Pod nr 21 w hjt pokazały sie dziwne wpisy. wcześniej tego nie było. Komp zwariował. na pulpicie pojawiły sie ikonu jakś programów których nie instalowałem. wyskakiwał alert systemowy o jakimś trojanie. włączyłem tryb awaryjny zapusciłem combofixa i simidfraudfixa. jest niby ok komp tylko zwolnił zrobiłem loga z hjt i silenta oraz wklejam logi z combo i SFF. cZy już wszystko ok, czy jeszcze coś mam zrobić?
Logfile of HijackThis v1.99.1 Scan saved at 20:58:52, on 2007-09-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AvltMain.exe C:\Documents and Settings\blemer\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [ares] “C:\Program Files\Ares\Ares.exe” -h O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O21 - SSODL: msmhost - {149A4A70-0BFB-4690-A210-CA87E8317A91} - C:\WINDOWS\msmhost.dll O21 - SSODL: msmdev - {55AB6ADF-E75A-41F6-B797-278729F66C9E} - C:\WINDOWS\msmdev.dll O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“ares” = ““C:\Program Files\Ares\Ares.exe” -h” [“Ares Development Group”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“APVXDWIN” = ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s” [“Panda Software International”]
“MSConfig” = “C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = “flashget urlcatch”
-> {HKLM…CLSID} = “Flashget Catch Url Class”
\InProcServer32(Default) = “C:\PROGRA~1\FlashGet\jccatch.dll” [“www.flashget.com ”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”]
{88418AA3-16F5-4FC2-A9D8-90B1266DF841}(Default) = (no title provided)
-> {HKLM…CLSID} = “MSVPS System”
\InProcServer32(Default) = “C:\WINDOWS\nsduo.dll” [empty string]
{F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided)
-> {HKLM…CLSID} = “FlashGet GetFlash Class”
\InProcServer32(Default) = “C:\Program Files\FlashGet\getflash.dll” [“www.flashget.com ”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager”
-> {HKLM…CLSID} = “Sony Ericsson File Manager”
\InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus”
-> {HKLM…CLSID} = “Panda Antivirus”
\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.dll” [“Panda Software International”]
“{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx”
-> {HKLM…CLSID} = “AlcoholShellEx”
\InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
“msmhost” = “{149A4A70-0BFB-4690-A210-CA87E8317A91}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\msmhost.dll” [null data]
“msmdev” = “{55AB6ADF-E75A-41F6-B797-278729F66C9E}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\msmdev.dll” [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> avldr\DLLName = “avldr.dll” [“Panda Software International”]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}”
-> {HKLM…CLSID} = “Panda Antivirus”
\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.dll” [“Panda Software International”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}”
-> {HKLM…CLSID} = “Panda Antivirus”
\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.dll” [“Panda Software International”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\blemer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Startup items in “blemer” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavlsp.dll [“Panda Software International”], 01 - 03, 17
%SystemRoot%\system32\mswsock.dll [MS], 04 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 15 - 16
Toolbars, Explorer Bars, Extensions:
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in 1.6.0_02”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.6.0_02”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll” [“Sun Microsystems, Inc.”]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
“ButtonText” = “FlashGet”
“MenuText” = “FlashGet”
“Exec” = “C:\PROGRA~1\FlashGet\flashget.exe” [“FlashGet.com ”]
Running Services (Display Name, Service Name, Path {Service DLL}):
Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe”” [“Panda Software International”]
Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe”” [“Panda Software International”]
Panda Host Service, PSHost, ““c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE”” [“Panda Software International”]
Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe”” [“Panda Software International”]
Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software International”]
Panda Software Controller, Panda Software Controller, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe”” [“Panda Software International”]
Panda TPSrv, TPSrv, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe”” [“Panda Software International”]
StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
---------- (launch time: 2007-09-05 21:04:52)
<>: Suspicious data at a malware launch point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 419 seconds, including 6 seconds for message boxes)
mboFix 07-08-14.4 - “blemer” 2007-09-05 20:45:56.4 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.390 [GMT 2:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\blemer\Ulubione.\Error Cleaner.url C:\DOCUME~1\blemer\Ulubione.\Privacy Protector.url C:\DOCUME~1\blemer\Ulubione.\Spyware&Malware Protection.url C:\WINDOWS\dat.txt ((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 ))))))))))))))))))))))))))))))) 2007-09-05 12:23 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-05 12:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-05 12:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-05 11:45 315,392 --a------ C:\WINDOWS\msmdev.dll 2007-09-05 11:45 233,472 --a------ C:\WINDOWS\msmhost.dll 2007-09-05 11:45 212,992 --a------ C:\WINDOWS\nsduo.dll 2007-09-05 11:40 2007-09-05 11:19 545 --a------ C:\WINDOWS\UC.PIF 2007-09-05 11:19 545 --a------ C:\WINDOWS\RAR.PIF 2007-09-05 11:19 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-09-05 11:19 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-09-05 11:19 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-09-05 11:19 545 --a------ C:\WINDOWS\LHA.PIF 2007-09-05 11:19 545 --a------ C:\WINDOWS\ARJ.PIF 2007-09-03 10:16 2007-09-02 23:40 2007-08-31 23:20 2007-08-31 21:21 2007-08-31 21:21 2007-08-31 10:06 2007-08-30 15:04 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys 2007-08-30 15:04 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys 2007-08-30 15:04 2007-08-28 17:07 1,446 --a------ C:\WINDOWS\system32\tmp.reg 2007-08-28 13:06 30,601 --a------ C:\DOCUME~1\blemer\x.exe 2007-08-28 12:58 2007-08-27 22:04 2007-08-27 22:04 2007-08-27 22:04 2007-08-27 20:59 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-27 14:10 2007-08-27 13:49 2007-08-27 13:45 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-27 13:45 2007-08-27 13:45 2007-08-27 13:45 2007-08-27 13:45 2007-08-27 13:45 2007-08-27 13:45 2007-08-27 13:45 2007-08-27 13:44 2007-08-26 01:01 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-25 23:19 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-25 23:19 2007-08-24 23:52 2007-08-24 23:52 2007-08-24 23:51 2007-08-24 23:51 2007-08-24 23:51 2007-08-24 22:58 2007-08-24 22:58 2007-08-23 20:56 2007-08-23 20:35 2007-08-23 20:35 2007-08-23 20:35 2007-08-23 20:35 2007-08-23 20:35 2007-08-23 20:29 2007-08-23 10:01 2007-08-22 09:05 2007-08-21 23:44 71,832 --a------ C:\WINDOWS\system32\drivers\e4ldrx64.sys 2007-08-21 23:44 69,656 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys 2007-08-21 23:44 58,264 --a------ C:\WINDOWS\system32\drivers\adildrx64.sys 2007-08-21 23:44 56,088 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-08-21 23:44 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-08-21 23:44 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-08-21 23:44 316,416 --a------ C:\WINDOWS\system32\unaddrv.x64.exe 2007-08-21 23:44 253,008 --a------ C:\WINDOWS\adirasx64.exe 2007-08-21 23:44 24,576 --a------ C:\WINDOWS\enddisk32.exe 2007-08-21 23:44 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-08-21 23:44 212,992 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-08-21 23:44 200,704 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-08-21 23:44 194,128 --a------ C:\WINDOWS\adiras.exe 2007-08-21 23:44 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-08-21 23:44 169,496 --a------ C:\WINDOWS\system32\drivers\adiusbawx64.sys 2007-08-21 23:44 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-08-21 23:44 152,308 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-08-21 23:44 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-08-21 23:44 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-08-21 23:44 152,146 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-08-21 23:44 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-08-21 23:44 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-08-21 23:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-08-21 23:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-08-21 23:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-08-21 23:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-08-21 23:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-08-21 23:44 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-08-21 23:44 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-08-21 23:44 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-08-21 23:44 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-08-21 23:44 146,968 --a------ C:\WINDOWS\system32\drivers\e4usbawx64.sys 2007-08-21 23:44 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-08-21 23:44 118,552 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-08-21 23:44 104,344 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys 2007-08-21 23:44 2007-08-21 23:44 2007-08-21 23:36 2007-08-21 20:53 2007-08-20 21:53 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-05 19:24 271596 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2007-09-05 19:24 1184 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2007-09-05 19:24 1184 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG 2007-08-21 23:44 32 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-08-21 11:33 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-08-21 11:33 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-07-30 19:19 92504 --a–c— C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-26 05:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 04:53 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-26 04:53 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-26 04:53 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-26 04:53 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-26 04:50 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 04:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 04:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-26 04:50 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 04:50 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-26 04:50 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-26 04:50 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-26 04:50 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 04:50 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-26 04:50 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-26 04:50 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-26 04:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-26 04:49 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-06-26 16:15 661504 --a–c— C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-26 08:10 1104896 --a–c— C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a–c— C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-14 20:11 96768 --a–c— C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-14 20:11 616448 --a–c— C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-14 20:11 55808 --a–c— C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-14 20:11 532480 --a–c— C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-14 20:11 474112 --a–c— C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-14 20:11 449024 --a–c— C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-14 20:11 39424 --a–c— C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-14 20:11 357888 --a–c— C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-14 20:11 3079680 --a–c— C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-14 20:11 251392 --a–c— C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-14 20:11 205312 --a–c— C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-14 20:11 16384 --a–c— C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-14 20:11 151552 --a–c— C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-14 20:11 1494528 --a–c— C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-14 20:11 146432 --a–c— C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-14 20:11 1055744 --a–c— C:\WINDOWS\system32\dllcache\danim.dll 2007-06-14 20:11 1023488 --a–c— C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-13 15:23 1034752 --a–c— C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{88418AA3-16F5-4FC2-A9D8-90B1266DF841}] 2007-09-04 13:30 212992 --a------ C:\WINDOWS\nsduo.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “APVXDWIN”=“C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.exe” [2007-03-30 15:52] “MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2004-08-04 02:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ares”=“C:\Program Files\Ares\Ares.exe” [2007-05-04 02:32] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-21 23:44:41] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “msmhost”= {149A4A70-0BFB-4690-A210-CA87E8317A91} - C:\WINDOWS\msmhost.dll [2007-09-04 13:30 233472] “msmdev”= {55AB6ADF-E75A-41F6-B797-278729F66C9E} - C:\WINDOWS\msmdev.dll [2007-09-04 13:30 315392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] “C:\Program Files\AdVantage\AdVantage.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] “C:\Program Files\Ares\Ares.exe” -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] “C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe” -win [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “srservice”=2 (0x2) “WZCSVC”=2 (0x2) “AresChatServer”=3 (0x3) R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys S1 APPFLT;App Filter Plugin;??\C:\WINDOWS\system32\Drivers\APPFLT.SYS S1 DSAFLT;DSA Filter Plugin;??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS S1 FNETMON;NetMon Filter Plugin;??\C:\WINDOWS\system32\Drivers\fnetmon.SYS S1 IDSFLT;Ids Filter Plugin;??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS S1 NETFLTDI;Panda Net Driver [TDI Layer];??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS S1 ShldDrv;Panda File Shield Driver;??\C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys S1 SMSFLT;SMS Filter Plugin;??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS S1 WNMFLT;Wifi Monitor Filter Plugin;??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS S2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys S2 PavProc;Panda Process Protection Driver;??\C:\WINDOWS\system32\DRIVERS\PavProc.sys S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys S3 ComFiltr;Panda Anti-Dialer;??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys S3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys S3 PavSRK.sys;PavSRK.sys;??\C:\WINDOWS\system32\PavSRK.sys S3 PavTPK.sys;PavTPK.sys;??\C:\WINDOWS\system32\PavTPK.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-05 20:46:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-05 20:47:25 C:\ComboFix-quarantined-files.txt … 2007-09-05 20:47 — E O F —
Złączono Posta : 05.09.2007 (Sro) 21:22
SmitFraudFix v2.217 Scan done at 20:39:43,57, 2007-09-05 Run from C:\Documents and Settings\blemer\Pulpit\Wi-FI\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\blemer\Pulpit\Error Cleaner.url Deleted C:\DOCUME~1\blemer\Pulpit\Privacy Protector.url Deleted C:\DOCUME~1\blemer\Pulpit\Spyware?Malware Protection.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End