doktorek
(Ireneuszg76)
13 Wrzesień 2007 19:13
#1
Witam proszę o sprawdzenie logów. System okrutnie wolno się uruchamia tak jak i każdy program jaki próbuje uruchomić.
ComboFix 07-09-13.3 - “Jacek” 2007-09-13 20:49:45.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.182 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 ))))))))))))))))))))))))))))))) . 2007-09-13 20:24 2007-09-13 20:23 2007-09-13 20:23 2007-09-10 19:54 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-09-01 16:03 2007-08-28 17:52 2007-08-16 11:23 2007-08-16 11:23 2007-08-15 10:06 2007-08-14 11:22 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-08-05 22:01 --------- d-------- C:\Program Files\Warblade 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 16:09 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 16:09 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 16:09 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 16:09 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 16:09 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 16:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 16:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 16:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 16:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:30 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\GDI32.DLL 2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe 2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:23 1034752 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-02-15 21:18 24192 --a------ C:\DOCUME~1\JACEK\usbsermptxp.sys 2007-02-15 21:18 22768 --a------ C:\DOCUME~1\JACEK\usbsermpt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-08-18 22:07] “RemoteControl”=“C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe” [2004-11-02 20:24] “Power_Gear”=“C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe” [2005-06-16 15:48] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-03-09 01:02] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-09-23 07:27] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-07-04 22:05] “nwiz”=“nwiz.exe” [2005-09-23 07:27 C:\WINDOWS\system32\nwiz.exe] “MSF_Monitor”=“C:\PROGRA~1\MSF\MSFMON.exe” [2006-04-22 00:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-06-19 12:26:01] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled] “ASUS Live Update”=C:\Program Files\ASUS\ASUS Live Update\ALU.exe “Control Center”=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe “Wireless Console 2”=C:\Program Files\Wireless Console 2\wcourier.exe “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr R1 oreans32;oreans32;??\C:\WINDOWS\system32\drivers\oreans32.sys R2 Bt878KP;Bt878KP;C:\WINDOWS\system32\drivers\Bt878KP.SYS R2 MSF32;MSF32;??\C:\Program Files\MSF\MSF32.SYS R3 ASNDIS5;ASNDIS5 Protocol Driver;??\C:\WINDOWS\system32\ASNDIS5.SYS R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S3 BTNetFilter;Bluetooth Network Filter;??\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;??\C:\WINDOWS\system32\NSNDIS5.SYS . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-13 20:51:28 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-13 20:52:12 . — E O F —
Logfile of HijackThis v1.99.1 Scan saved at 21:05:56, on 2007-09-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ASWLSVC.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\WINDOWS\system32\ASWL2K.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\setup\avast01.setup C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\MSF\MSFMON.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jacek\Pulpit\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe” O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [MSF_Monitor] C:\PROGRA~1\MSF\MSFMON.exe /Start O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 2055168421 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Gutek
(Gutek)
13 Wrzesień 2007 21:28
#2
doktorek
(Ireneuszg76)
14 Wrzesień 2007 18:58
#3
poczyściłem wszystko( reg cleaner, ccleaner,odkurzacz) nic nie dało. nadal od napisu zapraszamy do ukazania sie ikonek na pulpicie mija 9 minut a otwarcie czegokolwiek następne 5min. Spyware doktor pokazuje ze znalazł trojana “Trojan-PWS.Tanspy” niby go usuwa ale następne skanowanie i znowu jest.
adam9870
(adam9870)
14 Wrzesień 2007 19:02
#4
Gdzie Spyware Doctor znajduje wspomnianego szkodnika? Proszę podać dokładną lokalizację do wykrywanego zainfekowanego pliku, a najlepiej wkleić raport. Dodatkowo przeskanuj system skanerem on-line dostępnym na stronie http://www.ewido.net/de/onlinescan/ i również wklej raport.
Ponadto wklej nowy log z ComboFixa oraz użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Co do mulenia - wykonaj podstawowe czynności mające na celu przyśpieszenie działania systemu jak defragmentacja dysku i defragmentacja rejestru .
doktorek
(Ireneuszg76)
14 Wrzesień 2007 21:24
#5
“Trojan-PWS.Tanspy” był w “HKEY_LOKAL_MACHINE/SOFTWARE/Microsoft/windows/Curent Version/Control Panel/Load”.Pozmieniałem znaczki w WWDC na enable zrobiłem defragmentacje rejestru, defragmentacja dysku nie była wymagana nadal bez zmian procesor chodzi prawie ciągle na 100% najwięcej bierze SWDSVC.EXE i EXPLORER.EXE a to logi:
ComboFix 07-09-13.3 - “Jacek” 2007-09-14 22:50:11.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.212 [GMT 2:00] . ((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 ))))))))))))))))))))))))))))))) . 2007-09-14 21:34 2007-09-14 21:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-13 22:42 2007-09-13 22:41 2007-09-13 22:41 2007-09-13 22:40 2007-09-13 20:23 2007-09-13 20:23 2007-09-10 19:54 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-09-01 16:03 2007-08-28 17:52 2007-08-16 11:23 2007-08-16 11:23 2007-08-15 10:06 2007-08-14 11:22 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-05 22:01 --------- d-------- C:\Program Files\Warblade 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 16:09 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 16:09 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 16:09 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 16:09 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 16:09 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 16:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 16:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 16:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 16:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:30 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\GDI32.DLL 2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe 2007-02-15 21:18 24192 --a------ C:\DOCUME~1\JACEK\usbsermptxp.sys 2007-02-15 21:18 22768 --a------ C:\DOCUME~1\JACEK\usbsermpt.sys . ((((((((((((((((((((((((((((( snapshot_2007-09-13_205148,50 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 40,326 2007-09-14 20:46:16 C:\WINDOWS\system32\perfc009.dat ----a-w 311,938 2007-09-14 20:46:16 C:\WINDOWS\system32\perfh009.dat ----a-w 49,910 2007-09-14 20:46:16 C:\WINDOWS\system32\perfc015.dat ----a-w 356,068 2007-09-14 20:46:16 C:\WINDOWS\system32\perfh015.dat ----a-w 2,115,816 2007-06-11 11:34:00 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ----a-w 190,696 2007-06-11 11:34:00 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe ----a-w 16,384 2007-09-14 20:39:14 C:\WINDOWS\Temp\Perflib_Perfdata_270.dat ----a-r 18,944 2007-09-13 20:41:20 C:\WINDOWS\Installer{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe ----a-r 29,696 2007-09-13 20:41:20 C:\WINDOWS\Installer{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe ----a-r 65,024 2007-09-13 20:41:20 C:\WINDOWS\Installer{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe ----a-w 163,328 2007-03-13 08:57:12 C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE ----a-w 345,656 2006-07-11 07:41:36 C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll . ----a-w 40,326 2007-09-13 18:32:22 C:\WINDOWS\system32\perfc009.dat ----a-w 311,938 2007-09-13 18:32:22 C:\WINDOWS\system32\perfh009.dat ----a-w 49,910 2007-09-13 18:32:22 C:\WINDOWS\system32\perfc015.dat ----a-w 356,068 2007-09-13 18:32:22 C:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-08-18 22:07] “RemoteControl”=“C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe” [2004-11-02 20:24] “Power_Gear”=“C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe” [2005-06-16 15:48] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-03-09 01:02] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-09-23 07:27] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-07-04 22:05] “nwiz”=“nwiz.exe” [2005-09-23 07:27 C:\WINDOWS\system32\nwiz.exe] “MSF_Monitor”=“C:\PROGRA~1\MSF\MSFMON.exe” [2006-04-22 00:00] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-06-19 12:26:01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled] “ASUS Live Update”=C:\Program Files\ASUS\ASUS Live Update\ALU.exe “Control Center”=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe “Wireless Console 2”=C:\Program Files\Wireless Console 2\wcourier.exe “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-14 22:57:39 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-14 23:01:31 C:\ComboFix2.txt … 2007-09-13 20:52 .