Przymulony komp po infekcji nawet po formacie

Gruby1836 · 25 Kwiecień 2008 04:22

Ostatnio komp po formacie i po uprzedniej infekcji jest bardzo zmulony

Tu wklejam log

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:17, on 2008-04-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (file missing) O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” -onlytray O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’) O4 - HKUS\S-1-5-21-1220945662-220523388-839522115-1003…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User ‘?’) O4 - HKUS\S-1-5-21-1220945662-220523388-839522115-1003…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” -onlytray (User ‘?’) O4 - HKUS\S-1-5-21-1220945662-220523388-839522115-1003…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun (User ‘?’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - S-1-5-21-1220945662-220523388-839522115-1003 Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe (User ‘?’) O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra ‘Tools’ menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://service.futuremark.com/virtualmark/tc/MSC3.cab O17 - HKLM\System\CCS\Services\Tcpip…{FE01C5BF-F778-4691-AB26-BD0870E10588}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: ArcaBit Update Service (AVUpdate) - Unknown owner - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe (file missing) O23 - Service: B’s Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – End of file - 10637 bytes

addmir · 25 Kwiecień 2008 06:20

FIX;

Pokaz log z ComboFix. Zobacz: Optymalizacja XP

Gruby1836 · 25 Kwiecień 2008 11:36

A to wirusy czy co bo nie kumam

W dniu 25.04.2008 , o godzinie 13:36 został dopisany post przez Gruby1836

Oto log z ComboFix

ComboFix 08-04-22.5 - Wojtek 2008-04-25 13:20:38.2 - NTFSx86 Running from: C:\Documents and Settings\Wojtek\Pulpit\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\x.exe . ((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))) . 2008-04-25 06:17 . 2008-04-25 06:17 2008-04-21 18:00 . 2008-04-21 18:12 2008-04-21 17:59 . 2008-04-21 17:59 2008-04-19 14:18 . 2008-04-19 14:24 2008-04-17 20:45 . 2008-04-17 20:45 2008-04-17 16:23 . 2008-04-17 16:23 2008-04-17 16:23 . 2008-04-17 16:23 2008-04-17 16:23 . 1993-05-12 00:00 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL 2008-04-17 16:23 . 1991-11-29 17:31 162,464 --a------ C:\WINDOWS\system\QPRO.DLL 2008-04-17 16:23 . 1993-04-28 00:00 64,544 --a------ C:\WINDOWS\system\THREED.VBX 2008-04-17 16:23 . 1993-11-01 03:11 38,912 --a------ C:\WINDOWS\system\DDEML.DLL 2008-04-17 16:23 . 1993-05-12 12:21 34,816 --a------ C:\WINDOWS\system\MSCOMM.VBX 2008-04-17 16:23 . 1993-04-28 00:00 22,528 --a------ C:\WINDOWS\system\SPIN.VBX 2008-04-17 16:23 . 1993-04-28 00:00 18,688 --a------ C:\WINDOWS\system\CMDIALOG.VBX 2008-04-17 16:23 . 1995-04-25 09:37 10,000 --a------ C:\WINDOWS\system\HITIME1.VBX 2008-04-17 16:23 . 1993-04-28 00:00 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL 2008-04-16 15:42 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-04-16 15:42 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-04-16 15:42 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-04-16 15:42 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-04-16 15:42 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-04-16 15:42 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-04-16 15:42 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-04-16 15:42 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-04-15 19:02 . 2008-04-15 19:02 2008-04-15 15:42 . 2001-05-17 00:57 190,976 --a------ C:\WINDOWS\RRKW.pol 2008-04-15 07:47 . 2008-04-15 07:47 2008-04-15 07:47 . 2008-04-15 07:47 2008-04-15 07:47 . 2008-04-15 07:47 2008-04-15 07:46 . 2008-04-15 07:46 2008-04-15 07:46 . 2008-04-15 07:47 2008-04-15 06:59 . 2008-04-19 14:50 2008-04-14 19:26 . 2008-04-14 19:26 2008-04-12 13:40 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-04-12 13:40 . 2004-08-03 23:08 25,600 --a–c— C:\WINDOWS\system32\dllcache\usbser.sys 2008-04-12 13:40 . 2008-04-12 13:40 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-12 13:40 . 2008-04-12 13:40 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-11 07:03 . 2008-04-11 07:03 2008-04-11 07:03 . 2008-04-11 07:03 2008-04-11 07:02 . 2008-04-11 07:02 2008-04-11 07:02 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-11 07:02 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-11 07:02 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-04-11 07:02 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-04-11 07:02 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-11 07:02 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-04-11 07:02 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-10 18:59 . 2008-04-10 18:59 2008-04-08 19:06 . 2008-04-08 19:06 2008-04-08 19:06 . 2008-04-08 19:06 2008-04-08 19:04 . 2008-04-08 19:04 2008-04-08 19:02 . 2008-04-08 19:02 2008-04-08 19:01 . 2008-04-08 19:05 2008-04-08 19:00 . 2008-04-08 19:00 2008-04-06 15:21 . 2008-04-10 18:58 1,905 --a------ C:\WINDOWS\diagwrn.xml 2008-04-06 15:21 . 2008-04-10 18:58 1,905 --a------ C:\WINDOWS\diagerr.xml 2008-04-05 14:47 . 2008-04-05 14:47 2008-04-05 14:45 . 2008-04-05 14:45 2008-04-05 07:14 . 2008-04-05 07:16 2008-04-04 13:52 . 2008-04-04 13:52 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-04-04 13:52 . 2008-04-04 13:52 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-04-04 13:51 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-03-30 17:24 . 2008-04-17 15:56 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-03-30 17:24 . 2008-04-17 15:56 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-03-30 17:23 . 2008-03-30 17:23 2008-03-30 17:23 . 2008-04-25 07:25 18,577,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-30 17:23 . 2008-04-25 07:25 249,308 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-30 17:23 . 2008-04-25 07:25 219,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-30 17:23 . 2008-04-25 07:25 23,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-30 17:21 . 2008-04-23 13:56 2008-03-30 13:27 . 2008-03-30 13:27 2008-03-30 13:27 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-03-30 13:27 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-03-30 13:27 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-03-30 10:54 . 2008-03-30 10:54 2008-03-29 20:47 . 2008-03-29 20:47 98,927 --a------ C:\WINDOWS\hpqins16.dat 2008-03-29 13:13 . 2008-04-23 19:00 2008-03-29 13:13 . 2008-03-29 13:13 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-03-26 20:03 . 2008-03-26 20:03 2008-03-26 20:03 . 2008-03-26 20:03 34 --a------ C:\WINDOWS\cdplayer.ini 2008-03-25 09:23 . 2008-03-25 09:23 2008-03-25 09:20 . 2008-03-25 09:20 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-25 10:57 --------- d-----w C:\Program Files\Neostrada TP 2008-04-25 10:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-23 12:39 --------- d-----w C:\Program Files\eMule 2008-04-23 05:22 --------- d-----w C:\Program Files\FlashGet 2008-04-20 11:28 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Skype 2008-04-20 11:21 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\skypePM 2008-04-20 05:38 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-04-17 04:35 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-04-12 10:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-12 10:01 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-11 05:02 --------- d-----w C:\Program Files\Nokia 2008-04-11 05:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-08 17:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-04-05 05:15 --------- d-----w C:\Program Files\Lavasoft 2008-04-05 05:15 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Lavasoft 2008-04-05 05:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-01 07:22 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Image Zone Express 2008-03-28 11:44 --------- d-----w C:\Program Files\Winamp 2008-03-28 11:44 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Winamp 2008-03-28 11:40 --------- d-----w C:\Program Files\Gabest 2008-03-26 18:12 --------- d-----w C:\Program Files\Gadu-Gadu 2008-03-23 11:06 --------- d-----w C:\Program Files\Lavalys 2008-03-23 11:01 --------- d-----w C:\Program Files\BrainWave Generator 2008-03-22 07:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-03-22 07:25 --------- d-----w C:\Program Files\Snikers 2008-03-21 08:52 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-03-21 08:47 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-21 08:47 --------- d-----w C:\Program Files\DAEMON Tools 2008-03-21 08:47 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\DAEMON Tools 2008-03-20 16:26 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 05:48 --------- d-----w C:\Program Files\Google 2008-03-19 16:35 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\DivX 2008-03-19 11:28 --------- d-----w C:\Program Files\DivX 2008-03-19 05:50 --------- d-----w C:\Program Files\Ashampoo 2008-03-19 05:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ashampoo 2008-03-18 16:42 --------- d-----w C:\Documents and Settings\Wojtek\Dane aplikacji\Apple Computer 2008-03-18 16:41 --------- d-----w C:\Program Files\Apple Software Update 2008-03-18 16:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-03-14 19:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Corporation 2008-03-07 09:47 --------- d-----w C:\Program Files\Organizer ucznia 2008-03-07 09:32 --------- d-----w C:\Program Files\ObjectRescue Pro 2008-03-07 07:44 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2008-03-07 07:44 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-11 12:18 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-12-30 14:25 1,485 ----a-w C:\Program Files\AP_cennik.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-09-03 15:18 94208] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392] “PC Suite Tray”=“C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” [2008-03-28 11:20 1079296] “DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-02-14 01:09 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2005-07-21 08:33 20480] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2005-07-21 08:33 53248] “CnxDslTaskBar”=“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” [2005-07-21 22:52 278528] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648] “CTRegRun”=“C:\WINDOWS\CTRegRun.EXE” [1999-10-11 03:00 41984] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152] “MP10_EnsureFileVer”=“C:\WINDOWS\inf\unregmp2.exe” [2007-06-27 17:00 318976] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2007-06-28 12:51 218376] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360] C:\Documents and Settings\Wojtek\Menu Start\Programy\Autostart\ Diskeeper 10 Professional Edition Registration.lnk - C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe [2005-11-18 14:15:14 817664] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-28 16:09:19 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 01:00:00 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “VIDC.X264”= x264vfw.dll “msacm.divxa32”= divxa32.acm “VIDC.MJPG”= pvmjpg21.dll “vidc.mpng”= C:\Program Files\t@b\0.958\686\tabdec.dll “vidc.mvjp”= C:\Program Files\t@b\0.958\686\tabdec.dll “vidc.444p”= C:\Program Files\t@b\0.958\686\tabdec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\eMule\emule.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\Opera\Opera.exe”= “C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”= “E:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe”= “C:\Documents and Settings\Wojtek\Pulpit\PES2008.exe”= “E:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “E:\Program Files\Metin2_PL\metin2.bin”= “C:\Program Files\FlashGet\flashget.exe”= “C:\Program Files\Snikers\Snikers.exe”= “C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”= “C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”= “C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”= “C:\Program Files\Skype\Phone\Skype.exe”= “C:\WINDOWS\system32\dxdiag.exe”= “C:\WINDOWS\system32\dpnsvr.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009 *Newly Created Service* - CATCHME . Contents of the ‘Scheduled Tasks’ folder “2008-03-27 22:09:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-25 13:30:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-25 13:34:23 ComboFix-quarantined-files.txt 2008-04-25 11:34:19 Pre-Run: 1,418,883,072 bajtów wolnych Post-Run: 2,252,668,928 bajtów wolnych 259 — E O F — 2008-04-11 13:16:32

huber2t · 25 Kwiecień 2008 12:47

W logu nic nie widać

Gruby1836 · 25 Kwiecień 2008 12:55

A to dzięki za sprawdzenie i już jest dobrze