ComboFix 13-01-17.04 - Wilu 2013-01-24 16:21:58.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1107 [GMT 1:00] Uruchomiony z: d:\documents and settings\Wilu\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\documents and settings\Wilu\Ustawienia lokalne\Dane aplikacji\assembly\tmp d:\windows\msmqinst.log E:\install.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-12-24 do 2013-01-24 ))))))))))))))))))))))))))))))) . . 2013-01-23 20:41 . 2013-01-23 20:41 -------- d-----w- D:\ok 2013-01-23 17:29 . 2013-01-23 17:29 -------- d-----w- D:\Genius . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2013-01-23 . 64FF4E77CF31132734C42C90B4839FBA . 1548288 . . [5.1.2600.2180] . . d:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:41 1232896 ----a-w- d:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:41 1232896 ----a-w- d:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:41 1232896 ----a-w- d:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2012-06-05 09:41 1232896 ----a-w- d:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="d:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "ioCentre"="d:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440] "SweetIM"="d:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032] "Sweetpacks Communicator"="d:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768] "SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192] "SMSERIAL"="d:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Opera\\opera.exe"= "d:\\WINDOWS\\system32\\msiexec.exe"= "d:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"= "e:\\Tererka\\TERA\\TERA-Launcher.exe"= "e:\\Cs\\Counter Strike 1.6\\hl.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\WINDOWS\\system32\\dpvsetup.exe"= . R2 ITECIRService;ITE Remote Controler service;d:\program files\ITECIR\RemoteControlService.exe [2013-01-23 656896] R3 gHidPnp;USB Device Enhanced Function Driver;d:\windows\system32\drivers\gHidPnp.sys [2013-01-23 20480] R3 gMouUsb;USB Mouse Device Drv;d:\windows\system32\drivers\gMouUsb.sys [2013-01-23 11520] R3 NETwLx32; Sterownik karty Intel® Wireless WiFi Link 5000 Series dla systemu Windows XP 32 Bit;d:\windows\system32\drivers\NETwLx32.sys [2013-01-23 6609920] S2 GeniusMouseService;GeniusMouseService;d:\genius\ioCentre\GMouseService.exe [2013-01-23 12288] S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [2013-01-08 161536] S3 dump_wmimmc;dump_wmimmc;\??\e:\nowy folder\GameGuard\dump_wmimmc.sys --> e:\nowy folder\GameGuard\dump_wmimmc.sys [?] S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - PNKBSTRA . Zawartość folderu 'Zaplanowane zadania' . 2013-01-24 d:\windows\Tasks\Adobe Flash Player Updater.job - d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-23 19:10] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ TCP: DhcpNameServer = 87.99.33.20 87.99.33.159 . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-NCsoft Launcher - d:\program files\NCSoft\Launcher\NCLauncher.exe HKLM-Run-Driver Genius - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]GMER - Rootkit Detector and Remover[/url] Rootkit scan 2013-01-24 16:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="d:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(908) d:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2013-01-24 16:27:18 ComboFix-quarantined-files.txt 2013-01-24 15:27 . Przed: 98 080 276 480 bajtów wolnych Po: 98 142 900 224 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - A8FA341893845EE04372874F903BD5B2[uwaga=pawel315]
Temat ze złego działu przenoszę i wstawiam log w tag [code=auto:0]
[/uwaga]
Użytkownik pawel315 edytował ten post 24 01 2013 - 19:38