Witam.
to mój pierwszy post więc proszę o wyrozumiałość.
Miałem rootkita i usunołem (chyba).
Załączam loga z combofix
ComboFix 08-06-08.8 - Przemek 2008-06-09 18:22:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.124 [GMT 2:00]
Running from: C:\Documents and Settings\Przemek\Moje dokumenty\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Natalka\Dane aplikacji\FunWebProducts
C:\Documents and Settings\Natalka\Dane aplikacji\FunWebProducts\Data\Natalka\avatar.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\0006C343.dat
.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
2008-06-06 19:05 . 2008-06-06 19:06
2008-06-06 18:58 . 2008-06-06 18:58
2008-06-05 19:43 . 2008-06-09 18:24
2008-06-05 19:43 . 2006-01-29 21:43
2008-06-05 19:43 . 2007-04-23 21:05
2008-06-05 19:43 . 2006-01-29 21:43
2008-06-05 19:43 . 2006-01-29 21:43
2008-06-05 19:43 . 2006-01-29 21:43
2008-06-05 19:43 . 2006-01-29 21:43
2008-06-05 19:43 . 2008-06-05 19:43
2008-06-05 19:19 . 2008-06-05 19:19
2008-06-05 19:19 . 2008-06-05 19:19
2008-06-05 19:18 . 2008-06-05 19:19
2008-06-05 19:18 . 2008-06-05 19:19
2008-06-05 19:18 . 2008-06-05 19:19
2008-06-05 19:18 . 2008-06-05 19:19
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 13:19 --------- d-----w C:\Documents and Settings\Natalka\Dane aplikacji\Skype
2008-06-05 16:56 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\The Bat!
2008-05-15 16:54 --------- d-----w C:\Program Files\Java
2008-05-15 16:46 --------- d-----w C:\Program Files\Return to Castle Wolfenstein DEMO
2008-05-15 16:44 --------- d-----w C:\Program Files\cFosSpeed
2007-01-26 14:40 17,872 -c–a-w C:\Documents and Settings\Natalka\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-01-18 07:57 3,994,653 -c–a-w C:\Program Files\gg76.exe
2006-11-29 14:18 360,448 -c–a-w C:\Program Files\Uninstall My Web Search.dll
2006-11-09 19:29 1,544,334 -c–a-w C:\Program Files\jpegcompress(dobreprogramy.pl).exe
2006-03-23 16:13 16,832 -c–a-w C:\Documents and Settings\Przemek\Dane aplikacji\GDIPFONTCACHEV1.DAT
2006-03-07 15:24 4,283 -c–a-w C:\Program Files\INSTALL.LOG
2003-07-12 01:58 40,448 -c–a-w C:\Documents and Settings\Przemek\trial_setup.exe
1998-04-30 13:56 129,024 -c–a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 14:20 227328]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2002-09-29 00:00 13312]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-03-27 16:58 1744896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“SynchronousMachineGroupPolicy”= 0 (0x0)
“SynchronousUserGroupPolicy”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.ir32”= C:\WINDOWS\System32\ir32_32.dll
“vidc.ir31”= C:\WINDOWS\System32\ir32_32.dll
“vidc.ir41”= C:\WINDOWS\System32\ir41_32.ax
R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\System32\Drivers\HWFProt.sys [2003-05-11 16:20]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;C:\Program Files\ASTRA32\ASTRA32.sys [2007-02-22 11:28]
S3 CONXVSM;CONXVSM;C:\DOCUME~1\Przemek\USTAWI~1\Temp\CONXVSM.exe []
S3 NENN;NENN;C:\DOCUME~1\Przemek\USTAWI~1\Temp\NENN.exe []
S3 uscsc108;uscsc108;C:\WINDOWS\System32\DRIVERS\uscsc108.sys []
S4 TXQANQ;TXQANQ;C:\DOCUME~1\Przemek\USTAWI~1\Temp\TXQANQ.exe []
S4 UHLDV;UHLDV;C:\DOCUME~1\Przemek\USTAWI~1\Temp\UHLDV.exe []
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 18:24:33
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-09 18:25:34
ComboFix-quarantined-files.txt 2008-06-09 16:25:30
Pre-Run: 1,513,857,024 bajtów wolnych
Post-Run: 1,514,885,120 bajtów wolnych
89