Skocz do zawartości
Gość

Ładnie Proszę O Sprawdzenie Loga

Przez Gość, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

Gość

Gość

Opublikowano
Opublikowano (edytowane)

Komputer ostatnio wpadł w łapki osób trzecich, a wczoraj oberwało mu się jeszcze amvo.exe 8O

Combofix usunął robaka, ale nie jestem pewny czy zrobił to do końca ;]

Spoiler! Kliknij w poniższy kontener by otworzyć.

"Hijack"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:15:28, on 2008-04-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\RivaTuner v2.08\RivaTuner.exe

C:\Program Files\Konnekt\konnekt.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\Documents and Settings\Grupl\Pulpit\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /T

O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"

O4 - HKCU\..\Run: [P2kAutostart] V49C

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 7725 bytes

 

Spoiler! Kliknij w poniższy kontener by otworzyć.

"Silent Runners"

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Konnekt" = ""C:\Program Files\Konnekt\konnekt.exe" /autostart" ["Stamina"]

"BitComet" = ""C:\Program Files\BitComet\BitComet.exe" /tray" ["www.BitComet.com"]

"Internet Download Accelerator" = "C:\Program Files\IDA\ida.exe -autorun" [file not found]

"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools\daemon.exe"" ["DT Soft Ltd"]

"P2kAutostart" = "V49C" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"CTSysVol" = "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]

"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"NWEReboot" = (empty string) [file not found]

"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]

"OODefragTray" = "C:\WINDOWS\system32\oodtray.exe" ["O&O Software GmbH"]

"DU Meter" = "C:\Program Files\DU Meter\DUMeter.exe" ["Hagel Technologies"]

"CTXFIREG" = "CTxfiReg.exe" [file not found]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"amd_dc_opt" = "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" ["AMD"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"RivaTuner" = ""C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /T" [empty string]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"

-> {HKLM...CLSID} = "FGCatchUrl"

\InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

-> {HKLM...CLSID} = "BitComet Helper"

\InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll" ["BitComet"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)

-> {HKLM...CLSID} = "FlashGet GetFlash Class"

\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"

-> {HKLM...CLSID} = "Siemens Device"

\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]

"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"

-> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"

\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]

"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"

-> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"

\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

 

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]|"lsdelete" [null data]

 

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Grupl\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"

 

 

Startup items in "Grupl" & "All Users" startup folders:

-------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Explorer Bars

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

 

{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}\

 

{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\

"ButtonText" = "BitComet"

"Script" = "res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206" ["BitComet"]

 

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "FlashGet"

"Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]

PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]

PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

---------- (launch time: 2008-04-19 10:18:03)

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 12 seconds.

---------- (total run time: 37 seconds)

 

 

Spoiler! Kliknij w poniższy kontener by otworzyć.

"comobfix"

ComboFix 08-04-18.3 - Grupl 2008-04-19 10:03:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1404 [GMT 2:00]

Running from: C:\Documents and Settings\Grupl\Pulpit\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\wpcap.dll

F:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))

.

 

2008-04-18 18:51 . 2008-04-06 20:26 103,268 -r-hs---- C:\pa39xth.cmd

2008-04-16 13:57 . 2008-04-16 13:57 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-04-16 13:52 . 2008-04-16 14:05 <DIR> d-------- C:\Program Files\Hero Editor

2008-04-16 13:52 . 2008-04-16 13:52 249,856 --------- C:\WINDOWS\Setup1.exe

2008-04-16 13:52 . 2008-04-16 13:52 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-11 12:30 . 2008-04-11 12:30 <DIR> d-------- C:\Program Files\ValuSoft

2008-04-04 11:59 . 2008-04-04 11:59 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf

2008-04-04 11:59 . 2008-04-04 11:59 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf

2008-04-04 11:53 . 2008-04-04 11:53 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-04-04 11:53 . 2008-04-04 11:53 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-04-04 11:47 . 2008-04-04 11:47 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared

2008-04-04 11:47 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-04-04 11:47 . 2006-12-14 10:27 40,832 --a------ C:\WINDOWS\system32\drivers\motodrv.sys

2008-04-04 11:47 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys

2008-04-04 11:47 . 2007-02-27 14:31 17,792 --a------ C:\WINDOWS\system32\drivers\motccgp.sys

2008-04-04 11:47 . 2007-01-23 19:03 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys

2008-04-04 11:47 . 2006-12-06 17:33 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys

2008-04-04 11:46 . 2008-04-04 11:46 92,064 --a------ C:\Documents and Settings\Grupl\mqdmmdm.sys

2008-04-04 11:46 . 2008-04-04 11:46 79,328 --a------ C:\Documents and Settings\Grupl\mqdmserd.sys

2008-04-04 11:46 . 2008-04-04 11:46 66,656 --a------ C:\Documents and Settings\Grupl\mqdmbus.sys

2008-04-04 11:46 . 2008-04-04 11:46 9,232 --a------ C:\Documents and Settings\Grupl\mqdmmdfl.sys

2008-04-04 11:46 . 2008-04-04 11:46 6,208 --a------ C:\Documents and Settings\Grupl\mqdmcmnt.sys

2008-04-04 11:46 . 2008-04-04 11:46 5,936 --a------ C:\Documents and Settings\Grupl\mqdmwhnt.sys

2008-04-04 11:46 . 2008-04-04 11:46 4,048 --a------ C:\Documents and Settings\Grupl\mqdmcr.sys

2008-04-04 11:35 . 2008-04-04 11:36 <DIR> d-------- C:\Program Files\Avanquest update

2008-04-04 11:34 . 2008-04-04 11:48 <DIR> d-------- C:\Program Files\Motorola Phone Tools

2008-04-03 19:28 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-03 19:28 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-03 19:27 . 2005-01-09 01:13 16,032 --a------ C:\WINDOWS\system32\drivers\P2k.sys

2008-04-03 19:26 . 2008-04-03 19:26 182 --a------ C:\Documents an

2008-04-03 19:23 . 2008-04-03 19:23 <DIR> d-------- C:\Program Files\Motorola Tools

2008-04-03 13:29 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-04-03 13:29 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-04-03 13:29 . 2003-12-26 08:22 24,192 -ra------ C:\WINDOWS\system32\drivers\OLD9C.tmp

2008-04-03 13:28 . 2008-04-04 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software

2008-04-03 13:28 . 2008-04-04 11:46 25,600 --a------ C:\Documents and Settings\Grupl\usbsermptxp.sys

2008-04-03 13:28 . 2008-04-04 11:46 22,768 --a------ C:\Documents and Settings\Grupl\usbsermpt.sys

2008-03-31 22:48 . 2008-03-31 22:48 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-26 13:09 . 2008-03-26 13:09 <DIR> d-------- C:\Program Files\Square Soft, Inc

2008-03-26 13:08 . 1998-07-17 14:36 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax

2008-03-26 11:32 . 2008-03-26 11:32 <DIR> d-------- C:\Documents and Settings\Grupl\WINDOWS

2008-03-26 11:32 . 1997-12-17 19:33 304,128 --a------ C:\WINDOWS\IsUninst.exe

2008-03-26 11:27 . 2008-03-26 13:18 <DIR> d-------- C:\Program Files\Final Fantasy VII

2008-03-25 14:25 . 2008-03-25 15:01 <DIR> d-------- C:\Program Files\AviSynth 2.5

2008-03-25 14:24 . 2008-03-25 14:41 <DIR> d-------- C:\Program Files\Aegisub

2008-03-25 00:47 . 2008-03-25 00:47 <DIR> d-------- C:\Program Files\Webteh

2008-03-25 00:47 . 2008-03-25 00:47 <DIR> d-------- C:\Documents and Settings\Grupl\Dane aplikacji\BSplayer Pro

2008-03-25 00:47 . 2008-03-25 00:51 <DIR> d-------- C:\Documents and Settings\Grupl\Dane aplikacji\BSplayer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-19 07:35 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-04-16 11:57 --------- d-----w C:\Program Files\Diablo II

2008-04-11 10:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-06 20:49 --------- d-----w C:\Program Files\BitComet

2008-04-06 20:49 --------- d-----w C:\Documents and Settings\Grupl\Dane aplikacji\uTorrent

2008-03-30 11:55 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-03-27 17:57 --------- d-----w C:\Program Files\Konami

2008-03-22 10:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-22 00:17 --------- d-----w C:\Program Files\Java

2008-03-20 23:07 --------- d-----w C:\Program Files\FlashGet

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-18 17:30 --------- d-----w C:\Program Files\RivaTuner v2.08

2008-03-13 12:25 --------- d-----w C:\Program Files\Wiedźmin

2008-02-29 22:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet

2008-02-29 21:55 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-29 21:55 --------- d-----w C:\Program Files\Bonjour

2008-02-29 21:49 --------- d-----w C:\Program Files\Common Files\Macrovision Shared

2008-02-29 20:10 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll

2008-02-29 20:10 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll

2008-02-29 20:10 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

2008-02-29 20:03 2,829 ----a-w C:\WINDOWS\DIIUnin.pif

2008-02-29 20:03 106,496 ----a-w C:\WINDOWS\DIIUnin.exe

2008-02-23 23:18 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-13 10:56 360,448 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-01-21 21:01 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2007-12-14 18:54 22,328 ----a-w C:\Documents and Settings\Grupl\Dane aplikacji\PnkBstrK.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41 503808]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]

"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-03 15:54 486856]

"P2kAutostart"="V49C" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-14 02:34 13500416]

"nwiz"="nwiz.exe" [2008-02-14 02:34 1626112 C:\WINDOWS\system32\nwiz.exe]

"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]

"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"NWEReboot"="" []

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 22:49 188416]

"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]

"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952]

"CTXFIREG"="CTxfiReg.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-14 02:34 86016]

"RivaTuner"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 10:10 2691072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]

--a------ 2008-01-21 22:54 219952 C:\Program Files\uTorrent\utorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\Program Files\\FlashGet\\FlashGet.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23142:TCP"= 23142:TCP:BitComet 23142 TCP

"23142:UDP"= 23142:UDP:BitComet 23142 UDP

"20751:TCP"= 20751:TCP:BitComet 20751 TCP

"20751:UDP"= 20751:UDP:BitComet 20751 UDP

"18462:TCP"= 18462:TCP:BitComet 18462 TCP

"18462:UDP"= 18462:UDP:BitComet 18462 UDP

"14624:TCP"= 14624:TCP:BitComet 14624 TCP

"14624:UDP"= 14624:UDP:BitComet 14624 UDP

"7074:TCP"= 7074:TCP:BitComet 7074 TCP

"7074:UDP"= 7074:UDP:BitComet 7074 UDP

"19289:TCP"= 19289:TCP:BitComet 19289 TCP

"19289:UDP"= 19289:UDP:BitComet 19289 UDP

"21084:TCP"= 21084:TCP:BitComet 21084 TCP

"21084:UDP"= 21084:UDP:BitComet 21084 UDP

"9268:TCP"= 9268:TCP:BitComet 9268 TCP

"9268:UDP"= 9268:UDP:BitComet 9268 UDP

"7312:TCP"= 7312:TCP:BitComet 7312 TCP

"7312:UDP"= 7312:UDP:BitComet 7312 UDP

"27575:TCP"= 27575:TCP:BitComet 27575 TCP

"27575:UDP"= 27575:UDP:BitComet 27575 UDP

"27763:TCP"= 27763:TCP:BitComet 27763 TCP

"27763:UDP"= 27763:UDP:BitComet 27763 UDP

"11430:TCP"= 11430:TCP:BitComet 11430 TCP

"11430:UDP"= 11430:UDP:BitComet 11430 UDP

"15038:TCP"= 15038:TCP:BitComet 15038 TCP

"15038:UDP"= 15038:UDP:BitComet 15038 UDP

"8332:TCP"= 8332:TCP:BitComet 8332 TCP

"8332:UDP"= 8332:UDP:BitComet 8332 UDP

"26700:TCP"= 26700:TCP:BitComet 26700 TCP

"26700:UDP"= 26700:UDP:BitComet 26700 UDP

"15263:TCP"= 15263:TCP:BitComet 15263 TCP

"15263:UDP"= 15263:UDP:BitComet 15263 UDP

"10190:TCP"= 10190:TCP:BitComet 10190 TCP

"10190:UDP"= 10190:UDP:BitComet 10190 UDP

"18191:TCP"= 18191:TCP:BitComet 18191 TCP

"18191:UDP"= 18191:UDP:BitComet 18191 UDP

"27197:TCP"= 27197:TCP:BitComet 27197 TCP

"27197:UDP"= 27197:UDP:BitComet 27197 UDP

"26201:TCP"= 26201:TCP:BitComet 26201 TCP

"26201:UDP"= 26201:UDP:BitComet 26201 UDP

"24380:TCP"= 24380:TCP:BitComet 24380 TCP

"24380:UDP"= 24380:UDP:BitComet 24380 UDP

"23919:TCP"= 23919:TCP:BitComet 23919 TCP

"23919:UDP"= 23919:UDP:BitComet 23919 UDP

"23258:TCP"= 23258:TCP:BitComet 23258 TCP

"23258:UDP"= 23258:UDP:BitComet 23258 UDP

"13029:TCP"= 13029:TCP:BitComet 13029 TCP

"13029:UDP"= 13029:UDP:BitComet 13029 UDP

"9836:TCP"= 9836:TCP:BitComet 9836 TCP

"9836:UDP"= 9836:UDP:BitComet 9836 UDP

"10178:TCP"= 10178:TCP:BitComet 10178 TCP

"10178:UDP"= 10178:UDP:BitComet 10178 UDP

"17433:TCP"= 17433:TCP:BitComet 17433 TCP

"17433:UDP"= 17433:UDP:BitComet 17433 UDP

"15061:TCP"= 15061:TCP:BitComet 15061 TCP

"15061:UDP"= 15061:UDP:BitComet 15061 UDP

"24705:TCP"= 24705:TCP:BitComet 24705 TCP

"24705:UDP"= 24705:UDP:BitComet 24705 UDP

"26936:TCP"= 26936:TCP:BitComet 26936 TCP

"26936:UDP"= 26936:UDP:BitComet 26936 UDP

"21846:TCP"= 21846:TCP:BitComet 21846 TCP

"21846:UDP"= 21846:UDP:BitComet 21846 UDP

"9132:TCP"= 9132:TCP:BitComet 9132 TCP

"9132:UDP"= 9132:UDP:BitComet 9132 UDP

"18934:TCP"= 18934:TCP:BitComet 18934 TCP

"18934:UDP"= 18934:UDP:BitComet 18934 UDP

"23276:TCP"= 23276:TCP:BitComet 23276 TCP

"23276:UDP"= 23276:UDP:BitComet 23276 UDP

"16289:TCP"= 16289:TCP:BitComet 16289 TCP

"16289:UDP"= 16289:UDP:BitComet 16289 UDP

"17414:TCP"= 17414:TCP:BitComet 17414 TCP

"17414:UDP"= 17414:UDP:BitComet 17414 UDP

"13356:TCP"= 13356:TCP:BitComet 13356 TCP

"13356:UDP"= 13356:UDP:BitComet 13356 UDP

"9512:TCP"= 9512:TCP:BitComet 9512 TCP

"9512:UDP"= 9512:UDP:BitComet 9512 UDP

"24906:TCP"= 24906:TCP:BitComet 24906 TCP

"24906:UDP"= 24906:UDP:BitComet 24906 UDP

"8764:TCP"= 8764:TCP:BitComet 8764 TCP

"8764:UDP"= 8764:UDP:BitComet 8764 UDP

"18245:TCP"= 18245:TCP:BitComet 18245 TCP

"18245:UDP"= 18245:UDP:BitComet 18245 UDP

"24145:TCP"= 24145:TCP:BitComet 24145 TCP

"24145:UDP"= 24145:UDP:BitComet 24145 UDP

"11931:TCP"= 11931:TCP:BitComet 11931 TCP

"11931:UDP"= 11931:UDP:BitComet 11931 UDP

"24578:TCP"= 24578:TCP:BitComet 24578 TCP

"24578:UDP"= 24578:UDP:BitComet 24578 UDP

"15426:TCP"= 15426:TCP:BitComet 15426 TCP

"15426:UDP"= 15426:UDP:BitComet 15426 UDP

"14349:TCP"= 14349:TCP:BitComet 14349 TCP

"14349:UDP"= 14349:UDP:BitComet 14349 UDP

"18990:TCP"= 18990:TCP:BitComet 18990 TCP

"18990:UDP"= 18990:UDP:BitComet 18990 UDP

"11102:TCP"= 11102:TCP:BitComet 11102 TCP

"11102:UDP"= 11102:UDP:BitComet 11102 UDP

"12529:TCP"= 12529:TCP:BitComet 12529 TCP

"12529:UDP"= 12529:UDP:BitComet 12529 UDP

"16128:TCP"= 16128:TCP:BitComet 16128 TCP

"16128:UDP"= 16128:UDP:BitComet 16128 UDP

"23652:TCP"= 23652:TCP:BitComet 23652 TCP

"23652:UDP"= 23652:UDP:BitComet 23652 UDP

"24485:TCP"= 24485:TCP:BitComet 24485 TCP

"24485:UDP"= 24485:UDP:BitComet 24485 UDP

"17013:TCP"= 17013:TCP:BitComet 17013 TCP

"17013:UDP"= 17013:UDP:BitComet 17013 UDP

"18306:TCP"= 18306:TCP:BitComet 18306 TCP

"18306:UDP"= 18306:UDP:BitComet 18306 UDP

"16595:TCP"= 16595:TCP:BitComet 16595 TCP

"16595:UDP"= 16595:UDP:BitComet 16595 UDP

"11456:TCP"= 11456:TCP:BitComet 11456 TCP

"11456:UDP"= 11456:UDP:BitComet 11456 UDP

"25866:TCP"= 25866:TCP:BitComet 25866 TCP

"25866:UDP"= 25866:UDP:BitComet 25866 UDP

"24032:TCP"= 24032:TCP:BitComet 24032 TCP

"24032:UDP"= 24032:UDP:BitComet 24032 UDP

"15363:TCP"= 15363:TCP:BitComet 15363 TCP

"15363:UDP"= 15363:UDP:BitComet 15363 UDP

"23209:TCP"= 23209:TCP:BitComet 23209 TCP

"23209:UDP"= 23209:UDP:BitComet 23209 UDP

"25762:TCP"= 25762:TCP:BitComet 25762 TCP

"25762:UDP"= 25762:UDP:BitComet 25762 UDP

"20100:TCP"= 20100:TCP:BitComet 20100 TCP

"20100:UDP"= 20100:UDP:BitComet 20100 UDP

"21765:TCP"= 21765:TCP:BitComet 21765 TCP

"21765:UDP"= 21765:UDP:BitComet 21765 UDP

"5500:TCP"= 5500:TCP:BitComet 5500 TCP

"5500:UDP"= 5500:UDP:BitComet 5500 UDP

"5900:TCP"= 5900:TCP:BitComet 5900 TCP

"5900:UDP"= 5900:UDP:BitComet 5900 UDP

"15318:TCP"= 15318:TCP:BitComet 15318 TCP

"15318:UDP"= 15318:UDP:BitComet 15318 UDP

"11200:TCP"= 11200:TCP:BitComet 11200 TCP

"11200:UDP"= 11200:UDP:BitComet 11200 UDP

"12601:TCP"= 12601:TCP:BitComet 12601 TCP

"12601:UDP"= 12601:UDP:BitComet 12601 UDP

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

S2 Cap7134;LifeView FlyVideo WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-06-19 18:00]

S3 cpuz126;cpuz126;C:\DOCUME~1\Grupl\USTAWI~1\Temp\cpuz.sys []

S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]

S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]

S3 PhTVTune;LifeView FlyVideo WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-16 18:00]

S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-07-14 11:39]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fa49150-e6ac-11dc-8c72-00508d957e57}]

\Shell\AutoRun\command - G:\SETUP.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99022f12-2228-11dc-aa9b-00508d957e57}]

\Shell\AutoRun\command - E:\autorun6e.exe

 

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-19 10:07:25

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-04-19 10:10:37 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-19 08:10:27

 

Pre-Run: 17,214,464,000 bajtów wolnych

Post-Run: 18,034,331,648 bajt˘w wolnych

 

334 --- E O F --- 2008-04-11 17:27:16

Edytowane przez Gość

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Tematy
×
×
  • Dodaj nową pozycję...