złapałem wirusa, który ma następujące objawy.
W eksploratorze i moim komputerze zniknął dostęp do dysku c: (można go tylko włączyć wpisując c: w polu adres)
Przy próbie włączenia menedżera zadań (przez ctrl alt del) pojawia się komunikat o zablokowanym przez administratora dostępie.
W zegarze doszedł napis VIRUS ALERT.
Użyłem SDFixa i Combofixa - objawy ustały, wydaje się że komputer pracuje stabilnie, ale na wszelki wypadek bardzo proszę o sprawdzenie logów:
SDFIX
- Kod: Zaznacz wszystko
[b]SDFix: Version 1.216 [/b]
Run by Piotr on 2008-08-26 at 20:13
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 20:21:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d3469a5]
"000eed85d17b"=hex:bd,cf,39,a7,91,31,ff,7f,f6,a0,25,9c,b9,85,cd,be
"00149a29dd68"=hex:47,e6,4a,21,4f,a8,7a,cc,f3,3d,e0,af,99,8e,2c,fd
"0019b7485bca"=hex:25,5c,98,56,e1,73,3f,a6,3b,1a,1b,9f,e8,b4,e5,cf
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b0d3469a5]
"000eed85d17b"=hex:bd,cf,39,a7,91,31,ff,7f,f6,a0,25,9c,b9,85,cd,be
"00149a29dd68"=hex:47,e6,4a,21,4f,a8,7a,cc,f3,3d,e0,af,99,8e,2c,fd
"0019b7485bca"=hex:25,5c,98,56,e1,73,3f,a6,3b,1a,1b,9f,e8,b4,e5,cf
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0096C6B-8EB6-247A-F73B-8DC6151C87AA}]
"eakbgignde"=hex:66,61,61,6c,68,69,62,6e,6b,6f,68,6a,00,fc
"dafbjpef"=hex:64,62,69,70,6a,61,62,69,6c,65,6a,68,6c,6e,6d,66,6b,63,69,65,6c,..
"iaccppfeinemkobmje"=hex:6b,61,64,70,62,6a,6c,6f,64,65,65,6d,6a,6b,66,6e,67,6e,6c,61,63,..
"haipjchlgnedfgga"=hex:69,61,62,70,64,62,68,70,63,6f,68,6a,62,66,69,68,6a,6f,00,2c
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\DAP\\DAP.EXE"="C:\\Program Files\\DAP\\DAP.EXE:*:Enabled:Download Accelerator Plus"
"C:\\Program Files\\JAlbum7.2\\JAlbumWin.exe"="C:\\Program Files\\JAlbum7.2\\JAlbumWin.exe:*:Enabled:JAlbumWin"
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"="C:\\Program Files\\NAPI-PROJEKT\\napisy.exe:*:Enabled:www.napiprojekt.pl"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Mon 25 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Tue 5 Aug 2003 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 14 Apr 2004 608,256 A..HR --- "C:\WINDOWS\system32\PolengAddins.dll"
Fri 21 Nov 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 4 Oct 2004 417,792 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.1\Maint.exe"
Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.1\uinstrsc.dll"
Mon 10 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 5 Aug 2003 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Tue 5 Aug 2003 299,876 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bb094e9f8c2d7d8ec9a15b1be70e1f47\BIT24.tmp"
[b]Finished![/b]
COMBOFIX:
- Kod: Zaznacz wszystko
ComboFix 08-08-21.02 - Piotr 2008-08-26 19:32:22.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1765 [GMT 2:00]
Running from: C:\Documents and Settings\Piotr\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
/wow section - STAGE 40
pv: No matching processes found
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Piotr\Cookies\piotr@nuggad[2].txt
C:\WINDOWS\edpw.exe
C:\WINDOWS\mesdxbrqmnx.dll
C:\WINDOWS\sstem3~1
C:\WINDOWS\sstem3~1\s?stem32\
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_tdssserv
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
2008-08-26 18:49 . 2008-08-26 19:30 23,472 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-00531102}.rfx
2008-08-26 18:49 . 2008-08-26 19:30 23,472 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-00531102}.rfx
2008-08-26 18:49 . 2008-08-26 19:30 18,672 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-00531102}.rfx
2008-08-26 18:49 . 2008-08-26 19:30 18,672 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000000-00001102-00000004-00531102}.rfx
2008-08-26 18:49 . 2008-08-26 19:30 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-08-26 18:49 . 2008-08-26 19:30 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-08-26 18:49 . 2008-08-26 19:30 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-00531102}.dat
2008-08-26 18:49 . 2008-08-26 19:30 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-00531102}.dat
2008-08-26 18:09 . 2008-08-26 18:19 <DIR> d-------- C:\Documents and Settings\Monika\Dane aplikacji\Orbit
2008-08-26 18:09 . 2008-08-26 18:09 <DIR> d-------- C:\Documents and Settings\Monika\Dane aplikacji\ESET
2008-08-26 18:07 . 2008-08-26 19:37 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-08-26 17:55 . 2008-08-26 17:56 <DIR> d-------- C:\WINDOWS\system32\michal
2008-08-26 17:55 . 2008-08-26 17:55 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\RCP 4
2008-08-26 17:50 . 2003-08-05 20:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-08-26 17:50 . 2003-08-05 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-08-26 17:50 . 2003-08-05 19:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-08-26 17:50 . 2003-08-05 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-08-26 17:50 . 2003-08-05 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-08-26 17:50 . 2003-08-05 20:11 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-08-26 17:50 . 2003-08-05 20:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-08-26 17:49 . 2008-08-26 17:50 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-22 22:53 . 2008-08-22 22:53 <DIR> d-------- C:\Documents and Settings\Piotr\Dane aplikacji\ESET
2008-08-22 21:19 . 2008-08-22 21:25 <DIR> d-------- C:\MkSKwar
2008-08-22 20:30 . 2008-08-22 20:30 <DIR> d-------- C:\WINDOWS\erunt
2008-08-17 21:07 . 2008-08-26 19:11 <DIR> d-------- C:\SDFix
2008-08-15 19:47 . 2008-08-15 19:47 <DIR> d-------- C:\WINDOWS\7F1484A92B194ACEBAA32D7992D4FB63.TMP
2008-08-15 17:58 . 2008-08-15 17:58 <DIR> d-------- C:\Program Files\mks_vir_9
2008-08-15 17:50 . 2008-08-25 22:57 <DIR> d-------- C:\Program Files\SkanerOnline
2008-08-15 17:18 . 2008-08-15 17:18 <DIR> d-------- C:\Program Files\McAfee.com
2008-08-15 17:18 . 2008-08-15 17:18 <DIR> d-------- C:\Program Files\McAfee
2008-08-15 17:18 . 2008-08-15 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\McAfee.com
2008-08-15 17:18 . 2008-08-15 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2008-08-15 17:18 . 2005-08-23 23:16 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-08-15 17:18 . 2005-05-25 00:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-08-15 12:39 . 2008-08-22 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-08-15 12:38 . 2008-08-15 12:38 <DIR> d-------- C:\Program Files\%temp&
2008-08-14 20:02 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 19:59 . 2008-08-26 19:21 <DIR> d-------- C:\Downloads
2008-08-09 15:32 . 2008-08-09 15:32 <DIR> d-------- C:\Program Files\NokiaFREE Unlock Codes Calculator
2008-08-04 18:45 . 2008-08-04 18:46 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 17:29 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-26 17:29 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\Orbit
2008-08-26 17:16 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\Skype
2008-08-26 17:12 --------- d-----w C:\Program Files\Orbitdownloader
2008-08-26 16:22 --------- d-----w C:\Program Files\ESET
2008-08-26 16:20 --------- d-----w C:\Program Files\321Studios
2008-08-26 15:59 --------- d-----w C:\Program Files\Creative
2008-08-25 22:09 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\skypePM
2008-08-22 19:25 --------- d-----w C:\Program Files\Ad Muncher
2008-08-19 15:58 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 15:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 14:35 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\Azureus
2008-08-14 18:20 20 -c-h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLbz.DAT
2008-07-31 20:38 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\bibble
2008-07-26 12:58 --------- d-----w C:\Program Files\ChrisTV
2008-07-19 20:53 --------- d-----w C:\Program Files\mkvtoavis
2008-07-19 20:53 --------- d-----w C:\Program Files\MKVTOAVI
2008-07-19 20:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-07-19 20:30 --------- d-----w C:\Program Files\The KMPlayer
2008-07-04 20:50 --------- d-----w C:\Program Files\iTunes
2008-06-30 20:57 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\AdobeUM
2008-01-05 23:13 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-07-31 19:08 20 -c-h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLea.DAT
2005-08-11 21:44 0 -c-ha-w C:\Program Files\Common Files\MSN
2004-07-26 19:39 309,190 -c--a-w C:\Program Files\ascze.klucz
2004-07-26 19:38 2,441,290 ----a-w C:\Program Files\setupASCZE.exe
2003-10-17 20:12 29,744 -c--a-w C:\Documents and Settings\Piotr\Dane aplikacji\GDIPFONTCACHEV1.DAT
2003-08-05 23:38 808 -c--a-w C:\Program Files\INSTALL.LOG
2001-03-28 10:02 122,880 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
1999-04-23 22:22 12 -csha-w C:\WINDOWS\system\WININETICMP32.drv
2003-08-05 18:45 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 01:54 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" [2005-06-01 14:05 368714]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 17:16 212992]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2005-07-30 02:10 311296]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2004-07-15 11:42 81920]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 15:00 78848]
C:\Documents and Settings\Piotr\Menu Start\Programy\Autostart\
PeerGuardian.lnk - C:\Program Files\PeerGuardian2\pg2.exe [2005-03-14 01:11:28 1401856]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-03-16 14:57:18 1703112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM2"= RALCodec.dll
"vidc.xvid"= xvid.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\DAP\\DAP.EXE"=
"C:\\Program Files\\JAlbum7.2\\JAlbumWin.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 12:43]
R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys [2002-08-26 07:51]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 CX88XBAR;Conexant 2388x Crossbar;C:\WINDOWS\system32\drivers\CX88XBAR.sys [2003-07-08 12:05]
R2 mks_mon_svc;mks_vir file monitor;C:\Program Files\mks_vir_9\bin\mks_mon_svc.exe [2008-04-14 19:54]
R2 MksUpdate;MksUpdate;C:\Program Files\mks_vir_9\bin\mksupdate.exe [2008-04-14 19:54]
R3 MksMonEn;MksMonEn;C:\Program Files\mks_vir_9\bin\MksMonEn.sys [2008-04-14 19:55]
R3 MksMonEv;MksMonEv;C:\Program Files\mks_vir_9\bin\MksMonEv.sys [2008-04-14 19:55]
R3 MksMonFd;MksMonFd;C:\Program Files\mks_vir_9\bin\MksMonFd.sys [2008-04-14 19:55]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 dTVdrvNT;dTVdrvNT;C:\Program Files\ChrisTV\dTVdrvNT.sys []
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 09:55]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 USBNET_XP;LG-LW2100U;C:\WINDOWS\system32\DRIVERS\netusbxp.sys [2002-04-17 16:11]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16049c98-a952-11db-80fa-0010dcdf708a}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27a4d38f-20cb-11db-8069-0010dcdf708a}]
\Shell\AutoRun\command - M:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3942f789-3ff0-11d9-9f76-0010dcdf708a}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db701468-b41b-11d9-964b-0010dcdf708a}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc7a4613-b2b3-11d9-964a-0010dcdf708a}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0CDAAEC2-E245-44CC-8357-CAB70172D017}]
c:\CriticalUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8E668361-C801-41B7-BF89-2FC2C8DE9167}]
"%SystemRoot%\twain_32.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-15 C:\WINDOWS\Tasks\McAfee AntiSpyware.job
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe [2005-07-30 02:12]
2008-08-10 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-04-02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Ad Muncher - C:\Program Files\Ad Muncher\AdMunch.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\omm9jtxv.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 19:37:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Proszę o info czy wszystko już wyczyściłem, czy jeszcze należy użyć jakiegoś programu antywirusowego.
