Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Prośba o sprawdzenie loga
22 Cze 2008, 16:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:47, on 2008-06-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1E71813-725C-49B8-9D00-1A8E834359B9}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5050 bytes
Scan saved at 16:08:47, on 2008-06-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1E71813-725C-49B8-9D00-1A8E834359B9}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5050 bytes
22 Cze 2008, 16:28
Log Ok
Czy sa jakieś problemy?
Czy sa jakieś problemy?
22 Cze 2008, 19:55
Dzięki za sprawdzenie loga. Mam problem z pendrivem. Gdy podepne go pod USB i klikne lewym przyciskiem to wyskakje komunikat o braku pliku Copy exe. Miałem już taki problem jakiś czas temu dałem loga na forum potem zrobiłem tak jak kazali mi na forum i było dobrze aż do dzisiaj. Dzięki za pomoc. Pozdrawiam
22 Cze 2008, 21:40
To jest mój log z Combofix
ComboFix 08-06-20.4 - artur 2008-06-22 21:30:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.86 [GMT 2:00]
Running from: C:\Documents and Settings\artur\Moje dokumenty\@neostrada.pl\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2008-06-22 16:08 . 2008-06-22 16:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Program Files\OpenAL
2008-06-11 21:26 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 21:26 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 11:35 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-08 11:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-08 11:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-08 11:35 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-06 15:46 . 2008-06-06 15:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab
2008-05-25 09:25 . 2008-05-25 09:25 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Sony Corporation
2008-05-25 09:24 . 2006-11-02 16:57 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2008-05-25 09:24 . 2006-10-18 19:43 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2008-05-25 09:24 . 2006-08-28 21:48 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-25 09:24 . 2006-08-28 21:48 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-25 09:22 . 2008-05-25 10:41 <DIR> d-------- C:\Program Files\Sony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 19:17 --------- d-----w C:\Program Files\neostrada tp
2008-06-22 19:16 --------- d-----w C:\Documents and Settings\artur\Dane aplikacji\Skype
2008-06-22 19:14 --------- d-----w C:\Documents and Settings\artur\Dane aplikacji\skypePM
2008-06-21 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 07:17 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-21 07:17 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-08 07:48 --------- d-----w C:\Documents and Settings\artur\Dane aplikacji\uTorrent
2008-06-02 13:10 --------- d-----w C:\Program Files\Winamp
2008-05-25 08:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-16 17:03 --------- d-----w C:\Documents and Settings\artur\Dane aplikacji\InterVideo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-01-28 21:03 1,280,201 ----a-w C:\Program Files\wrar371pl.exe
2008-01-16 16:30 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat
2007-12-26 17:50 1,531,671 ----a-w C:\Program Files\gg61(pobrane_z_megapliki).exe
2005-12-18 17:38 9,728 --sha-w C:\Program Files\Thumbs.db
.
((((((((((((((((((((((((((((( snapshot@2008-06-05_17.48.04,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 15:24:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 19:14:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 18:01:34 273,024 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-02-16 09:05:10 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:48 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:05:10 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:48 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 14:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 11:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
- 2008-02-16 09:05:11 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:50 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:05:10 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:48 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:05:10 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:48 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:05:11 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:50 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:05:11 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:50 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:05:11 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:50 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:05:11 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:50 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:05:11 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:51 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:05:11 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:51 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:05:11 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:51 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:35:14 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:55 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:05:13 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:56 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:05:13 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:56 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:05:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:56 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:05:14 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:56 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:44:30 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:16:26 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:05:15 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:03:57 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:05:15 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:03:58 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:05:15 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:03:58 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:05:15 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:03:59 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:05:11 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:50 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:05:11 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:50 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:05:11 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:50 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:05:11 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:51 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:05:11 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:51 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:05:11 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:51 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:35:14 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:55 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:05:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:56 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:05:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:56 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:05:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:56 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:05:14 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:56 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:05:15 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:03:57 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:05:15 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:03:58 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-03-06 03:28:35 16,096 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:05:15 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:03:58 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2006-11-15 09:38:22 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 14:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 10:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2006-09-28 14:04:02 68,888 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
- 2008-02-15 23:03:24 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:57 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:11 21803304]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-20 10:31 262401]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 11:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2006-09-13 14:22 3229184]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22357:TCP"= 22357:TCP:BitComet 22357 TCP
"22357:UDP"= 22357:UDP:BitComet 22357 UDP
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 14:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 15:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 20:08:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- E:\Gry\Nowy folder\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-24 21:08:37 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- E:\Gry\Nowy folder\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 21:33:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\artur\USTAWI~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Completion time: 2008-06-22 21:35:26
ComboFix-quarantined-files.txt 2008-06-22 19:35:21
ComboFix2.txt 2008-06-05 15:48:21
Pre-Run: 6,353,608,704 bajtów wolnych
Post-Run: 6,644,432,896 bajtów wolnych
217 --- E O F --- 2008-06-20 12:13:18
ComboFix 08-06-20.4 - artur 2008-06-22 21:30:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.86 [GMT 2:00]
Running from: C:\Documents and Settings\artur\Moje dokumenty\@neostrada.pl\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2008-06-22 16:08 . 2008-06-22 16:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Program Files\OpenAL
2008-06-11 21:26 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 21:26 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 11:35 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-08 11:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-08 11:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-08 11:35 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-06 15:46 . 2008-06-06 15:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab
2008-05-25 09:25 . 2008-05-25 09:25 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Sony Corporation
2008-05-25 09:24 . 2006-11-02 16:57 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2008-05-25 09:24 . 2006-10-18 19:43 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2008-05-25 09:24 . 2006-08-28 21:48 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-25 09:24 . 2006-08-28 21:48 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-25 09:22 . 2008-05-25 10:41 <DIR> d-------- C:\Program Files\Sony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 19:17 --------- d-----w C:\Program Files\neostrada tp
2008-06-22 19:16 --------- d-----w C:\Documents and Settings\artur\Dane aplikacji\Skype
2008-06-22 19:14 --------- d-----w C:\Documents and Settings\artur\Dane aplikacji\skypePM
2008-06-21 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 07:17 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-21 07:17 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-08 07:48 --------- d-----w C:\Documents and Settings\artur\Dane aplikacji\uTorrent
2008-06-02 13:10 --------- d-----w C:\Program Files\Winamp
2008-05-25 08:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-16 17:03 --------- d-----w C:\Documents and Settings\artur\Dane aplikacji\InterVideo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-01-28 21:03 1,280,201 ----a-w C:\Program Files\wrar371pl.exe
2008-01-16 16:30 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat
2007-12-26 17:50 1,531,671 ----a-w C:\Program Files\gg61(pobrane_z_megapliki).exe
2005-12-18 17:38 9,728 --sha-w C:\Program Files\Thumbs.db
.
((((((((((((((((((((((((((((( snapshot@2008-06-05_17.48.04,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 15:24:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 19:14:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 18:01:34 273,024 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-02-16 09:05:10 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:48 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:05:10 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:48 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 14:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 11:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
- 2008-02-16 09:05:11 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:50 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:05:10 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:48 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:05:10 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:48 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:05:11 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:50 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:05:11 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:50 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:05:11 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:50 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:05:11 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:50 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:05:11 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:51 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:05:11 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:51 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:05:11 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:51 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:35:14 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:55 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:05:13 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:56 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:05:13 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:56 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:05:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:56 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:05:14 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:56 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:44:30 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:16:26 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:05:15 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:03:57 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:05:15 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:03:58 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:05:15 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:03:58 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:05:15 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:03:59 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:05:11 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:50 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:05:11 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:50 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:05:11 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:50 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:05:11 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:51 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:05:11 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:51 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:05:11 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:51 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:35:14 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:55 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:05:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:56 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:05:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:56 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:05:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:56 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:05:14 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:56 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:05:15 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:03:57 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:05:15 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:03:58 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-03-06 03:28:35 16,096 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:05:15 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:03:58 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2006-11-15 09:38:22 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 14:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 10:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2006-09-28 14:04:02 68,888 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
- 2008-02-15 23:03:24 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:57 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:11 21803304]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-20 10:31 262401]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 11:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2006-09-13 14:22 3229184]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22357:TCP"= 22357:TCP:BitComet 22357 TCP
"22357:UDP"= 22357:UDP:BitComet 22357 UDP
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 14:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 15:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 20:08:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- E:\Gry\Nowy folder\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-24 21:08:37 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- E:\Gry\Nowy folder\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 21:33:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\artur\USTAWI~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Completion time: 2008-06-22 21:35:26
ComboFix-quarantined-files.txt 2008-06-22 19:35:21
ComboFix2.txt 2008-06-05 15:48:21
Pre-Run: 6,353,608,704 bajtów wolnych
Post-Run: 6,644,432,896 bajtów wolnych
217 --- E O F --- 2008-06-20 12:13:18
22 Cze 2008, 21:49
Log Ok
22 Cze 2008, 22:11
To co może być tego powodem? Pendrive jest dobry bo na innym kompie chodzi bez problemu.
22 Cze 2008, 22:16
Z tego co piszesz to unieruchamia ci to wirus prosze dla pewności wykonaj to:
Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
22 Cze 2008, 22:32
a co znaczy urchom przez IE
22 Cze 2008, 22:35
uruchom przez internet explorer
22 Cze 2008, 22:35
A musze oo instalować w kompie czy przeskanuje przez internet? Sprawdzałem przed chwilą Avira Antivir i nic nie wykryło.
22 Cze 2008, 23:17
Już jest dobrze.Najpierw w ruch poszedł scandisc potem defragmentacja i juz było dobrze ale dla pewności dobiłem go formatem.Dzięki za poświęcenie mi czasu. Pozdrawiam
23 Cze 2008, 01:24
Jeśli sprawdzałeś innym antywirusem to zapewne masz czysto 