witam, mam problem z amvo…zeskanowałem ComboFix’em i SDFix’em i teraz nie wiem czy jest ok czy nie…moze ktos sprawdzic moj log z CF? tenk ju
ComboFix 08-10-31.02 - beastieboy 2008-11-01 19:48:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1519 [GMT 0:00]
Uruchomiony z: C:\Documents and Settings\beastieboy\Pulpit\1\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\beastieboy\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\phc185j0e7cn.bmp
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Pliki utworzone od 2008-10-01 do 2008-11-01 )))))))))))))))))))))))))))))))
.
2008-11-01 18:56 . 2008-11-01 19:06 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-11-01 18:56 . 2008-11-01 18:56 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-11-01 07:42 . 2008-11-01 07:42
2008-10-27 22:37 . 2008-10-27 22:37
2008-10-27 22:37 . 2008-10-27 22:37
2008-10-27 21:01 . 2008-10-27 21:01 47 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-27 13:17 . 2008-10-27 13:17
2008-10-24 09:32 . 2008-10-15 16:36 337,408 -----c— C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 09:26 . 2008-08-14 13:26 2,190,464 -----c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 09:26 . 2008-08-14 13:26 2,146,816 -----c— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 09:26 . 2008-08-14 13:26 2,067,328 -----c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 09:26 . 2008-08-14 13:26 2,025,472 -----c— C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 09:25 . 2008-09-15 15:27 1,846,656 -----c— C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 09:25 . 2008-09-08 10:41 333,824 -----c— C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 19:20 . 2008-10-14 19:20
2008-10-14 19:17 . 2008-10-14 19:17
2008-10-14 19:17 . 2008-10-14 19:17 729,088 --a------ C:\WINDOWS\iun6002.exe
2008-10-14 18:18 . 2008-10-14 18:18
2008-10-12 11:08 . 2008-10-12 11:09
2008-10-11 23:54 . 2008-10-30 23:04 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-10-11 23:54 . 2008-10-30 23:04 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-10-11 11:47 . 2008-10-21 10:51
2008-10-06 21:42 . 2008-07-02 16:24
2008-10-06 21:42 . 2008-07-02 16:24
2008-10-06 21:42 . 2008-07-02 15:30
2008-10-06 21:42 . 2008-07-02 16:24
2008-10-06 21:42 . 2008-07-02 16:24
2008-10-06 21:42 . 2008-07-02 16:24
2008-10-06 21:42 . 2008-07-02 16:24
2008-10-06 21:42 . 2008-10-06 21:42
2008-10-06 19:07 . 2008-10-06 19:07
2008-10-06 19:06 . 2004-04-22 13:10 192,512 --a------ C:\WINDOWS\system32\USBAudio.cpl
2008-10-06 19:06 . 2004-07-23 16:04 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl
2008-10-06 19:06 . 2004-06-29 15:40 45,698 --a------ C:\WINDOWS\system32\usbaudio.chm
2008-10-06 19:06 . 2003-04-01 18:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest
2008-10-06 19:05 . 2008-10-06 19:11
2008-10-06 19:05 . 2004-06-03 11:10 71,596 --------- C:\WINDOWS\system32\drivers\PFMODNT.SYS
2008-10-06 19:04 . 2008-04-13 23:15 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-10-06 09:48 . 2008-10-06 09:48
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 19:52 --------- d-----w C:\Program Files\WinClamAVShield
2008-11-01 19:35 --------- d-----w C:\Program Files\Crawler
2008-11-01 07:45 --------- d-----w C:\Program Files\Spyware Terminator
2008-11-01 07:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2008-11-01 07:28 --------- d-----w C:\Documents and Settings\beastieboy\Dane aplikacji\Spyware Terminator
2008-10-26 12:29 --------- d-----w C:\Documents and Settings\beastieboy\Dane aplikacji\Skype
2008-10-26 12:27 --------- d-----w C:\Program Files\Ahead
2008-10-26 09:09 --------- d-----w C:\Program Files\GoldWave
2008-10-08 10:25 106,496 ----a-w C:\WINDOWS\DUMP7f22.tmp
2008-10-06 19:11 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-06 18:52 106,496 ----a-w C:\WINDOWS\DUMP5f85.tmp
2008-10-04 10:27 --------- d-----w C:\Program Files\Gadu-Gadu
2008-09-23 09:17 106,496 ----a-w C:\WINDOWS\DUMP6fe0.tmp
2008-09-22 16:21 106,496 ----a-w C:\WINDOWS\DUMP7a12.tmp
2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-03 20:53 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-03 07:08 --------- d-----w C:\Documents and Settings\beastieboy\Dane aplikacji\Teleca
2008-09-03 07:04 --------- d-----w C:\Documents and Settings\beastieboy\Dane aplikacji\Sony Ericsson
2008-08-14 13:26 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-06 16:05 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SsAAD.exe”=“C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe” [2007-02-05 476728]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-07-17 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SpywareTerminator”=“C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe” [2008-09-09 1783808]
“CTSysVol”=“C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe” [2003-09-17 57344]
“High Definition Audio Property Page Shortcut”=“CHDAudPropShortcut.exe” [2006-07-26 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3fhg”= mp3fhg.acm
“msacm.divxa32”= divxa32.acm
“VIDC.JDCT”= jl_jdct.drv
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
–a------ 2008-04-14 20:51 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 C:\WINDOWS\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
–a------ 2008-04-14 20:51 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
–a------ 2006-01-19 07:43 73728 C:\WINDOWS\system32\nvhotkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SbUsb AudCtrl]
-ra------ 2004-07-09 02:27 119296 C:\WINDOWS\system32\sbusbdll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“TapiSrv”=3 (0x3)
“Spooler”=2 (0x2)
“seclogon”=2 (0x2)
“RDSessMgr”=3 (0x3)
“RasMan”=3 (0x3)
“RasAuto”=3 (0x3)
“PACSPTISVR”=3 (0x3)
“ose”=3 (0x3)
“MSCSPTISRV”=3 (0x3)
“IDriverT”=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-19 141312]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-11-01 25773]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 1643648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2ea871f2-48c5-11dd-87f2-001636e15ae5}]
\Shell\AutoRun\command - I:\b.com
\Shell\explore\Command - I:\b.com
\Shell\open\Command - I:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{985fa5ab-58b1-11dd-884a-001636e15ae5}]
\Shell\AutoRun\command - I:\b.com
\Shell\explore\Command - I:\b.com
\Shell\open\Command - I:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{dea806e7-a339-11dd-8945-001636e15ae5}]
\Shell\AutoRun\command - I:\je26200.com
\Shell\explore\Command - I:\je26200.com
\Shell\open\Command - I:\je26200.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{dea806e8-a339-11dd-8945-001636e15ae5}]
\Shell\AutoRun\command - J:\je26200.com
\Shell\explore\Command - J:\je26200.com
\Shell\open\Command - J:\je26200.com
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
MSConfigStartUp-amva - C:\WINDOWS\system32\amvo.exe
MSConfigStartUp-lphc185j0e7cn - C:\WINDOWS\system32\lphc185j0e7cn.exe
MSConfigStartUp-NvCplDaemon - C:\WINDOWS\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - C:\WINDOWS\system32\NvMcTray.dll
MSConfigStartUp-RestartNeroSetup - C:\DOCUME~1\BEASTI~1\USTAWI~1\Temp\NERO13889\Setupx.exe
MSConfigStartUp-SmartDefrag - C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-nwiz - nwiz.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\beastieboy\Dane aplikacji\Mozilla\Firefox\Profiles\f904sqqb.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 19:51:28
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************