Skocz do zawartości

  2. Przeglądanie profilu: Posty: stuntmaniak

stuntmaniak

Rejestracja: 24 lis 2007
OFFLINE Ostatnio: 14 06 2008 16:38
-----

Moje posty

W temacie: Logi - Po właczeniu antyvirus szaleje

13 06 2008 - 16:02

Zainstalowałem KIS-a 7.0 i po skanowaniu systemu oraz pendrivów i kart pamięci wykrył ok 30 zagrożen w tym trojany jakis Dropper, perlovga backdoory itd. Wklejam log z combofixa i prosze o dalsze rady.. dzieki ;)

ComboFix 08-06-11.7 - Adek 2008-06-13 15:50:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.262 [GMT 2:00]
Running from: C:\Documents and Settings\Adek\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0001AB91
C:\Program Files\myglobalsearch\bar\Cache\0002424A.bin
C:\Program Files\myglobalsearch\bar\Cache\000248C9.bin
C:\Program Files\myglobalsearch\bar\Cache\00024A95.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-13 15:19 . 2008-06-13 15:19 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-13 12:40 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-13 12:40 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-13 12:40 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-13 12:40 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-13 12:40 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-13 12:40 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-13 12:40 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-13 12:40 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-13 12:40 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-13 12:38 . 2008-06-13 12:40 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-06-12 20:15 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 20:15 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 15:35 . 2008-06-12 15:52 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-12 15:35 . 2008-06-12 15:52 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-12 15:34 . 2008-06-12 15:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-12 15:34 . 2008-06-13 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-12 15:34 . 2008-06-13 15:54 2,087,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-12 15:34 . 2008-06-13 12:43 32,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 15:34 . 2008-06-13 15:53 31,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-12 15:34 . 2008-06-13 12:43 4,448 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-12 15:33 . 2008-06-12 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-06-05 21:22 . 2008-06-05 21:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-23 22:04 . 2008-05-23 22:04 <DIR> d-------- C:\Program Files\Cheating-Death
2008-05-16 19:18 . 2006-05-13 03:40 1,211 -rahs---- C:\copy.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 10:55 --------- d-----w C:\Program Files\Kalendarz XP
2008-06-12 13:52 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-07 10:37 --------- d-----w C:\Program Files\FlashGet
2008-05-16 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-06-09 04:07 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-03-06 16:43 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-03-06 16:51 312240]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 14:47 7311360]
"nwiz"="nwiz.exe" [2005-11-11 14:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 14:47 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LXDICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDItime.dll" [2007-02-26 15:44 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\Adek\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
22M WLAN Adapter.lnk - C:\Program Files\22M WLAN Adapter\WLANMON.exe [2007-11-27 17:46:37 262144]
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-12-03 18:57:02 303104]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-12-20 23:19:28 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"vidc.yv12"= yv12vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"D:\\Gry\\CS\\hl.exe"=
"D:\\Gry\\CS\\hlds.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17254:TCP"= 17254:TCP:BitComet 17254 TCP
"17254:UDP"= 17254:UDP:BitComet 17254 UDP

R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-03-06 16:45]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 TIACXLN;22M WLAN Adapter;C:\WINDOWS\system32\DRIVERS\tiacxln.sys [2003-03-06 11:52]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 15:53:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDICATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 15:55:34
ComboFix-quarantined-files.txt 2008-06-13 13:55:30

Pre-Run: 1,182,162,944 bajtów wolnych
Post-Run: 1,270,206,464 bajtów wolnych

148 --- E O F --- 2008-06-13 10:42:52

  1. Forum Komputerowe Tweaks.pl
  2. Przeglądanie profilu: Posty: stuntmaniak
  3. Polityka prywatności
  4. Szukaj
  5. Regulamin Forum ·