Zapobiegawcze sprawdzenie loga- prośba

Shaddow · 2 Grudzień 2007 10:32

Witam.

Prosiłbym kogoś o sprawdzenie tego loga :

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:26, on 2007-12-02 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\System32\ctfmon.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools\daemon.exe D:\Program Files\Gadu-Gadu\gg.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Canon\CAL\CALMAIN.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Neostrada TP\NeostradaTP.exe D:\Program Files\Neostrada TP\ComComp.exe D:\Program Files\Neostrada TP\Watch.exe D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe D:\Program Files\Maxthon2\Maxthon.exe D:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - D:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Microsoft Windows Driver] D:\WINDOWS\rundll32.exe O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [AlcoholAutomount] “D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” /automount O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 4334387544 O17 - HKLM\System\CCS\Services\Tcpip…{A254CA0C-4098-4539-9A76-316AF38FACDB}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxbu_device - Lexmark International, Inc. - D:\WINDOWS\System32\lxbucoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe – End of file - 6229 bytes

Z góry dziękuję za okazaną pomoc.

adam9870 · 2 Grudzień 2007 10:41

Ściągnij program KillBox, zaznacz Delete on reboot , w polu full path of file wklej ścieżkę:

D:\WINDOWS\rundll32.exe

Kliknij czerwonego iksa i restart.

Usuń powyżej przedstawiony wpis korzystając z HijackThis.

Po wykonaniu powyżej przedstawionych czynności wklej log z ComboFix.

Shaddow · 2 Grudzień 2007 11:11

Log :

ComboFix 07-12-02.5 - admin Shaddow 2007-12-02 12:01:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.0.1250.1.1045.18.84 [GMT 1:00] Running from: D:\Documents and Settings\admin Shaddow\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KDQN8X2B\ComboFix[1].exe * Created a new restore point . /wow section - STAGE 3 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\system32\a.exe . ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-02 11:10 . 2007-12-02 11:10 2007-12-01 19:47 . 2007-12-01 19:47 2007-11-28 20:14 . 2007-11-28 20:33 2007-11-28 17:25 . 2007-11-28 17:25 2007-11-24 15:54 . 2004-12-07 09:11 258,352 --a------ D:\WINDOWS\system32\unicows.dll 2007-11-24 15:54 . 2006-01-30 11:32 5,632 --a------ D:\WINDOWS\system32\pxc25pm.dll 2007-11-24 15:53 . 2007-11-24 15:55 2007-11-23 23:35 . 2007-11-23 23:35 2007-11-23 23:29 . 2004-07-09 04:26 1,230,336 --a------ D:\WINDOWS\system32\msvidctl.dll 2007-11-23 23:28 . 2003-05-30 09:00 1,962,496 --a------ D:\WINDOWS\system32\quartz.dll 2007-11-23 22:27 . 2007-11-23 22:27 2007-11-23 21:44 . 2007-11-23 21:44 2007-11-23 20:45 . 2007-11-23 20:50 2007-11-20 20:30 . 2007-11-20 20:30 2007-11-20 20:30 . 2007-11-20 20:30 264,097 --a------ D:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8218.exe 2007-11-20 20:29 . 2007-11-20 20:31 2007-11-20 20:29 . 2001-10-28 17:42 116,224 --a------ D:\WINDOWS\system32\pdfcmnnt.dll 2007-11-20 20:29 . 1998-07-06 01:00 23,552 --a------ D:\WINDOWS\system32\MSMPIDE.DLL 2007-11-19 18:21 . 2007-11-19 18:21 2007-11-19 18:21 . 2007-11-19 18:21 24 --a------ D:\WINDOWS\Wilga-PSJP.INI 2007-11-10 07:59 . 2007-11-10 07:59 685,816 --a------ D:\WINDOWS\system32\drivers\sptd.sys 2007-11-07 20:25 . 2007-11-07 20:25 2007-11-07 18:06 . 2001-10-26 17:29 146,944 --a------ D:\WINDOWS\system32\ptpusd.dll 2007-11-07 18:06 . 2001-10-26 17:29 5,632 --a------ D:\WINDOWS\system32\ptpusb.dll 2007-11-07 17:57 . 2007-11-07 17:57 2007-11-07 17:57 . 2007-11-07 17:58 2007-11-06 08:59 . 2007-11-06 08:59 197 --a------ D:\WINDOWS\system32\MRT.INI 2007-11-06 08:52 . 2002-11-14 20:44 219,648 --a------ D:\WINDOWS\system32\srrstr.dll 2007-11-06 08:52 . 2002-11-14 20:44 219,648 --a–c— D:\WINDOWS\system32\dllcache\srrstr.dll 2007-11-06 08:37 . 2007-11-06 08:37 2007-11-06 08:36 . 2004-07-01 23:10 360,448 --a–c— D:\WINDOWS\system32\dllcache\qmgr.dll 2007-11-06 08:36 . 2004-07-01 23:10 331,776 --a------ D:\WINDOWS\system32\winhttp.dll 2007-11-06 08:36 . 2004-07-01 23:10 17,408 --a------ D:\WINDOWS\system32\qmgrprxy.dll 2007-11-06 08:36 . 2004-07-01 23:10 17,408 --a–c— D:\WINDOWS\system32\dllcache\qmgrprxy.dll 2007-11-06 08:36 . 2004-07-01 23:10 7,680 -----c— D:\WINDOWS\system32\dllcache\bitsprx2.dll 2007-11-06 08:36 . 2004-07-01 23:10 7,680 --------- D:\WINDOWS\system32\bitsprx2.dll 2007-11-06 08:36 . 2004-07-01 23:10 7,168 -----c— D:\WINDOWS\system32\dllcache\bitsprx3.dll 2007-11-06 08:36 . 2004-07-01 23:10 7,168 --------- D:\WINDOWS\system32\bitsprx3.dll 2007-11-06 08:34 . 2007-07-30 19:19 549,720 --a------ D:\WINDOWS\system32\wuapi.dll 2007-11-06 08:34 . 2007-07-30 19:19 325,976 --a------ D:\WINDOWS\system32\wucltui.dll 2007-11-06 08:34 . 2007-07-30 19:19 216,408 --a------ D:\WINDOWS\system32\wuaucpl.cpl 2007-11-06 08:34 . 2007-07-30 19:19 43,352 --a------ D:\WINDOWS\system32\wups2.dll 2007-11-06 08:34 . 2007-07-30 19:19 38,232 --a------ D:\WINDOWS\system32\wucltui.dll.mui 2007-11-06 08:34 . 2007-07-30 19:18 33,624 --a------ D:\WINDOWS\system32\wups.dll 2007-11-06 08:34 . 2007-07-30 19:20 30,040 --a------ D:\WINDOWS\system32\wuaucpl.cpl.mui 2007-11-06 08:34 . 2007-07-30 19:20 30,040 --a------ D:\WINDOWS\system32\wuapi.dll.mui 2007-11-06 08:34 . 2007-07-30 19:18 21,336 --a------ D:\WINDOWS\system32\wuaueng.dll.mui 2007-11-05 19:40 . 2007-11-05 19:40 2007-11-04 19:17 . 2007-11-04 19:17 2007-11-04 18:57 . 2007-11-04 18:57 2007-11-03 15:58 . 2007-11-03 15:58 51,204 —hs---- D:\WINDOWS\system32\mdm.exe 2007-11-03 15:38 . 2007-11-03 15:38 38,649 --a------ D:\WINDOWS\system32\kl.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 10:55 --------- d-----w D:\Documents and Settings\admin Shaddow\Dane aplikacji\Skype 2007-12-02 10:54 --------- d-----w D:\Program Files\Neostrada TP 2007-12-02 09:47 --------- d-----w D:\Documents and Settings\admin Shaddow\Dane aplikacji\uTorrent 2007-11-30 11:06 --------- d-----w D:\Program Files\Lx_cats 2007-11-27 15:31 --------- d-----w D:\Documents and Settings\admin Shaddow\Dane aplikacji\LimeWire 2007-11-23 19:50 --------- d–h--w D:\Program Files\InstallShield Installation Information 2007-11-16 08:00 --------- d-----w D:\Program Files\uTorrent 2007-11-14 07:02 --------- d-----w D:\Program Files\Maxthon2 2007-10-28 15:17 --------- d-----w D:\Program Files\QuickTime 2007-10-28 15:16 --------- d-----w D:\Program Files\Apple Software Update 2007-10-28 15:16 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-10-28 15:16 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Apple 2007-10-28 11:21 --------- d-----w D:\Program Files\Common Files\InstallShield 2007-10-25 16:05 94,416 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 16:05 93,264 ----a-w D:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 16:03 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 16:01 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 15:58 26,624 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 15:50 --------- d-----w D:\Program Files\Thomson 2007-10-25 15:24 815,480 ----a-w D:\WINDOWS\system32\aswBoot.exe 2007-10-25 15:14 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr 2007-10-23 07:08 --------- d-----w D:\Program Files\Common Files\Adobe 2007-10-23 06:45 --------- d-----w D:\Program Files\Google 2007-10-22 20:10 --------- d-----w D:\Program Files\Java 2007-10-22 19:57 --------- d-----w D:\Program Files\SubEdit-Player 2007-10-22 17:57 --------- d-----w D:\Program Files\LimeWire 2007-10-22 17:50 --------- d-----w D:\Program Files\Common Files\Java 2007-10-22 17:01 --------- d-----w D:\Program Files\Skype 2007-10-22 17:01 --------- d-----w D:\Program Files\Common Files\Skype 2007-10-22 17:01 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-10-22 16:32 --------- d-----w D:\Documents and Settings\admin Shaddow\Dane aplikacji\Winamp 2007-10-22 16:27 --------- d-----w D:\Program Files\Winamp 2007-10-22 02:49 867,848 ----a-w D:\Program Files\NOV2007_d3dx10_36_x64.cab 2007-10-22 02:49 807,132 ----a-w D:\Program Files\NOV2007_d3dx10_36_x86.cab 2007-10-22 02:49 49,392 ----a-w D:\Program Files\NOV2007_X3DAudio_x64.cab 2007-10-22 02:49 44,850 ----a-w D:\Program Files\dxdllreg_x86.cab 2007-10-22 02:49 21,744 ----a-w D:\Program Files\NOV2007_X3DAudio_x86.cab 2007-10-22 02:49 200,010 ----a-w D:\Program Files\NOV2007_XACT_x64.cab 2007-10-22 02:49 151,512 ----a-w D:\Program Files\NOV2007_XACT_x86.cab 2007-10-22 02:49 1,805,306 ----a-w D:\Program Files\NOV2007_d3dx9_36_x64.cab 2007-10-22 02:49 1,712,608 ----a-w D:\Program Files\NOV2007_d3dx9_36_x86.cab 2007-10-22 02:39 267,272 ----a-w D:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 66,056 ----a-w D:\WINDOWS\system32\dxdllreg.exe 2007-10-22 02:37 17,928 ----a-w D:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-22 02:31 976,020 ------w D:\Program Files\BDAXP.cab 2007-10-22 02:31 917,318 ------w D:\Program Files\Apr2006_MDX1_x86.cab 2007-10-22 02:31 88,102 ------w D:\Program Files\AUG2006_xinput_x64.cab 2007-10-22 02:31 87,989 ------w D:\Program Files\Apr2006_xinput_x64.cab 2007-10-22 02:31 86,925 ------w D:\Program Files\Oct2005_xinput_x64.cab 2007-10-22 02:31 86,802 ----a-w D:\Program Files\dxupdate.cab 2007-10-22 02:31 855,886 ------w D:\Program Files\AUG2007_d3dx10_35_x64.cab 2007-10-22 02:31 800,467 ------w D:\Program Files\AUG2007_d3dx10_35_x86.cab 2007-10-22 02:31 76,808 ----a-w D:\Program Files\DSETUP.dll 2007-10-22 02:31 702,644 ------w D:\Program Files\JUN2007_d3dx10_34_x64.cab 2007-10-22 02:31 702,212 ------w D:\Program Files\APR2007_d3dx10_33_x64.cab 2007-10-22 02:31 702,072 ------w D:\Program Files\JUN2007_d3dx10_34_x86.cab 2007-10-22 02:31 699,465 ------w D:\Program Files\APR2007_d3dx10_33_x86.cab 2007-10-22 02:31 56,902 ------w D:\Program Files\APR2007_xinput_x86.cab 2007-10-22 02:31 502,792 ----a-w D:\Program Files\DXSETUP.exe 2007-10-22 02:31 47,018 ------w D:\Program Files\AUG2006_xinput_x86.cab 2007-10-22 02:31 46,898 ------w D:\Program Files\Apr2006_xinput_x86.cab 2007-10-22 02:31 46,247 ------w D:\Program Files\Oct2005_xinput_x86.cab 2007-10-22 02:31 4,163,518 ------w D:\Program Files\Apr2006_MDX1_x86_Archive.cab 2007-10-22 02:31 213,767 ------w D:\Program Files\DEC2006_d3dx10_00_x64.cab 2007-10-22 02:31 201,696 ------w D:\Program Files\AUG2007_XACT_x64.cab 2007-10-22 02:31 200,722 ------w D:\Program Files\JUN2007_XACT_x64.cab 2007-10-22 02:31 199,366 ------w D:\Program Files\APR2007_XACT_x64.cab 2007-10-22 02:31 198,275 ------w D:\Program Files\FEB2007_XACT_x64.cab 2007-10-22 02:31 193,435 ------w D:\Program Files\DEC2006_XACT_x64.cab 2007-10-22 02:31 192,680 ------w D:\Program Files\DEC2006_d3dx10_00_x86.cab 2007-10-22 02:31 183,863 ------w D:\Program Files\AUG2006_XACT_x64.cab 2007-10-22 02:31 183,321 ------w D:\Program Files\OCT2006_XACT_x64.cab 2007-10-22 02:31 181,745 ------w D:\Program Files\JUN2006_XACT_x64.cab 2007-10-22 02:31 180,021 ------w D:\Program Files\Apr2006_XACT_x64.cab 2007-10-22 02:31 179,247 ------w D:\Program Files\Feb2006_XACT_x64.cab 2007-10-22 02:31 156,612 ------w D:\Program Files\AUG2007_XACT_x86.cab 2007-10-22 02:31 156,509 ------w D:\Program Files\JUN2007_XACT_x86.cab 2007-10-22 02:31 154,825 ------w D:\Program Files\APR2007_XACT_x86.cab 2007-10-22 02:31 151,583 ------w D:\Program Files\FEB2007_XACT_x86.cab 2007-10-22 02:31 146,559 ------w D:\Program Files\DEC2006_XACT_x86.cab 2007-10-22 02:31 138,977 ------w D:\Program Files\OCT2006_XACT_x86.cab 2007-10-22 02:31 138,195 ------w D:\Program Files\AUG2006_XACT_x86.cab 2007-10-22 02:31 134,631 ------w D:\Program Files\JUN2006_XACT_x86.cab 2007-10-22 02:31 133,991 ------w D:\Program Files\Apr2006_XACT_x86.cab 2007-10-22 02:31 133,297 ------w D:\Program Files\Feb2006_XACT_x86.cab 2007-10-22 02:31 13,265,040 ------w D:\Program Files\dxnt.cab 2007-10-22 02:31 100,417 ------w D:\Program Files\APR2007_xinput_x64.cab 2007-10-22 02:31 1,803,760 ------w D:\Program Files\AUG2007_d3dx9_35_x64.cab 2007-10-22 02:31 1,711,752 ------w D:\Program Files\AUG2007_d3dx9_35_x86.cab 2007-10-22 02:31 1,673,224 ----a-w D:\Program Files\dsetup32.dll 2007-10-22 02:31 1,611,374 ------w D:\Program Files\JUN2007_d3dx9_34_x64.cab 2007-10-22 02:31 1,610,958 ------w D:\Program Files\APR2007_d3dx9_33_x64.cab 2007-10-22 02:31 1,610,886 ------w D:\Program Files\JUN2007_d3dx9_34_x86.cab 2007-10-22 02:31 1,609,639 ------w D:\Program Files\APR2007_d3dx9_33_x86.cab 2007-10-22 02:31 1,575,336 ------w D:\Program Files\DEC2006_d3dx9_32_x86.cab 2007-10-22 02:31 1,572,114 ------w D:\Program Files\DEC2006_d3dx9_32_x64.cab 2007-10-22 02:31 1,413,862 ------w D:\Program Files\OCT2006_d3dx9_31_x64.cab 2007-10-22 02:31 1,398,718 ------w D:\Program Files\Apr2006_d3dx9_30_x64.cab 2007-10-22 02:31 1,363,684 ------w D:\Program Files\Feb2006_d3dx9_29_x64.cab 2007-10-22 02:31 1,358,864 ------w D:\Program Files\Dec2005_d3dx9_28_x64.cab . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“D:\WINDOWS\System32\ctfmon.exe” [2001-10-30 13:00] “Skype”=“D:\Program Files\Skype\Phone\Skype.exe” [2007-09-13 12:31] “swg”=“D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-11-08 21:42] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09] “AlcoholAutomount”=“D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” [2007-07-02 11:22] “Gadu-Gadu”=“D:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2001-10-30 13:00 D:\WINDOWS\system32\rundll32.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” [2001-10-30 13:00] “Microsoft Office”=“D:\WINDOWS\System32\mdm.exe” [2007-11-03 15:58] “Microsoft Windows Driver”=“D:\WINDOWS\rundll32.exe” [] R1 fwdrv;Firewall Driver;D:\WINDOWS\System32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;D:\WINDOWS\System32\drivers\khips.sys R2 SPF4;Sunbelt Personal Firewall 4;“D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the ‘Scheduled Tasks’ folder “2007-10-28 15:16:17 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 12:05:14 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 12:06:37 . — E O F —

Gutek · 2 Grudzień 2007 16:50

W logu nic nie widzę