witam serdecznie!
Mam ogromną prośbę o sprawdzenie logu z ComboFix. nie znam się na tym w ogóle, a ostatnio antivir G Data wykrywa coraz więcej wirusów typu: Win32:Trojan-Gen (other), Trojan-PSW.Win32.WOW.bez czy Trojan-GameThief.Win32.WOW.bgo. Prócz antivira mam jeszcze Comodo firewall pro…
będę ogromnie wdzięczny; Dzięki
przerażony panopticum
ComboFix 08-06-30.2 - janki 2008-07-01 18:42:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2409 [GMT 2:00]
Running from: D:\programy\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\janki\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\OPTIONS\CABS_desktop.ini
C:\WINDOWS\system32\setup.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-06-22 20:44 . 2008-06-22 20:44
2008-06-06 23:50 . 2008-06-06 23:51
2008-06-06 22:25 . 2008-06-06 22:25 1,439 --a------ C:\WINDOWS\brydz.ini
2008-06-06 22:25 . 2008-06-06 22:25 6 --a------ C:\WINDOWS\osoba.cfg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 13:54 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-28 12:35 --------- d-----w C:\Documents and Settings\janki\Dane aplikacji\OpenOffice.ux.pl2
2008-05-23 07:50 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-23 07:50 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-23 07:50 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-05-21 19:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-05-21 19:12 --------- d-----w C:\Program Files\COMODO
2008-05-21 19:12 --------- d-----w C:\Documents and Settings\janki\Dane aplikacji\Comodo
2008-05-21 04:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\G DATA
2008-05-15 18:20 --------- d-----w C:\Program Files\HP
2008-05-15 18:20 --------- d-----w C:\Program Files\Common Files\HP
2008-05-15 18:12 --------- d-----w C:\Program Files\Java
2008-05-15 18:09 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-15 17:12 --------- d-----w C:\Program Files\Winamp
2008-05-15 16:50 --------- d-----w C:\Documents and Settings\janki\Dane aplikacji\Image Zone Express
2008-05-15 16:49 --------- d-----w C:\Documents and Settings\janki\Dane aplikacji\Printer Info Cache
2008-05-14 14:42 41,928 ----a-w C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2008-05-14 14:40 46,536 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-14 14:40 32,200 ----a-w C:\WINDOWS\system32\drivers\HookCentre.sys
2008-05-14 14:12 --------- d-----w C:\Program Files\G DATA AntiVirus
2008-05-14 14:12 --------- d-----w C:\Program Files\Common Files\G DATA
2008-05-14 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-18 17:42 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-18 17:41 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-18 17:41 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-07 16:55 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-04-07 16:55 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-20 00:05 8429568]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-04-20 00:05 81920]
“AVKTray”=“C:\Program Files\G DATA AntiVirus\AVKTray\AVKTray.exe” [2008-03-04 10:23 603720]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“COMODO Firewall Pro”=“C:\Program Files\COMODO\Firewall\cfp.exe” [2008-06-23 17:39 1655552]
“RTHDCPL”=“RTHDCPL.EXE” [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
“Alcmtr”=“ALCMTR.EXE” [2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe]
“nwiz”=“nwiz.exe” [2007-04-20 00:05 1626112 C:\WINDOWS\system32\nwiz.exe]
“AdslTaskBar”=“stmctrl.dll” [2006-06-02 10:01 151552 C:\WINDOWS\system32\stmctrl.dll]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,”
“SfcDisable”=dword:ffffff9d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”= C:\WINDOWS\system32\guard32.dll
“LoadAppInit_DLLs”=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i263_32.drv
“VIDC.YMPG”= ympgcdc.dll
“msacm.ympgacm”= ympgacm.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe”=
“D:\programy\Soulseek\slsk.exe”=
“D:\programy\Gadu-Gadu\gg.exe”=
“D:\programy\eMule\emule.exe”=
“D:\gry\Xpand Rally\xpandrally.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=
“D:\gry\fear\FEAR.exe”=
“D:\gry\fear\FEARMP.exe”=
R0 pe3ak4wb;Dreamfall PL Environment Driver (pe3ak4wb);C:\WINDOWS\system32\drivers\pe3ak4wb.sys [2007-05-11 10:42]
R0 ps6ak4wb;Dreamfall PL Synchronization Driver (ps6ak4wb);C:\WINDOWS\system32\drivers\ps6ak4wb.sys [2007-05-11 10:42]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-23 09:50]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-23 09:50]
R2 AVKProxy;G DATA AntiVirus Proxy;“C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe” [2008-02-19 11:45]
R2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus\AVK\AVKService.exe [2008-02-07 05:26]
R2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus\AVK\AVKWCtl.exe [2008-02-05 12:26]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2008-05-14 16:42]
R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-05-14 16:40]
R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-05-14 16:40]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 13:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-07-05 14:50]
R3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 pr2ak4wb;Dreamfall PL Drivers Auto Removal (pr2ak4wb);C:\WINDOWS\system32\pr2ak4wb.exe svc []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-09-13 19:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4188adec-d411-11dc-948c-001a4d54a5b6}]
\Shell\Auto\command - K:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9053a60e-af02-11dc-9440-001a4d54a5b6}]
\Shell\Auto\command - K:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{946f83eb-ad93-11dc-9439-001a4d54a5b6}]
\Shell\Auto\command - K:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 18:56:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-07-01 18:56:59
ComboFix-quarantined-files.txt 2008-07-01 16:56:50
Pre-Run: 23,324,561,408 bajtów wolnych
Post-Run: 23,311,482,880 bajtów wolnych
165