Po uruchomieniu (przypadkiem) małego pliku is153723.exe znikł pasek zadań i ikony na pulpicie (po ponownym uruchomieniu systemu efekt ten sam).
Jedyne co działało to Alt+Crtl+Delete.
Plik is153723.exe był skanowanym AVG Anti-Spyware 7.5.1.43-3339 oraz Eset NOD32 v3.0.657 (w obu aktualne bazy) oba nic nie wykryły.
Udało mi sie uruchomić ComboFix.exe i najwidoczniej ten coś znalazł i usunął bo wszytko wróciło do normy.
Po przeskanowaniu pliku is153723.exe w http://virusscan.jotti.org/ i http://www.virustotal.com/pl/ okazało że to najprawdopodobniej Trojan.Win32.Zapchast.gc
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1:
- Kod: Zaznacz wszystko
Scanner results
Scan taken on 07 Jun 2008 11:50:53 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dropper.Gen
ArcaVir Found Heur.W32
Avast Found Win32:Zapchast-FM
AVG Antivirus Found Vundo
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.W32.Zapchast.gb
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Zapchast.gc
Fortinet Found Virtum.3!tr
Ikarus Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.Zapchast.gc
NOD32 Found nothing
Norman Virus Control Found W32/Srizbi.U
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found Trojan.Win32.Zapchast.gc
Virustotal:
http://www.virustotal.com/pl/analisis/b48ad73ea591fbe806a6dc4e296d3c13
Proszę o sprawdzenie log czy czasem nic mi jeszcze nie zostało:
ComboFix:
ComboFix 08-06-06.6 - usr 2008-06-07 13:28:43.11 - NTFSx86
Running from: C:\Documents and Settings\usr\Pulpit\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\usr\Ustawienia lokalne\Temporary Internet Files\CSC2.5U-EN-750-F.sbr.sgn
C:\WINDOWS\system32\gwgqxvcu.ini
C:\WINDOWS\system32\ljJCuUnL.dll
C:\WINDOWS\system32\otjyahkk.ini
C:\WINDOWS\system32\ougakldt.ini
C:\WINDOWS\system32\pmnNfEtU.dll
C:\WINDOWS\system32\UtEfNnmp.ini
C:\WINDOWS\system32\UtEfNnmp.ini2
C:\WINDOWS\system32\vlgkvgam.ini
C:\WINDOWS\system32\wvUoLddd.dll
C:\WINDOWS\system32\yrrwysgs.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.
2008-06-06 16:45 . 2008-06-06 16:47 <DIR> d-------- C:\Program Files\ESET
2008-06-01 16:38 . 2008-06-01 16:38 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-01 16:38 . 2008-06-01 16:38 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-01 16:37 . 2008-06-01 16:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 19:14 . 2004-07-09 04:26 1,230,336 --a--c--- C:\WINDOWS\system32\dllcache\msvidctl.dll
2008-05-31 19:14 . 2004-07-09 04:26 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-05-31 19:14 . 2004-07-09 04:26 52,224 --a------ C:\WINDOWS\system32\msdvbnp.ax
2008-05-31 19:14 . 2004-07-09 04:26 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-05-31 19:14 . 2004-07-09 04:26 47,104 --a--c--- C:\WINDOWS\system32\dllcache\wstdecod.dll
2008-05-31 19:14 . 2004-07-09 04:26 30,208 --a------ C:\WINDOWS\system32\psisrndr.ax
2008-05-31 19:14 . 2004-07-09 04:26 16,896 --a------ C:\WINDOWS\system32\bdaplgin.ax
2008-05-31 19:14 . 2004-07-09 04:26 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2008-05-31 19:14 . 2002-12-12 00:14 12,288 --a------ C:\WINDOWS\system32\ksolay.ax
2008-05-31 19:14 . 2004-07-09 04:26 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2008-05-31 15:27 . 2008-05-31 15:27 <DIR> d-------- C:\Program Files\GameShadow
2008-05-31 15:18 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp895.tmp
2008-05-31 15:18 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp894.tmp
2008-05-25 03:52 . 2008-05-25 03:52 <DIR> d-------- C:\Documents and Settings\usr\.unizeto
2008-05-24 23:26 . 2008-05-24 23:26 <DIR> d-------- C:\Program Files\Quicksys
2008-05-22 10:37 . 2008-05-22 15:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-22 10:37 . 2008-05-22 10:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-22 00:51 . 2008-05-22 00:51 135 --a------ C:\WINDOWS\huffyuv.ini
2008-05-22 00:45 . 2008-05-22 00:45 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-18 10:02 . 2008-06-01 07:49 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-05-18 10:02 . 2008-05-18 10:02 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-05-17 17:53 . 2008-05-17 17:53 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\mojosoft
2008-05-11 00:18 . 2008-05-11 00:28 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\ImgBurn
2008-05-11 00:03 . 2008-05-11 00:04 <DIR> d-------- C:\Program Files\ImgBurn
2008-05-07 23:13 . 2008-05-07 23:13 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-07 23:13 . 2008-05-07 23:13 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-07 23:13 . 2008-05-07 23:13 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-07 23:11 . 2008-05-07 23:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 23:08 . 2008-05-07 23:14 <DIR> d-------- C:\WINDOWS\EHome
2008-05-07 23:02 . 2008-04-14 19:20 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-05-07 23:02 . 2008-04-14 19:20 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-05-07 23:02 . 2008-04-14 19:20 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-07 23:00 . 2008-04-14 19:20 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 11:01 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Azureus
2008-06-07 10:22 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\foobar2000
2008-06-03 19:32 --------- d-----w C:\Program Files\foobar2000
2008-06-02 18:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:42 --------- d-----w C:\Program Files\FlashGet
2008-05-31 13:18 --------- d-----w C:\Program Files\OpenAL
2008-05-30 15:32 --------- d-----w C:\Program Files\SpeedFan
2008-05-23 19:20 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Skype
2008-05-23 19:12 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\skypePM
2008-05-22 16:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 14:12 --------- d-----w C:\Program Files\The Bat!
2008-05-21 23:57 --------- d-----w C:\Program Files\Xvid
2008-05-14 16:07 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\YNWA
2008-05-11 17:00 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Codemasters
2008-05-07 20:48 --------- d-----w C:\Program Files\HD Tune Pro
2008-04-30 20:47 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Hamachi
2008-04-30 19:32 --------- d-----w C:\Program Files\DivX
2008-04-30 18:33 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-30 16:57 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-04-29 18:34 --------- d-----w C:\Program Files\Real Alternative
2008-04-28 19:54 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Eltima Software
2008-04-28 16:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-25 18:44 --------- d-----w C:\Program Files\totalcmd
2008-04-25 18:25 --------- d-----w C:\Program Files\Zards software
2008-04-25 16:55 --------- d-----w C:\Program Files\ffdshow
2008-04-24 16:11 --------- d-----w C:\Program Files\SeaTools Enterprise
2008-04-23 13:00 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-04-23 12:53 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-04-23 12:52 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-04-22 16:36 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\DeskSoft
2008-04-21 15:34 --------- d-----w C:\Program Files\Foxit Software
2008-04-19 21:58 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Zoom Player
2008-04-19 21:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo
2008-04-19 21:26 --------- d-----w C:\Program Files\CoreCodec
2008-04-19 05:55 --------- d-----w C:\Program Files\AdiIRC
2008-04-18 19:26 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\ChemTable Software
2008-04-17 14:33 --------- d-----w C:\Program Files\Azureus
2008-04-14 17:22 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 17:22 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 17:22 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 17:22 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 17:21 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 17:21 285,696 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 17:21 149,504 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 17:21 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 17:21 1,035,264 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 17:20 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 17:20 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 17:20 25,471 ------w C:\WINDOWS\system32\drivers\atv04nt5.dll
2008-04-14 17:20 21,183 ------w C:\WINDOWS\system32\drivers\atv01nt5.dll
2008-04-14 17:20 17,279 ------w C:\WINDOWS\system32\drivers\atv10nt5.dll
2008-04-14 17:20 15,423 ------w C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2008-04-14 17:20 14,143 ------w C:\WINDOWS\system32\drivers\atv06nt5.dll
2008-04-14 17:20 11,359 ------w C:\WINDOWS\system32\drivers\atv02nt5.dll
2008-04-14 17:20 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 16:34 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 16:33 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 16:33 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 16:33 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 16:32 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 16:22 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 16:22 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 16:20 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 16:18 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 16:17 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 16:16 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 16:11 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 16:11 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 16:09 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 16:05 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 16:05 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 16:03 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 16:01 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 16:00 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:58 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:58 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:55 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:54 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:54 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 23:07 241664]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-11 23:28 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-11 23:28 81920]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [ ]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 14:57 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2008-04-14 19:21 396288 C:\WINDOWS\system32\cmd.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"msacm.ac3filter"= ac3filter.acm
"VIDC.MLCY"= mlc.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Cerberus\\Cerberus.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"G:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2007-08-29 03:04]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2007-08-29 03:04]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-04-23 15:00]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2006-10-25 20:27]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 KS-959;MA-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-22 10:06]
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
S3 PortTalk;PortTalk;C:\WINDOWS\system32\Drivers\PortTalk.sys [2002-01-12 17:30]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS [2001-10-05 05:54]
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-05-25 12:24]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 13:33:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-07 13:35:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 11:35:47
ComboFix2.txt 2008-03-06 15:35:44
Pre-Run: 599,232,512 bajtów wolnych
Post-Run: 1,171,075,072 bajt˘w wolnych
270
Trend Micro HijackThis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30, on 2008-06-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\foobar2000\foobar2000.exe
E:\_program no install\HijackThis v2.0.2\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /o
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190829263421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200521077953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207326445968
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7086 bytes
PS. Trochę zawiodłem się na NOD32 że nic ie wykrył może ktoś poleci co jeszcze używać (aktualnie używam NOD32 i czasami system skanuje AVG Anti-Spyware)
