Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Infekcja
10 Maj 2008, 20:38
Mój komp jest zainfekowany. Na początku infekcji pojawił się niebieski ekran z informacją o infekcji. Co parę minut samoczynnie otwierały się strony internetowe google. Pojawiał się dymek windowsa z informacją o infekcji typu spyware. W tej chwili nie mogę nawet otwierać stron internetowych poprzez exprolera 7.0. Poczta też nie działa bo nie może połączyć się z serwerem. GG działa. Proszę o pomoc, poniżej zamieszczam Loga z Combofixa. Wykonałem skanowanie w systemie Vista 32bit. Proszę o rozwiązanie problemu.
Log:
ComboFix 08-05-09.1 - ELMARK - RT 2008-05-10 19:44:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.224 [GMT 2:00]
Running from: D:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\config.ini
C:\Windows\sxgnsvuxct.exe
C:\Windows\sxjecknqhu.exe
C:\Windows\sxnwhbvrzc.exe
C:\Windows\sxpgknrwva.exe
C:\Windows\sxpjbwvahn.exe
C:\Windows\zefckuxgdh.exe
C:\Windows\zegtpefban.exe
C:\Windows\zeqbhjcrau.exe
C:\Windows\zewpemnckv.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-10 19:39 . 2008-05-10 19:39 <DIR> d-------- C:\327882R2FWJFW
2008-05-09 21:38 . 2008-05-09 21:38 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-09 21:38 . 2008-05-09 21:38 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-09 21:37 . 2008-05-09 21:37 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\SUPERAntiSpyware.com
2008-05-09 21:37 . 2008-05-09 21:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-09 21:16 . 2008-05-09 21:17 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-09 21:16 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-09 21:16 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-09 21:16 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-09 21:16 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-09 20:05 . 2008-05-09 20:05 <DIR> d-------- C:\Program Files\Crawler
2008-05-09 20:04 . 2008-05-09 20:54 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\Spyware Terminator
2008-05-09 20:04 . 2008-05-09 20:53 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-05-09 20:04 . 2008-05-09 20:53 <DIR> d-------- C:\ProgramData\Spyware Terminator
2008-05-09 20:04 . 2008-05-09 20:06 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-09 20:04 . 2008-05-09 20:04 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-05-09 18:59 . 2008-05-09 19:00 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-09 18:59 . 2008-05-09 19:00 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-09 18:59 . 2008-05-09 18:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-09 18:58 . 2008-05-09 21:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 18:51 . 2008-05-09 18:51 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-09 16:51 . 2008-05-10 19:36 16,384 --------- C:\Windows\System32\Ikeext.etl
2008-05-07 21:28 . 2008-05-07 21:28 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-05-07 21:28 . 2008-05-07 21:28 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-05-07 16:05 . 2008-05-07 16:05 <DIR> d-------- C:\PerfLogs
2008-05-05 23:35 . 2008-05-05 23:35 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-05 23:35 . 2008-05-05 23:35 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-05 00:13 . 2008-05-05 00:13 <DIR> d-------- C:\Users\Ania\AppData\Roaming\vlc
2008-05-05 00:05 . 2008-05-05 00:05 <DIR> d-------- C:\Users\Ania\AppData\Roaming\Grisoft
2008-05-04 23:34 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-04 23:33 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-04 23:32 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-04 23:31 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-05-04 23:30 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-04 23:29 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-05-04 23:28 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-04 23:27 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-04 23:25 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-04 23:24 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-04 23:24 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-04 23:23 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-04 23:23 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-04 23:21 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-04 23:21 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-04 23:21 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-04 23:21 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-04 20:14 . 2008-05-04 20:14 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\Grisoft
2008-05-04 20:14 . 2008-05-04 20:14 <DIR> d-------- C:\Users\All Users\Grisoft
2008-05-04 20:14 . 2008-05-04 20:14 <DIR> d-------- C:\ProgramData\Grisoft
2008-05-04 20:14 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-04 13:28 . 2008-05-04 13:28 <DIR> d-------- C:\Users\Ania\AppData\Roaming\PC Tools
2008-05-04 01:53 . 2008-05-04 19:47 152,664,708 --a------ C:\Windows\MEMORY.DMP
2008-05-03 23:06 . 2008-05-03 23:10 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\BESTplayer
2008-05-03 22:48 . 2008-05-03 22:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-03 22:47 . 2008-05-03 22:47 <DIR> d-------- C:\Users\All Users\Google
2008-05-03 22:47 . 2008-05-03 22:47 <DIR> d-------- C:\Program Files\Real
2008-05-03 22:47 . 2008-05-03 22:47 <DIR> d-------- C:\Program Files\Google
2008-05-03 22:47 . 2008-05-03 22:47 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-03 15:32 . 2008-05-03 16:04 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-03 00:21 . 2008-05-09 21:16 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\PC Tools
2008-05-03 00:19 . 2008-05-10 19:41 <DIR> d-a------ C:\Users\All Users\TEMP
2008-05-03 00:19 . 2008-05-10 19:41 <DIR> d-a------ C:\ProgramData\TEMP
2008-05-03 00:18 . 2008-05-03 00:20 <DIR> d-------- C:\Users\All Users\PC Tools
2008-05-03 00:18 . 2008-05-03 00:20 <DIR> d-------- C:\ProgramData\PC Tools
2008-05-03 00:18 . 2008-05-03 00:21 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-05-03 00:18 . 2008-05-03 00:18 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-03 00:18 . 2007-12-06 15:51 28,568 --a------ C:\Windows\System32\drivers\AVHook.sys
2008-05-03 00:18 . 2007-12-06 15:51 21,912 --a------ C:\Windows\System32\drivers\AVRec.sys
2008-05-03 00:18 . 2008-02-12 10:44 21,904 --a------ C:\Windows\System32\drivers\AVFilter.sys
2008-05-03 00:16 . 2008-05-03 00:16 <DIR> d-------- C:\Program Files\SkanerOnline
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 17:41 --------- d-----w C:\Users\ELMARK - RT\AppData\Roaming\OpenOffice.org2
2008-05-07 20:19 --------- d-----w C:\Users\Ania\AppData\Roaming\OpenOffice.org2
2008-05-07 14:28 174 --sha-w C:\Program Files\desktop.ini
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Mail
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Journal
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Calendar
2008-05-07 14:10 --------- d-----w C:\Program Files\Windows Defender
2008-05-06 22:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-06 22:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-05 22:00 --------- d-----w C:\ProgramData\Symantec
2008-05-05 22:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 21:38 --------- d-----w C:\Program Files\Symantec
2008-05-04 14:13 --------- d-----w C:\Program Files\Lx_cats
2008-04-05 20:00 --------- d-----w C:\Program Files\Lexmark 1400 Series
2008-03-27 20:09 --------- d-----w C:\ProgramData\App4rTemp
2008-03-27 20:08 --------- d-----w C:\Users\ELMARK - RT\AppData\Roaming\Lexmark Imaging Studio
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 10:32 435768]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-03 22:47 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-04 15:26 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-04 15:26 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-04 15:26 133912]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 16:19 861744]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 13:25 1507328]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 13:05 571024]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" [ ]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 04:40 20480]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-03 22:47 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]
C:\Users\ELMARK - RT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{61B6F638-1712-4F71-8C14-33659F145E98}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{6B838D4A-E0F3-46D5-A13E-7EC2F5D35937}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{5AE4B139-77F3-4363-97C7-D79005A9120F}"= UDP:C:\Users\ELMARK - RT\AppData\Local\Temp\lxdj\wireless\POLISH\lxdjwpss.exe:
"{8E78737F-7E38-4F50-ABFF-4D86196D16C1}"= TCP:C:\Users\ELMARK - RT\AppData\Local\Temp\lxdj\wireless\POLISH\lxdjwpss.exe:
"{CF1A7B3F-DCBD-4397-A9B0-BF9FEFB5A4E5}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{CD7650B8-B02C-4FE6-BF9D-E95B2808F962}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{B6BCCFAC-9772-4844-98F2-9AF84A2CE2B1}"= UDP:C:\Windows\System32\lxdjcoms.exe:Lexmark Communications System
"{C31D22C9-6076-47C7-8225-77717ABE7A6A}"= TCP:C:\Windows\System32\lxdjcoms.exe:Lexmark Communications System
"{BB07EC83-7A20-4E58-A2E9-14E3FC0724FF}"= UDP:C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{76433FBD-F613-4C1B-B824-09910A9894D2}"= TCP:C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{0DDAD1A6-5150-45AE-B528-CCCEADFC68D6}"= UDP:C:\Program Files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{135499C0-0657-465B-9E23-7B9C7449B6CC}"= TCP:C:\Program Files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{8AE78CC4-5724-463F-8920-277B8A01DF26}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:
"{6BED8884-FC85-439F-827E-F5283280332B}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:
"{98D4ED0F-E86C-407B-8C7F-D2B1BB77B4AA}"= UDP:C:\Windows\System32\lxdjcoms.exe:Lexmark Communications System
"{393BBE67-91F4-4660-9044-880731792C05}"= TCP:C:\Windows\System32\lxdjcoms.exe:Lexmark Communications System
"{1B42DE10-5214-49CF-9376-EC20D6EF2B14}"= UDP:C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{A6AADBDD-D35E-458D-B931-A8DA2829B126}"= TCP:C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{9113180D-B6E7-4F46-9CCA-7C351197C8D6}"= UDP:C:\Program Files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{AEE30C0F-42AB-424F-B7EA-B209B9DE863F}"= TCP:C:\Program Files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{4DB56DA8-5E50-4642-8014-A9BE0429251B}"= UDP:C:\Windows\System32\lxdjcfg.exe:
"{C1A3815E-7C39-4E06-95DA-1C64A4FF0C34}"= TCP:C:\Windows\System32\lxdjcfg.exe:
"{0742C00C-4C7B-4CD8-98A1-33CCE01371E1}"= UDP:C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:
"{0A2F814B-C89B-431C-8BF5-029C81767EBF}"= TCP:C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:
"{9C3DD502-E679-42D0-8B85-B64B20CF7F07}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{FEDEB7FB-6DE0-4EBA-AE4A-A25563FD47B3}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{6714EC75-6169-4065-B8BE-69C39D92D454}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{009B99B7-6022-451E-A889-144E5522582C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{1936E4CC-9D70-4944-AF60-D75F8E01485F}"= UDP:C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:
"{E6F3DAB5-5E92-497B-99D5-90E61737C2DB}"= TCP:C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:
"TCP Query User{B1DBDAE2-AE8E-4C34-B61A-5ACEDCFEE65C}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{7F03117B-695D-44D6-BF37-F42029EBB952}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080423.002\IDSvix86.sys [2008-02-13 18:18]
R2 port_nt;port_nt;C:\Windows\system32\Drivers\port_nt.sys [2001-11-08 17:02]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-04-27 20:15]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 19:04]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 11:57]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
S2 Kmm4xNT;Kmm4xNT;C:\Windows\system32\drivers\Kmm4xNT.sys [2002-04-26 13:04]
S3 FileObjInfo;STFileDriver;C:\ProgramData\Spyware Terminator\FileObjInfo.sys [2008-05-09 20:04]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 16:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 16:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cccb4d9-c9e4-11dc-bf47-001a92fcf37d}]
\shell\AutoRun\command - D:\cdstart.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89ae4db4-c5eb-11dc-b5c7-001a92fcf37d}]
\shell\AutoRun\command - D:\setupSNK.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 17:39:33 C:\Windows\Tasks\User_Feed_Synchronization-{06C1F8A4-BCB0-494D-8C50-00F6425E10B0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 19:52:25
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d?4 9???X?@???@???@???@?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 19:55:20
ComboFix-quarantined-files.txt 2008-05-10 17:55:09
Pre-Run: 39,105,732,608 bajtów wolnych
Post-Run: 39,186,284,544 bajtów wolnych
251 --- E O F --- 2008-04-10 19:47:00
Log:
ComboFix 08-05-09.1 - ELMARK - RT 2008-05-10 19:44:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.224 [GMT 2:00]
Running from: D:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\config.ini
C:\Windows\sxgnsvuxct.exe
C:\Windows\sxjecknqhu.exe
C:\Windows\sxnwhbvrzc.exe
C:\Windows\sxpgknrwva.exe
C:\Windows\sxpjbwvahn.exe
C:\Windows\zefckuxgdh.exe
C:\Windows\zegtpefban.exe
C:\Windows\zeqbhjcrau.exe
C:\Windows\zewpemnckv.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-10 19:39 . 2008-05-10 19:39 <DIR> d-------- C:\327882R2FWJFW
2008-05-09 21:38 . 2008-05-09 21:38 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-09 21:38 . 2008-05-09 21:38 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-09 21:37 . 2008-05-09 21:37 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\SUPERAntiSpyware.com
2008-05-09 21:37 . 2008-05-09 21:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-09 21:16 . 2008-05-09 21:17 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-09 21:16 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-09 21:16 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-09 21:16 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-09 21:16 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-09 20:05 . 2008-05-09 20:05 <DIR> d-------- C:\Program Files\Crawler
2008-05-09 20:04 . 2008-05-09 20:54 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\Spyware Terminator
2008-05-09 20:04 . 2008-05-09 20:53 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-05-09 20:04 . 2008-05-09 20:53 <DIR> d-------- C:\ProgramData\Spyware Terminator
2008-05-09 20:04 . 2008-05-09 20:06 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-09 20:04 . 2008-05-09 20:04 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-05-09 18:59 . 2008-05-09 19:00 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-09 18:59 . 2008-05-09 19:00 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-09 18:59 . 2008-05-09 18:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-09 18:58 . 2008-05-09 21:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 18:51 . 2008-05-09 18:51 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-09 16:51 . 2008-05-10 19:36 16,384 --------- C:\Windows\System32\Ikeext.etl
2008-05-07 21:28 . 2008-05-07 21:28 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-05-07 21:28 . 2008-05-07 21:28 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-05-07 16:05 . 2008-05-07 16:05 <DIR> d-------- C:\PerfLogs
2008-05-05 23:35 . 2008-05-05 23:35 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-05 23:35 . 2008-05-05 23:35 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-05 00:13 . 2008-05-05 00:13 <DIR> d-------- C:\Users\Ania\AppData\Roaming\vlc
2008-05-05 00:05 . 2008-05-05 00:05 <DIR> d-------- C:\Users\Ania\AppData\Roaming\Grisoft
2008-05-04 23:34 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-04 23:33 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-04 23:32 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-04 23:31 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-05-04 23:30 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-04 23:29 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-05-04 23:28 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-04 23:27 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-04 23:25 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-04 23:24 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-04 23:24 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-04 23:23 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-04 23:23 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-04 23:21 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-04 23:21 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-04 23:21 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-04 23:21 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-04 20:14 . 2008-05-04 20:14 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\Grisoft
2008-05-04 20:14 . 2008-05-04 20:14 <DIR> d-------- C:\Users\All Users\Grisoft
2008-05-04 20:14 . 2008-05-04 20:14 <DIR> d-------- C:\ProgramData\Grisoft
2008-05-04 20:14 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-04 13:28 . 2008-05-04 13:28 <DIR> d-------- C:\Users\Ania\AppData\Roaming\PC Tools
2008-05-04 01:53 . 2008-05-04 19:47 152,664,708 --a------ C:\Windows\MEMORY.DMP
2008-05-03 23:06 . 2008-05-03 23:10 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\BESTplayer
2008-05-03 22:48 . 2008-05-03 22:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-03 22:47 . 2008-05-03 22:47 <DIR> d-------- C:\Users\All Users\Google
2008-05-03 22:47 . 2008-05-03 22:47 <DIR> d-------- C:\Program Files\Real
2008-05-03 22:47 . 2008-05-03 22:47 <DIR> d-------- C:\Program Files\Google
2008-05-03 22:47 . 2008-05-03 22:47 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-03 15:32 . 2008-05-03 16:04 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-03 00:21 . 2008-05-09 21:16 <DIR> d-------- C:\Users\ELMARK - RT\AppData\Roaming\PC Tools
2008-05-03 00:19 . 2008-05-10 19:41 <DIR> d-a------ C:\Users\All Users\TEMP
2008-05-03 00:19 . 2008-05-10 19:41 <DIR> d-a------ C:\ProgramData\TEMP
2008-05-03 00:18 . 2008-05-03 00:20 <DIR> d-------- C:\Users\All Users\PC Tools
2008-05-03 00:18 . 2008-05-03 00:20 <DIR> d-------- C:\ProgramData\PC Tools
2008-05-03 00:18 . 2008-05-03 00:21 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-05-03 00:18 . 2008-05-03 00:18 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-03 00:18 . 2007-12-06 15:51 28,568 --a------ C:\Windows\System32\drivers\AVHook.sys
2008-05-03 00:18 . 2007-12-06 15:51 21,912 --a------ C:\Windows\System32\drivers\AVRec.sys
2008-05-03 00:18 . 2008-02-12 10:44 21,904 --a------ C:\Windows\System32\drivers\AVFilter.sys
2008-05-03 00:16 . 2008-05-03 00:16 <DIR> d-------- C:\Program Files\SkanerOnline
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 17:41 --------- d-----w C:\Users\ELMARK - RT\AppData\Roaming\OpenOffice.org2
2008-05-07 20:19 --------- d-----w C:\Users\Ania\AppData\Roaming\OpenOffice.org2
2008-05-07 14:28 174 --sha-w C:\Program Files\desktop.ini
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Mail
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Journal
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-07 14:11 --------- d-----w C:\Program Files\Windows Calendar
2008-05-07 14:10 --------- d-----w C:\Program Files\Windows Defender
2008-05-06 22:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-06 22:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-05 22:00 --------- d-----w C:\ProgramData\Symantec
2008-05-05 22:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 21:38 --------- d-----w C:\Program Files\Symantec
2008-05-04 14:13 --------- d-----w C:\Program Files\Lx_cats
2008-04-05 20:00 --------- d-----w C:\Program Files\Lexmark 1400 Series
2008-03-27 20:09 --------- d-----w C:\ProgramData\App4rTemp
2008-03-27 20:08 --------- d-----w C:\Users\ELMARK - RT\AppData\Roaming\Lexmark Imaging Studio
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 10:32 435768]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-03 22:47 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-04 15:26 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-04 15:26 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-04 15:26 133912]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 16:19 861744]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 13:25 1507328]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 13:05 571024]
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" [ ]
"lxdjamon"="C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 04:40 20480]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-03 22:47 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]
C:\Users\ELMARK - RT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{61B6F638-1712-4F71-8C14-33659F145E98}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{6B838D4A-E0F3-46D5-A13E-7EC2F5D35937}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{5AE4B139-77F3-4363-97C7-D79005A9120F}"= UDP:C:\Users\ELMARK - RT\AppData\Local\Temp\lxdj\wireless\POLISH\lxdjwpss.exe:
"{8E78737F-7E38-4F50-ABFF-4D86196D16C1}"= TCP:C:\Users\ELMARK - RT\AppData\Local\Temp\lxdj\wireless\POLISH\lxdjwpss.exe:
"{CF1A7B3F-DCBD-4397-A9B0-BF9FEFB5A4E5}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{CD7650B8-B02C-4FE6-BF9D-E95B2808F962}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{B6BCCFAC-9772-4844-98F2-9AF84A2CE2B1}"= UDP:C:\Windows\System32\lxdjcoms.exe:Lexmark Communications System
"{C31D22C9-6076-47C7-8225-77717ABE7A6A}"= TCP:C:\Windows\System32\lxdjcoms.exe:Lexmark Communications System
"{BB07EC83-7A20-4E58-A2E9-14E3FC0724FF}"= UDP:C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{76433FBD-F613-4C1B-B824-09910A9894D2}"= TCP:C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{0DDAD1A6-5150-45AE-B528-CCCEADFC68D6}"= UDP:C:\Program Files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{135499C0-0657-465B-9E23-7B9C7449B6CC}"= TCP:C:\Program Files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{8AE78CC4-5724-463F-8920-277B8A01DF26}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:
"{6BED8884-FC85-439F-827E-F5283280332B}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:
"{98D4ED0F-E86C-407B-8C7F-D2B1BB77B4AA}"= UDP:C:\Windows\System32\lxdjcoms.exe:Lexmark Communications System
"{393BBE67-91F4-4660-9044-880731792C05}"= TCP:C:\Windows\System32\lxdjcoms.exe:Lexmark Communications System
"{1B42DE10-5214-49CF-9376-EC20D6EF2B14}"= UDP:C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{A6AADBDD-D35E-458D-B931-A8DA2829B126}"= TCP:C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{9113180D-B6E7-4F46-9CCA-7C351197C8D6}"= UDP:C:\Program Files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{AEE30C0F-42AB-424F-B7EA-B209B9DE863F}"= TCP:C:\Program Files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{4DB56DA8-5E50-4642-8014-A9BE0429251B}"= UDP:C:\Windows\System32\lxdjcfg.exe:
"{C1A3815E-7C39-4E06-95DA-1C64A4FF0C34}"= TCP:C:\Windows\System32\lxdjcfg.exe:
"{0742C00C-4C7B-4CD8-98A1-33CCE01371E1}"= UDP:C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:
"{0A2F814B-C89B-431C-8BF5-029C81767EBF}"= TCP:C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:
"{9C3DD502-E679-42D0-8B85-B64B20CF7F07}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{FEDEB7FB-6DE0-4EBA-AE4A-A25563FD47B3}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{6714EC75-6169-4065-B8BE-69C39D92D454}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{009B99B7-6022-451E-A889-144E5522582C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{1936E4CC-9D70-4944-AF60-D75F8E01485F}"= UDP:C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:
"{E6F3DAB5-5E92-497B-99D5-90E61737C2DB}"= TCP:C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:
"TCP Query User{B1DBDAE2-AE8E-4C34-B61A-5ACEDCFEE65C}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{7F03117B-695D-44D6-BF37-F42029EBB952}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080423.002\IDSvix86.sys [2008-02-13 18:18]
R2 port_nt;port_nt;C:\Windows\system32\Drivers\port_nt.sys [2001-11-08 17:02]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-04-27 20:15]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 19:04]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 11:57]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
S2 Kmm4xNT;Kmm4xNT;C:\Windows\system32\drivers\Kmm4xNT.sys [2002-04-26 13:04]
S3 FileObjInfo;STFileDriver;C:\ProgramData\Spyware Terminator\FileObjInfo.sys [2008-05-09 20:04]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 16:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 16:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cccb4d9-c9e4-11dc-bf47-001a92fcf37d}]
\shell\AutoRun\command - D:\cdstart.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89ae4db4-c5eb-11dc-b5c7-001a92fcf37d}]
\shell\AutoRun\command - D:\setupSNK.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 17:39:33 C:\Windows\Tasks\User_Feed_Synchronization-{06C1F8A4-BCB0-494D-8C50-00F6425E10B0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 19:52:25
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d?4 9???X?@???@???@???@?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 19:55:20
ComboFix-quarantined-files.txt 2008-05-10 17:55:09
Pre-Run: 39,105,732,608 bajtów wolnych
Post-Run: 39,186,284,544 bajtów wolnych
251 --- E O F --- 2008-04-10 19:47:00
10 Maj 2008, 20:56
otwórz notatnik i wklej
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu.
infekcja
10 Maj 2008, 21:16
Nie wiem gdzie znaleźć ten plik z cytat:
11 Maj 2008, 04:45
źle mnie zrozumiałeś ty go musisz stworzyc w notatniku