Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Problem z trojanem
12 Cze 2008, 16:13
Proszę o analizę loga, kompletnie się na tym nie znam:
ComboFix 08-06-10.5 - PAWEŁ 2008-06-12 16:04:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.504 [GMT 2:00]
Running from: C:\Documents and Settings\PAWEŁ\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.
2008-06-12 13:15 . 2008-06-12 13:16 120,213,735 --a------ C:\2008_06_02.part1
2008-06-12 13:14 . 2008-06-12 13:14 <DIR> d-------- C:\totalcmd
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-06-12 13:14 . 2008-06-12 13:17 541 --a------ C:\WINDOWS\wincmd.ini
2008-06-12 08:40 . 2008-06-12 08:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 16:53 . 2008-06-11 16:53 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Dane aplikacji\Leadertech
2008-06-09 22:32 . 2008-06-09 22:32 <DIR> d-------- C:\WINDOWS\Cache
2008-06-09 22:20 . 2008-06-12 13:23 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-09 22:20 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-09 22:20 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-09 22:20 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-09 22:20 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-09 22:19 . 2008-06-12 09:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-09 22:19 . 2008-06-09 22:19 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Dane aplikacji\PC Tools
2008-06-09 22:12 . 2008-06-09 22:12 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-09 21:57 . 2008-06-09 21:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-08 13:35 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-06-08 13:35 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-06-07 16:10 . 2008-06-07 16:10 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-07 16:10 . 2008-06-07 16:10 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Gadu-Gadu
2008-06-07 16:10 . 2008-06-07 16:10 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Gadu-Gadu
2008-06-06 19:23 . 2008-06-06 19:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-06 19:23 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-05 16:09 . 2008-06-11 16:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 16:09 . 2008-06-05 16:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 21:01 . 2008-06-01 21:01 <DIR> d-------- C:\Program Files\Real
2008-06-01 21:01 . 2008-06-01 21:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-01 21:01 . 2008-06-01 21:01 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-01 21:01 . 2008-06-01 21:01 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-28 21:49 . 2008-05-28 22:51 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 15:24 . 2008-06-08 14:11 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-27 15:22 . 2008-05-27 15:23 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\Program Files\Cartall
2008-05-26 20:04 . 2008-05-26 20:04 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-26 19:59 . 2008-05-26 19:59 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Dane aplikacji\DAEMON Tools
2008-05-26 19:59 . 2008-05-26 19:59 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-26 19:57 . 2008-05-26 19:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-26 19:57 . 2008-05-26 19:57 <DIR> d-------- C:\Program Files\Ahead
2008-05-26 19:57 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-26 19:57 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-26 19:57 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-26 19:57 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-26 19:57 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-26 19:57 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-05-26 19:57 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-26 19:57 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-05-26 19:20 . 2008-05-26 19:20 427 --a------ C:\WINDOWS\ODBC.INI
2008-05-26 19:18 . 2008-05-26 19:19 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-26 17:49 . 2008-05-26 17:49 30 --a------ C:\WINDOWS\TextSpy.ini
2008-05-26 17:40 . 2008-06-09 22:34 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-26 17:40 . 2008-06-01 20:49 46 --a------ C:\WINDOWS\adiras.ini
2008-05-26 13:02 . 2008-05-26 11:16 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 14:34 --------- d-----w C:\Program Files\Active Ports
2008-06-01 19:01 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-26 15:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 10:49 --------- d-----w C:\Documents and Settings\PAWEŁ\Dane aplikacji\MyPhoneExplorer
2008-05-26 10:42 --------- d-----w C:\Documents and Settings\PAWEŁ\Dane aplikacji\AdobeUM
2008-05-26 10:37 --------- d-----w C:\Program Files\QuickTime
2008-05-26 10:37 --------- d-----w C:\Documents and Settings\PAWEŁ\Dane aplikacji\Apple Computer
2008-05-26 10:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-26 10:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-05-26 10:22 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-05-26 10:21 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2008-05-26 10:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-05-26 10:20 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-26 10:09 --------- d-----w C:\Program Files\Intel
2008-05-26 10:09 --------- d-----w C:\Documents and Settings\PAWEŁ\Dane aplikacji\InstallShield
2008-05-26 10:07 --------- d-----w C:\Program Files\HP 1.3MP Webcam
2008-05-26 10:07 --------- d-----w C:\Program Files\DIFX
2008-05-26 10:03 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-26 10:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-26 09:58 --------- d-----w C:\Program Files\HPQ
2008-05-26 09:57 --------- d-----w C:\Program Files\WIDCOMM
2008-05-26 09:56 --------- d-----w C:\Program Files\Broadcom
2008-05-26 09:46 --------- d-----w C:\Program Files\NetWaiting
2008-05-26 09:44 --------- d-----w C:\Program Files\CONEXANT
2008-05-26 09:40 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-26 09:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 09:11 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]
"nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 14:58 458752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-26 12:37 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-01 21:01 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 13:33:22 581693]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73acc7d6-37e9-11dd-b766-001a6bbaad2a}]
\Shell\AutoRun\command - xyw9tmdj.com
\Shell\explore\Command - xyw9tmdj.com
\Shell\open\Command - xyw9tmdj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e66a33a5-2b47-11dd-b752-001a6bbaad2a}]
\Shell\AutoRun\command - xyw9tmdj.com
\Shell\explore\Command - xyw9tmdj.com
\Shell\open\Command - xyw9tmdj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5b0f39e-354e-11dd-b760-001a6bbaad2a}]
\Shell\AutoRun\command - I:\xyw9tmdj.com
\Shell\explore\Command - I:\xyw9tmdj.com
\Shell\open\Command - I:\xyw9tmdj.com
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 16:06:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
C:\Program Files\Gadu-Gadu\ggwhook.dll
C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
.
Completion time: 2008-06-12 16:06:54
ComboFix-quarantined-files.txt 2008-06-12 14:06:51
Pre-Run: 18,508,099,584 bajtów wolnych
Post-Run: 18,546,073,600 bajtów wolnych
163
ComboFix 08-06-10.5 - PAWEŁ 2008-06-12 16:04:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.504 [GMT 2:00]
Running from: C:\Documents and Settings\PAWEŁ\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.
2008-06-12 13:15 . 2008-06-12 13:16 120,213,735 --a------ C:\2008_06_02.part1
2008-06-12 13:14 . 2008-06-12 13:14 <DIR> d-------- C:\totalcmd
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-06-12 13:14 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-06-12 13:14 . 2008-06-12 13:17 541 --a------ C:\WINDOWS\wincmd.ini
2008-06-12 08:40 . 2008-06-12 08:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 16:53 . 2008-06-11 16:53 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Dane aplikacji\Leadertech
2008-06-09 22:32 . 2008-06-09 22:32 <DIR> d-------- C:\WINDOWS\Cache
2008-06-09 22:20 . 2008-06-12 13:23 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-09 22:20 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-09 22:20 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-09 22:20 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-09 22:20 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-09 22:19 . 2008-06-12 09:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-09 22:19 . 2008-06-09 22:19 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Dane aplikacji\PC Tools
2008-06-09 22:12 . 2008-06-09 22:12 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-09 21:57 . 2008-06-09 21:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-08 13:35 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-06-08 13:35 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-06-07 16:10 . 2008-06-07 16:10 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-07 16:10 . 2008-06-07 16:10 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Gadu-Gadu
2008-06-07 16:10 . 2008-06-07 16:10 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Gadu-Gadu
2008-06-06 19:23 . 2008-06-06 19:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-06 19:23 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-05 16:09 . 2008-06-11 16:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 16:09 . 2008-06-05 16:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 21:01 . 2008-06-01 21:01 <DIR> d-------- C:\Program Files\Real
2008-06-01 21:01 . 2008-06-01 21:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-01 21:01 . 2008-06-01 21:01 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-01 21:01 . 2008-06-01 21:01 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-28 21:49 . 2008-05-28 22:51 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 15:24 . 2008-06-08 14:11 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-27 15:22 . 2008-05-27 15:23 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-05-26 20:14 . 2008-05-26 20:14 <DIR> d-------- C:\Program Files\Cartall
2008-05-26 20:04 . 2008-05-26 20:04 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-26 19:59 . 2008-05-26 19:59 <DIR> d-------- C:\Documents and Settings\PAWEŁ\Dane aplikacji\DAEMON Tools
2008-05-26 19:59 . 2008-05-26 19:59 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-26 19:57 . 2008-05-26 19:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-26 19:57 . 2008-05-26 19:57 <DIR> d-------- C:\Program Files\Ahead
2008-05-26 19:57 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-26 19:57 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-26 19:57 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-26 19:57 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-26 19:57 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-26 19:57 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-05-26 19:57 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-26 19:57 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-05-26 19:20 . 2008-05-26 19:20 427 --a------ C:\WINDOWS\ODBC.INI
2008-05-26 19:18 . 2008-05-26 19:19 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-26 17:49 . 2008-05-26 17:49 30 --a------ C:\WINDOWS\TextSpy.ini
2008-05-26 17:40 . 2008-06-09 22:34 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-26 17:40 . 2008-06-01 20:49 46 --a------ C:\WINDOWS\adiras.ini
2008-05-26 13:02 . 2008-05-26 11:16 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 14:34 --------- d-----w C:\Program Files\Active Ports
2008-06-01 19:01 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-26 15:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 10:49 --------- d-----w C:\Documents and Settings\PAWEŁ\Dane aplikacji\MyPhoneExplorer
2008-05-26 10:42 --------- d-----w C:\Documents and Settings\PAWEŁ\Dane aplikacji\AdobeUM
2008-05-26 10:37 --------- d-----w C:\Program Files\QuickTime
2008-05-26 10:37 --------- d-----w C:\Documents and Settings\PAWEŁ\Dane aplikacji\Apple Computer
2008-05-26 10:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-26 10:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-05-26 10:22 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-05-26 10:21 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2008-05-26 10:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-05-26 10:20 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-26 10:09 --------- d-----w C:\Program Files\Intel
2008-05-26 10:09 --------- d-----w C:\Documents and Settings\PAWEŁ\Dane aplikacji\InstallShield
2008-05-26 10:07 --------- d-----w C:\Program Files\HP 1.3MP Webcam
2008-05-26 10:07 --------- d-----w C:\Program Files\DIFX
2008-05-26 10:03 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-26 10:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-26 09:58 --------- d-----w C:\Program Files\HPQ
2008-05-26 09:57 --------- d-----w C:\Program Files\WIDCOMM
2008-05-26 09:56 --------- d-----w C:\Program Files\Broadcom
2008-05-26 09:46 --------- d-----w C:\Program Files\NetWaiting
2008-05-26 09:44 --------- d-----w C:\Program Files\CONEXANT
2008-05-26 09:40 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-26 09:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-26 09:11 --------- d-----w C:\Program Files\Usługi online
.
- Kod:
<pre>
----a-w 325,204 2006-12-21 18:56:28 C:\SWSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]
"nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 14:58 458752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-26 12:37 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-01 21:01 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 13:33:22 581693]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73acc7d6-37e9-11dd-b766-001a6bbaad2a}]
\Shell\AutoRun\command - xyw9tmdj.com
\Shell\explore\Command - xyw9tmdj.com
\Shell\open\Command - xyw9tmdj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e66a33a5-2b47-11dd-b752-001a6bbaad2a}]
\Shell\AutoRun\command - xyw9tmdj.com
\Shell\explore\Command - xyw9tmdj.com
\Shell\open\Command - xyw9tmdj.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5b0f39e-354e-11dd-b760-001a6bbaad2a}]
\Shell\AutoRun\command - I:\xyw9tmdj.com
\Shell\explore\Command - I:\xyw9tmdj.com
\Shell\open\Command - I:\xyw9tmdj.com
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 16:06:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
C:\Program Files\Gadu-Gadu\ggwhook.dll
C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
.
Completion time: 2008-06-12 16:06:54
ComboFix-quarantined-files.txt 2008-06-12 14:06:51
Pre-Run: 18,508,099,584 bajtów wolnych
Post-Run: 18,546,073,600 bajtów wolnych
163
12 Cze 2008, 16:17
Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format
otwórz notatnik i wklej
Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Czy są jakieś problemy?
Perlovga Removal Tool
Flash Disinfector
lub format
otwórz notatnik i wklej
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg Uruchom ten plik, uruchom ponownie komputer
Czy są jakieś problemy?