przez IrysWWF 30 Gru 2007, 19:35
przez wojtas 30 Gru 2007, 19:46
przez IrysWWF 30 Gru 2007, 20:31
SDFix: Version 1.120
Run by Prox on 2007-12-30 at 19:18
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Distributed Allocated Memory Unit
MSN RAV
Path:
"C:\WINDOWS\system32\dllcache\mravsc32.exe"
"C:\WINDOWS\system\msnrav.exe"
Distributed Allocated Memory Unit - Deleted
MSN RAV - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\387948 - Deleted
C:\WINDOWS\system\msnrav.exe - Deleted
C:\WINDOWS\system32\dllcache\mravsc32.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\mmdmm.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 19:24:56
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
"Last Counter"=dword:000008d8
"Last Help"=dword:000008d9
"Updating"="WmiApRpl"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 30 Dec 2007 100,352 ..SHR --- "C:\WINDOWS\system\smscg.exe"
Finished!
ComboFix 07-12-21.4 - Prox 2007-12-30 19:02:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.187 [GMT 1:00]
Running from: C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\Program Files\Helper\superfinderusa.dll
C:\Program Files\Helper\superfindout.dll
C:\WINDOWS\system32\xpdx.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-30 18:44 . 2007-12-30 18:44 <DIR> d-------- C:\Program Files\InCode Solutions
2007-12-30 18:12 . 2007-12-30 18:14 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\.housecall6.6
2007-12-30 18:10 . 2007-12-30 18:10 <DIR> d-------- C:\WINDOWS\Sun
2007-12-30 18:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 17:51 . 2007-12-30 17:51 250 --a------ C:\WINDOWS\gmer.ini
2007-12-30 17:46 . 2007-12-30 17:46 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Lavasoft
2007-12-30 17:45 . 2007-12-30 17:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-27 16:49 . 2007-12-27 16:49 <DIR> d-------- C:\Documents and Settings\Rodzice\Dane aplikacji\Search Settings
2007-12-26 16:12 . 2007-12-26 17:04 <DIR> d-------- C:\Program Files\VirtualDJ
2007-12-24 13:45 . 2007-12-24 13:45 <DIR> d-------- C:\Program Files\Rozgiwazdkowujacy
2007-12-23 21:52 . 2007-12-23 21:52 <DIR> d-------- C:\Program Files\Search Settings
2007-12-23 21:47 . 2007-12-23 21:50 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-23 21:35 . 2007-12-23 21:39 <DIR> d-------- C:\Program Files\GXTranscoder v2
2007-12-23 21:26 . 2007-12-23 21:28 7,500,244 --a------ C:\My Musicnagr14.mp3
2007-12-23 21:24 . 2007-12-23 21:26 8,921,755 --a------ C:\My Musicnagr13.mp3
2007-12-23 18:19 . 2007-12-23 18:39 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-23 14:15 . 2007-12-23 20:16 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-23 11:36 . 2007-12-23 11:36 <DIR> d-------- C:\Program Files\GoldWave
2007-12-20 23:50 . 2007-12-20 23:50 <DIR> d-------- C:\Program Files\LuckaSoft
2007-12-12 20:13 . 2007-12-12 20:13 5,209 --a------ C:\irysa playlista.fpl
2007-12-07 23:25 . 2007-12-07 23:32 <DIR> d-------- C:\Program Files\VstPlugins
2007-12-07 23:25 . 2007-12-07 23:25 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2007-12-07 23:22 . 2007-12-07 23:31 <DIR> d-------- C:\Program Files\Image-Line
2007-12-05 18:14 . 2007-11-28 19:28 210 --ahs---- C:\BOOT.BKK
2007-11-29 13:51 . 2007-11-29 14:03 <DIR> d-------- C:\Program Files\Konnekt
2007-11-28 20:21 . 2007-11-28 20:21 <DIR> d-------- C:\Program Files\Uniblue
2007-11-28 16:10 . 2007-11-28 16:52 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Pro
2007-11-27 22:31 . 2007-11-27 22:31 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\iolo
2007-11-27 17:53 . 2007-11-29 13:43 <DIR> d-------- C:\Program Files\Tlen.pl
2007-11-27 14:58 . 2007-11-27 14:58 <DIR> d-------- C:\Program Files\WapSter
2007-11-26 15:03 . 2007-11-26 15:03 <DIR> d-------- C:\Program Files\TGTSoft
2007-11-25 17:17 . 2007-11-25 17:17 <DIR> d-------- C:\Program Files\Audacity
2007-11-25 14:35 . 2007-11-25 20:05 <DIR> d-------- C:\Program Files\PowerStrip
2007-11-24 13:59 . 2007-11-25 14:33 <DIR> d-------- C:\Program Files\ATITool
2007-11-23 16:27 . 2007-12-01 20:43 <DIR> d-------- C:\Documents and Settings\Prox\dwhelper
2007-11-23 14:04 . 2007-11-23 14:37 <DIR> d-------- C:\Program Files\Tibia 7.6
2007-11-23 13:52 . 2007-11-23 13:52 <DIR> d-------- C:\Program Files\Asprate
2007-11-22 12:21 . 2007-11-22 12:21 <DIR> d-------- C:\Program Files\RadioXpi
2007-11-16 19:04 . 2007-11-16 19:04 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-16 13:38 . 2007-11-16 13:54 <DIR> d-------- C:\Program Files\SHOUTcast
2007-11-16 13:36 . 2007-11-16 13:50 <DIR> d-------- C:\Program Files\Winamp
2007-11-15 20:27 . 2007-12-25 23:59 <DIR> d-------- C:\Program Files\Bit Che
2007-11-15 20:17 . 2007-11-15 20:17 <DIR> d-------- C:\Program Files\Tibia
2007-11-15 18:48 . 2007-11-15 20:26 <DIR> d-------- C:\Program Files\Runtime Software
2007-11-13 20:11 . 2007-11-13 20:11 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-10 19:37 . 2007-11-10 19:38 <DIR> d-------- C:\Program Files\Dziobas Rar Player 0.0087a
2007-11-04 21:37 . 2007-11-04 21:37 <DIR> d-------- C:\Program Files\MySQL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 18:11 --------- d-----w C:\Program Files\MozdevMozilla2.0
2007-12-30 17:16 --------- d-----w C:\Program Files\Diablo II
2007-12-30 17:08 --------- d-----w C:\Program Files\Java
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Smart PC Solutions
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2007-12-30 15:58 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-12-30 15:58 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-30 15:53 --------- d-----w C:\Program Files\foobar2000
2007-12-30 15:46 --------- d-----w C:\Program Files\ToniArts
2007-12-30 15:45 10,752 ----a-w C:\xfmb.exe
2007-12-30 15:39 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\stamina
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Talkback
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Search Settings
2007-12-30 15:34 237,568 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 15:34 237,568 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 15:34 237,568 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 15:34 237,568 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 15:32 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-30 15:21 --------- d-s---w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2007-12-30 15:21 --------- d-s---w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2007-12-30 15:17 --------- d-----w C:\Program Files\Usługi online
2007-12-29 19:25 --------- d-----w C:\Program Files\Valve
2007-12-29 13:00 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-25 22:50 --------- d-----w C:\Program Files\VirtualDJJ
2007-12-12 13:53 --------- d-----w C:\Program Files\IrfanView
2007-12-11 18:12 --------- d-----w C:\Program Files\mIRC
2007-12-05 16:55 --------- d-----w C:\Program Files\SpeedFan
2007-11-28 14:27 --------- d-----w C:\Program Files\SmartFTP Client
2007-11-28 14:16 --------- d-----w C:\Program Files\Gadu-Gadu
2007-11-25 21:43 --------- d-----w C:\Program Files\Google
2007-11-24 13:58 --------- d-----w C:\Program Files\ATI Technologies
2007-11-24 13:02 --------- d-----w C:\Program Files\EA SPORTS
2007-11-13 19:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-11 19:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-10 19:30 --------- d-----w C:\Program Files\FlashGet
2006-12-19 17:07 2,208 ----a-w C:\Program Files\unins000.dat
2006-12-01 14:57 16,173,421 ----a-w C:\Program Files\Vi
2006-07-28 16:35 9 ----a-w C:\Program Files\version.wvd
2006-07-27 20:49 58 ----a-w C:\Program Files\font.ini
2006-07-27 20:49 57 ----a-w C:\Program Files\partition.inf
2006-01-10 08:52 70 ----a-w C:\Program Files\config.ini
2003-06-16 14:23 131,072 ----a-w C:\Program Files\T2DXi.dll
2002-12-17 02:00 82,253 ----a-w C:\Program Files\unins000.exe
2001-10-26 17:29 79,957 --sh--r C:\WINDOWS\system32\mmdmm.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 18:29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-05-06 19:38:33]
*Newly Created Service* - ADILOADER
*Newly Created Service* - ALG
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 19:16:28
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-30 19:17:20
Logfile of HijackThis v1.99.1
Scan saved at 19:30:36, on 2007-12-30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system\smscg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\MozdevMozilla2.0\firefox.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system\msnrav.exe
C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Pulpit\All\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6C7C3E-D018-4A66-88FD-24217643D5C4}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe
przez IrysWWF 30 Gru 2007, 20:59
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:00, on 2007-12-30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\msnrav.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system\smscg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\PROGRA~1\MOZDEVMOZILLA2.0\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\RunOnce: [Execute] C:\WINDOWS\System32\Tools\LostRun.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reboot.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6C7C3E-D018-4A66-88FD-24217643D5C4}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe
--
End of file - 2994 bytes
ComboFix 07-12-21.4 - Prox 2007-12-30 20:21:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.284 [GMT 1:00]
Running from: C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-30 20:06 . 2007-12-30 20:13 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Gadu-Gadu
2007-12-30 19:58 . 2007-12-30 19:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 19:51 . 2007-12-30 19:51 <DIR> d-------- C:\Program Files\C-Media
2007-12-30 19:50 . 2007-12-30 19:54 26 --a------ C:\WINDOWS\CMCDPLAY.INI
2007-12-30 19:48 . 2007-12-30 19:48 <DIR> d-------- C:\WINDOWS\SiS
2007-12-30 19:48 . 2002-04-25 14:42 316,416 --a------ C:\WINDOWS\IsUninst.exe
2007-12-30 19:48 . 2002-05-22 09:11 27,392 -ra------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2007-12-30 19:48 . 2002-05-22 09:11 27,392 --a--c--- C:\WINDOWS\system32\dllcache\sisagp.sys
2007-12-30 19:47 . 1998-01-23 14:15 304,640 --a------ C:\WINDOWS\IsUn0415.exe
2007-12-30 19:47 . 2002-04-26 10:17 102,400 -ra------ C:\WINDOWS\SiSUSBrg.exe
2007-12-30 19:47 . 2002-01-02 08:40 32,768 -ra------ C:\WINDOWS\SIS_LIB.DLL
2007-12-30 19:47 . 2001-12-07 03:11 3,583 -ra------ C:\WINDOWS\SiSport.sys
2007-12-30 19:46 . 2007-12-30 19:47 397,312 --a------ C:\WINDOWS\system32\symantec.exe
2007-12-30 19:45 . 2007-12-30 19:46 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-12-30 19:39 . 2007-12-30 19:44 28,672 -ra------ C:\WINDOWS\system32\TFTP2164
2007-12-30 19:28 . 2007-12-30 19:28 397,312 -r-hs---- C:\WINDOWS\system\msnrav.exe
2007-12-30 19:28 . 2007-12-30 19:46 73 --a------ C:\WINDOWS\system32\i
2007-12-30 19:17 . 2007-12-30 19:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-30 18:44 . 2007-12-30 18:44 <DIR> d-------- C:\Program Files\InCode Solutions
2007-12-30 18:12 . 2007-12-30 18:14 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\.housecall6.6
2007-12-30 18:10 . 2007-12-30 18:10 <DIR> d-------- C:\WINDOWS\Sun
2007-12-30 18:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 17:51 . 2007-12-30 17:51 250 --a------ C:\WINDOWS\gmer.ini
2007-12-30 17:46 . 2007-12-30 17:46 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Lavasoft
2007-12-30 17:45 . 2007-12-30 17:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-27 16:49 . 2007-12-27 16:49 <DIR> d-------- C:\Documents and Settings\Rodzice\Dane aplikacji\Search Settings
2007-12-26 16:12 . 2007-12-26 17:04 <DIR> d-------- C:\Program Files\VirtualDJ
2007-12-24 13:45 . 2007-12-24 13:45 <DIR> d-------- C:\Program Files\Rozgiwazdkowujacy
2007-12-23 21:52 . 2007-12-23 21:52 <DIR> d-------- C:\Program Files\Search Settings
2007-12-23 21:47 . 2007-12-23 21:50 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-23 21:35 . 2007-12-23 21:39 <DIR> d-------- C:\Program Files\GXTranscoder v2
2007-12-23 21:26 . 2007-12-23 21:28 7,500,244 --a------ C:\My Musicnagr14.mp3
2007-12-23 21:24 . 2007-12-23 21:26 8,921,755 --a------ C:\My Musicnagr13.mp3
2007-12-23 18:19 . 2007-12-23 18:39 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-23 14:15 . 2007-12-23 20:16 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-23 11:36 . 2007-12-23 11:36 <DIR> d-------- C:\Program Files\GoldWave
2007-12-20 23:50 . 2007-12-20 23:50 <DIR> d-------- C:\Program Files\LuckaSoft
2007-12-12 20:13 . 2007-12-12 20:13 5,209 --a------ C:\irysa playlista.fpl
2007-12-07 23:25 . 2007-12-07 23:32 <DIR> d-------- C:\Program Files\VstPlugins
2007-12-07 23:25 . 2007-12-07 23:25 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2007-12-07 23:22 . 2007-12-07 23:31 <DIR> d-------- C:\Program Files\Image-Line
2007-12-05 18:14 . 2007-11-28 19:28 210 --ahs---- C:\BOOT.BKK
2007-11-29 13:51 . 2007-11-29 14:03 <DIR> d-------- C:\Program Files\Konnekt
2007-11-28 20:21 . 2007-11-28 20:21 <DIR> d-------- C:\Program Files\Uniblue
2007-11-28 16:10 . 2007-11-28 16:52 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Pro
2007-11-27 22:31 . 2007-11-27 22:31 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\iolo
2007-11-27 17:53 . 2007-11-29 13:43 <DIR> d-------- C:\Program Files\Tlen.pl
2007-11-27 14:58 . 2007-11-27 14:58 <DIR> d-------- C:\Program Files\WapSter
2007-11-26 15:03 . 2007-11-26 15:03 <DIR> d-------- C:\Program Files\TGTSoft
2007-11-25 17:17 . 2007-11-25 17:17 <DIR> d-------- C:\Program Files\Audacity
2007-11-25 14:35 . 2007-11-25 20:05 <DIR> d-------- C:\Program Files\PowerStrip
2007-11-24 13:59 . 2007-11-25 14:33 <DIR> d-------- C:\Program Files\ATITool
2007-11-23 16:27 . 2007-12-01 20:43 <DIR> d-------- C:\Documents and Settings\Prox\dwhelper
2007-11-23 14:04 . 2007-11-23 14:37 <DIR> d-------- C:\Program Files\Tibia 7.6
2007-11-23 13:52 . 2007-11-23 13:52 <DIR> d-------- C:\Program Files\Asprate
2007-11-22 12:21 . 2007-11-22 12:21 <DIR> d-------- C:\Program Files\RadioXpi
2007-11-16 19:04 . 2007-11-16 19:04 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-16 13:38 . 2007-11-16 13:54 <DIR> d-------- C:\Program Files\SHOUTcast
2007-11-16 13:36 . 2007-11-16 13:50 <DIR> d-------- C:\Program Files\Winamp
2007-11-15 20:27 . 2007-12-25 23:59 <DIR> d-------- C:\Program Files\Bit Che
2007-11-15 20:17 . 2007-11-15 20:17 <DIR> d-------- C:\Program Files\Tibia
2007-11-15 18:48 . 2007-11-15 20:26 <DIR> d-------- C:\Program Files\Runtime Software
2007-11-13 20:11 . 2007-11-13 20:11 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-10 19:37 . 2007-11-10 19:38 <DIR> d-------- C:\Program Files\Dziobas Rar Player 0.0087a
2007-11-04 21:37 . 2007-11-04 21:37 <DIR> d-------- C:\Program Files\MySQL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 19:05 --------- d-----w C:\Program Files\foobar2000
2007-12-30 18:55 --------- d-----w C:\Program Files\MozdevMozilla2.0
2007-12-30 18:45 397,312 ----a-w C:\WINDOWS\system32\norman.exe
2007-12-30 17:16 --------- d-----w C:\Program Files\Diablo II
2007-12-30 17:08 --------- d-----w C:\Program Files\Java
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Smart PC Solutions
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2007-12-30 15:58 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-12-30 15:58 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-12-30 15:58 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-30 15:46 --------- d-----w C:\Program Files\ToniArts
2007-12-30 15:39 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\stamina
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Talkback
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Search Settings
2007-12-30 15:32 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-30 15:17 --------- d-----w C:\Program Files\Usługi online
2007-12-29 19:25 --------- d-----w C:\Program Files\Valve
2007-12-29 13:00 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-25 22:50 --------- d-----w C:\Program Files\VirtualDJJ
2007-12-12 13:53 --------- d-----w C:\Program Files\IrfanView
2007-12-11 18:12 --------- d-----w C:\Program Files\mIRC
2007-12-05 16:55 --------- d-----w C:\Program Files\SpeedFan
2007-11-28 14:27 --------- d-----w C:\Program Files\SmartFTP Client
2007-11-28 14:16 --------- d-----w C:\Program Files\Gadu-Gadu
2007-11-25 21:43 --------- d-----w C:\Program Files\Google
2007-11-24 13:58 --------- d-----w C:\Program Files\ATI Technologies
2007-11-24 13:02 --------- d-----w C:\Program Files\EA SPORTS
2007-11-13 19:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-11 19:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-10 19:30 --------- d-----w C:\Program Files\FlashGet
2006-12-19 17:07 2,208 ----a-w C:\Program Files\unins000.dat
2006-12-01 14:57 16,173,421 ----a-w C:\Program Files\Vi
2006-07-28 16:35 9 ----a-w C:\Program Files\version.wvd
2006-07-27 20:49 58 ----a-w C:\Program Files\font.ini
2006-07-27 20:49 57 ----a-w C:\Program Files\partition.inf
2006-01-10 08:52 70 ----a-w C:\Program Files\config.ini
2003-06-16 14:23 131,072 ----a-w C:\Program Files\T2DXi.dll
2002-12-17 02:00 82,253 ----a-w C:\Program Files\unins000.exe
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2007-12-30_19.16.37.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-29 06:04:43 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-30 18:18:05 667,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-12-30 18:18:06 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-29 06:04:43 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-30 18:18:02 667,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-12-30 18:18:02 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2000-10-20 10:28:00 765,952 ----a-r C:\WINDOWS\system\crlds3d.dll
+ 2001-11-23 04:08:20 712,704 ----a-r C:\WINDOWS\system32\a3d.dll
+ 2001-11-23 04:08:20 712,704 ----a-r C:\WINDOWS\system32\Audio3D.dll
- 2007-12-30 16:37:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-30 18:47:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-30 16:37:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2007-12-30 18:47:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2007-12-30 18:47:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2001-11-23 04:08:20 712,704 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-08-17 21:01:20 57,344 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2001-08-18 05:24:30 134,144 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2001-10-26 16:27:02 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2001-08-18 05:24:38 135,040 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2001-08-17 21:01:22 42,752 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2002-03-06 06:27:02 389,135 ----a-r C:\WINDOWS\system32\drivers\cmuda.sys
- 2001-10-26 18:03:24 134,144 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2001-08-18 05:24:30 134,144 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2001-10-26 18:03:24 42,752 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2001-08-17 21:01:22 42,752 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2007-12-30 16:04:45 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-30 18:56:12 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-30 16:04:45 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2007-12-30 18:56:12 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-12-30 16:04:45 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-30 18:56:12 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-30 16:04:45 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2007-12-30 18:56:12 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2001-08-17 20:58:02 26,112 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\SISAGP.SYS
+ 2001-03-07 21:19:08 311,296 ---h--r C:\WINDOWS\system32\Tools\AC2K.exe
+ 2001-02-21 02:36:12 310,784 ---h--r C:\WINDOWS\system32\Tools\AC98.exe
+ 2001-02-21 02:37:08 311,296 ---h--r C:\WINDOWS\system32\Tools\ACL98.exe
+ 2001-02-21 02:38:00 311,808 ---h--r C:\WINDOWS\system32\Tools\ACLME.exe
+ 2001-04-27 21:27:06 327,168 ---h--r C:\WINDOWS\system32\Tools\All.exe
+ 2000-11-24 02:33:44 316,416 ---h--r C:\WINDOWS\system32\Tools\AutoClick.exe
+ 2001-10-16 19:06:02 363,008 ---h--r C:\WINDOWS\system32\Tools\Change.exe
+ 2002-04-11 04:07:12 547,840 ---h--r C:\WINDOWS\system32\Tools\CheckPath.exe
+ 2001-08-30 23:16:28 381,440 ---h--r C:\WINDOWS\system32\Tools\Counter.exe
+ 2002-01-21 04:10:30 360,960 ---h--r C:\WINDOWS\system32\Tools\DelDv.exe
+ 2001-03-20 01:50:52 532,480 ---h--r C:\WINDOWS\system32\Tools\DeleteFiles.exe
+ 2002-01-21 04:09:44 360,960 ---h--r C:\WINDOWS\system32\Tools\DelT2.exe
+ 2002-01-21 04:09:58 360,960 ---h--r C:\WINDOWS\system32\Tools\DelT2Dv.exe
+ 2002-03-06 07:55:34 360,960 ---h--r C:\WINDOWS\system32\Tools\DelTools.exe
+ 2002-03-11 07:33:46 361,472 ---h--r C:\WINDOWS\system32\Tools\LostRun.exe
+ 2001-04-03 03:23:54 296,960 ---h--r C:\WINDOWS\system32\Tools\RegClean.exe
+ 2002-03-08 03:44:14 369,152 ---h--r C:\WINDOWS\system32\Tools\Regexe.exe
+ 2002-03-08 03:30:28 382,464 ---h--r C:\WINDOWS\system32\Tools\Restart.exe
+ 2002-03-08 03:48:26 374,784 ---h--r C:\WINDOWS\system32\Tools\RunAP.exe
+ 2002-03-08 03:52:52 360,960 ---h--r C:\WINDOWS\system32\Tools\RunRegexe.exe
+ 2001-11-02 20:19:44 379,392 ---h--r C:\WINDOWS\system32\Tools\SDW98ME.exe
+ 2001-03-09 19:32:00 312,832 ---h--r C:\WINDOWS\system32\Tools\SoundDrv.exe
+ 2001-09-24 04:23:42 28,672 ----a-r C:\WINDOWS\system32\udaprop.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 18:29]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 14:03]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 10:17]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29]
C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Menu Start\Programy\Autostart\
Reboot.exe [2002-03-21 05:40:42]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-05-06 19:38:33]
R2 SMSCGISVC;System Managment Controler;"C:\WINDOWS\system\smscg.exe" [2007-12-30 16:49]
R4 MSN RAV;MSN RAV;"C:\WINDOWS\system\msnrav.exe" [2007-12-30 19:28]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 20:24:20
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2007-12-30 20:25:17
C:\ComboFix2.txt ... 2007-12-30 19:17
przez wojtas 30 Gru 2007, 22:56
File::
C:\WINDOWS\system32\symantec.exe
C:\WINDOWS\system32\TFTP2164
C:\WINDOWS\system\msnrav.exe
C:\WINDOWS\system32\norman.exe
C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Menu Start\Programy\Autostart\Reboot.exe
C:\WINDOWS\system\smscg.exe
Driver::
MSN RAV
SMSCGISVC
O4 - Startup: Reboot.exe
C:\WINDOWS\System32\Tools\LostRun.exe
przez IrysWWF 30 Gru 2007, 23:23
ten plik pogrubiony:
Cytat:
C:\WINDOWS\System32\Tools\LostRun.exe
przeskanuj na tych stronach:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:24, on 2007-12-30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\MozdevMozilla2.0\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6C7C3E-D018-4A66-88FD-24217643D5C4}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe (file missing)
--
End of file - 2948 bytes
Ale klikam fix i dalej po scanie on jest...ComboFix 07-12-21.4 - Prox 2007-12-30 22:24:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.263 [GMT 1:00]
Running from: C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system\msnrav.exe
C:\WINDOWS\system\smscg.exe
C:\WINDOWS\system32\norman.exe
C:\WINDOWS\system32\symantec.exe
C:\WINDOWS\system32\TFTP2164
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MSN_RAV
-------\LEGACY_SMSCGISVC
-------\SMSCGISVC
-------\LEGACY_MSN_RAV
-------\LEGACY_SMSCGISVC
-------\MSN RAV
-------\SMSCGISVC
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Lavasoft
2007-12-30 21:33 . 2007-12-30 21:33 23 --a------ C:\WINDOWS\system32\edbfeaa3_g.ocx
2007-12-30 21:33 . 2007-12-30 21:33 23 --ahs---- C:\WINDOWS\system32\babd8_g.dll
2007-12-30 21:20 . 2007-12-30 21:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-30 20:58 . 2007-12-30 22:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy
2007-12-30 20:40 . 2007-12-30 21:52 <DIR> d-------- C:\Program Files\Bit Che
2007-12-30 20:40 . 2004-03-08 23:00 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.OCX
2007-12-30 20:40 . 2004-03-08 23:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX
2007-12-30 20:40 . 2004-03-08 23:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx
2007-12-30 20:38 . 2007-12-30 20:38 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-30 20:06 . 2007-12-30 20:13 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Gadu-Gadu
2007-12-30 19:58 . 2007-12-30 19:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 19:51 . 2007-12-30 19:51 <DIR> d-------- C:\Program Files\C-Media
2007-12-30 19:50 . 2007-12-30 19:54 26 --a------ C:\WINDOWS\CMCDPLAY.INI
2007-12-30 19:48 . 2007-12-30 19:48 <DIR> d-------- C:\WINDOWS\SiS
2007-12-30 19:48 . 2002-04-25 14:42 316,416 --a------ C:\WINDOWS\IsUninst.exe
2007-12-30 19:48 . 2002-05-22 09:11 27,392 -ra------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2007-12-30 19:48 . 2002-05-22 09:11 27,392 --a--c--- C:\WINDOWS\system32\dllcache\sisagp.sys
2007-12-30 19:47 . 1998-01-23 14:15 304,640 --a------ C:\WINDOWS\IsUn0415.exe
2007-12-30 19:47 . 2002-04-26 10:17 102,400 -ra------ C:\WINDOWS\SiSUSBrg.exe
2007-12-30 19:47 . 2002-01-02 08:40 32,768 -ra------ C:\WINDOWS\SIS_LIB.DLL
2007-12-30 19:47 . 2001-12-07 03:11 3,583 -ra------ C:\WINDOWS\SiSport.sys
2007-12-30 19:45 . 2007-12-30 19:46 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-12-30 19:28 . 2007-12-30 19:46 73 --a------ C:\WINDOWS\system32\i
2007-12-30 19:17 . 2007-12-30 19:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-30 18:12 . 2007-12-30 18:14 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\.housecall6.6
2007-12-30 18:10 . 2007-12-30 18:10 <DIR> d-------- C:\WINDOWS\Sun
2007-12-30 18:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 17:51 . 2007-12-30 17:51 250 --a------ C:\WINDOWS\gmer.ini
2007-12-30 17:46 . 2007-12-30 21:34 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Lavasoft
2007-12-27 16:49 . 2007-12-27 16:49 <DIR> d-------- C:\Documents and Settings\Rodzice\Dane aplikacji\Search Settings
2007-12-26 16:12 . 2007-12-26 17:04 <DIR> d-------- C:\Program Files\VirtualDJ
2007-12-24 13:45 . 2007-12-24 13:45 <DIR> d-------- C:\Program Files\Rozgiwazdkowujacy
2007-12-23 21:52 . 2007-12-23 21:52 <DIR> d-------- C:\Program Files\Search Settings
2007-12-23 21:47 . 2007-12-23 21:50 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-23 21:26 . 2007-12-23 21:28 7,500,244 --a------ C:\My Musicnagr14.mp3
2007-12-23 21:24 . 2007-12-23 21:26 8,921,755 --a------ C:\My Musicnagr13.mp3
2007-12-23 18:19 . 2007-12-23 18:39 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-23 14:15 . 2007-12-23 20:16 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-23 11:36 . 2007-12-23 11:36 <DIR> d-------- C:\Program Files\GoldWave
2007-12-20 23:50 . 2007-12-20 23:50 <DIR> d-------- C:\Program Files\LuckaSoft
2007-12-12 20:13 . 2007-12-12 20:13 5,209 --a------ C:\irysa playlista.fpl
2007-12-07 23:25 . 2007-12-07 23:32 <DIR> d-------- C:\Program Files\VstPlugins
2007-12-07 23:22 . 2007-12-07 23:31 <DIR> d-------- C:\Program Files\Image-Line
2007-12-05 18:14 . 2007-11-28 19:28 210 --ahs---- C:\BOOT.BKK
2007-11-29 13:51 . 2007-11-29 14:03 <DIR> d-------- C:\Program Files\Konnekt
2007-11-28 20:21 . 2007-11-28 20:21 <DIR> d-------- C:\Program Files\Uniblue
2007-11-28 16:10 . 2007-11-28 16:52 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Pro
2007-11-27 22:31 . 2007-11-27 22:31 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\iolo
2007-11-27 17:53 . 2007-11-29 13:43 <DIR> d-------- C:\Program Files\Tlen.pl
2007-11-27 14:58 . 2007-11-27 14:58 <DIR> d-------- C:\Program Files\WapSter
2007-11-26 15:03 . 2007-11-26 15:03 <DIR> d-------- C:\Program Files\TGTSoft
2007-11-25 17:17 . 2007-11-25 17:17 <DIR> d-------- C:\Program Files\Audacity
2007-11-25 14:35 . 2007-11-25 20:05 <DIR> d-------- C:\Program Files\PowerStrip
2007-11-24 13:59 . 2007-11-25 14:33 <DIR> d-------- C:\Program Files\ATITool
2007-11-23 16:27 . 2007-12-01 20:43 <DIR> d-------- C:\Documents and Settings\Prox\dwhelper
2007-11-23 14:04 . 2007-11-23 14:37 <DIR> d-------- C:\Program Files\Tibia 7.6
2007-11-22 12:21 . 2007-11-22 12:21 <DIR> d-------- C:\Program Files\RadioXpi
2007-11-16 19:04 . 2007-11-16 19:04 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-16 13:38 . 2007-11-16 13:54 <DIR> d-------- C:\Program Files\SHOUTcast
2007-11-16 13:36 . 2007-11-16 13:50 <DIR> d-------- C:\Program Files\Winamp
2007-11-15 20:17 . 2007-11-15 20:17 <DIR> d-------- C:\Program Files\Tibia
2007-11-15 18:48 . 2007-11-15 20:26 <DIR> d-------- C:\Program Files\Runtime Software
2007-11-13 20:11 . 2007-11-13 20:11 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-10 19:37 . 2007-11-10 19:38 <DIR> d-------- C:\Program Files\Dziobas Rar Player 0.0087a
2007-11-04 21:37 . 2007-11-04 21:37 <DIR> d-------- C:\Program Files\MySQL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:28 237,568 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 21:28 237,568 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 21:28 237,568 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 21:28 237,568 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 21:20 --------- d-----w C:\Program Files\MozdevMozilla2.0
2007-12-30 20:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 20:00 --------- d-----w C:\Program Files\foobar2000
2007-12-30 17:16 --------- d-----w C:\Program Files\Diablo II
2007-12-30 17:08 --------- d-----w C:\Program Files\Java
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Smart PC Solutions
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2007-12-30 15:58 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-12-30 15:58 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-12-30 15:58 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-30 15:46 --------- d-----w C:\Program Files\ToniArts
2007-12-30 15:39 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\stamina
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Talkback
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Search Settings
2007-12-30 15:32 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-30 15:21 --------- d-s---w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2007-12-30 15:21 --------- d-s---w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2007-12-30 15:17 --------- d-----w C:\Program Files\Usługi online
2007-12-29 19:25 --------- d-----w C:\Program Files\Valve
2007-12-29 13:00 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-25 22:50 --------- d-----w C:\Program Files\VirtualDJJ
2007-12-12 13:53 --------- d-----w C:\Program Files\IrfanView
2007-12-11 18:12 --------- d-----w C:\Program Files\mIRC
2007-12-05 16:55 --------- d-----w C:\Program Files\SpeedFan
2007-11-28 14:27 --------- d-----w C:\Program Files\SmartFTP Client
2007-11-28 14:16 --------- d-----w C:\Program Files\Gadu-Gadu
2007-11-25 21:43 --------- d-----w C:\Program Files\Google
2007-11-24 13:58 --------- d-----w C:\Program Files\ATI Technologies
2007-11-24 13:02 --------- d-----w C:\Program Files\EA SPORTS
2007-11-11 19:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-10 19:30 --------- d-----w C:\Program Files\FlashGet
2006-12-19 17:07 2,208 ----a-w C:\Program Files\unins000.dat
2006-12-01 14:57 16,173,421 ----a-w C:\Program Files\Vi
2006-07-28 16:35 9 ----a-w C:\Program Files\version.wvd
2006-07-27 20:49 58 ----a-w C:\Program Files\font.ini
2006-07-27 20:49 57 ----a-w C:\Program Files\partition.inf
2006-01-10 08:52 70 ----a-w C:\Program Files\config.ini
2003-06-16 14:23 131,072 ----a-w C:\Program Files\T2DXi.dll
2002-12-17 02:00 82,253 ----a-w C:\Program Files\unins000.exe
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot_2007-12-30_20.24.26,60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-30 20:50:56 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2007-12-30 20:50:56 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2007-07-11 13:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 12:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 12:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-04-13 14:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 16:58]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 10:17]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-05-06 19:38:33]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
C:\Program Files\Gadu-Gadu\gg.exe /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 22:29:40
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2007-12-30 22:30:29 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-30 20:25
C:\ComboFix3.txt ... 2007-12-30 19:17
przez wojtas 30 Gru 2007, 23:36
przez IrysWWF 30 Gru 2007, 23:48
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka
Zdarzenie miało miejsce podczas próby tworzenia nowego pliku przez program: C:\WINDOWS\system32\svchost.exe. Plik został przeniesiony do kwarantanny.
przez wojtas 30 Gru 2007, 23:50
IrysWWF napisał(a):Jeszcze raz ? BTW. Mam jakiegos downloadera co jakis czas mam nowego wirusa i ciagle napływają plzz help !
przez IrysWWF 31 Gru 2007, 00:50
Potem Autopatchera. Potem porobie scany. Poki co cisza. Bylo cos wywalilem hijackthisem:)
przez IrysWWF 31 Gru 2007, 17:50
SDFix: Version 1.120
Run by Prox on 2007-12-31 at 16:38
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
MSN RAV
Path:
"C:\WINDOWS\system\msnrav.exe"
MSN RAV - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system\msnrav.exe - Deleted
C:\WINDOWS\system32\i - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 16:47:22
Windows 5.1.2600 NTFS
scanning hidden processes ...
IPC error: 2 Nie można odnaleźć określonego pliku.
C:\WINDOWS\system32\cmd.exe [336] 0x80F5AA00
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 30 Dec 2007 786,432 A..H. --- "C:\Documents and Settings\Prox.PROX-DD28CKH3TD\NTUSER.DAT.bak_jv16pt"
Sun 30 Dec 2007 23 A.SH. --- "C:\WINDOWS\system32\babd8_g.dll"
Wed 7 Mar 2001 311,296 ...HR --- "C:\WINDOWS\system32\Tools\AC2K.exe"
Wed 21 Feb 2001 310,784 ...HR --- "C:\WINDOWS\system32\Tools\AC98.exe"
Wed 21 Feb 2001 311,296 ...HR --- "C:\WINDOWS\system32\Tools\ACL98.exe"
Wed 21 Feb 2001 311,808 ...HR --- "C:\WINDOWS\system32\Tools\ACLME.exe"
Fri 27 Apr 2001 327,168 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 24 Nov 2000 316,416 ...HR --- "C:\WINDOWS\system32\Tools\AutoClick.exe"
Tue 16 Oct 2001 363,008 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Thu 11 Apr 2002 547,840 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Fri 31 Aug 2001 381,440 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Mon 21 Jan 2002 360,960 ...HR --- "C:\WINDOWS\system32\Tools\DelDv.exe"
Tue 20 Mar 2001 532,480 ...HR --- "C:\WINDOWS\system32\Tools\DeleteFiles.exe"
Mon 21 Jan 2002 360,960 ...HR --- "C:\WINDOWS\system32\Tools\DelT2.exe"
Mon 21 Jan 2002 360,960 ...HR --- "C:\WINDOWS\system32\Tools\DelT2Dv.exe"
Wed 6 Mar 2002 360,960 ...HR --- "C:\WINDOWS\system32\Tools\DelTools.exe"
Mon 11 Mar 2002 361,472 ...HR --- "C:\WINDOWS\system32\Tools\LostRun.exe"
Tue 3 Apr 2001 296,960 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 8 Mar 2002 369,152 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Fri 8 Mar 2002 382,464 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 8 Mar 2002 374,784 ...HR --- "C:\WINDOWS\system32\Tools\RunAP.exe"
Fri 8 Mar 2002 360,960 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Fri 2 Nov 2001 379,392 ...HR --- "C:\WINDOWS\system32\Tools\SDW98ME.exe"
Fri 9 Mar 2001 312,832 ...HR --- "C:\WINDOWS\system32\Tools\SoundDrv.exe"
Sun 30 Dec 2007 262,144 A..H. --- "C:\Documents and Settings\LocalService.ZARZ¤DZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Sun 30 Dec 2007 262,144 A..H. --- "C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Sun 30 Dec 2007 262,144 A..H. --- "C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Finished!
przez IrysWWF 31 Gru 2007, 19:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:06, on 2007-12-31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\cFos\cFosDNT.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\MozdevMozilla2.0\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\cFos\cFosDNT.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6C7C3E-D018-4A66-88FD-24217643D5C4}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 3971 bytes
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 16:47:22
Windows 5.1.2600 NTFS
scanning hidden processes ...
IPC error: 2 Nie można odnaleźć określonego pliku.
C:\WINDOWS\system32\cmd.exe [336] 0x80F5AA00
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
przez IrysWWF 01 Sty 2008, 21:34
ComboFix 07-12-21.4 - Prox 2008-01-01 20:26:01.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.262 [GMT 1:00]
Running from: C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.
2007-12-31 19:11 . 2007-12-31 19:11 754 --a------ C:\WINDOWS\WORDPAD.INI
2007-12-31 18:06 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-31 18:05 . 2007-12-31 18:05 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-31 16:37 . 2007-12-31 16:37 167 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-31 16:10 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2007-12-31 15:14 . 2007-12-31 15:14 <DIR> d-------- C:\Documents and Settings\Irys\Dane aplikacji\SmartFTP
2007-12-31 14:11 . 2007-12-31 14:12 <DIR> d-------- C:\Documents and Settings\Irys\Gadu-Gadu
2007-12-31 14:00 . 2007-12-31 14:00 <DIR> d-------- C:\Documents and Settings\Irys\Dane aplikacji\Talkback
2007-12-31 12:21 . 2007-12-31 12:21 <DIR> d-------- C:\Documents and Settings\Mama\Dane aplikacji\stamina
2007-12-31 11:56 . 2007-12-31 11:57 <DIR> d-------- C:\Documents and Settings\Mama\Gadu-Gadu
2007-12-31 11:55 . 2007-12-31 11:55 <DIR> d-------- C:\Documents and Settings\Mama\Dane aplikacji\Talkback
2007-12-31 11:52 . 2008-01-01 20:24 <DIR> d--h----- C:\Documents and Settings\Irys\Ustawienia lokalne
2007-12-31 11:52 . 2007-12-31 11:52 <DIR> dr------- C:\Documents and Settings\Irys\Ulubione
2007-12-31 11:52 . 2007-12-30 16:16 <DIR> d--h----- C:\Documents and Settings\Irys\Szablony
2007-12-31 11:52 . 2007-12-31 19:11 <DIR> d-------- C:\Documents and Settings\Irys\Pulpit
2007-12-31 11:52 . 2007-12-31 11:52 <DIR> dr------- C:\Documents and Settings\Irys\Moje dokumenty
2007-12-31 11:52 . 2007-12-30 15:05 <DIR> dr------- C:\Documents and Settings\Irys\Menu Start
2007-12-31 11:52 . 2007-12-31 15:14 <DIR> dr-h----- C:\Documents and Settings\Irys\Dane aplikacji
2007-12-31 00:29 . 2008-01-01 19:29 <DIR> d-------- C:\Program Files\cFos
2007-12-31 00:29 . 2007-12-31 00:00 838,360 --a------ C:\WINDOWS\system32\drivers\cFosNT.sys
2007-12-31 00:13 . 2007-12-31 00:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\stamina
2007-12-31 00:12 . 2007-12-31 00:16 <DIR> d-------- C:\Program Files\Konnekt
2007-12-30 23:24 . 2007-12-31 00:22 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\GetRight
2007-12-30 23:08 . 2007-12-30 23:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-12-30 22:48 . 2007-12-30 22:48 397,312 --a------ C:\WINDOWS\system32\symantec.exe
2007-12-30 22:35 . 2008-01-01 20:24 <DIR> d--h----- C:\Documents and Settings\Mama\Ustawienia lokalne
2007-12-30 22:35 . 2007-12-30 22:35 <DIR> dr------- C:\Documents and Settings\Mama\Ulubione
2007-12-30 22:35 . 2007-12-30 16:16 <DIR> d--h----- C:\Documents and Settings\Mama\Szablony
2007-12-30 22:35 . 2007-12-31 12:00 <DIR> d-------- C:\Documents and Settings\Mama\Pulpit
2007-12-30 22:35 . 2007-12-30 22:35 <DIR> dr------- C:\Documents and Settings\Mama\Moje dokumenty
2007-12-30 22:35 . 2007-12-30 15:05 <DIR> dr------- C:\Documents and Settings\Mama\Menu Start
2007-12-30 22:35 . 2007-12-31 11:55 <DIR> dr-h----- C:\Documents and Settings\Mama\Dane aplikacji
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Lavasoft
2007-12-30 21:33 . 2007-12-30 21:33 23 --a------ C:\WINDOWS\system32\edbfeaa3_g.ocx
2007-12-30 21:33 . 2007-12-30 21:33 23 --ahs---- C:\WINDOWS\system32\babd8_g.dll
2007-12-30 21:20 . 2007-12-30 21:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-30 20:58 . 2007-12-30 22:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy
2007-12-30 20:40 . 2007-12-30 21:52 <DIR> d-------- C:\Program Files\Bit Che
2007-12-30 20:40 . 2004-03-08 23:00 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.OCX
2007-12-30 20:40 . 2004-03-08 23:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX
2007-12-30 20:40 . 2004-03-08 23:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx
2007-12-30 20:38 . 2007-12-30 20:38 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-30 20:06 . 2007-12-31 11:42 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Gadu-Gadu
2007-12-30 19:58 . 2007-12-30 19:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 19:51 . 2007-12-30 19:51 <DIR> d-------- C:\Program Files\C-Media
2007-12-30 19:50 . 2007-12-30 19:54 26 --a------ C:\WINDOWS\CMCDPLAY.INI
2007-12-30 19:48 . 2007-12-30 19:48 <DIR> d-------- C:\WINDOWS\SiS
2007-12-30 19:48 . 2002-04-25 14:42 316,416 --a------ C:\WINDOWS\IsUninst.exe
2007-12-30 19:48 . 2002-05-22 09:11 27,392 -ra------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2007-12-30 19:48 . 2002-05-22 09:11 27,392 --a--c--- C:\WINDOWS\system32\dllcache\sisagp.sys
2007-12-30 19:47 . 1998-01-23 14:15 304,640 --a------ C:\WINDOWS\IsUn0415.exe
2007-12-30 19:47 . 2002-04-26 10:17 102,400 -ra------ C:\WINDOWS\SiSUSBrg.exe
2007-12-30 19:47 . 2002-01-02 08:40 32,768 -ra------ C:\WINDOWS\SIS_LIB.DLL
2007-12-30 19:47 . 2001-12-07 03:11 3,583 -ra------ C:\WINDOWS\SiSport.sys
2007-12-30 19:45 . 2007-12-30 19:46 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-12-30 19:17 . 2007-12-30 19:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-30 18:12 . 2007-12-30 18:14 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\.housecall6.6
2007-12-30 18:10 . 2007-12-30 18:10 <DIR> d-------- C:\WINDOWS\Sun
2007-12-30 18:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 17:51 . 2007-12-30 17:51 250 --a------ C:\WINDOWS\gmer.ini
2007-12-30 17:46 . 2007-12-30 21:34 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Lavasoft
2007-12-27 16:49 . 2007-12-27 16:49 <DIR> d-------- C:\Documents and Settings\Rodzice\Dane aplikacji\Search Settings
2007-12-26 16:12 . 2007-12-26 17:04 <DIR> d-------- C:\Program Files\VirtualDJ
2007-12-24 13:45 . 2007-12-24 13:45 <DIR> d-------- C:\Program Files\Rozgiwazdkowujacy
2007-12-23 21:52 . 2007-12-23 21:52 <DIR> d-------- C:\Program Files\Search Settings
2007-12-23 21:47 . 2007-12-23 21:50 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-23 21:26 . 2007-12-23 21:28 7,500,244 --a------ C:\My Musicnagr14.mp3
2007-12-23 21:24 . 2007-12-23 21:26 8,921,755 --a------ C:\My Musicnagr13.mp3
2007-12-23 18:19 . 2007-12-23 18:39 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-23 14:15 . 2007-12-23 20:16 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-23 11:36 . 2007-12-23 11:36 <DIR> d-------- C:\Program Files\GoldWave
2007-12-20 23:50 . 2007-12-20 23:50 <DIR> d-------- C:\Program Files\LuckaSoft
2007-12-12 20:13 . 2007-12-12 20:13 5,209 --a------ C:\irysa playlista.fpl
2007-12-07 23:25 . 2007-12-07 23:32 <DIR> d-------- C:\Program Files\VstPlugins
2007-12-07 23:22 . 2007-12-07 23:31 <DIR> d-------- C:\Program Files\Image-Line
2007-12-05 18:14 . 2007-11-28 19:28 210 --ahs---- C:\BOOT.BKK
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 18:58 --------- d-----w C:\Program Files\FlashGet
2008-01-01 18:54 --------- d-----w C:\Program Files\MozdevMozilla2.0
2008-01-01 18:36 --------- d-----w C:\Program Files\foobar2000
2007-12-31 17:08 --------- d-----w C:\Program Files\RadioXpi
2007-12-31 10:59 --------- d-----w C:\Program Files\IrfanView
2007-12-31 10:44 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-30 23:02 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\stamina
2007-12-30 20:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 17:16 --------- d-----w C:\Program Files\Diablo II
2007-12-30 17:08 --------- d-----w C:\Program Files\Java
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Smart PC Solutions
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2007-12-30 15:58 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-12-30 15:58 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-12-30 15:58 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-30 15:46 --------- d-----w C:\Program Files\ToniArts
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Talkback
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Search Settings
2007-12-30 15:32 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-30 15:17 --------- d-----w C:\Program Files\Usługi online
2007-12-29 19:25 --------- d-----w C:\Program Files\Valve
2007-12-29 13:00 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-25 22:50 --------- d-----w C:\Program Files\VirtualDJJ
2007-12-11 18:12 --------- d-----w C:\Program Files\mIRC
2007-12-05 16:55 --------- d-----w C:\Program Files\SpeedFan
2007-11-29 12:43 --------- d-----w C:\Program Files\Tlen.pl
2007-11-28 19:21 --------- d-----w C:\Program Files\Uniblue
2007-11-28 15:52 --------- d-----w C:\Program Files\TweakNow RegCleaner Pro
2007-11-28 14:27 --------- d-----w C:\Program Files\SmartFTP Client
2007-11-27 21:31 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\iolo
2007-11-27 13:58 --------- d-----w C:\Program Files\WapSter
2007-11-26 14:03 --------- d-----w C:\Program Files\TGTSoft
2007-11-25 21:43 --------- d-----w C:\Program Files\Google
2007-11-25 19:05 --------- d-----w C:\Program Files\PowerStrip
2007-11-25 16:17 --------- d-----w C:\Program Files\Audacity
2007-11-25 13:33 --------- d-----w C:\Program Files\ATITool
2007-11-24 13:58 --------- d-----w C:\Program Files\ATI Technologies
2007-11-24 13:02 --------- d-----w C:\Program Files\EA SPORTS
2007-11-23 13:37 --------- d-----w C:\Program Files\Tibia 7.6
2007-11-16 18:04 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-11-16 12:54 --------- d-----w C:\Program Files\SHOUTcast
2007-11-16 12:50 --------- d-----w C:\Program Files\Winamp
2007-11-15 19:26 --------- d-----w C:\Program Files\Runtime Software
2007-11-15 19:17 --------- d-----w C:\Program Files\Tibia
2007-11-13 19:11 --------- d-----w C:\Program Files\Ventrilo
2007-11-11 19:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-10 18:38 --------- d-----w C:\Program Files\Dziobas Rar Player 0.0087a
2007-11-04 20:37 --------- d-----w C:\Program Files\MySQL
2006-12-19 17:07 2,208 ----a-w C:\Program Files\unins000.dat
2006-12-01 14:57 16,173,421 ----a-w C:\Program Files\Vi
2006-07-28 16:35 9 ----a-w C:\Program Files\version.wvd
2006-07-27 20:49 58 ----a-w C:\Program Files\font.ini
2006-07-27 20:49 57 ----a-w C:\Program Files\partition.inf
2006-01-10 08:52 70 ----a-w C:\Program Files\config.ini
2003-06-16 14:23 131,072 ----a-w C:\Program Files\T2DXi.dll
2002-12-17 02:00 82,253 ----a-w C:\Program Files\unins000.exe
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 16:58]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 10:17]
"cFosDNT"="C:\Program Files\cFos\cFosDNT.exe" [2007-04-02 15:34]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-05-06 19:38:33]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
C:\Program Files\Gadu-Gadu\gg.exe /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2005-12-15 18:01]
R2 cFosNT;cFosNT;C:\WINDOWS\System32\Drivers\cFosNT.sys [2007-12-31 00:00]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 20:30:23
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-01 20:32:12
C:\ComboFix2.txt ... 2008-01-01 20:24
C:\ComboFix3.txt ... 2007-12-30 22:30
=Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:19, on 2008-01-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\cFos\cFosDNT.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MozdevMozilla2.0\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6C7C3E-D018-4A66-88FD-24217643D5C4}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 3956 bytes
przez wojtas 01 Sty 2008, 21:45
C:\WINDOWS\system32\symantec.exe
C:\WINDOWS\_MSRSTRT.EXE
przez IrysWWF 02 Sty 2008, 16:54
ComboFix 07-12-31.4 - Prox 2007-12-02 15:45:19.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.215 [GMT 1:00]
Running from: C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.
2007-12-31 19:11 . 2007-12-31 19:11 754 --a------ C:\WINDOWS\WORDPAD.INI
2007-12-31 18:06 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-31 18:05 . 2007-12-31 18:05 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-31 16:37 . 2007-12-31 16:37 167 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-31 16:10 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2007-12-31 15:14 . 2007-12-31 15:14 <DIR> d-------- C:\Documents and Settings\Irys\Dane aplikacji\SmartFTP
2007-12-31 14:11 . 2007-12-31 14:12 <DIR> d-------- C:\Documents and Settings\Irys\Gadu-Gadu
2007-12-31 14:00 . 2007-12-31 14:00 <DIR> d-------- C:\Documents and Settings\Irys\Dane aplikacji\Talkback
2007-12-31 12:21 . 2007-12-31 12:21 <DIR> d-------- C:\Documents and Settings\Mama\Dane aplikacji\stamina
2007-12-31 11:56 . 2007-12-31 11:57 <DIR> d-------- C:\Documents and Settings\Mama\Gadu-Gadu
2007-12-31 11:55 . 2007-12-31 11:55 <DIR> d-------- C:\Documents and Settings\Mama\Dane aplikacji\Talkback
2007-12-31 11:52 . 2008-01-01 20:32 <DIR> d--h----- C:\Documents and Settings\Irys\Ustawienia lokalne
2007-12-31 11:52 . 2007-12-31 11:52 <DIR> dr------- C:\Documents and Settings\Irys\Ulubione
2007-12-31 11:52 . 2007-12-30 16:16 <DIR> d--h----- C:\Documents and Settings\Irys\Szablony
2007-12-31 11:52 . 2008-01-02 14:51 <DIR> d-------- C:\Documents and Settings\Irys\Pulpit
2007-12-31 11:52 . 2007-12-31 11:52 <DIR> dr------- C:\Documents and Settings\Irys\Moje dokumenty
2007-12-31 11:52 . 2007-12-30 15:05 <DIR> dr------- C:\Documents and Settings\Irys\Menu Start
2007-12-31 11:52 . 2007-12-31 15:14 <DIR> dr-h----- C:\Documents and Settings\Irys\Dane aplikacji
2007-12-31 00:29 . 2007-12-02 15:41 <DIR> d-------- C:\Program Files\cFos
2007-12-31 00:29 . 2007-12-31 00:00 838,360 --a------ C:\WINDOWS\system32\drivers\cFosNT.sys
2007-12-31 00:13 . 2007-12-31 00:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\stamina
2007-12-31 00:12 . 2007-12-31 00:16 <DIR> d-------- C:\Program Files\Konnekt
2007-12-30 23:24 . 2007-12-31 00:22 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\GetRight
2007-12-30 23:08 . 2007-12-30 23:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-12-30 22:35 . 2008-01-01 20:32 <DIR> d--h----- C:\Documents and Settings\Mama\Ustawienia lokalne
2007-12-30 22:35 . 2007-12-30 22:35 <DIR> dr------- C:\Documents and Settings\Mama\Ulubione
2007-12-30 22:35 . 2007-12-30 16:16 <DIR> d--h----- C:\Documents and Settings\Mama\Szablony
2007-12-30 22:35 . 2007-12-31 12:00 <DIR> d-------- C:\Documents and Settings\Mama\Pulpit
2007-12-30 22:35 . 2007-12-30 22:35 <DIR> dr------- C:\Documents and Settings\Mama\Moje dokumenty
2007-12-30 22:35 . 2007-12-30 15:05 <DIR> dr------- C:\Documents and Settings\Mama\Menu Start
2007-12-30 22:35 . 2007-12-31 11:55 <DIR> dr-h----- C:\Documents and Settings\Mama\Dane aplikacji
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-30 21:50 . 2007-12-30 21:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Lavasoft
2007-12-30 21:33 . 2007-12-30 21:33 23 --a------ C:\WINDOWS\system32\edbfeaa3_g.ocx
2007-12-30 21:33 . 2007-12-30 21:33 23 --ahs---- C:\WINDOWS\system32\babd8_g.dll
2007-12-30 21:20 . 2007-12-30 21:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-30 20:58 . 2007-12-30 22:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy
2007-12-30 20:40 . 2007-12-30 21:52 <DIR> d-------- C:\Program Files\Bit Che
2007-12-30 20:40 . 2004-03-08 23:00 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.OCX
2007-12-30 20:40 . 2004-03-08 23:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX
2007-12-30 20:40 . 2004-03-08 23:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx
2007-12-30 20:06 . 2008-01-01 20:51 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Gadu-Gadu
2007-12-30 19:58 . 2007-12-30 19:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 19:51 . 2007-12-30 19:51 <DIR> d-------- C:\Program Files\C-Media
2007-12-30 19:50 . 2007-12-30 19:54 26 --a------ C:\WINDOWS\CMCDPLAY.INI
2007-12-30 19:48 . 2007-12-30 19:48 <DIR> d-------- C:\WINDOWS\SiS
2007-12-30 19:48 . 2002-04-25 14:42 316,416 --a------ C:\WINDOWS\IsUninst.exe
2007-12-30 19:48 . 2002-05-22 09:11 27,392 -ra------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2007-12-30 19:48 . 2002-05-22 09:11 27,392 --a--c--- C:\WINDOWS\system32\dllcache\sisagp.sys
2007-12-30 19:47 . 1998-01-23 14:15 304,640 --a------ C:\WINDOWS\IsUn0415.exe
2007-12-30 19:47 . 2002-04-26 10:17 102,400 -ra------ C:\WINDOWS\SiSUSBrg.exe
2007-12-30 19:47 . 2002-01-02 08:40 32,768 -ra------ C:\WINDOWS\SIS_LIB.DLL
2007-12-30 19:47 . 2001-12-07 03:11 3,583 -ra------ C:\WINDOWS\SiSport.sys
2007-12-30 19:45 . 2007-12-30 19:46 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-12-30 19:17 . 2007-12-30 19:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-30 18:12 . 2007-12-30 18:14 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\.housecall6.6
2007-12-30 18:10 . 2007-12-30 18:10 <DIR> d-------- C:\WINDOWS\Sun
2007-12-30 18:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 17:51 . 2007-12-30 17:51 250 --a------ C:\WINDOWS\gmer.ini
2007-12-30 17:46 . 2007-12-30 21:34 <DIR> d-------- C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Lavasoft
2007-12-27 16:49 . 2007-12-27 16:49 <DIR> d-------- C:\Documents and Settings\Rodzice\Dane aplikacji\Search Settings
2007-12-26 16:12 . 2007-12-26 17:04 <DIR> d-------- C:\Program Files\VirtualDJ
2007-12-24 13:45 . 2007-12-24 13:45 <DIR> d-------- C:\Program Files\Rozgiwazdkowujacy
2007-12-23 21:52 . 2007-12-23 21:52 <DIR> d-------- C:\Program Files\Search Settings
2007-12-23 21:47 . 2007-12-23 21:50 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-23 21:26 . 2007-12-23 21:28 7,500,244 --a------ C:\My Musicnagr14.mp3
2007-12-23 21:24 . 2007-12-23 21:26 8,921,755 --a------ C:\My Musicnagr13.mp3
2007-12-23 18:19 . 2007-12-23 18:39 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-23 14:15 . 2007-12-23 20:16 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-23 11:36 . 2007-12-23 11:36 <DIR> d-------- C:\Program Files\GoldWave
2007-12-20 23:50 . 2007-12-20 23:50 <DIR> d-------- C:\Program Files\LuckaSoft
2007-12-12 20:13 . 2007-12-12 20:13 5,209 --a------ C:\irysa playlista.fpl
2007-12-07 23:25 . 2007-12-07 23:32 <DIR> d-------- C:\Program Files\VstPlugins
2007-12-07 23:22 . 2007-12-07 23:31 <DIR> d-------- C:\Program Files\Image-Line
2007-12-05 18:14 . 2007-11-28 19:28 210 --ahs---- C:\BOOT.BKK
2007-12-02 15:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-28 20:21 . 2007-11-28 20:21 <DIR> d-------- C:\Program Files\Uniblue
2007-11-28 16:10 . 2007-11-28 16:52 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Pro
2007-11-27 22:31 . 2007-11-27 22:31 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\iolo
2007-11-27 17:53 . 2007-11-29 13:43 <DIR> d-------- C:\Program Files\Tlen.pl
2007-11-27 14:58 . 2007-11-27 14:58 <DIR> d-------- C:\Program Files\WapSter
2007-11-26 15:03 . 2007-11-26 15:03 <DIR> d-------- C:\Program Files\TGTSoft
2007-11-25 17:17 . 2007-11-25 17:17 <DIR> d-------- C:\Program Files\Audacity
2007-11-25 14:35 . 2007-11-25 20:05 <DIR> d-------- C:\Program Files\PowerStrip
2007-11-24 13:59 . 2007-11-25 14:33 <DIR> d-------- C:\Program Files\ATITool
2007-11-23 16:27 . 2007-12-01 20:43 <DIR> d-------- C:\Documents and Settings\Prox\dwhelper
2007-11-23 14:04 . 2007-11-23 14:37 <DIR> d-------- C:\Program Files\Tibia 7.6
2007-11-22 12:21 . 2007-12-31 18:08 <DIR> d-------- C:\Program Files\RadioXpi
2007-11-16 19:04 . 2007-11-16 19:04 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-16 13:38 . 2007-11-16 13:54 <DIR> d-------- C:\Program Files\SHOUTcast
2007-11-16 13:36 . 2007-11-16 13:50 <DIR> d-------- C:\Program Files\Winamp
2007-11-15 20:17 . 2007-11-15 20:17 <DIR> d-------- C:\Program Files\Tibia
2007-11-15 18:48 . 2007-11-15 20:26 <DIR> d-------- C:\Program Files\Runtime Software
2007-11-13 20:11 . 2007-11-13 20:11 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-10 19:37 . 2007-11-10 19:38 <DIR> d-------- C:\Program Files\Dziobas Rar Player 0.0087a
2007-11-04 21:37 . 2007-11-04 21:37 <DIR> d-------- C:\Program Files\MySQL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 14:36 --------- d-----w C:\Program Files\MozdevMozilla2.0
2008-01-02 14:29 --------- d-----w C:\Program Files\FlashGet
2008-01-02 12:59 --------- d-----w C:\Program Files\foobar2000
2007-12-31 10:59 --------- d-----w C:\Program Files\IrfanView
2007-12-31 10:44 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-30 23:02 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\stamina
2007-12-30 20:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 17:16 --------- d-----w C:\Program Files\Diablo II
2007-12-30 17:08 --------- d-----w C:\Program Files\Java
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Smart PC Solutions
2007-12-30 15:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2007-12-30 15:58 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-12-30 15:58 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-12-30 15:58 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-30 15:46 --------- d-----w C:\Program Files\ToniArts
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Talkback
2007-12-30 15:38 --------- d-----w C:\Documents and Settings\Prox.PROX-DD28CKH3TD\Dane aplikacji\Search Settings
2007-12-30 15:32 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-30 15:17 --------- d-----w C:\Program Files\Usługi online
2007-12-29 19:25 --------- d-----w C:\Program Files\Valve
2007-12-29 13:00 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-25 22:50 --------- d-----w C:\Program Files\VirtualDJJ
2007-12-11 18:12 --------- d-----w C:\Program Files\mIRC
2007-12-05 16:55 --------- d-----w C:\Program Files\SpeedFan
2007-11-28 14:27 --------- d-----w C:\Program Files\SmartFTP Client
2007-11-25 21:43 --------- d-----w C:\Program Files\Google
2007-11-24 13:58 --------- d-----w C:\Program Files\ATI Technologies
2007-11-24 13:02 --------- d-----w C:\Program Files\EA SPORTS
2007-11-11 19:03 --------- d-----w C:\Program Files\Common Files\Adobe
2006-12-19 17:07 2,208 ----a-w C:\Program Files\unins000.dat
2006-12-01 14:57 16,173,421 ----a-w C:\Program Files\Vi
2006-07-28 16:35 9 ----a-w C:\Program Files\version.wvd
2006-07-27 20:49 58 ----a-w C:\Program Files\font.ini
2006-07-27 20:49 57 ----a-w C:\Program Files\partition.inf
2006-01-10 08:52 70 ----a-w C:\Program Files\config.ini
2003-06-16 14:23 131,072 ----a-w C:\Program Files\T2DXi.dll
2002-12-17 02:00 82,253 ----a-w C:\Program Files\unins000.exe
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 16:58 949376]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 10:17 102400]
"cFosDNT"="C:\Program Files\cFos\cFosDNT.exe" [2007-04-02 15:34 818392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29 13312]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-05-06 19:38:33]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
C:\Program Files\Gadu-Gadu\gg.exe /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2005-12-15 18:01]
R2 cFosNT;cFosNT;C:\WINDOWS\System32\Drivers\cFosNT.sys [2007-12-31 00:00]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 15:50:51
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2007-12-31 15:52:46
C:\qoobox\ComboFix2.txt 2008-01-01 19:32:15
C:\qoobox\ComboFix3.txt 2008-01-01 19:24:42
C:\qoobox\ComboFix4.txt 2007-12-30 21:30:30
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 23 gości
