- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15, on 2008-04-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\BearShare Applications\BearShare\BearShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.tcz.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O14 - IERESET.INF: START_PAGE_URL=www.onet.pl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 5803 bytes
Profilaktyczny log z HJT :]
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
7 posty(ów)
• Strona 1 z 1
Profilaktyczny log z HJT :]
przez adamsio » 28 Kwi 2008, 17:16
UA:
Już dawno nie miałem wirusa...aż dziwnie, dlatego Daje loga, Postaram sie dać z Combo też ale wątpię że sie uda...
CPU: Intel Core 2 Duo E4500, 2.20GHz, 2Mb Cache + SilentiumPC Spartan HE923
RAM: GoodRAM GR800D264L5/2G
MDT Tech. Empaq 1GB
GPU: Sapphire ATI Radeon HD4670 1GB GDDR3 BULK Core:750@775MHz Mem:800@945MHz/+23,6%
MOBO: Gigabyte GA-945P-S3 (v3)
RAM: GoodRAM GR800D264L5/2G
MDT Tech. Empaq 1GB
GPU: Sapphire ATI Radeon HD4670 1GB GDDR3 BULK Core:750@775MHz Mem:800@945MHz/+23,6%
MOBO: Gigabyte GA-945P-S3 (v3)
przez huber2t » 28 Kwi 2008, 17:18
UA:
fix w HijackThis
Poza tym zbednikiem jest czysto od syfu
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
Poza tym zbednikiem jest czysto od syfu
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
przez adamsio » 28 Kwi 2008, 17:42
UA:
Ściągnąłem nowego Combo i sie loga dało zrobić:
- Kod: Zaznacz wszystko
ComboFix 08-04-27.3 - Kamil 2008-04-28 17:28:17.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.682 [GMT 2:00]
Running from: D:\Downloads\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-25 17:12 . 2008-04-25 17:12 <DIR> d-------- C:\Program Files\Activision
2008-04-24 19:25 . 2008-04-24 19:25 <DIR> d-------- C:\Program Files\Kolekcja Klasyki
2008-04-22 19:03 . 2008-04-22 19:03 <DIR> d-------- C:\WINDOWS\wb
2008-04-22 19:03 . 1996-08-16 13:44 87,552 -ra------ C:\WINDOWS\system\url.dll
2008-04-22 19:03 . 1996-09-30 12:32 9,728 -ra------ C:\WINDOWS\system\rnaph.dll
2008-04-22 19:00 . 2008-04-22 19:00 <DIR> d-------- C:\WINDOWS\Start Menu
2008-04-22 19:00 . 1998-12-07 16:20 1,020,416 --a------ C:\WINDOWS\system32\WebPro32.ocx
2008-04-22 19:00 . 1999-01-22 17:08 34,665 --a------ C:\WINDOWS\system32\ripx.vxd
2008-04-22 18:59 . 2008-04-22 18:59 <DIR> d-------- C:\Documents and Settings\Kamil\WINDOWS
2008-04-22 18:59 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-04-20 14:12 . 2008-04-20 14:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 14:12 . 2008-04-20 14:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 20:22 . 2008-04-19 20:22 <DIR> d-------- C:\Program Files\MarBit
2008-04-16 13:19 . 2008-04-16 13:20 <DIR> d-------- C:\Program Files\QuickTime
2008-04-16 13:19 . 2008-04-16 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-15 20:25 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-15 20:23 . 2008-04-17 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-15 13:30 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-13 16:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-13 16:39 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-04-13 16:39 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-04-13 16:39 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-04-13 16:34 . 2008-04-13 16:34 <DIR> d-------- C:\Program Files\Empire Interactive
2008-04-12 08:38 . 2008-04-12 08:38 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-09 14:04 . 2008-04-09 14:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-08 15:59 . 2008-04-28 17:16 <DIR> d-------- C:\Program Files\DC++
2008-04-08 15:49 . 2008-04-24 18:02 <DIR> d-------- C:\Downloads
2008-04-05 19:36 . 2008-04-05 19:36 319 --a------ C:\WINDOWS\game.ini
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:23 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-27 20:08 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Skype
2008-04-27 19:11 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\skypePM
2008-04-25 15:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 19:10 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.org2
2008-04-24 14:27 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-17 17:52 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-17 17:52 --------- d-----w C:\Program Files\Java
2008-04-16 14:39 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\BearShare
2008-04-15 17:28 --------- d-----w C:\Program Files\Winamp
2008-04-15 11:30 --------- d-----w C:\Program Files\ffdshow
2008-04-14 16:33 --------- d-----w C:\Program Files\DAP
2008-04-09 11:55 --------- d-----w C:\Program Files\BearShare Applications
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-28 14:37 --------- d-----w C:\Program Files\Valve
2008-03-27 19:08 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Winamp
2008-03-27 15:19 --------- d-----w C:\Program Files\BitComet
2008-03-27 15:13 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-03-26 19:43 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.ux.pl2
2008-03-21 07:35 --------- d-----w C:\Program Files\SkanerOnline
2008-03-20 09:08 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Vso
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 20:26 --------- d-----w C:\Program Files\Piranha Bytes
2008-03-13 15:18 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-03-11 14:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-11 14:15 --------- d-----w C:\Program Files\Nero
2008-03-11 14:09 390 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-08 20:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-03-08 15:39 --------- d-----w C:\Program Files\Sunbelt Software
2008-03-07 19:56 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\ESET
2008-03-07 19:55 --------- d-----w C:\Program Files\ESET
2008-03-07 19:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-05 14:37 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Styler
2008-03-04 17:21 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\gtk-2.0
2008-03-04 13:41 --------- d-----w C:\Program Files\Keyboard Driver
2008-03-04 13:41 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-03 20:13 --------- d-----w C:\Program Files\Trend Micro
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-01 21:01 47,360 ----a-w C:\Documents and Settings\Kamil\Dane aplikacji\pcouffin.sys
2007-12-11 11:51 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [ ]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 17:32:35 622592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-14 18:32 3053056 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCD]
E:\Run.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Keyboard Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7537:TCP"= 7537:TCP:BitComet 7537 TCP
"7537:UDP"= 7537:UDP:BitComet 7537 UDP
"9206:TCP"= 9206:TCP:BitComet 9206 TCP
"9206:UDP"= 9206:UDP:BitComet 9206 UDP
"22132:TCP"= 22132:TCP:BitComet 22132 TCP
"22132:UDP"= 22132:UDP:BitComet 22132 UDP
"18756:TCP"= 18756:TCP:BitComet 18756 TCP
"18756:UDP"= 18756:UDP:BitComet 18756 UDP
"8487:TCP"= 8487:TCP:BitComet 8487 TCP
"8487:UDP"= 8487:UDP:BitComet 8487 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP
R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 19:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 19:01]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 16:00]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S2 ip_fw;ipfw kernel-mode driver;C:\Program Files\MCS Studios\MCS Firewall 6\system\ip_fw.sys []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 09:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 10:41]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{606aaca0-0153-11dd-bac4-0019e06d72de}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 06:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-25 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-20 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-20 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\gFI82A1K.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 17:31:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-28 17:32:40
ComboFix-quarantined-files.txt 2008-04-28 15:32:35
Pre-Run: 16,707,997,696 bajtów wolnych
Post-Run: 18,232,242,176 bajtów wolnych
280 --- E O F --- 2008-04-09 11:38:59
CPU: Intel Core 2 Duo E4500, 2.20GHz, 2Mb Cache + SilentiumPC Spartan HE923
RAM: GoodRAM GR800D264L5/2G
MDT Tech. Empaq 1GB
GPU: Sapphire ATI Radeon HD4670 1GB GDDR3 BULK Core:750@775MHz Mem:800@945MHz/+23,6%
MOBO: Gigabyte GA-945P-S3 (v3)
RAM: GoodRAM GR800D264L5/2G
MDT Tech. Empaq 1GB
GPU: Sapphire ATI Radeon HD4670 1GB GDDR3 BULK Core:750@775MHz Mem:800@945MHz/+23,6%
MOBO: Gigabyte GA-945P-S3 (v3)
przez pp3088 » 28 Kwi 2008, 18:28
UA:
Start >>> Uruchom >>> regedit i w kluczu:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
skasować z prawo kliku odpowiedni podlkucz.
Poproszę o log kontrolny.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
skasować z prawo kliku odpowiedni podlkucz.
Poproszę o log kontrolny.
-
pp3088 - Aktywny w piśmie
- Posty: 999
- Dołączenie: 11 Sie 2006, 23:59
- Miejscowość: Szczecin
przez adamsio » 28 Kwi 2008, 19:05
UA:
Mam usunąć cały folder MountPoints2 ????
I z czego log kontrolny?
I z czego log kontrolny?
CPU: Intel Core 2 Duo E4500, 2.20GHz, 2Mb Cache + SilentiumPC Spartan HE923
RAM: GoodRAM GR800D264L5/2G
MDT Tech. Empaq 1GB
GPU: Sapphire ATI Radeon HD4670 1GB GDDR3 BULK Core:750@775MHz Mem:800@945MHz/+23,6%
MOBO: Gigabyte GA-945P-S3 (v3)
RAM: GoodRAM GR800D264L5/2G
MDT Tech. Empaq 1GB
GPU: Sapphire ATI Radeon HD4670 1GB GDDR3 BULK Core:750@775MHz Mem:800@945MHz/+23,6%
MOBO: Gigabyte GA-945P-S3 (v3)
przez adamsio » 28 Kwi 2008, 19:32
UA:
- Kod: Zaznacz wszystko
ComboFix 08-04-27.3 - Kamil 2008-04-28 19:22:31.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.676 [GMT 2:00]
Running from: D:\Downloads\Narzędzia Systemowe\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-25 17:12 . 2008-04-25 17:12 <DIR> d-------- C:\Program Files\Activision
2008-04-24 19:25 . 2008-04-24 19:25 <DIR> d-------- C:\Program Files\Kolekcja Klasyki
2008-04-22 19:03 . 2008-04-22 19:03 <DIR> d-------- C:\WINDOWS\wb
2008-04-22 19:03 . 1996-08-16 13:44 87,552 -ra------ C:\WINDOWS\system\url.dll
2008-04-22 19:03 . 1996-09-30 12:32 9,728 -ra------ C:\WINDOWS\system\rnaph.dll
2008-04-22 19:00 . 2008-04-22 19:00 <DIR> d-------- C:\WINDOWS\Start Menu
2008-04-22 19:00 . 1998-12-07 16:20 1,020,416 --a------ C:\WINDOWS\system32\WebPro32.ocx
2008-04-22 19:00 . 1999-01-22 17:08 34,665 --a------ C:\WINDOWS\system32\ripx.vxd
2008-04-22 18:59 . 2008-04-22 18:59 <DIR> d-------- C:\Documents and Settings\Kamil\WINDOWS
2008-04-22 18:59 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-04-20 14:12 . 2008-04-20 14:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 14:12 . 2008-04-20 14:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 20:22 . 2008-04-19 20:22 <DIR> d-------- C:\Program Files\MarBit
2008-04-16 13:19 . 2008-04-16 13:20 <DIR> d-------- C:\Program Files\QuickTime
2008-04-16 13:19 . 2008-04-16 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-15 20:25 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-15 20:23 . 2008-04-17 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-15 13:30 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-13 16:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-13 16:39 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-04-13 16:39 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-04-13 16:39 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-04-13 16:34 . 2008-04-13 16:34 <DIR> d-------- C:\Program Files\Empire Interactive
2008-04-12 08:38 . 2008-04-12 08:38 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-09 14:04 . 2008-04-09 14:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-08 15:59 . 2008-04-28 19:18 <DIR> d-------- C:\Program Files\DC++
2008-04-08 15:49 . 2008-04-24 18:02 <DIR> d-------- C:\Downloads
2008-04-05 19:36 . 2008-04-05 19:36 319 --a------ C:\WINDOWS\game.ini
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:23 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-27 20:08 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Skype
2008-04-27 19:11 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\skypePM
2008-04-25 15:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 19:10 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.org2
2008-04-24 14:27 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-17 17:52 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-17 17:52 --------- d-----w C:\Program Files\Java
2008-04-16 14:39 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\BearShare
2008-04-15 17:28 --------- d-----w C:\Program Files\Winamp
2008-04-15 11:30 --------- d-----w C:\Program Files\ffdshow
2008-04-14 16:33 --------- d-----w C:\Program Files\DAP
2008-04-09 11:55 --------- d-----w C:\Program Files\BearShare Applications
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-28 14:37 --------- d-----w C:\Program Files\Valve
2008-03-27 19:08 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Winamp
2008-03-27 15:19 --------- d-----w C:\Program Files\BitComet
2008-03-27 15:13 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-03-26 19:43 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.ux.pl2
2008-03-21 07:35 --------- d-----w C:\Program Files\SkanerOnline
2008-03-20 09:08 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Vso
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 20:26 --------- d-----w C:\Program Files\Piranha Bytes
2008-03-13 15:18 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-03-11 14:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-11 14:15 --------- d-----w C:\Program Files\Nero
2008-03-11 14:09 390 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-08 20:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-03-08 15:39 --------- d-----w C:\Program Files\Sunbelt Software
2008-03-07 19:56 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\ESET
2008-03-07 19:55 --------- d-----w C:\Program Files\ESET
2008-03-07 19:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-05 14:37 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Styler
2008-03-04 17:21 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\gtk-2.0
2008-03-04 13:41 --------- d-----w C:\Program Files\Keyboard Driver
2008-03-04 13:41 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-03 20:13 --------- d-----w C:\Program Files\Trend Micro
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-01 21:01 47,360 ----a-w C:\Documents and Settings\Kamil\Dane aplikacji\pcouffin.sys
2007-12-11 11:51 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [ ]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 17:32:35 622592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-14 18:32 3053056 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCD]
E:\Run.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Keyboard Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7537:TCP"= 7537:TCP:BitComet 7537 TCP
"7537:UDP"= 7537:UDP:BitComet 7537 UDP
"9206:TCP"= 9206:TCP:BitComet 9206 TCP
"9206:UDP"= 9206:UDP:BitComet 9206 UDP
"22132:TCP"= 22132:TCP:BitComet 22132 TCP
"22132:UDP"= 22132:UDP:BitComet 22132 UDP
"18756:TCP"= 18756:TCP:BitComet 18756 TCP
"18756:UDP"= 18756:UDP:BitComet 18756 UDP
"8487:TCP"= 8487:TCP:BitComet 8487 TCP
"8487:UDP"= 8487:UDP:BitComet 8487 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP
R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 19:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 19:01]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 16:00]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S2 ip_fw;ipfw kernel-mode driver;C:\Program Files\MCS Studios\MCS Firewall 6\system\ip_fw.sys []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 09:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 10:41]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 06:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-20 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-20 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\gFI82A1K.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 19:25:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-28 19:26:50
ComboFix-quarantined-files.txt 2008-04-28 17:26:46
Pre-Run: 18,242,392,064 bajtów wolnych
Post-Run: 18,230,149,120 bajtów wolnych
274 --- E O F --- 2008-04-09 11:38:59
CPU: Intel Core 2 Duo E4500, 2.20GHz, 2Mb Cache + SilentiumPC Spartan HE923
RAM: GoodRAM GR800D264L5/2G
MDT Tech. Empaq 1GB
GPU: Sapphire ATI Radeon HD4670 1GB GDDR3 BULK Core:750@775MHz Mem:800@945MHz/+23,6%
MOBO: Gigabyte GA-945P-S3 (v3)
RAM: GoodRAM GR800D264L5/2G
MDT Tech. Empaq 1GB
GPU: Sapphire ATI Radeon HD4670 1GB GDDR3 BULK Core:750@775MHz Mem:800@945MHz/+23,6%
MOBO: Gigabyte GA-945P-S3 (v3)
7 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]