laki000
(Laki000)
3 Wrzesień 2007 08:34
#1
Witam złapałem spyware… chyba już słynny biały X na czerwonym tle. Daje logi z hijackthis… nurtuje mnie też ciągłe wyskakiwanie okienka że system skarżony itp.
Logfile of HijackThis v1.99.1 Scan saved at 10:34:10, on 2007-09-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKService.exe C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKWCtl.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe C:\Program Files\G DATA\InternetSecurity 2007\Firewall\GDFwSvc.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\G DATA\InternetSecurity 2007\AVKTray\AVKTray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\VDOTool\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\G DATA\InternetSecurity 2007\Firewall\GDFirewallTray.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\LAKI\Pulpit\Progamy\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: SecureBrowsingBho Helper - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\Finjan Secure Browsing\bho.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity 2007\Webfilter\AvkWebIE.dll O3 - Toolbar: Finjan Secure Browsing - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\Finjan Secure Browsing\bho.dll O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [AVKTray] “C:\Program Files\G DATA\InternetSecurity 2007\AVKTray\AVKTray.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [P2kAutostart] C:\Documents and Settings\LAKI\Pulpit\Komóreczka D\P2kCommander-V3.2.9\P2kAutostart.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - Global Startup: G DATA Firewall Tray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - “C:\Program Files\BinarySense\HDDlife 3\hlAPP.dll” (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: wmphost - {6F539378-78B4-4E14-82EA-C44C86C3814B} - C:\WINDOWS\wmphost.dll O21 - SSODL: wmpdev - {37CFA328-6916-47C4-8D0D-D2936B3E8519} - C:\WINDOWS\wmpdev.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKService.exe O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKWCtl.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Program Files\G DATA\InternetSecurity 2007\Firewall\GDFwSvc.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
LostWorld
(LostWorld)
3 Wrzesień 2007 08:38
#2
Na początek automat
http://cybertrash.pl/images/tata/Smitfr … udFix.html
W trybie numer 2 , potem pokazujesz raport i nowe logi.
adam9870
(adam9870)
3 Wrzesień 2007 09:35
#4
Usuń kosmetycznie powyżej przedstawiony wpis korzystając z HijackThis.
Proponuję usunąć Megaupload Toolbar ponieważ jest to Toolbar wątpliwej reputacji. Bowiem zbiera dane o użytkowniki i gdzieś je wysyła, nie wiadomo gdzie.
W związku z tym, że Hijack nie jest doskonałym narzędziem a nie wkleiłeś dodatkowo loga z Silenta, prosiłbym wkleić jeszcze dla wykluczenia infekcji log z ComboFix .
laki000
(Laki000)
3 Wrzesień 2007 10:07
#5
ComboFix 07-08-30.3 - “LAKI” 2007-09-03 12:01:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.131 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Rodzice\Pulpit\internet.lnk ((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 ))))))))))))))))))))))))))))))) 2007-09-03 12:00 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-03 11:24 2,682 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-01 20:33 2007-09-01 20:28 2007-09-01 16:36 2007-09-01 16:36 2007-09-01 16:12 2007-09-01 16:12 2007-09-01 14:12 2007-08-31 15:51 2007-08-30 14:59 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-08-30 14:59 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-08-30 14:59 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-08-30 14:59 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-08-30 14:37 8,704 --a------ C:\WINDOWS\system32\drivers\Amfilter.sys 2007-08-30 14:37 13,824 --a------ C:\WINDOWS\system32\drivers\Amusbprt.sys 2007-08-28 20:22 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-08-26 23:34 71,680 --a------ C:\WINDOWS\ST5UNST.EXE 2007-08-26 23:34 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll 2007-08-25 17:23 2007-08-25 12:04 2007-08-25 11:46 0 -ra------ C:\logwmemory.bin 2007-08-25 11:38 2007-08-23 16:08 2007-08-22 11:09 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-08-22 11:08 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-22 11:08 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-08-16 14:01 2007-08-16 13:59 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-08-16 13:58 1,018,772 --a------ C:\WINDOWS\system32\nvucode.bin 2007-08-16 13:57 2007-08-15 19:40 2007-08-13 21:04 2007-08-13 15:31 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-08-13 15:27 5,306 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys 2007-08-13 15:27 2007-08-13 15:22 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-08-13 15:22 2007-08-11 18:30 2007-08-11 18:30 2007-08-08 20:15 2007-08-08 20:14 2007-08-08 20:11 2007-08-07 09:37 2007-08-05 00:43 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2060-08-18 19:02 1496064 --------- C:\WINDOWS\system32\CC3250MT.DLL 2060-08-18 18:40 909824 --------- C:\WINDOWS\system32\cp3245mt.dll 2060-08-18 18:40 24064 --------- C:\WINDOWS\system32\borlndmm.dll 2007-09-03 11:21 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP 2007-09-01 19:28 --------- d-------- C:\Program Files\Gadu-Gadu 2007-08-29 11:26 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\Skype 2007-08-29 11:14 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\FreeCall 2007-08-23 13:08 --------- d-------- C:\Program Files\eMule 2007-08-21 21:35 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-08-21 21:15 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-17 11:46 --------- d-------- C:\Program Files\Mozilla Thunderbird 2007-08-06 18:44 --------- d-------- C:\Program Files\FlashGet 2007-08-02 22:52 --------- d-------- C:\DOCUME~1\Rodzice\DANEAP~1\MEGAUPLOADTOOLBAR 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-28 17:55 --------- d-------- C:\Program Files\Common Files\EasyInfo 2007-07-28 17:36 3026 --a------ C:\WINDOWS\system32\drivers\hwinterface.sys 2007-07-25 20:35 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\Vso 2007-07-25 19:23 --------- d-------- C:\Program Files\DVDFab Express 2007-07-25 18:31 --------- d-------- C:\Program Files\DVDFab Gold 3 2007-07-25 18:21 87608 --a------ C:\DOCUME~1\LAKI\DANEAP~1\inst.exe 2007-07-25 18:21 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-07-25 18:21 47360 --a------ C:\DOCUME~1\LAKI\DANEAP~1\pcouffin.sys 2007-07-25 18:20 --------- d-------- C:\Program Files\DVDFab Platinum 3 2007-07-24 19:57 --------- d-------- C:\Program Files\InterActual 2007-07-23 16:20 --------- d-------- C:\Program Files\Yahoo SiteBuilder 2007-07-23 16:20 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-07-23 16:20 --------- d-------- C:\Program Files\DivX 2007-07-23 16:20 --------- d-------- C:\Program Files\AlienGUIse 2007-07-23 09:57 --------- d-------- C:\Program Files\AMX Mod X 2007-07-21 15:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Office Genuine Advantage 2007-07-20 17:32 --------- d-------- C:\Program Files\WinImage 2007-07-20 17:16 --------- d-------- C:\Program Files\Free Audio Pack 2007-07-14 19:24 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\SecondLife 2007-07-14 14:27 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll 2007-07-14 14:27 17212 --a------ C:\WINDOWS\system32\SIntf32.dll 2007-07-14 14:27 12067 --a------ C:\WINDOWS\system32\SIntf16.dll 2007-07-14 14:20 2829 --a------ C:\WINDOWS\DIIUnin.pif 2007-07-14 14:20 106496 --a------ C:\WINDOWS\DIIUnin.exe 2007-07-13 22:46 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\LEGO Company 2007-07-13 22:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-07-13 22:39 --------- d-------- C:\Program Files\LEGO Company 2007-07-13 18:10 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\uTorrent 2007-07-13 14:32 --------- d-------- C:\Program Files\uTorrent 2007-07-11 16:05 --------- d-------- C:\Program Files\Winamp 2007-07-11 16:03 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\BitTorrent 2007-07-09 18:39 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\InstallShield Installation Information 2007-07-08 14:59 --------- d-------- C:\Program Files\BitComet 2007-07-08 14:51 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2007-07-08 14:32 2560 --a------ C:\WINDOWS_MSRSTRT.EXE 2007-07-08 13:46 --------- d-------- C:\Program Files\BitTorrent 2007-07-07 20:08 --------- d-------- C:\DOCUME~1\Rodzice\DANEAP~1\Winamp 2007-07-07 19:57 --------- d-------- C:\DOCUME~1\Rodzice\DANEAP~1\MusicIP 2007-07-06 13:11 --------- d-------- C:\Program Files\Onet 2007-07-06 12:22 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\MegauploadToolbar 2007-07-04 18:33 --------- d-------- C:\Program Files\MegauploadToolbar 2007-07-03 12:08 --------- d-------- C:\DOCUME~1\LAKI\DANEAP~1\eMule 2007-07-02 16:07 606848 --a------ C:\WINDOWS\flashax.exe 2007-07-02 16:07 194560 --a------ C:\WINDOWS\Beretta Cx4Storm.scr 2007-07-02 16:07 12288 --a------ C:\WINDOWS\impborl.dll 2007-07-02 16:01 194560 --a------ C:\WINDOWS\Beretta 90two.scr 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll 2007-06-29 00:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvrshe.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvrsar.dll 2007-06-29 00:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll 2007-06-29 00:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll 2007-06-29 00:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll 2007-06-29 00:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll 2007-06-29 00:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll 2007-06-29 00:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll 2007-06-29 00:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll 2007-06-29 00:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WheelMouse”=“C:\Program Files\A4Tech\Mouse\Amoumain.exe” [2007-02-10 23:33] “AVKTray”=“C:\Program Files\G DATA\InternetSecurity 2007\AVKTray\AVKTray.exe” [2006-11-02 14:59] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-09 18:53] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06] “Cmaudio”=“cmicnfg.cpl” [] “Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe” [2007-06-13 14:18] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-28 18:43] “nwiz”=“nwiz.exe” [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] “Gainward”=“C:\Program Files\VDOTool\TBPanel.exe” [2007-02-01 18:47] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-06-28 18:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “P2kAutostart”=“C:\Documents and Settings\LAKI\Pulpit\Komóreczka D\P2kCommander-V3.2.9\P2kAutostart.exe” [] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-03-12 13:49] “Twoje TVN24”="" [] “Steam”="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll R0 GDNdisIc;GDNdisIc;C:\WINDOWS\system32\drivers\GDNdisIc.sys R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys R2 AVKProxy;AVKProxy;“C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe” R2 AVKService;AVK Service;C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKService.exe R2 AVKWCtl;Strażnik AVK;C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKWCtl.exe R2 GDTdiInterceptor;GDTdiInterceptor;??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys R3 GDFwSvc;G DATA Personal Firewall;C:\Program Files\G DATA\InternetSecurity 2007\Firewall\GDFwSvc.exe R3 GDMnIcpt;GDMnIcpt;??\C:\WINDOWS\system32\drivers\MiniIcpt.sys R3 HookCentre;HookCentre;??\C:\WINDOWS\system32\drivers\HookCentre.sys R3 MouseCap;MouseCapture Driver;C:\WINDOWS\system32\Drivers\MouseCap.sys R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys S2 HDDlife HDD Access service;HDDlife HDD Access service;“C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe” S3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys S3 Moufiltr;Mouse Test Driver;C:\WINDOWS\system32\DRIVERS\Moufiltr.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] “C:\Program Files\Common Files\LightScribe\LSRunOnce.exe” ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-03 12:04:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKCU\Software\Microsoft\Windows\CurrentVersion\Run P2kAutostart = C:\Documents and Settings\LAKI\Pulpit\Kom?reczka D\P2kCommander-V3.2.9\P2kAutostart.exe?0??? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-03 12:05:10 C:\ComboFix-quarantined-files.txt … 2007-09-03 12:05 — E O F —
już chyba system jest czysty dzięki
adam9870
(adam9870)
3 Wrzesień 2007 10:14
#6
Jest Ok
Proponuję przeczyścić rejestr ponieważ masz wiele pustych kluczy, opis .