AMVO i log z combofixa - prosze o sprawdzenie i in fo jak wyczyscic pendrive z tego ustrojstwa?
ComboFix 08-03-18.1 - etysiek 2008-03-20 10:43:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.201 [GMT 1:00]
Running from: C:\Documents and Settings\etysiek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IHSHW8O7\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.
2008-03-18 18:45 . 2008-03-18 18:45
2008-03-15 21:32 . 2008-03-15 21:32
2008-03-15 21:31 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-15 21:29 . 2008-03-15 21:30
2008-03-15 21:27 . 2008-03-15 21:27
2008-03-15 16:20 . 2008-03-15 16:20
2008-03-05 23:30 . 2008-03-05 23:30 0 --a------ C:\WINDOWS\mngui.INI
2008-03-05 19:35 . 2008-03-20 10:47 9,264,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-05 19:35 . 2008-03-19 23:27 133,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-05 19:35 . 2008-03-05 19:35 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-05 19:35 . 2008-03-05 19:35 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-05 19:35 . 2008-03-20 10:46 79,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-05 19:35 . 2008-03-19 23:27 9,956 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-04 22:58 . 2008-03-04 22:58
2008-03-04 22:58 . 2008-03-20 08:02
2008-03-04 22:56 . 2008-03-05 19:25
2008-03-04 20:44 . 2008-03-04 20:44 32 --a------ C:\WINDOWS\go
2008-03-04 20:34 . 2008-03-04 20:34 736 --a------ C:\WINDOWS\DigimaxMaster.INI
2008-03-04 10:16 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-04 09:56 . 2008-03-04 10:52
2008-03-04 09:56 . 2008-03-04 09:56 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-04 09:56 . 2008-03-04 09:56 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-03 00:25 . 2008-03-03 00:25
2008-03-02 09:54 . 2008-03-02 09:54 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-02 09:54 . 2008-03-02 09:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-03-02 09:49 . 2008-03-02 09:49 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-03-02 09:49 . 2008-03-02 09:49 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-03-02 09:49 . 2008-03-02 09:49 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-02-29 23:20 . 2008-02-29 23:20
2008-02-29 23:20 . 2008-03-01 09:18
2008-02-23 10:15 . 2004-05-12 10:28 3,677 --a------ C:\WINDOWS\PlaySnd.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 21:27 --------- d-----w C:\Program Files\eMule
2008-03-16 17:26 --------- d-----w C:\Documents and Settings\etysiek\Dane aplikacji\Tlen.pl
2008-03-15 15:28 --------- d-----w C:\Program Files\SopCast
2008-03-06 20:49 --------- d-----w C:\Program Files\RegCleaner
2008-03-04 22:16 --------- d-----w C:\Program Files\DAP
2008-03-04 17:36 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-04 09:37 --------- d-----w C:\Program Files\Tlen.pl
2008-03-04 09:35 --------- d-----w C:\Program Files\NetLimiter
2008-03-04 09:31 --------- d-----w C:\Program Files\Google
2008-03-04 09:30 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-02 08:46 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-02-07 19:52 --------- d-----w C:\Program Files\UltraISO
2008-02-07 19:52 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-02-03 09:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-03 09:20 --------- d-----w C:\Program Files\ViaVoice
2007-12-25 17:20 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-10-16 11:53 6234112]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-08 21:26 68856]
“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2007-11-06 18:13 67128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NetLimiter”=“C:\Program Files\NetLimiter\NetLimiter.exe” [2007-06-08 05:59 815104]
“WheelMouse”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [2004-08-25 16:31 147456]
“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2005-05-20 13:46 28160 C:\WINDOWS\KHALMNPR.Exe]
“SoundMan”=“SOUNDMAN.EXE” [2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 16:17 159744]
“RegKillElbyCheck”=“C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe” [2002-11-02 07:33 45056]
“AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2008-02-08 18:36 227856]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-03 23:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 18:13:15 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-16 17:57:57 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
–a------ 2005-06-06 22:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
–a------ 2006-02-19 01:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 RegKill;RegKill;C:\WINDOWS\system32\Drivers\RegKill.sys [2002-11-27 22:46]
R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-03-02 09:49]
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\mtk.sys []
S3 s3m;s3m;C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 19:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2fa4beae-e39d-11dc-ab5a-000d61b633ba}]
\Shell\AutoRun\command - G:\oufddh.exe
\Shell\explore\Command - G:\oufddh.exe
\Shell\open\Command - G:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5b7a571a-e82e-11dc-ab6e-000d61b633ba}]
\Shell\AutoRun\command - G:\32e2.com
\Shell\explore\Command - G:\32e2.com
\Shell\open\Command - G:\32e2.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d349b957-6d03-11dc-a361-0011675eaff2}]
\Shell\AutoRun\command - H:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d349b958-6d03-11dc-a361-0011675eaff2}]
\Shell\AutoRun\command - I:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f71823b4-ae54-11dc-b250-806d6172696f}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fd44a1c8-e55d-11dc-ab61-000d61b633ba}]
\Shell\AutoRun\command - G:\ekugb3.bat
\Shell\explore\Command - G:\ekugb3.bat
\Shell\open\Command - G:\ekugb3.bat
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 10:47:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-
C:\Program Files\NetLimiter\nl_lsp.dll
-
C:\WINDOWS\system32\nl_msgc.dll
.
Completion time: 2008-03-20 10:48:14
.
2008-03-12 19:22:13 — E O F —