Jak w temacie. Z góry dzięki !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:19, on 2008-01-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Robert\SLIDES~1\SlideS2(EN).exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSv[beeep].exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = A0FD19C62B92D16C;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Hama Mouse(EN)] C:\PROGRA~1\Robert\SLIDES~1\SlideS2(EN).exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Download with GetRight Pro - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Open with GetRight Pro Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSv[beeep]) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSv[beeep].exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6798 bytes
Logi - Interpretacja logów
Rozpoczęty przez
Reak
, 15 01 2008 20:15
-
Temat jest zamknięty
5 odpowiedzi w tym temacie
#2
wncvirus
-
-
- 851 postów
Leń !
Napisano 15 01 2008 - 20:19
odpal hjt wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadrat obok poniższych wpisów i daj fix
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
Po wykonaniu tego nowy log z combofix
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
Po wykonaniu tego nowy log z combofix
#3
krzysiekLJA
-
-
- 3 postów
Nowy
Napisano 19 01 2008 - 16:48
Prosze Was o sprawdzenie loga z hijacka
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01, on 2008-01-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 3403 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01, on 2008-01-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 3403 bytes
#4
wncvirus
-
-
- 851 postów
Leń !
Napisano 20 01 2008 - 20:19
log czysty.Daj może dla pewność loga z combofixa
#5
krzysiekLJA
-
-
- 3 postów
Nowy
Napisano 25 01 2008 - 17:17
ComboFix 08-01-15.4 - Uzytkownik 2008-01-23 22:51:23.2 - NTFSx86
Running from: C:\Documents and Settings\Uzytkownik\Moje dokumenty\Programy i Materialy\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.
2008-01-18 17:28 . 2008-01-18 17:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-18 17:12 . 2008-01-18 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-01-18 13:01 . 2008-01-18 13:01 <DIR> d-------- C:\Program Files\foobar2000
2008-01-18 13:01 . 2008-01-23 20:00 <DIR> d-------- C:\Documents and Settings\Uzytkownik\Dane aplikacji\foobar2000
2008-01-17 17:01 . 2008-01-17 17:01 <DIR> d-------- C:\Program Files\IrfanView
2008-01-17 16:49 . 2008-01-17 16:49 <DIR> d-------- C:\Program Files\Network Stumbler
2008-01-15 20:30 . 2005-12-21 10:16 470,048 --a------ C:\WINDOWS\system32\ar5211.sys
2008-01-15 20:30 . 2006-03-29 16:04 42,484 --a------ C:\WINDOWS\system32\net5211.inf
2008-01-15 20:30 . 2005-12-30 08:15 36,864 --a------ C:\WINDOWS\system32\acs.exe
2008-01-15 20:30 . 2005-12-21 10:15 26 --a------ C:\WINDOWS\system32\net5211.cat
2008-01-15 20:29 . 2005-12-30 08:04 1,396,835 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-01-15 20:29 . 2005-12-30 08:15 385,024 --a------ C:\WINDOWS\system32\athcfg11.dll
2008-01-15 20:29 . 2005-12-30 08:04 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-01-15 20:29 . 2006-03-21 09:52 249,856 --a------ C:\WINDOWS\system32\wgapi.dll
2008-01-15 20:29 . 2005-12-30 08:10 237,568 --a------ C:\WINDOWS\system32\wcapi.dll
2008-01-15 20:29 . 2005-12-30 08:14 77,824 --a------ C:\WINDOWS\system32\athcfg11res.dll
2008-01-15 20:29 . 2008-01-15 20:29 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-15 20:26 . 2005-12-21 10:16 470,048 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2008-01-15 18:16 . 2008-01-15 18:16 <DIR> d-------- C:\Documents and Settings\Gość\Dane aplikacji\PCToolsFirewallPlus
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> d--h----- C:\Documents and Settings\Gość\Ustawienia lokalne
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> d--h----- C:\Documents and Settings\Gość\Ustawienia lokalne
2008-01-15 18:15 . 2008-01-15 18:15 <DIR> dr------- C:\Documents and Settings\Gość\Ulubione
2008-01-15 18:15 . 2008-01-15 18:15 <DIR> dr------- C:\Documents and Settings\Gość\Ulubione
2008-01-15 18:15 . 2006-08-03 12:14 <DIR> d--h----- C:\Documents and Settings\Gość\Szablony
2008-01-15 18:15 . 2006-08-03 12:14 <DIR> d--h----- C:\Documents and Settings\Gość\Szablony
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> d-------- C:\Documents and Settings\Gość\Pulpit
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> d-------- C:\Documents and Settings\Gość\Pulpit
2008-01-15 18:15 . 2008-01-15 18:15 <DIR> dr------- C:\Documents and Settings\Gość\Moje dokumenty
2008-01-15 18:15 . 2008-01-15 18:15 <DIR> dr------- C:\Documents and Settings\Gość\Moje dokumenty
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> dr------- C:\Documents and Settings\Gość\Menu Start
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> dr------- C:\Documents and Settings\Gość\Menu Start
2008-01-15 18:15 . 2008-01-15 18:16 <DIR> dr-h----- C:\Documents and Settings\Gość\Dane aplikacji
2008-01-15 18:15 . 2008-01-15 18:16 <DIR> dr-h----- C:\Documents and Settings\Gość\Dane aplikacji
2008-01-15 14:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 16:29 . 2008-01-13 16:29 <DIR> d-------- C:\Documents and Settings\Uzytkownik\Dane aplikacji\.BitTornado
2008-01-11 20:50 . 2008-01-11 21:16 <DIR> d-------- C:\Documents and Settings\Uzytkownik\.xmoto
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 18:55 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\Skype
2008-01-23 08:36 --------- d-----w C:\Program Files\Winamp
2008-01-23 08:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 11:19 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\OpenOffice.ux.pl2
2008-01-16 11:11 --------- d-----w C:\Program Files\SubEdit-Player
2008-01-15 19:29 --------- d-----w C:\Program Files\TP-LINK
2008-01-15 11:52 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-13 15:29 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\.BitTornado
2008-01-07 17:36 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-05 10:02 --------- d-----w C:\Program Files\VoipCheapCom
2007-12-22 20:08 --------- d-----w C:\Program Files\Opera
2007-12-17 12:01 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-16 13:19 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\Miranda
2007-12-13 11:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 16:54 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\BitSpirit
2007-11-26 14:09 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\AdobeAUM
2007-11-26 13:54 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\Teleca
2007-11-26 13:50 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\Sony Ericsson
2007-11-26 13:43 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-26 13:43 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-11-26 13:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2007-11-26 13:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-11-26 13:41 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-01 13:00 766 ----a-w C:\Program Files\Common Files\sms.ico
2007-05-01 13:00 70 ----a-w C:\Program Files\Common Files\moje.js
2006-09-13 20:22 348 ----a-w C:\Program Files\firebird.log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-11-17 06:33 3022848]
"nwiz"="nwiz.exe" [2003-11-17 06:33 753664 C:\WINDOWS\system32\nwiz.exe]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-09-19 15:27 2483504]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-30 10:19 249896]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 16:12 364544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)
R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 12:53]
R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 11:56]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2007-09-19 15:26]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2007-09-19 15:26]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2007-09-19 15:26]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 03:03]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []
.
Contents of the 'Scheduled Tasks' folder
"2007-01-06 09:13:36 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 22:55:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-23 22:58:28
.
2008-01-09 17:33:00 --- E O F ---
Running from: C:\Documents and Settings\Uzytkownik\Moje dokumenty\Programy i Materialy\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.
2008-01-18 17:28 . 2008-01-18 17:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-18 17:12 . 2008-01-18 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-01-18 13:01 . 2008-01-18 13:01 <DIR> d-------- C:\Program Files\foobar2000
2008-01-18 13:01 . 2008-01-23 20:00 <DIR> d-------- C:\Documents and Settings\Uzytkownik\Dane aplikacji\foobar2000
2008-01-17 17:01 . 2008-01-17 17:01 <DIR> d-------- C:\Program Files\IrfanView
2008-01-17 16:49 . 2008-01-17 16:49 <DIR> d-------- C:\Program Files\Network Stumbler
2008-01-15 20:30 . 2005-12-21 10:16 470,048 --a------ C:\WINDOWS\system32\ar5211.sys
2008-01-15 20:30 . 2006-03-29 16:04 42,484 --a------ C:\WINDOWS\system32\net5211.inf
2008-01-15 20:30 . 2005-12-30 08:15 36,864 --a------ C:\WINDOWS\system32\acs.exe
2008-01-15 20:30 . 2005-12-21 10:15 26 --a------ C:\WINDOWS\system32\net5211.cat
2008-01-15 20:29 . 2005-12-30 08:04 1,396,835 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-01-15 20:29 . 2005-12-30 08:15 385,024 --a------ C:\WINDOWS\system32\athcfg11.dll
2008-01-15 20:29 . 2005-12-30 08:04 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-01-15 20:29 . 2006-03-21 09:52 249,856 --a------ C:\WINDOWS\system32\wgapi.dll
2008-01-15 20:29 . 2005-12-30 08:10 237,568 --a------ C:\WINDOWS\system32\wcapi.dll
2008-01-15 20:29 . 2005-12-30 08:14 77,824 --a------ C:\WINDOWS\system32\athcfg11res.dll
2008-01-15 20:29 . 2008-01-15 20:29 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-15 20:26 . 2005-12-21 10:16 470,048 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2008-01-15 18:16 . 2008-01-15 18:16 <DIR> d-------- C:\Documents and Settings\Gość\Dane aplikacji\PCToolsFirewallPlus
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> d--h----- C:\Documents and Settings\Gość\Ustawienia lokalne
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> d--h----- C:\Documents and Settings\Gość\Ustawienia lokalne
2008-01-15 18:15 . 2008-01-15 18:15 <DIR> dr------- C:\Documents and Settings\Gość\Ulubione
2008-01-15 18:15 . 2008-01-15 18:15 <DIR> dr------- C:\Documents and Settings\Gość\Ulubione
2008-01-15 18:15 . 2006-08-03 12:14 <DIR> d--h----- C:\Documents and Settings\Gość\Szablony
2008-01-15 18:15 . 2006-08-03 12:14 <DIR> d--h----- C:\Documents and Settings\Gość\Szablony
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> d-------- C:\Documents and Settings\Gość\Pulpit
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> d-------- C:\Documents and Settings\Gość\Pulpit
2008-01-15 18:15 . 2008-01-15 18:15 <DIR> dr------- C:\Documents and Settings\Gość\Moje dokumenty
2008-01-15 18:15 . 2008-01-15 18:15 <DIR> dr------- C:\Documents and Settings\Gość\Moje dokumenty
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> dr------- C:\Documents and Settings\Gość\Menu Start
2008-01-15 18:15 . 2006-08-03 13:05 <DIR> dr------- C:\Documents and Settings\Gość\Menu Start
2008-01-15 18:15 . 2008-01-15 18:16 <DIR> dr-h----- C:\Documents and Settings\Gość\Dane aplikacji
2008-01-15 18:15 . 2008-01-15 18:16 <DIR> dr-h----- C:\Documents and Settings\Gość\Dane aplikacji
2008-01-15 14:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 16:29 . 2008-01-13 16:29 <DIR> d-------- C:\Documents and Settings\Uzytkownik\Dane aplikacji\.BitTornado
2008-01-11 20:50 . 2008-01-11 21:16 <DIR> d-------- C:\Documents and Settings\Uzytkownik\.xmoto
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 18:55 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\Skype
2008-01-23 08:36 --------- d-----w C:\Program Files\Winamp
2008-01-23 08:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 11:19 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\OpenOffice.ux.pl2
2008-01-16 11:11 --------- d-----w C:\Program Files\SubEdit-Player
2008-01-15 19:29 --------- d-----w C:\Program Files\TP-LINK
2008-01-15 11:52 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-13 15:29 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\.BitTornado
2008-01-07 17:36 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-05 10:02 --------- d-----w C:\Program Files\VoipCheapCom
2007-12-22 20:08 --------- d-----w C:\Program Files\Opera
2007-12-17 12:01 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-16 13:19 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\Miranda
2007-12-13 11:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 16:54 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\BitSpirit
2007-11-26 14:09 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\AdobeAUM
2007-11-26 13:54 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\Teleca
2007-11-26 13:50 --------- d-----w C:\Documents and Settings\Uzytkownik\Dane aplikacji\Sony Ericsson
2007-11-26 13:43 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-26 13:43 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-11-26 13:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2007-11-26 13:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-11-26 13:41 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-01 13:00 766 ----a-w C:\Program Files\Common Files\sms.ico
2007-05-01 13:00 70 ----a-w C:\Program Files\Common Files\moje.js
2006-09-13 20:22 348 ----a-w C:\Program Files\firebird.log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-11-17 06:33 3022848]
"nwiz"="nwiz.exe" [2003-11-17 06:33 753664 C:\WINDOWS\system32\nwiz.exe]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-09-19 15:27 2483504]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-30 10:19 249896]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 16:12 364544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)
R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 12:53]
R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 11:56]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2007-09-19 15:26]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2007-09-19 15:26]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2007-09-19 15:26]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 03:03]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []
.
Contents of the 'Scheduled Tasks' folder
"2007-01-06 09:13:36 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 22:55:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-23 22:58:28
.
2008-01-09 17:33:00 --- E O F ---
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
