\\SAMSUNG\\USB Drivers\\08_EMPChipset\\Uninstall.exe
AddRemove-09_Hsp - c:\\program files\\SAMSUNG\\USB Drivers\\09_Hsp\\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\\program files\\SAMSUNG\\USB Drivers\\11_HSP_Plus_Default\\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\\program files\\SAMSUNG\\USB Drivers\\12_Symbian_USB_Download_Driver\\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\\program files\\SAMSUNG\\USB Drivers\\15_Symbian_Samsung_PC_DLC_Driver\\Uninstall.exe
AddRemove-16_Shrewsbury - c:\\program files\\SAMSUNG\\USB Drivers\\16_Shrewsbury\\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\\program files\\SAMSUNG\\USB Drivers\\17_EMP_Chipset2\\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\\program files\\SAMSUNG\\USB Drivers\\18_Zinia_Serial_Driver\\Uninstall.exe
AddRemove-19_VIA_driver - c:\\program files\\SAMSUNG\\USB Drivers\\19_VIA_driver\\Uninstall.exe
AddRemove-20_NXP_Driver - c:\\program files\\SAMSUNG\\USB Drivers\\20_NXP_Driver\\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 21:10
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001
.
CreateFile("\\\\.\\PHYSICALDRIVE0"): Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\\system\\ControlSet001\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0000\\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\\system\\ControlSet001\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0001\\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2011-10-24 21:17:48
ComboFix-quarantined-files.txt 2011-10-24 19:17
.
Przed: 15 947 182 080 bajtów wolnych
Po: 18 072 018 944 bajtów wolnych
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - DE2E5A768213BD6FBE0F8F4364D7CDAC
AJO.pl
|
TRO MEDIA
Korzystanie z serwisu oznacza akceptację
regulaminu
.
Polityka prywatności
Regulamin
FAQ
Reklama
Współpraca
Kontakt