a więc chciałbym prosić was o powiększenie mojej wiedzy o informacje o pliku , który znajduję się w folderze z US Knight OnLine
15_USATrapDump_WTYMMIEJSCUWPISANYJESTMOJLOGIN-0109_1957_47
komputer został przeskanowany arkanixem ,avastem oba skany odbyły się w dosie
potem combo fix
log z combo fixa
code][list]ComboFix 10-01-04.01 - pitoMama 2010-01-09 20:25:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2038.1322 [GMT 1:00]
Uruchomiony z: D:\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100109-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\docume~1\pitoMama\USTAWI~1\Temp\cvasds0.dll
c:\docume~1\pitoMama\USTAWI~1\Temp\cvasds1.dll
c:\documents and settings\pitoMama\Dane aplikacji\BITS
c:\documents and settings\pitoMama\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\pitoMama\Dane aplikacji\wiaserva.log
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\History\search
c:\windows\k_urlmon.dll
c:\windows\system32\_003640_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\KeenSense.sys
c:\windows\system32\drivers\ksdevice.sys
c:\windows\system32\ieuinit.inf
D:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_powermanager
-------\Service_AVPsys
-------\Service_glaide32
((((((((((((((((((((((((( Pliki utworzone od 2009-12-09 do 2010-01-09 )))))))))))))))))))))))))))))))
.
2010-01-07 07:44 . 2010-01-09 19:32 -------- d-----w- c:\program files\AutoConnect
2010-01-03 07:46 . 2010-01-03 07:46 122368 --sh--r- C:\h0.exe
2010-01-01 08:16 . 2010-01-01 08:15 109568 --sh--r- C:\anoataly.exe
2009-12-31 18:30 . 2007-08-14 07:12 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-12-31 18:09 . 2009-12-31 18:09 -------- d-----w- c:\documents and settings\pitoMama\RootkitRevealer
2009-12-31 12:14 . 1998-10-07 11:54 327168 ----a-w- c:\windows\IsUn0415.exe
2009-12-31 12:10 . 1997-09-15 14:02 136192 ------w- c:\windows\system32\QMixer.dll
2009-12-31 12:09 . 1998-01-23 11:22 304128 ----a-w- c:\windows\IsUninst.exe
2009-12-31 12:09 . 2009-12-31 12:09 -------- d-----w- c:\documents and settings\pitoMama\WINDOWS
2009-12-31 08:24 . 2009-12-31 08:24 -------- d-----w- C:\found.001
2009-12-29 10:12 . 2009-12-29 10:12 -------- d-----w- c:\program files\EA Games
2009-12-28 14:23 . 2009-12-28 14:23 -------- d-----w- c:\documents and settings\pitoMama\Dane aplikacji\AccurateRip
2009-12-28 14:23 . 2009-12-28 14:23 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-12-28 14:23 . 2009-12-28 14:22 5640880 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-12-24 12:23 . 2009-12-31 15:06 -------- d-----w- C:\Netgear
2009-12-18 13:39 . 2009-12-18 13:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2009-12-18 13:17 . 2009-12-18 13:17 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-12-13 14:57 . 2009-12-13 14:57 -------- d-----w- c:\program files\Ventrilo
2009-12-13 14:57 . 2009-12-13 14:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-13 12:25 . 2009-12-13 12:25 -------- d-----w- c:\program files\Sophos
2009-12-12 15:14 . 2009-12-12 14:33 483984 ----a-w- c:\windows\kocrasch gigzorekpk.no-ip.org 0 10.exe
2009-12-11 20:02 . 2009-12-11 20:02 -------- d-----w- c:\documents and settings\pitoMama\Dane aplikacji\MozillaControl
2009-12-11 20:02 . 2009-12-11 20:10 -------- d-----w- c:\documents and settings\pitoMama\Dane aplikacji\AgerWebEdytor
2009-12-11 20:02 . 2009-12-11 20:02 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.5
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 07:23 . 2009-07-19 13:22 -------- d-----w- c:\program files\FlashGet
2010-01-07 17:58 . 2009-08-02 13:51 -------- d-----w- c:\documents and settings\pitoMama\Dane aplikacji\Nowe Gadu-Gadu
2009-12-31 19:34 . 2009-06-14 08:51 -------- d-----w- c:\documents and settings\pitoMama\Dane aplikacji\MSN6
2009-12-31 09:20 . 2009-08-20 08:34 1386496 ----a-w- c:\windows\system32\msvbvm60.dll
2009-12-29 11:22 . 2009-06-12 19:08 13496 ----a-w- c:\documents and settings\pitoMama\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-29 10:11 . 2002-09-28 22:00 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-29 09:52 . 2009-06-12 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 13:18 . 2009-07-06 17:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-01 13:41 . 2009-06-15 18:47 -------- d-----w- c:\documents and settings\pitoMama\Dane aplikacji\Ventrilo
2009-11-24 23:54 . 2009-06-12 18:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-06-12 18:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-06-12 18:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-06-12 18:32 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-08-20 14:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-06-12 18:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-06-12 18:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-06-12 18:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-06-12 18:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-14 21:08 . 2009-11-14 21:07 -------- d-----w- c:\program files\Ventrilo 3.0.5
2009-10-25 06:14 . 2002-09-28 22:00 74230 ----a-w- c:\windows\system32\perfc015.dat
2009-10-25 06:14 . 2002-09-28 22:00 448004 ----a-w- c:\windows\system32\perfh015.dat
2009-10-16 08:40 . 2009-10-16 08:40 54272 ----a-w- c:\documents and settings\pitoMama\Dane aplikacji\GanymedeNet\Online Games\Common\ielauncher.exe
2009-10-16 08:40 . 2009-10-16 08:40 4 ----a-w- c:\windows\system32\proc625010911.bin
.
------- Sigcheck -------
[7] 2002-09-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
c:\windows\System32\drivers\beep.sys ... - brak elementu !!
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 11:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-02 310784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-01-23 126976]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-25 149280]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\pitoMama\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
smgr32.exe [2009-3-4 13824]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe [2004-11-29 569405]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-12 24576]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-06-12 114768]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-12-31 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-08-20 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S3 JFUOLOAVXK;JFUOLOAVXK;c:\docume~1\pitoMama\USTAWI~1\Temp\JFUOLOAVXK.exe --> c:\docume~1\pitoMama\USTAWI~1\Temp\JFUOLOAVXK.exe [?]
S3 JPNEFHGYW;JPNEFHGYW;c:\docume~1\pitoMama\USTAWI~1\Temp\JPNEFHGYW.exe --> c:\docume~1\pitoMama\USTAWI~1\Temp\JPNEFHGYW.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\52.tmp --> c:\windows\system32\52.tmp [?]
S3 SOACS;SOACS Driver;\??\c:\windows\system32\drivers\soacs.sys --> c:\windows\system32\drivers\soacs.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2009-08-01 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2009-08-01 85696]
S3
va276;XDva276;\??\c:\windows\System32\XDva276.sys --> c:\windows\System32\XDva276.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880d85-aad9-4558-abdc-2ab1552d831f}]
2007-12-05 10:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
2010-01-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-19 11:37]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gamedestek.com
mStart Page = hxxp://www.gamedestek.com
IE: &download all with flashget - c:\program files\FlashGet\jc_all.htm
IE: &download with flashget - c:\program files\FlashGet\jc_link.htm
IE: wyślij do interfejsu &bluetooth - c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\pitoMama\Dane aplikacji\Mozilla\Firefox\Profiles\6nqj676b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.shinysearch.com/myhome.php?style=ferrari<ext=pito00 migacz goodle
FF - plugin: c:\docume~1\pitoMama\DANEAP~1\POWERC~1\nppowerloader.dll
FF - plugin: c:\documents and settings\pitoMama\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.
- - - - USUNIĂËTO PUSTE WPISY - - - -
HKCU-Run-qservices - c:\windows\qservice.exe
HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe
AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - d:\program files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
AddRemove-Colin McRae Rally Demo - d:\codemast\CMRally\Uninst.isu
AddRemove-flashget - c:\program files\FlashGet\uninst.exe
AddRemove-incd!uninstallkey - c:\windows\NuNInst.exe
AddRemove-InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-legacy-empire knightonline - d:\ke\Uninstall-LEKO.exe
AddRemove-Microsoft .NET Framework 2.0 - c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
AddRemove-mozilla firefox (3.0.12) - c:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-nero - burning rom!uninstallkey - c:\program files\Nero\Nero 7\\nero\uninstall\UNNERO.exe
AddRemove-nerobackitup!uninstallkey - c:\windows\UNNeroBackItUp.exe
AddRemove-SubEdit-Player_is1 - c:\program files\SubEdit-Player\unins000.exe
AddRemove-windows media format runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-{3ee51bad-9916-49c7-90ba-3d500b031e0c}_is1 - d:\programy\Image Resizer\unins000.exe
AddRemove-Power Loader - c:\documents and settings\pitoMama\Ustawienia lokalne\Dane aplikacji\PowerChallenge\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 20:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\52.tmp"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(3252)
c:\program files\FlashGet\fgmgr.dll
c:\program files\Gadu-Gadu\ggwhook.dll
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\wdfmgr.exe
c:\documents and settings\pitoMama\Menu Start\Programy\Autostart\smgr32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe
.
**************************************************************************
.
Czas ukończenia: 2010-01-09 20:37:07 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-01-09 19:37
Przed: 1ĂÂ 168ĂÂ 494ĂÂ 592 bajtów wolnych
Po: 2ĂÂ 141ĂÂ 822ĂÂ 976 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 7B9F63DD2711E0FD2FCFB4014645DAD8[/list]
[/code]
