Prosze o sprawdzenie loga

INSTALKI.pl - programy, gry, sterowniki

Logi, zabezpieczenie komputera, danych. Programy antywirusowe antyspyware, firewall itp.

Regulamin forum

1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wyślij odpowiedź
 
Lucaso
  • Lucaso
  • Posty: 2
  • Dołączenie: 08 Mar 2008, 15:54

Prosze o sprawdzenie loga

09 Mar 2008, 09:57

ComboFix 08-03-07.1 - Komp 2008-03-07 19:03:27.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.93 [GMT 1:00]
Running from: C:\Documents and Settings\Komp\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-06 16:56 . 2008-03-06 16:56 <DIR> d--hs---- C:\FOUND.007
2008-03-03 17:18 . 2008-03-03 17:18 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-01 13:00 . 2008-03-01 13:00 <DIR> d--hs---- C:\FOUND.006
2008-02-27 19:42 . 2008-02-27 19:42 <DIR> d--hs---- C:\FOUND.005
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d--hs---- C:\FOUND.004
2008-02-22 21:20 . 2008-02-22 21:20 <DIR> d--hs---- C:\FOUND.003
2008-02-20 19:57 . 2008-02-20 19:57 <DIR> d--hs---- C:\FOUND.002
2008-02-19 19:24 . 2008-02-19 19:24 <DIR> d-------- C:\Documents and Settings\Komp\Dane aplikacji\skypePM
2008-02-19 19:24 . 2008-02-19 19:24 32 --a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\ezsid.dat
2008-02-19 19:23 . 2008-02-19 19:23 <DIR> d-------- C:\Documents and Settings\Komp\Dane aplikacji\Skype
2008-02-19 19:19 . 2008-02-19 19:19 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-15 17:20 . 2008-02-15 17:20 <DIR> d---s---- C:\Documents and Settings\Komp\UserData
2008-02-13 19:49 . 2008-02-13 19:49 <DIR> d--hs---- C:\FOUND.001
2008-02-13 16:57 . 2008-02-13 16:57 <DIR> d-------- C:\Documents and Settings\Komp\Dane aplikacji\Apple Computer
2008-02-13 16:57 . 2008-03-02 17:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-13 16:57 . 2008-02-16 16:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-13 16:56 . 2008-02-13 16:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-13 16:38 . 2005-03-07 19:44 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-02-13 16:32 . 2008-02-13 16:32 <DIR> d-------- C:\Documents and Settings\Komp\Dane aplikacji\Panasonic
2008-02-13 16:30 . 2008-02-13 16:31 <DIR> d-------- C:\Program Files\Panasonic
2008-02-13 16:30 . 2008-02-13 16:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2008-02-08 18:43 . 2008-02-08 18:43 <DIR> d-------- C:\Program Files\Java
2008-02-08 18:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-08 18:40 . 2008-02-08 18:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-07 16:29 . 2008-02-07 16:29 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 10:21 3,241,984 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-06 10:21 1,968,640 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-27 19:20 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-27 19:20 1,846,272 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-27 19:15 2,681,344 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-27 19:15 1,846,272 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-25 12:50 1,696,768 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-25 12:50 1,487,872 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-22 20:10 17,408 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-22 20:10 1,613,824 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-22 20:03 757,760 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-22 20:03 1,613,824 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-19 18:16 516,608 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-19 18:15 1,513,472 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-19 16:41 2,888,704 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-19 16:41 1,510,912 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-12 15:10 2,629,120 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-12 15:10 1,064,960 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-09 10:58 654,336 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-09 10:58 3,062,784 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-05 15:47 70,656 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-05 15:47 2,196,480 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-05 14:41 --------- d-----w C:\Program Files\Zone Labs
2008-01-16 12:17 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-01-16 12:16 --------- d-----w C:\DOCUME~1\ALLUSE~1\DANEAP~1\MailFrontier
2008-01-13 16:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 17:01 --------- d-----w C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet
2007-12-24 18:02 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-07 17:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-16 13:17 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-01-16 13:17 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-16 13:17 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 06:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2002-09-07 06:07 4190208]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 14:54 188416]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08 20480]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-10-03 16:57:33 61440]
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
ZoneAlarm.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe [2008-02-05 15:42:25 623720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-19 11:34]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 19:04:30
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
 
kamuflasz
  • kamuflasz
  • Posty: 889
  • Dołączenie: 04 Mar 2005, 13:06
  • Miejscowość: Zielona Góra

09 Mar 2008, 11:57

Kod:
2008-03-01 13:00 . 2008-03-01 13:00 <DIR> d--hs---- C:\FOUND.006
2008-02-27 19:42 . 2008-02-27 19:42 <DIR> d--hs---- C:\FOUND.005
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d--hs---- C:\FOUND.004
2008-02-22 21:20 . 2008-02-22 21:20 <DIR> d--hs---- C:\FOUND.003
2008-02-20 19:57 . 2008-02-20 19:57 <DIR> d--hs---- C:\FOUND.002
2008-02-13 19:49 . 2008-02-13 19:49 <DIR> d--hs---- C:\FOUND.001


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

Ma się rozpocząć usuwanie. (i powstanie log).
Po restarcie usuń ręcznie folder C: \Qoobox.

Daj ten log, który powstanie w trakcie usuwania.
 
Lucaso
  • Lucaso
  • Posty: 2
  • Dołączenie: 08 Mar 2008, 15:54

09 Mar 2008, 13:06

Zrobiłem tak jak mówiłeś,o ile sie nie myle jest taki sam jak ten wczesniejszy.Oto i ten log:

ComboFix 08-03-07.1 - Komp 2008-03-09 12:03:43.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.84 [GMT 1:00]
Running from: C:\Documents and Settings\Komp\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Komp\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-06 16:56 . 2008-03-06 16:56 <DIR> d--hs---- C:\FOUND.007
2008-03-03 17:18 . 2008-03-03 17:18 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-01 13:00 . 2008-03-01 13:00 <DIR> d--hs---- C:\FOUND.006
2008-02-27 19:42 . 2008-02-27 19:42 <DIR> d--hs---- C:\FOUND.005
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d--hs---- C:\FOUND.004
2008-02-22 21:20 . 2008-02-22 21:20 <DIR> d--hs---- C:\FOUND.003
2008-02-20 19:57 . 2008-02-20 19:57 <DIR> d--hs---- C:\FOUND.002
2008-02-19 19:24 . 2008-02-19 19:24 <DIR> d-------- C:\Documents and Settings\Komp\Dane aplikacji\skypePM
2008-02-19 19:24 . 2008-02-19 19:24 32 --a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\ezsid.dat
2008-02-19 19:23 . 2008-02-19 19:23 <DIR> d-------- C:\Documents and Settings\Komp\Dane aplikacji\Skype
2008-02-19 19:19 . 2008-02-19 19:19 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-15 17:20 . 2008-02-15 17:20 <DIR> d---s---- C:\Documents and Settings\Komp\UserData
2008-02-13 19:49 . 2008-02-13 19:49 <DIR> d--hs---- C:\FOUND.001
2008-02-13 16:57 . 2008-02-13 16:57 <DIR> d-------- C:\Documents and Settings\Komp\Dane aplikacji\Apple Computer
2008-02-13 16:57 . 2008-03-02 17:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-13 16:57 . 2008-02-16 16:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-13 16:56 . 2008-02-13 16:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-13 16:38 . 2005-03-07 19:44 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-02-13 16:32 . 2008-02-13 16:32 <DIR> d-------- C:\Documents and Settings\Komp\Dane aplikacji\Panasonic
2008-02-13 16:30 . 2008-02-13 16:31 <DIR> d-------- C:\Program Files\Panasonic
2008-02-13 16:30 . 2008-02-13 16:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 10:21 3,241,984 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-06 10:21 1,968,640 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-27 19:20 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-27 19:20 1,846,272 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-27 19:15 2,681,344 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-27 19:15 1,846,272 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-25 12:50 1,696,768 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-25 12:50 1,487,872 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-22 20:10 17,408 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-22 20:10 1,613,824 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-22 20:03 757,760 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-22 20:03 1,613,824 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-19 18:16 516,608 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-19 18:15 1,513,472 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-19 16:41 2,888,704 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-19 16:41 1,510,912 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-12 15:10 2,629,120 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-12 15:10 1,064,960 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-09 10:58 654,336 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-09 10:58 3,062,784 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-08 17:43 --------- d-----w C:\Program Files\Java
2008-02-08 17:40 --------- d-----w C:\Program Files\Common Files\Java
2008-02-05 15:47 70,656 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-05 15:47 2,196,480 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-05 14:41 --------- d-----w C:\Program Files\Zone Labs
2008-01-16 12:17 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-01-16 12:16 --------- d-----w C:\DOCUME~1\ALLUSE~1\DANEAP~1\MailFrontier
2008-01-13 16:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 17:01 --------- d-----w C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet
2007-12-24 18:02 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-16 13:17 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-01-16 13:17 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-16 13:17 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 06:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2002-09-07 06:07 4190208]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 14:54 188416]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08 20480]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2007-10-03 16:57:33 61440]
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
ZoneAlarm.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe [2008-02-05 15:42:25 623720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Gadu-Gadu\\gg.exe"=

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-19 11:34]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 12:04:38
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-09 12:05:02
ComboFix-quarantined-files.txt 2008-03-09 11:05:00
ComboFix3.txt 2008-03-07 18:04:52
ComboFix2.txt 2008-03-09 10:59:40
.
2008-02-13 09:03:53 --- E O F ---
Wyślij odpowiedź
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Strona główna