tguz
(Tguzik)
16 Październik 2007 23:34
#1
Witam!
Jestem tutaj nowa, choć od dłuższego czasu czytam na tym forum co nieco.
Niedawno przypadkowo pozbyłam się na kilka godzin programu antywirusowego i gdy to zauważyłam, już kilka wirusów się przedostało. Mój Norton niczego już nie wykrywa, ale skanery on-line owszem. Długo były ikonki na pulpicie podświetlone, ale z tym sobie poradziłam dzięki temu forum.
Proszę o sprawdzenie loga z HJT, pewnie coś tam siedzi jeszcze. Czy jeszcze inne logi mam wkleić?
Z góry dziekuję za pomoc!
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:53:56 PM, on 10/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\ctfmon.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\WildTangent\Apps\GameChannel.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM…\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM…\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM…\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM…\Run: [updateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r O4 - HKLM…\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM…\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM…\Run: [VTTimer] VTTimer.exe O4 - HKLM…\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM…\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM…\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM…\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM…\Run: [mmtask] “C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe” O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll” O4 - HKCU…\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU…\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\RunOnce: [FFTI] C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bkbj28qr.Domyslny uzytkownik\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=“C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/bkbj28qr.Domyslny uzytkownik\extensions{B13721C7-F507-4982-B2E5-502A71474FED}” O4 - .DEFAULT User Startup: AutoTBar.exe (User ‘Default user’) O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file . … 0d3c9579c4 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se8300.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI … b34246.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/defaul … der_v5.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.89 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.89 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.89 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe – End of file - 14936 bytes
Gutek
(Gutek)
17 Październik 2007 21:29
#2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file . … f303663644 d339aab7835a6bdad9b9287f848bc74fafe9273b357e2ab44d1742f1279ecb17405e7d9220802a6: 1f3f4d492e5e7a6e4b7a610d3c9579c4 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
usuń wpisy HJT
czy jesteś może w Holandii? Twoje DNS-y?
Daj log z ComboFix
tguz
(Tguzik)
18 Październik 2007 05:59
#3
Dzięki za pomoc!
Mieszkam w USA, nie wiem skąd się wzięły te DNS-y z Holandii.
Wpisy usunęłam, a tu jest log z ComboFix:
http://wklej.org/id/8f208d2c8d
Czy już wszystko w porządku?
Podejrzewam, że w autostarcie jest trochę za dużo, bo bardzo długo się włącza, ale to już nie takie ważne. Byle tylko wirusów nie było.
Dziękuję jeszcze raz za pomoc!
Złączono Posta : 20.10.2007 (Sob) 0:34
Wkleję tutaj, bo mnie tamten link teraz nie chce działać.
ComboFix 07-10-17.8@ - Owner 2007-10-18 0:36:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.198 [GMT -5:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\xOe C:\Temp\xOe\tOasF.log C:\WINDOWS\IA C:\WINDOWS\system32\instsrv.exe C:\WINDOWS\system32\q21 C:\WINDOWS\system32\vMW02a D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 ))))))))))))))))))))))))))))))) . 2007-10-18 00:35 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-16 10:46 12,560 --a------ C:\WINDOWS\system32\bbchk.exe 2007-10-16 10:44 9,580,157 --a------ C:\temp\salm_kyf.dat 2007-10-11 16:53 2007-10-10 10:07 582,656 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-09 21:50 2007-10-09 21:45 2007-10-09 16:23 2007-10-09 10:02 525,387 —hs---- C:\WINDOWS\system32\dgjlm.ini2 2007-10-09 01:14 521,369 —hs---- C:\WINDOWS\system32\dgjlm.bak2 2007-10-09 00:30 2007-10-08 22:52 2007-10-08 22:52 2007-10-08 22:52 2007-10-08 22:52 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat 2007-10-08 17:14 2007-10-06 19:35 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-18 05:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype 2007-10-18 05:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype 2007-10-17 05:23 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-10-17 05:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-10 08:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec 2007-10-10 08:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec 2007-10-10 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-10 03:09 --------- d-----w C:\Program Files\QuickTime 2007-10-10 03:09 --------- d-----w C:\Program Files\Multimedia Card Reader 2007-10-10 03:09 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-09 21:59 --------- d-----w C:\Program Files\Dialer.pl 2007-10-09 06:02 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-09 06:02 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-09 06:02 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-09 06:02 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-09 06:02 --------- d-----w C:\Program Files\Symantec 2007-10-09 04:40 161 ----a-w C:\Delme.bat 2007-10-09 04:40 --------- d-----w C:\Program Files\SubEdit-Player 2007-10-07 00:35 --------- d-----w C:\Program Files\Skype 2007-09-13 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2007-09-13 03:27 --------- d-----w C:\Program Files\Common Files\LogiShrd 2007-09-13 00:52 --------- d-----w C:\Program Files\Logitech 2007-09-05 17:44 --------- d-----w C:\Program Files\Audacity 2007-09-01 11:33 --------- d-----w C:\Program Files\Yahoo! 2007-08-29 12:18 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2007-08-29 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO 2007-08-27 22:13 97,672 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-08-27 22:13 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-08-27 22:13 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-08-27 22:13 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-08-27 22:13 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-08-27 22:13 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-08-27 22:13 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-08-27 22:13 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-20 01:37 --------- d-----w C:\Program Files\ConsoleClassix.com 2007-08-08 21:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll 2007-08-02 23:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll 2007-08-02 23:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll 2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-27 20:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll 2007-07-27 20:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll 2007-07-19 00:44 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll 2007-07-19 00:43 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll 2007-07-19 00:40 416,280 ----a-w C:\WINDOWS\system32\LVCodec2.dll 2007-07-19 00:40 195,096 ----a-w C:\WINDOWS\system32\lvci1110.dll 2007-07-18 23:55 19,344 ----a-w C:\WINDOWS\system32\Repository.reg . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “hpsysdrv”=“c:\windows\system\hpsysdrv.exe” [1998-05-07 18:04] “HotKeysCmds”=“C:\WINDOWS\System32\hkcmd.exe” [2003-04-07 09:07] “CamMonitor”=“c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe” [2002-10-07 09:23] “HPHmon05”=“C:\WINDOWS\System32\hphmon05.exe” [2003-05-23 04:55] “KBD”=“C:\HP\KBD\KBD.EXE” [2003-02-11 22:02] “UpdateManager”=“C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” [2003-08-19 10:01] “AutoTKit”=“C:\hp\bin\AUTOTKIT.EXE” [2003-06-18 21:19] “Recguard”=“C:\WINDOWS\SMINST\RECGUARD.EXE” [2002-09-13 23:42] “VTTimer”=“VTTimer.exe” [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe] “LTMSG”=“LTMSG.exe” [2003-07-14 19:52 C:\WINDOWS\ltmsg.exe] “PS2”=“C:\WINDOWS\system32\ps2.exe” [2002-10-16 18:57] “Sunkist2k”=“C:\Program Files\Multimedia Card Reader\shwicon2k.exe” [2003-08-14 21:11] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2004-03-18 20:01] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 15:18] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2004-11-24 17:24] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2004-12-25 13:36] “AlcxMonitor”=“ALCXMNTR.EXE” [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE] “mmtask”=“C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe” [2006-01-17 13:03] “LogitechCommunicationsManager”=“C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2007-07-25 16:02] “LogitechQuickCamRibbon”=“C:\Program Files\Logitech\QuickCam\Quickcam.exe” [2007-07-25 16:06] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-22 22:19] “Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 18:30] “WT GameChannel”=“C:\Program Files\WildTangent\Apps\GameChannel.exe” [2007-10-16 10:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NVIEW”=“nview.dll” [2003-08-19 04:56 C:\WINDOWS\system32\nview.dll] “BackupNotify”=“c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe” [2003-06-22 23:25] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 11:24] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:56] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-09-13 13:31] “updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 17:45] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-08-29 09:49] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 09:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] “FFTI”=C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bkbj28qr.Domyslny uzytkownik\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=“C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/bkbj28qr.Domyslny uzytkownik\extensions{B13721C7-F507-4982-B2E5-502A71474FED}” C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2004-02-11 21:12:32] Device Detector 2.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2005-03-20 15:38:16] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 08:45:28] Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 10:05:56] Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48] Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 00:26:40] ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-09 12:09:10] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys S3 GameConsoleService;GameConsoleService;“C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe” S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a5fe4116-70b9-11d8-b293-806d6172696f}] AutoRun\command - D:\Info.exe folder.htt 480 480 *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the ‘Scheduled Tasks’ folder “2007-10-13 02:22:38 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-18 00:42:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-18 0:43:23 . — E O F —