Log Hijackthis I Combofix

Granat · 17 Czerwca 2008

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:08, on 2008-06-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\PROGRAMY\PERFECT DISK\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRAMY\PERFECT DISK\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRAMY\OFFICE\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\OFFICE\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\PROGRAMY\PERFECT DISK\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\PROGRAMY\PERFECT DISK\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6731 bytes

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix"

ComboFix 08-06-16.5 - pemu 2008-06-17 20:14:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1615 [GMT 2:00]
Running from: C:\Documents and Settings\pemu\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
Składnia polecenia jest niepoprawna.

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 19:59 . 2008-06-17 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 16:42 . 2008-06-13 16:42 15,412 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-06-12 09:53 . 2008-06-12 09:53 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-06-11 23:53 . 2008-01-16 20:44 799,424 -ra------ C:\WINDOWS\system32\tmp6.tmp
2008-06-11 23:53 . 2008-01-16 20:44 799,424 -ra------ C:\WINDOWS\system32\tmp5.tmp
2008-06-11 23:41 . 2008-06-11 23:51 <DIR> d-------- C:\Program Files\MSECACHE
2008-06-11 23:05 . 2008-06-11 23:05 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\atitray
2008-06-11 22:32 . 2008-06-11 22:32 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\GlarySoft
2008-06-11 21:43 . 2008-06-11 21:43 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\TuneUp Software
2008-06-11 21:22 . 2008-06-11 21:22 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\Gadu-Gadu
2008-06-08 14:24 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-06-08 14:24 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-06-08 14:24 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-08 14:24 . 2008-01-16 20:44 799,424 -ra------ C:\WINDOWS\system32\tmpE2.tmp
2008-06-08 14:24 . 2008-01-16 20:44 799,424 -ra------ C:\WINDOWS\system32\tmpE1.tmp
2008-06-08 14:24 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-06-08 14:24 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-08 14:24 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-06-08 14:24 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-08 14:24 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-06-07 23:13 . 2008-06-08 14:24 <DIR> d-------- C:\Program Files\OpenAL
2008-06-07 23:13 . 2006-11-09 18:49 749,568 -ra------ C:\WINDOWS\system32\tmpE4.tmp
2008-06-07 23:13 . 2008-06-08 14:24 418,480 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-07 23:13 . 2008-06-08 14:24 115,432 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-06 20:48 . 2008-06-06 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-06-06 20:44 . 2008-06-06 20:45 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-06 20:44 . 2008-06-06 20:44 <DIR> d-------- C:\ATI
2008-06-06 20:44 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-06 19:55 . 2008-06-06 19:55 <DIR> d-------- C:\Documents and Settings\pemu\DoctorWeb
2008-06-06 15:05 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-06 15:05 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-06 15:05 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-06 15:05 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-06 15:05 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-04 10:58 . 2008-06-04 10:58 4,096 --a------ C:\WINDOWS\system32\crash
2008-06-02 10:25 . 2008-06-02 10:25 271 --a------ C:\WINDOWS\game.ini
2008-06-02 10:16 . 2008-06-02 10:16 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-30 19:55 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 19:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 19:55 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 19:55 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-28 23:41 . 2008-05-28 23:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 23:41 . 2008-05-28 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-27 22:57 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-05-27 22:57 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-05-27 22:57 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-05-27 22:57 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-05-27 22:57 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-05-27 12:11 . 2008-05-27 12:11 1,016 --a------ C:\WINDOWS\AZPR3.INI
2008-05-27 11:59 . 2008-05-27 11:59 <DIR> d-------- C:\Program Files\ElcomSoft
2008-05-26 23:35 . 2008-06-11 20:35 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\dvdcss
2008-05-26 15:54 . 2008-06-11 23:21 10 --a------ C:\WINDOWS\WININIT.INI
2008-05-20 23:48 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-05-20 20:29 . 2008-05-20 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-05-19 18:13 . 2001-03-06 19:05 4,358,144 -ra------ C:\WINDOWS\uncsetup.exe
2008-05-19 17:30 . 2008-05-19 17:30 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-18 21:41 . 2008-05-18 21:41 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-05-18 21:41 . 2008-05-18 21:41 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-05-18 16:19 . 2008-05-18 17:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-17 15:26 . 2008-05-17 15:26 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-17 15:15 . 2008-05-17 15:15 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\Crystal Player
2008-05-17 14:32 . 2008-05-17 14:56 0 --a------ C:\WINDOWS\PlayList.Fpl
2008-05-17 14:29 . 2008-05-17 14:56 <DIR> d-------- C:\WINDOWS\system32\FTCodecs
2008-05-17 14:29 . 2008-05-17 14:52 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 16:00 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-10-02 16:00 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2008-10-02 16:00 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-02 16:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-11 19:25 --------- d-----w C:\Program Files\Common Files\Pointstone
2008-06-02 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 19:28 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-25 19:28 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-25 19:28 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-05-14 17:56 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ------w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ------w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ------w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ------w C:\WINDOWS\system32\ati2cqag.dll
2008-05-10 09:10 --------- d-----w C:\Program Files\Common Files\TerraGame Shared
2008-04-24 08:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-23 21:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-23 08:47 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Sports Interactive
2008-04-23 08:38 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-20 16:15 --------- d-----w C:\Program Files\HP
2008-04-20 16:15 --------- d-----w C:\Program Files\Common Files\HP
2008-04-20 16:14 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-20 16:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-04-20 16:09 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\HP
2008-04-20 06:37 --------- d-----w C:\Program Files\Common Files\Raxco
2008-04-20 06:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Raxco
2008-04-20 06:32 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Pointstone
2008-04-20 06:23 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-18 18:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-04-18 18:48 --------- d-----w C:\Program Files\COMODO
2008-04-18 18:48 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Comodo
2008-04-18 17:25 --------- d-----w C:\Program Files\Alwil Software
2008-04-18 15:20 --------- d-----w C:\Program Files\Java
2008-04-18 15:19 --------- d-----w C:\Program Files\Common Files\Java
2008-04-18 15:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 15:05 --------- d-----w C:\Program Files\%temp&
2008-04-18 15:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-18 13:40 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Lavasoft
2008-04-18 13:15 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Ashampoo
2008-04-18 13:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-04-18 10:33 --------- d-----w C:\Program Files\DIFX
2008-04-18 10:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-18 10:14 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-18 10:14 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-18 10:13 --------- d-----w C:\Program Files\Usługi online
2008-04-18 10:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-18 09:36 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\vlc
2008-04-18 09:35 --------- d-----w C:\Program Files\Xvid
2008-04-18 09:35 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-18 09:35 --------- d-----w C:\Program Files\ffdshow
2008-04-18 09:27 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\ESET
2008-04-18 09:24 --------- d-----w C:\Program Files\Microsoft Works
2008-04-18 09:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-18 08:40 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\ATI
2008-04-18 08:07 --------- d-----w C:\Program Files\Analog Devices
2008-04-18 08:06 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-04-18 08:05 --------- d-----w C:\Program Files\Common Files\InstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-31 15:58 1655552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2008-01-24 11:42 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-08-01 20:17 222592 D:\PROGRAMY\ALCOHOL 120%\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 20:42 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 01:55 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\GRY\\FM2008\\fm.exe"=
"D:\\GRY\\MASS EFFECT GAME\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\GRY\\MASS EFFECT GAME\\Mass Effect\\MassEffectLauncher.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-25 21:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-25 21:28]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 13:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99fb9144-268f-11dd-9013-001bfc92ba49}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 18:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\PROGRAMY\TUNE UP UTILITIES 2008\OneClickStarter.exe
"2008-06-17 17:59:15 C:\WINDOWS\Tasks\GlaryInitialize.job"
- D:\PROGRAMY\GLARY UTILITIES\Glary Utilities\initialize.exe
"2008-06-17 18:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 20:15:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-17 20:15:43
ComboFix-quarantined-files.txt 2008-06-17 18:15:40

Pre-Run: 46,380,253,184 bajtów wolnych
Post-Run: 46,368,792,576 bajtów wolnych

233

Edytowane 17 Czerwca 2008 przez pemu

Granat · 17 Czerwca 2008

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "combofix"

ComboFix 08-06-16.5 - pemu 2008-06-17 23:50:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1604 [GMT 2:00]
Running from: C:\Documents and Settings\pemu\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\pemu\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\BReWErS.dll
C:\WINDOWS\system32\tmp5.tmp
C:\WINDOWS\system32\tmp6.tmp
C:\WINDOWS\system32\tmpE1.tmp
C:\WINDOWS\system32\tmpE2.tmp
C:\WINDOWS\system32\tmpE4.tmp
.
/wow section - STAGE 38
pv: No matching processes found
Składnia polecenia jest niepoprawna.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\BReWErS.dll
C:\WINDOWS\system32\tmp5.tmp
C:\WINDOWS\system32\tmp6.tmp
C:\WINDOWS\system32\tmpE1.tmp
C:\WINDOWS\system32\tmpE2.tmp
C:\WINDOWS\system32\tmpE4.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 23:10 . 2008-06-17 23:17 <DIR> d-------- C:\Program Files\Trojan Remover
2008-06-17 22:57 . 2008-06-17 23:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-17 22:57 . 2008-04-18 13:59 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-06-17 22:57 . 2008-04-18 12:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-06-17 22:57 . 2008-04-18 13:59 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-06-17 22:57 . 2008-04-18 13:59 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-17 22:57 . 2008-04-18 13:59 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-06-17 22:57 . 2008-04-18 13:59 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-17 22:57 . 2008-06-17 22:57 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-17 22:33 . 2008-06-17 22:33 <DIR> d--hs---- C:\WINDOWS\Installer
2008-06-17 19:59 . 2008-06-17 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-12 09:53 . 2008-06-12 09:53 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-06-11 23:41 . 2008-06-11 23:51 <DIR> d-------- C:\Program Files\MSECACHE
2008-06-11 23:05 . 2008-06-11 23:05 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\atitray
2008-06-11 22:32 . 2008-06-11 22:32 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\GlarySoft
2008-06-11 21:43 . 2008-06-11 21:43 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\TuneUp Software
2008-06-11 21:22 . 2008-06-11 21:22 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\Gadu-Gadu
2008-06-08 14:24 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-06-08 14:24 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-06-08 14:24 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-08 14:24 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-06-08 14:24 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-08 14:24 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-06-08 14:24 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-08 14:24 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-06-07 23:13 . 2008-06-08 14:24 <DIR> d-------- C:\Program Files\OpenAL
2008-06-07 23:13 . 2008-06-08 14:24 418,480 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-07 23:13 . 2008-06-08 14:24 115,432 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-06 20:48 . 2008-06-06 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-06-06 20:44 . 2008-06-06 20:45 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-06 20:44 . 2008-06-06 20:44 <DIR> d-------- C:\ATI
2008-06-06 20:44 . 2008-05-12 10:49 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-06-06 19:55 . 2008-06-06 19:55 <DIR> d-------- C:\Documents and Settings\pemu\DoctorWeb
2008-06-06 15:05 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-06 15:05 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-06 15:05 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-06 15:05 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-06 15:05 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-04 10:58 . 2008-06-04 10:58 4,096 --a------ C:\WINDOWS\system32\crash
2008-06-02 10:25 . 2008-06-02 10:25 271 --a------ C:\WINDOWS\game.ini
2008-06-02 10:16 . 2008-06-02 10:16 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-30 19:55 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-30 19:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-30 19:55 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-30 19:55 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-28 23:41 . 2008-05-28 23:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 23:41 . 2008-05-28 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-27 22:57 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-05-27 22:57 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-05-27 22:57 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-05-27 22:57 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-05-27 22:57 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-05-27 12:11 . 2008-05-27 12:11 1,016 --a------ C:\WINDOWS\AZPR3.INI
2008-05-27 11:59 . 2008-05-27 11:59 <DIR> d-------- C:\Program Files\ElcomSoft
2008-05-26 23:35 . 2008-06-11 20:35 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\dvdcss
2008-05-26 15:54 . 2008-06-11 23:21 10 --a------ C:\WINDOWS\WININIT.INI
2008-05-20 23:48 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-05-20 20:29 . 2008-05-20 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-05-19 18:13 . 2001-03-06 19:05 4,358,144 -ra------ C:\WINDOWS\uncsetup.exe
2008-05-19 17:30 . 2008-05-19 17:30 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-18 21:41 . 2008-05-18 21:41 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-05-18 21:41 . 2008-05-18 21:41 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-05-18 16:19 . 2008-05-18 17:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-17 15:26 . 2008-05-17 15:26 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-17 15:15 . 2008-05-17 15:15 <DIR> d-------- C:\Documents and Settings\pemu\Dane aplikacji\Crystal Player
2008-05-17 14:32 . 2008-05-17 14:56 0 --a------ C:\WINDOWS\PlayList.Fpl
2008-05-17 14:29 . 2008-05-17 14:56 <DIR> d-------- C:\WINDOWS\system32\FTCodecs
2008-05-17 14:29 . 2008-05-17 14:52 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 16:00 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-10-02 16:00 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2008-10-02 16:00 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-02 16:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-11 19:25 --------- d-----w C:\Program Files\Common Files\Pointstone
2008-06-02 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 19:28 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-25 19:28 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-25 19:28 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-05-14 17:56 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-10 09:10 --------- d-----w C:\Program Files\Common Files\TerraGame Shared
2008-04-24 08:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-23 21:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-23 08:47 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Sports Interactive
2008-04-23 08:38 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-20 16:15 --------- d-----w C:\Program Files\HP
2008-04-20 16:15 --------- d-----w C:\Program Files\Common Files\HP
2008-04-20 16:14 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-20 16:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-04-20 16:09 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\HP
2008-04-20 06:37 --------- d-----w C:\Program Files\Common Files\Raxco
2008-04-20 06:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Raxco
2008-04-20 06:32 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Pointstone
2008-04-20 06:23 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-18 18:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-04-18 18:48 --------- d-----w C:\Program Files\COMODO
2008-04-18 18:48 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Comodo
2008-04-18 17:25 --------- d-----w C:\Program Files\Alwil Software
2008-04-18 15:20 --------- d-----w C:\Program Files\Java
2008-04-18 15:19 --------- d-----w C:\Program Files\Common Files\Java
2008-04-18 15:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 15:05 --------- d-----w C:\Program Files\%temp&
2008-04-18 15:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-18 13:40 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Lavasoft
2008-04-18 13:15 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\Ashampoo
2008-04-18 13:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-04-18 10:33 --------- d-----w C:\Program Files\DIFX
2008-04-18 10:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-18 10:14 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-18 10:14 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-18 10:13 --------- d-----w C:\Program Files\Usługi online
2008-04-18 10:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-18 09:36 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\vlc
2008-04-18 09:35 --------- d-----w C:\Program Files\Xvid
2008-04-18 09:35 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-18 09:35 --------- d-----w C:\Program Files\ffdshow
2008-04-18 09:27 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\ESET
2008-04-18 09:24 --------- d-----w C:\Program Files\Microsoft Works
2008-04-18 09:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-18 08:40 --------- d-----w C:\Documents and Settings\pemu\Dane aplikacji\ATI
2008-04-18 08:07 --------- d-----w C:\Program Files\Analog Devices
2008-04-18 08:06 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-04-18 08:05 --------- d-----w C:\Program Files\Common Files\InstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-31 15:58 1655552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2008-01-24 11:42 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-08-01 20:17 222592 D:\PROGRAMY\ALCOHOL 120%\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 20:42 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 01:55 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\GRY\\FM2008\\fm.exe"=
"D:\\GRY\\MASS EFFECT GAME\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\GRY\\MASS EFFECT GAME\\Mass Effect\\MassEffectLauncher.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-25 21:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-25 21:28]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 13:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 21:44:35 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\PROGRAMY\TUNE UP UTILITIES 2008\OneClickStarter.exe
"2008-06-17 21:44:35 C:\WINDOWS\Tasks\GlaryInitialize.job"
- D:\PROGRAMY\GLARY UTILITIES\Glary Utilities\initialize.exe
"2008-06-17 18:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 23:51:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1772] 0x888CC950

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-17 23:52:03
ComboFix-quarantined-files.txt 2008-06-17 21:52:01
ComboFix2.txt 2008-06-17 18:15:43

Pre-Run: 48,317,161,472 bajtów wolnych
Post-Run: 48,406,577,152 bajtów wolnych

253

Kiedy combofix skonczył działac i pokazał się log to na pulpicie nie miałem nic.Żadnych ikon.Czysty pulpit, bez paska itd.....

Granat · 18 Czerwca 2008

Na razie dziękuje,ale problem robił sie coraz większy tak jak pisałem tutaj:

http://forum.purepc.pl/temat/Podstawowe-Za...-system/268333/

Do tego momentyu dziękuje serdecznie za pomoc, ale jak już bede miał (niw wiem co prawda kiedy) komputer z powrotem to pozwole sobie na zerkniecie na ewentualne logi raz jeszcze.

Wielkie dzieki.

Zaloguj się

Log Hijackthis I Combofix

Rekomendowane odpowiedzi

Granat

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Granat

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Granat

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Dołącz do dyskusji

Przeglądaj

Cała aktywność