Profilaktyczny log z HJT :]

INSTALKI.pl - programy, gry, sterowniki

Logi, zabezpieczenie komputera, danych. Programy antywirusowe antyspyware, firewall itp.

Regulamin forum

1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wyślij odpowiedź
 
adamsio
  • adamsio
  • Posty: 654
  • Dołączenie: 31 Paź 2007, 21:59
  • Miejscowość: Gdańsk

Profilaktyczny log z HJT :]

28 Kwi 2008, 17:16

Już dawno nie miałem wirusa...aż dziwnie, dlatego Daje loga, Postaram sie dać z Combo też ale wątpię że sie uda...

Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15, on 2008-04-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\BearShare Applications\BearShare\BearShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.tcz.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O14 - IERESET.INF: START_PAGE_URL=www.onet.pl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 5803 bytes
 
huber2t
  • huber2t
  • Posty: 2798
  • Dołączenie: 21 Mar 2008, 10:07

28 Kwi 2008, 17:18

fix w HijackThis
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

Poza tym zbednikiem jest czysto od syfu
 
adamsio
  • adamsio
  • Posty: 654
  • Dołączenie: 31 Paź 2007, 21:59
  • Miejscowość: Gdańsk

28 Kwi 2008, 17:42

Ściągnąłem nowego Combo i sie loga dało zrobić:

Kod:
ComboFix 08-04-27.3 - Kamil 2008-04-28 17:28:17.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.682 [GMT 2:00]
Running from: D:\Downloads\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-28  )))))))))))))))))))))))))))))))
.

2008-04-25 17:12 . 2008-04-25 17:12   <DIR>   d--------   C:\Program Files\Activision
2008-04-24 19:25 . 2008-04-24 19:25   <DIR>   d--------   C:\Program Files\Kolekcja Klasyki
2008-04-22 19:03 . 2008-04-22 19:03   <DIR>   d--------   C:\WINDOWS\wb
2008-04-22 19:03 . 1996-08-16 13:44   87,552   -ra------   C:\WINDOWS\system\url.dll
2008-04-22 19:03 . 1996-09-30 12:32   9,728   -ra------   C:\WINDOWS\system\rnaph.dll
2008-04-22 19:00 . 2008-04-22 19:00   <DIR>   d--------   C:\WINDOWS\Start Menu
2008-04-22 19:00 . 1998-12-07 16:20   1,020,416   --a------   C:\WINDOWS\system32\WebPro32.ocx
2008-04-22 19:00 . 1999-01-22 17:08   34,665   --a------   C:\WINDOWS\system32\ripx.vxd
2008-04-22 18:59 . 2008-04-22 18:59   <DIR>   d--------   C:\Documents and Settings\Kamil\WINDOWS
2008-04-22 18:59 . 1996-10-15 18:01   298,496   --a------   C:\WINDOWS\uninst.exe
2008-04-20 14:12 . 2008-04-20 14:12   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-04-20 14:12 . 2008-04-20 14:12   1,409   --a------   C:\WINDOWS\QTFont.for
2008-04-19 20:22 . 2008-04-19 20:22   <DIR>   d--------   C:\Program Files\MarBit
2008-04-16 13:19 . 2008-04-16 13:20   <DIR>   d--------   C:\Program Files\QuickTime
2008-04-16 13:19 . 2008-04-16 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-16 13:15 . 2008-04-16 13:15   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-04-16 13:15 . 2008-04-16 13:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-15 20:25 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-04-15 20:23 . 2008-04-17 19:20   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-15 13:30 . 2007-04-24 17:30   60,273   --a------   C:\WINDOWS\system32\pthreadGC2.dll
2008-04-13 16:39 . 2006-11-29 13:06   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2008-04-13 16:39 . 2006-09-28 16:05   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2008-04-13 16:39 . 2006-12-08 12:02   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2008-04-13 16:39 . 2006-09-28 16:05   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2008-04-13 16:34 . 2008-04-13 16:34   <DIR>   d--------   C:\Program Files\Empire Interactive
2008-04-12 08:38 . 2008-04-12 08:38   <DIR>   d--------   C:\Program Files\Rockstar Games
2008-04-09 14:04 . 2008-04-09 14:04   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-04-08 15:59 . 2008-04-28 17:16   <DIR>   d--------   C:\Program Files\DC++
2008-04-08 15:49 . 2008-04-24 18:02   <DIR>   d--------   C:\Downloads
2008-04-05 19:36 . 2008-04-05 19:36   319   --a------   C:\WINDOWS\game.ini
2008-03-28 23:37 . 2008-03-28 23:37   90,112   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37   57,344   --a------   C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:23   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-27 20:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Skype
2008-04-27 19:11   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\skypePM
2008-04-25 15:11   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-24 19:10   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.org2
2008-04-24 14:27   108,144   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-04-17 17:52   ---------   d-----w   C:\Program Files\OpenOffice.org 2.4
2008-04-17 17:52   ---------   d-----w   C:\Program Files\Java
2008-04-16 14:39   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\BearShare
2008-04-15 17:28   ---------   d-----w   C:\Program Files\Winamp
2008-04-15 11:30   ---------   d-----w   C:\Program Files\ffdshow
2008-04-14 16:33   ---------   d-----w   C:\Program Files\DAP
2008-04-09 11:55   ---------   d-----w   C:\Program Files\BearShare Applications
2008-03-28 17:41   7,680   ----a-w   C:\WINDOWS\system32\ff_vfw.dll
2008-03-28 14:37   ---------   d-----w   C:\Program Files\Valve
2008-03-27 19:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Winamp
2008-03-27 15:19   ---------   d-----w   C:\Program Files\BitComet
2008-03-27 15:13   2,560   ----a-w   C:\WINDOWS\system32\bitcometres.dll
2008-03-26 19:43   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.ux.pl2
2008-03-21 07:35   ---------   d-----w   C:\Program Files\SkanerOnline
2008-03-20 09:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Vso
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-13 20:26   ---------   d-----w   C:\Program Files\Piranha Bytes
2008-03-13 15:18   50,688   ----a-w   C:\WINDOWS\system32\wbhelp2.dll
2008-03-11 14:16   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-03-11 14:15   ---------   d-----w   C:\Program Files\Nero
2008-03-11 14:09   390   ----a-w   C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-08 20:06   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-03-08 15:39   ---------   d-----w   C:\Program Files\Sunbelt Software
2008-03-07 19:56   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\ESET
2008-03-07 19:55   ---------   d-----w   C:\Program Files\ESET
2008-03-07 19:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-05 14:37   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Styler
2008-03-04 17:21   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\gtk-2.0
2008-03-04 13:41   ---------   d-----w   C:\Program Files\Keyboard Driver
2008-03-04 13:41   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-03-03 20:13   ---------   d-----w   C:\Program Files\Trend Micro
2008-03-01 13:02   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
2008-01-01 21:01   47,360   ----a-w   C:\Documents and Settings\Kamil\Dane aplikacji\pcouffin.sys
2007-12-11 11:51   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 17:32:35 622592]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-14 18:32 3053056 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCD]
E:\Run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Keyboard Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7537:TCP"= 7537:TCP:BitComet 7537 TCP
"7537:UDP"= 7537:UDP:BitComet 7537 UDP
"9206:TCP"= 9206:TCP:BitComet 9206 TCP
"9206:UDP"= 9206:UDP:BitComet 9206 UDP
"22132:TCP"= 22132:TCP:BitComet 22132 TCP
"22132:UDP"= 22132:UDP:BitComet 22132 UDP
"18756:TCP"= 18756:TCP:BitComet 18756 TCP
"18756:UDP"= 18756:UDP:BitComet 18756 UDP
"8487:TCP"= 8487:TCP:BitComet 8487 TCP
"8487:UDP"= 8487:UDP:BitComet 8487 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP

R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 19:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 19:01]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 16:00]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S2 ip_fw;ipfw kernel-mode driver;C:\Program Files\MCS Studios\MCS Firewall 6\system\ip_fw.sys []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 09:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 10:41]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{606aaca0-0153-11dd-bac4-0019e06d72de}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 06:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-25 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-20 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-20 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\gFI82A1K.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 17:31:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 17:32:40
ComboFix-quarantined-files.txt  2008-04-28 15:32:35

Pre-Run: 16,707,997,696 bajtów wolnych
Post-Run: 18,232,242,176 bajtów wolnych

280   --- E O F ---   2008-04-09 11:38:59
 
pp3088
  • pp3088
  • Posty: 999
  • Dołączenie: 11 Sie 2006, 23:59
  • Miejscowość: Szczecin

28 Kwi 2008, 18:28

Start >>> Uruchom >>> regedit i w kluczu:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

skasować z prawo kliku odpowiedni podlkucz.

Poproszę o log kontrolny.
 
adamsio
  • adamsio
  • Posty: 654
  • Dołączenie: 31 Paź 2007, 21:59
  • Miejscowość: Gdańsk

28 Kwi 2008, 19:05

Mam usunąć cały folder MountPoints2 ????

I z czego log kontrolny?
 
pp3088
  • pp3088
  • Posty: 999
  • Dołączenie: 11 Sie 2006, 23:59
  • Miejscowość: Szczecin

28 Kwi 2008, 19:09

Tak można ciachnąć cały klucz. Potem odpowiednie wartości same się odrodzą. Log z Combofixa :)
 
adamsio
  • adamsio
  • Posty: 654
  • Dołączenie: 31 Paź 2007, 21:59
  • Miejscowość: Gdańsk

28 Kwi 2008, 19:32

Kod:
ComboFix 08-04-27.3 - Kamil 2008-04-28 19:22:31.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.676 [GMT 2:00]
Running from: D:\Downloads\Narzędzia Systemowe\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-28  )))))))))))))))))))))))))))))))
.

2008-04-25 17:12 . 2008-04-25 17:12   <DIR>   d--------   C:\Program Files\Activision
2008-04-24 19:25 . 2008-04-24 19:25   <DIR>   d--------   C:\Program Files\Kolekcja Klasyki
2008-04-22 19:03 . 2008-04-22 19:03   <DIR>   d--------   C:\WINDOWS\wb
2008-04-22 19:03 . 1996-08-16 13:44   87,552   -ra------   C:\WINDOWS\system\url.dll
2008-04-22 19:03 . 1996-09-30 12:32   9,728   -ra------   C:\WINDOWS\system\rnaph.dll
2008-04-22 19:00 . 2008-04-22 19:00   <DIR>   d--------   C:\WINDOWS\Start Menu
2008-04-22 19:00 . 1998-12-07 16:20   1,020,416   --a------   C:\WINDOWS\system32\WebPro32.ocx
2008-04-22 19:00 . 1999-01-22 17:08   34,665   --a------   C:\WINDOWS\system32\ripx.vxd
2008-04-22 18:59 . 2008-04-22 18:59   <DIR>   d--------   C:\Documents and Settings\Kamil\WINDOWS
2008-04-22 18:59 . 1996-10-15 18:01   298,496   --a------   C:\WINDOWS\uninst.exe
2008-04-20 14:12 . 2008-04-20 14:12   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-04-20 14:12 . 2008-04-20 14:12   1,409   --a------   C:\WINDOWS\QTFont.for
2008-04-19 20:22 . 2008-04-19 20:22   <DIR>   d--------   C:\Program Files\MarBit
2008-04-16 13:19 . 2008-04-16 13:20   <DIR>   d--------   C:\Program Files\QuickTime
2008-04-16 13:19 . 2008-04-16 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-16 13:15 . 2008-04-16 13:15   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-04-16 13:15 . 2008-04-16 13:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-15 20:25 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-04-15 20:23 . 2008-04-17 19:20   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-15 13:30 . 2007-04-24 17:30   60,273   --a------   C:\WINDOWS\system32\pthreadGC2.dll
2008-04-13 16:39 . 2006-11-29 13:06   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2008-04-13 16:39 . 2006-09-28 16:05   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2008-04-13 16:39 . 2006-12-08 12:02   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2008-04-13 16:39 . 2006-09-28 16:05   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2008-04-13 16:34 . 2008-04-13 16:34   <DIR>   d--------   C:\Program Files\Empire Interactive
2008-04-12 08:38 . 2008-04-12 08:38   <DIR>   d--------   C:\Program Files\Rockstar Games
2008-04-09 14:04 . 2008-04-09 14:04   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-04-08 15:59 . 2008-04-28 19:18   <DIR>   d--------   C:\Program Files\DC++
2008-04-08 15:49 . 2008-04-24 18:02   <DIR>   d--------   C:\Downloads
2008-04-05 19:36 . 2008-04-05 19:36   319   --a------   C:\WINDOWS\game.ini
2008-03-28 23:37 . 2008-03-28 23:37   90,112   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37   57,344   --a------   C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 15:23   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-27 20:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Skype
2008-04-27 19:11   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\skypePM
2008-04-25 15:11   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-24 19:10   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.org2
2008-04-24 14:27   108,144   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-04-17 17:52   ---------   d-----w   C:\Program Files\OpenOffice.org 2.4
2008-04-17 17:52   ---------   d-----w   C:\Program Files\Java
2008-04-16 14:39   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\BearShare
2008-04-15 17:28   ---------   d-----w   C:\Program Files\Winamp
2008-04-15 11:30   ---------   d-----w   C:\Program Files\ffdshow
2008-04-14 16:33   ---------   d-----w   C:\Program Files\DAP
2008-04-09 11:55   ---------   d-----w   C:\Program Files\BearShare Applications
2008-03-28 17:41   7,680   ----a-w   C:\WINDOWS\system32\ff_vfw.dll
2008-03-28 14:37   ---------   d-----w   C:\Program Files\Valve
2008-03-27 19:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Winamp
2008-03-27 15:19   ---------   d-----w   C:\Program Files\BitComet
2008-03-27 15:13   2,560   ----a-w   C:\WINDOWS\system32\bitcometres.dll
2008-03-26 19:43   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.ux.pl2
2008-03-21 07:35   ---------   d-----w   C:\Program Files\SkanerOnline
2008-03-20 09:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Vso
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-13 20:26   ---------   d-----w   C:\Program Files\Piranha Bytes
2008-03-13 15:18   50,688   ----a-w   C:\WINDOWS\system32\wbhelp2.dll
2008-03-11 14:16   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-03-11 14:15   ---------   d-----w   C:\Program Files\Nero
2008-03-11 14:09   390   ----a-w   C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-08 20:06   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-03-08 15:39   ---------   d-----w   C:\Program Files\Sunbelt Software
2008-03-07 19:56   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\ESET
2008-03-07 19:55   ---------   d-----w   C:\Program Files\ESET
2008-03-07 19:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-05 14:37   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Styler
2008-03-04 17:21   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\gtk-2.0
2008-03-04 13:41   ---------   d-----w   C:\Program Files\Keyboard Driver
2008-03-04 13:41   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-03-03 20:13   ---------   d-----w   C:\Program Files\Trend Micro
2008-03-01 13:02   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
2008-01-01 21:01   47,360   ----a-w   C:\Documents and Settings\Kamil\Dane aplikacji\pcouffin.sys
2007-12-11 11:51   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 17:32:35 622592]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-14 18:32 3053056 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCD]
E:\Run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Keyboard Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7537:TCP"= 7537:TCP:BitComet 7537 TCP
"7537:UDP"= 7537:UDP:BitComet 7537 UDP
"9206:TCP"= 9206:TCP:BitComet 9206 TCP
"9206:UDP"= 9206:UDP:BitComet 9206 UDP
"22132:TCP"= 22132:TCP:BitComet 22132 TCP
"22132:UDP"= 22132:UDP:BitComet 22132 UDP
"18756:TCP"= 18756:TCP:BitComet 18756 TCP
"18756:UDP"= 18756:UDP:BitComet 18756 UDP
"8487:TCP"= 8487:TCP:BitComet 8487 TCP
"8487:UDP"= 8487:UDP:BitComet 8487 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP

R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 19:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 19:01]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 16:00]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S2 ip_fw;ipfw kernel-mode driver;C:\Program Files\MCS Studios\MCS Firewall 6\system\ip_fw.sys []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 09:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 10:41]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 06:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-26 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-20 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-28 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-27 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-20 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\gFI82A1K.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 19:25:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 19:26:50
ComboFix-quarantined-files.txt  2008-04-28 17:26:46

Pre-Run: 18,242,392,064 bajtów wolnych
Post-Run: 18,230,149,120 bajtów wolnych

274   --- E O F ---   2008-04-09 11:38:59
Wyślij odpowiedź
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Strona główna