Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Proszę o ponowne sprawdzenie loga-powtarzejący się problem
06 Gru 2007, 17:50
ComboFix 07-12-02.6 - Dom 2007-12-06 16:35:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.527 [GMT 1:00]
Running from: C:\Documents and Settings\Dom\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\Bin52.sys
C:\WINDOWS\system32\drivers\PRHW63.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\ntio256.sys
C:\WINDOWS\system32\protector.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_PRHW63
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.
2007-12-06 16:36 . 2007-12-06 16:36 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-12-06 14:51 . 2007-12-06 14:51 20,992 --a------ C:\gfifrww.exe
2007-12-05 21:03 . 2007-12-05 21:03 29 --a------ C:\WINDOWS\system32\qsruawpd.tmp
2007-12-05 21:02 . 2007-12-05 21:02 46,592 --a------ C:\WINDOWS\system32\e404d.dll
2007-12-05 21:02 . 2007-12-06 14:51 2 --a------ C:\1282569011
2007-12-05 21:00 . 2007-12-06 14:51 57,856 --a------ C:\actgm.exe
2007-12-05 20:41 . 2001-08-18 06:24 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-12-05 20:41 . 2001-08-18 06:24 79,616 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-12-05 20:41 . 2001-08-17 22:00 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-12-05 20:41 . 2001-08-17 22:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-12-05 20:36 . 2007-12-05 20:36 <DIR> d-------- C:\Documents and Settings\Dom\WINDOWS
2007-12-05 20:35 . 2007-12-05 20:36 81,920 --a------ C:\WINDOWS\system32\hqghumea.dll
2007-12-05 20:22 . 2007-12-05 20:22 <DIR> d-------- C:\Program Files\Analog Devices
2007-12-05 20:22 . 2002-06-06 15:28 45,056 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-12-05 20:22 . 2002-04-17 15:05 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-12-05 20:22 . 2007-12-05 20:40 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-12-05 20:21 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-12-05 20:21 . 2007-12-05 20:47 3,473 --a------ C:\WINDOWS\Ascd_tmp.ini
2007-12-05 19:34 . 2007-12-05 21:09 458,752 --a------ C:\WINDOWS\system32\nope.dll
2007-12-05 19:32 . 2007-12-05 19:32 20,101 --a------ C:\WINDOWS\system32\ghhgjhj.exe
2007-12-05 19:26 . 2007-12-05 19:34 547,770 --a------ C:\WINDOWS\system32\ghhgj.exe
2007-12-05 19:22 . 2007-12-05 21:09 458,752 ---hs---- C:\WINDOWS\system32\Wseclayer.exe
2007-12-05 19:22 . 2007-12-06 16:33 0 --a------ C:\adware.exe
2007-12-05 19:21 . 2007-12-05 20:14 27 --a------ C:\WINDOWS\system32\kuki.bat
2007-12-05 19:19 . 2007-12-05 19:19 <DIR> d-------- C:\Documents and Settings\Dom\.java
2007-12-05 19:19 . 2007-12-05 19:21 547,770 --a------ C:\virnatoag.exe
2007-12-04 22:47 . 2007-12-04 22:47 <DIR> d-------- C:\Program Files\HP
2007-12-04 22:47 . 2007-12-04 22:48 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-04 22:47 . 2003-12-11 11:15 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll
2007-12-04 22:47 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-04 22:47 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-04 22:47 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-04 22:47 . 2007-12-04 22:46 84,914 --a------ C:\WINDOWS\hpdj3740.hi1
2007-12-04 22:47 . 2003-12-11 11:15 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-12-04 22:47 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-04 22:47 . 2007-12-04 22:46 9,062 --a------ C:\WINDOWS\hpdj3740.bu1
2007-12-04 22:44 . 2007-12-04 22:51 98,482 --a------ C:\WINDOWS\hpdj3740.his
2007-12-04 22:44 . 2007-12-04 22:51 10,276 --a------ C:\WINDOWS\hpdj3740.ini
2007-12-04 22:23 . 2007-12-04 22:23 0 --a------ C:\WINDOWS\system32\mpdemo.exe
2007-12-04 22:20 . 2007-12-04 22:20 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-04 22:03 . 2007-12-04 22:08 851,968 --a------ C:\WINDOWS\system32\Srb0ty.exe
2007-12-04 21:58 . 2007-12-04 21:58 <DIR> d---s---- C:\Documents and Settings\Dom\UserData
2007-12-04 20:57 . 2007-12-04 20:57 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Gadu-Gadu
2007-12-04 20:35 . 2007-12-05 21:13 <DIR> dr------- C:\Documents and Settings\Dom\Moje dokumenty
2007-12-04 20:15 . 2007-12-04 20:15 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-12-04 20:15 . 2007-12-04 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-12-04 20:15 . 2007-12-04 20:15 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-04 20:12 . 2007-12-04 20:12 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-12-04 20:12 . 2007-12-04 20:13 <DIR> d-------- C:\Documents and Settings\Dom\Gadu-Gadu
2007-12-04 20:10 . 2007-12-04 20:16 <DIR> d-------- C:\Program Files\Winamp
2007-12-04 20:10 . 2007-12-04 20:33 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Winamp
2007-12-04 20:08 . 2001-08-17 21:48 4,992 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-04 20:08 . 2001-08-17 21:48 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-12-04 20:06 . 2007-12-05 20:48 <DIR> d-------- C:\WUTemp
2007-12-04 20:02 . 2007-12-04 20:02 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Talkback
2007-12-04 19:59 . 2007-12-06 16:38 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-04 19:58 . 2007-12-06 15:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-04 19:58 . 2007-12-04 19:58 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\PC Tools
2007-12-04 19:58 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-04 19:58 . 2005-07-06 18:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-04 19:58 . 2005-07-06 18:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-12-04 19:58 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-04 19:58 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-04 19:58 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-04 19:58 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-04 19:37 . 2007-12-04 19:37 0 --a------ C:\WINDOWS\system32\scrcs.exe
2007-12-04 19:36 . 2007-12-04 19:37 <DIR> dr------- C:\Documents and Settings\Dom\Ulubione
2007-12-04 19:34 . 2007-12-04 20:12 <DIR> dr------- C:\Documents and Settings\Dom\Menu Start
2007-12-04 19:34 . 2007-12-04 19:34 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Microsoft Web Folders
2007-12-04 19:34 . 2007-12-04 22:24 <DIR> dr-h----- C:\Documents and Settings\Dom\Dane aplikacji
2007-12-04 19:33 . 2007-12-06 16:36 <DIR> d--h----- C:\Documents and Settings\Dom\Ustawienia lokalne
2007-12-04 19:33 . 2007-12-04 19:33 <DIR> d--h----- C:\Documents and Settings\Dom\Szablony
2007-12-04 19:33 . 2007-12-06 16:38 <DIR> d-------- C:\Documents and Settings\Dom\Pulpit
2007-12-04 18:58 . 2007-12-04 19:33 <DIR> d-------- C:\Documents and Settings\Dom(2)\Ustawienia lokalne(2)
2007-12-04 18:58 . 2007-12-04 19:02 <DIR> dr------- C:\Documents and Settings\Dom(2)\Ulubione
2007-12-04 18:58 . 2007-12-04 19:33 <DIR> d-------- C:\Documents and Settings\Dom(2)\Szablony(2)
2007-12-04 18:58 . 2007-12-04 19:02 <DIR> dr------- C:\Documents and Settings\Dom(2)\Moje dokumenty
2007-12-04 18:58 . 2007-12-04 19:33 <DIR> d-------- C:\Documents and Settings\Dom(2)\Dane aplikacji(2)
2007-12-04 18:45 . 2007-12-04 19:34 <DIR> d-------- C:\Documents and Settings\Administrator.DOM-8LTV3J0QPXP\Ustawienia lokalne
2007-12-04 18:45 . 2007-12-04 19:34 <DIR> d-------- C:\Documents and Settings\Administrator.DOM-8LTV3J0QPXP\Szablony
2007-12-04 18:45 . 2007-12-04 19:34 <DIR> d-------- C:\Documents and Settings\Administrator.DOM-8LTV3J0QPXP\Dane aplikacji
2007-12-04 17:50 . 2007-12-04 17:51 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-03 20:22 . 2007-12-04 19:34 <DIR> d-------- C:\Program Files\Bezpieczny Internet
2007-12-03 20:21 . 2007-12-03 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2007-12-03 20:09 . 2007-12-03 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\fssg
2007-12-03 20:00 . 2007-12-03 19:18 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2007-12-03 20:00 . 2007-12-03 19:11 194 ---hs---- C:\boot.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 18:34 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2007-12-03 18:49 --------- d-----w C:\Program Files\Neostrada TP
2007-12-03 18:45 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-03 18:44 548,864 ----a-w C:\WINDOWS\system32\Syst3m32.exe
2007-12-03 18:39 471,040 ----a-w C:\WINDOWS\system32\load.exe
2007-12-03 18:36 --------- d-----w C:\Program Files\Thomson
2007-12-03 18:36 --------- d-----w C:\Program Files\Java Web Start
2007-12-03 18:36 --------- d-----w C:\Program Files\Java
2007-12-03 18:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-03 18:21 --------- d-----w C:\Program Files\Netia
2007-12-03 18:13 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 18:29]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NETIANET"="C:\Program Files\Netia\Net\netianet.exe" [2007-12-01 18:08]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-13 02:28]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-13 02:28]
"WinDLL (Wseclayer.exe)"="C:\WINDOWS\System32\Wseclayer.exe" [2007-12-05 21:09]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 18:26]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2001-10-26 18:29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2001-10-26 18:29]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {171ba14b-e43e-46c4-9773-aed92b95fd57} - e404d.dll [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe"
R2 Windows Internet Connection Sharing;Windows Internet Connection Sharing Service;"C:\WINDOWS\system32\dllcache\msfav32.exe"
R3 PAC207;VideoCAM GE111;C:\WINDOWS\System32\DRIVERS\pfc027.sys
R4 flys.q8pilots.net;Windows Secure Update;"C:\WINDOWS\System32\load.exe" -netsvcs
R4 System.microsoft.com;MicroSoft Legal Syst3m32;"C:\WINDOWS\System32\Syst3m32.exe" -netsvcs
S2 FSIHS;F-Secure Installer restarter;"C:\DOCUME~1\Dom\USTAWI~1\Temp\Installer\00000001\bootstrap\fsihs.exe"
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 16:38:24
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-06 16:39:11 - machine was rebooted
.
--- E O F -
Proszę o pomoc znowu ten sam problem z zawirusowaniem i nic nie chce usunąć tego świństwa
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.527 [GMT 1:00]
Running from: C:\Documents and Settings\Dom\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\Bin52.sys
C:\WINDOWS\system32\drivers\PRHW63.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\ntio256.sys
C:\WINDOWS\system32\protector.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_PRHW63
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.
2007-12-06 16:36 . 2007-12-06 16:36 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-12-06 14:51 . 2007-12-06 14:51 20,992 --a------ C:\gfifrww.exe
2007-12-05 21:03 . 2007-12-05 21:03 29 --a------ C:\WINDOWS\system32\qsruawpd.tmp
2007-12-05 21:02 . 2007-12-05 21:02 46,592 --a------ C:\WINDOWS\system32\e404d.dll
2007-12-05 21:02 . 2007-12-06 14:51 2 --a------ C:\1282569011
2007-12-05 21:00 . 2007-12-06 14:51 57,856 --a------ C:\actgm.exe
2007-12-05 20:41 . 2001-08-18 06:24 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-12-05 20:41 . 2001-08-18 06:24 79,616 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-12-05 20:41 . 2001-08-17 22:00 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-12-05 20:41 . 2001-08-17 22:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-12-05 20:36 . 2007-12-05 20:36 <DIR> d-------- C:\Documents and Settings\Dom\WINDOWS
2007-12-05 20:35 . 2007-12-05 20:36 81,920 --a------ C:\WINDOWS\system32\hqghumea.dll
2007-12-05 20:22 . 2007-12-05 20:22 <DIR> d-------- C:\Program Files\Analog Devices
2007-12-05 20:22 . 2002-06-06 15:28 45,056 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-12-05 20:22 . 2002-04-17 15:05 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-12-05 20:22 . 2007-12-05 20:40 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-12-05 20:21 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-12-05 20:21 . 2007-12-05 20:47 3,473 --a------ C:\WINDOWS\Ascd_tmp.ini
2007-12-05 19:34 . 2007-12-05 21:09 458,752 --a------ C:\WINDOWS\system32\nope.dll
2007-12-05 19:32 . 2007-12-05 19:32 20,101 --a------ C:\WINDOWS\system32\ghhgjhj.exe
2007-12-05 19:26 . 2007-12-05 19:34 547,770 --a------ C:\WINDOWS\system32\ghhgj.exe
2007-12-05 19:22 . 2007-12-05 21:09 458,752 ---hs---- C:\WINDOWS\system32\Wseclayer.exe
2007-12-05 19:22 . 2007-12-06 16:33 0 --a------ C:\adware.exe
2007-12-05 19:21 . 2007-12-05 20:14 27 --a------ C:\WINDOWS\system32\kuki.bat
2007-12-05 19:19 . 2007-12-05 19:19 <DIR> d-------- C:\Documents and Settings\Dom\.java
2007-12-05 19:19 . 2007-12-05 19:21 547,770 --a------ C:\virnatoag.exe
2007-12-04 22:47 . 2007-12-04 22:47 <DIR> d-------- C:\Program Files\HP
2007-12-04 22:47 . 2007-12-04 22:48 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-04 22:47 . 2003-12-11 11:15 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll
2007-12-04 22:47 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-04 22:47 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-04 22:47 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-04 22:47 . 2007-12-04 22:46 84,914 --a------ C:\WINDOWS\hpdj3740.hi1
2007-12-04 22:47 . 2003-12-11 11:15 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-12-04 22:47 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-04 22:47 . 2007-12-04 22:46 9,062 --a------ C:\WINDOWS\hpdj3740.bu1
2007-12-04 22:44 . 2007-12-04 22:51 98,482 --a------ C:\WINDOWS\hpdj3740.his
2007-12-04 22:44 . 2007-12-04 22:51 10,276 --a------ C:\WINDOWS\hpdj3740.ini
2007-12-04 22:23 . 2007-12-04 22:23 0 --a------ C:\WINDOWS\system32\mpdemo.exe
2007-12-04 22:20 . 2007-12-04 22:20 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-04 22:03 . 2007-12-04 22:08 851,968 --a------ C:\WINDOWS\system32\Srb0ty.exe
2007-12-04 21:58 . 2007-12-04 21:58 <DIR> d---s---- C:\Documents and Settings\Dom\UserData
2007-12-04 20:57 . 2007-12-04 20:57 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Gadu-Gadu
2007-12-04 20:35 . 2007-12-05 21:13 <DIR> dr------- C:\Documents and Settings\Dom\Moje dokumenty
2007-12-04 20:15 . 2007-12-04 20:15 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-12-04 20:15 . 2007-12-04 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-12-04 20:15 . 2007-12-04 20:15 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-04 20:12 . 2007-12-04 20:12 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-12-04 20:12 . 2007-12-04 20:13 <DIR> d-------- C:\Documents and Settings\Dom\Gadu-Gadu
2007-12-04 20:10 . 2007-12-04 20:16 <DIR> d-------- C:\Program Files\Winamp
2007-12-04 20:10 . 2007-12-04 20:33 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Winamp
2007-12-04 20:08 . 2001-08-17 21:48 4,992 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-04 20:08 . 2001-08-17 21:48 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-12-04 20:06 . 2007-12-05 20:48 <DIR> d-------- C:\WUTemp
2007-12-04 20:02 . 2007-12-04 20:02 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Talkback
2007-12-04 19:59 . 2007-12-06 16:38 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-04 19:58 . 2007-12-06 15:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-04 19:58 . 2007-12-04 19:58 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\PC Tools
2007-12-04 19:58 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-04 19:58 . 2005-07-06 18:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-04 19:58 . 2005-07-06 18:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-12-04 19:58 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-04 19:58 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-04 19:58 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-04 19:58 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-04 19:37 . 2007-12-04 19:37 0 --a------ C:\WINDOWS\system32\scrcs.exe
2007-12-04 19:36 . 2007-12-04 19:37 <DIR> dr------- C:\Documents and Settings\Dom\Ulubione
2007-12-04 19:34 . 2007-12-04 20:12 <DIR> dr------- C:\Documents and Settings\Dom\Menu Start
2007-12-04 19:34 . 2007-12-04 19:34 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Microsoft Web Folders
2007-12-04 19:34 . 2007-12-04 22:24 <DIR> dr-h----- C:\Documents and Settings\Dom\Dane aplikacji
2007-12-04 19:33 . 2007-12-06 16:36 <DIR> d--h----- C:\Documents and Settings\Dom\Ustawienia lokalne
2007-12-04 19:33 . 2007-12-04 19:33 <DIR> d--h----- C:\Documents and Settings\Dom\Szablony
2007-12-04 19:33 . 2007-12-06 16:38 <DIR> d-------- C:\Documents and Settings\Dom\Pulpit
2007-12-04 18:58 . 2007-12-04 19:33 <DIR> d-------- C:\Documents and Settings\Dom(2)\Ustawienia lokalne(2)
2007-12-04 18:58 . 2007-12-04 19:02 <DIR> dr------- C:\Documents and Settings\Dom(2)\Ulubione
2007-12-04 18:58 . 2007-12-04 19:33 <DIR> d-------- C:\Documents and Settings\Dom(2)\Szablony(2)
2007-12-04 18:58 . 2007-12-04 19:02 <DIR> dr------- C:\Documents and Settings\Dom(2)\Moje dokumenty
2007-12-04 18:58 . 2007-12-04 19:33 <DIR> d-------- C:\Documents and Settings\Dom(2)\Dane aplikacji(2)
2007-12-04 18:45 . 2007-12-04 19:34 <DIR> d-------- C:\Documents and Settings\Administrator.DOM-8LTV3J0QPXP\Ustawienia lokalne
2007-12-04 18:45 . 2007-12-04 19:34 <DIR> d-------- C:\Documents and Settings\Administrator.DOM-8LTV3J0QPXP\Szablony
2007-12-04 18:45 . 2007-12-04 19:34 <DIR> d-------- C:\Documents and Settings\Administrator.DOM-8LTV3J0QPXP\Dane aplikacji
2007-12-04 17:50 . 2007-12-04 17:51 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-03 20:22 . 2007-12-04 19:34 <DIR> d-------- C:\Program Files\Bezpieczny Internet
2007-12-03 20:21 . 2007-12-03 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2007-12-03 20:09 . 2007-12-03 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\fssg
2007-12-03 20:00 . 2007-12-03 19:18 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2007-12-03 20:00 . 2007-12-03 19:11 194 ---hs---- C:\boot.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 18:34 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2007-12-03 18:49 --------- d-----w C:\Program Files\Neostrada TP
2007-12-03 18:45 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-03 18:44 548,864 ----a-w C:\WINDOWS\system32\Syst3m32.exe
2007-12-03 18:39 471,040 ----a-w C:\WINDOWS\system32\load.exe
2007-12-03 18:36 --------- d-----w C:\Program Files\Thomson
2007-12-03 18:36 --------- d-----w C:\Program Files\Java Web Start
2007-12-03 18:36 --------- d-----w C:\Program Files\Java
2007-12-03 18:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-03 18:21 --------- d-----w C:\Program Files\Netia
2007-12-03 18:13 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 18:29]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NETIANET"="C:\Program Files\Netia\Net\netianet.exe" [2007-12-01 18:08]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-13 02:28]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-13 02:28]
"WinDLL (Wseclayer.exe)"="C:\WINDOWS\System32\Wseclayer.exe" [2007-12-05 21:09]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 18:26]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2001-10-26 18:29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2001-10-26 18:29]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Secure Update"="load.exe" [2007-12-03 19:39 C:\WINDOWS\system32\load.exe]
"MicroSoft Legal Syst3m32"="Syst3m32.exe" [2007-12-03 19:44 C:\WINDOWS\system32\Syst3m32.exe]
"MicroSoft Legal Service"="Srb0ty.exe" [2007-12-04 22:08 C:\WINDOWS\system32\Srb0ty.exe]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {171ba14b-e43e-46c4-9773-aed92b95fd57} - e404d.dll [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe"
R2 Windows Internet Connection Sharing;Windows Internet Connection Sharing Service;"C:\WINDOWS\system32\dllcache\msfav32.exe"
R3 PAC207;VideoCAM GE111;C:\WINDOWS\System32\DRIVERS\pfc027.sys
R4 flys.q8pilots.net;Windows Secure Update;"C:\WINDOWS\System32\load.exe" -netsvcs
R4 System.microsoft.com;MicroSoft Legal Syst3m32;"C:\WINDOWS\System32\Syst3m32.exe" -netsvcs
S2 FSIHS;F-Secure Installer restarter;"C:\DOCUME~1\Dom\USTAWI~1\Temp\Installer\00000001\bootstrap\fsihs.exe"
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 16:38:24
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-06 16:39:11 - machine was rebooted
.
--- E O F -
Proszę o pomoc znowu ten sam problem z zawirusowaniem i nic nie chce usunąć tego świństwa
06 Gru 2007, 18:47
Weź przeskanuj jakimś antywirem, albo skanerem, bo tego się normalnie nie da czytac. Same wiry.
06 Gru 2007, 19:13
Skanowałem Nortonem i Spyware Doctor i nic nie daje, nie usuwa Trojan.Mailbot a chwile po skanowaniu znowu inne wirusy wchodzą,a zaczęło się to od czasu zmiany Neostrady na Netie=)
Ostatnio edytowany przez optimus9292, 04 Sty 2008, 17:05, edytowano w sumie 1 raz
