Skocz do zawartości


Zdjęcie

Logi - Kontrola

Rozpoczęty przez Kac222 , 30 03 2008 16:43

  • Zamknięty Temat jest zamknięty
7 odpowiedzi w tym temacie

#1 Kac222

Kac222

    Początkujący

  • 17 postów

Napisano 30 03 2008 - 16:43

Logfile of HijackThis v1.99.1
Scan saved at 16:54:02, on 2008-03-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

  • 0

#2 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 30 03 2008 - 16:50

odpal hjt.Wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadrat obok poniższego wpisu i daj fix

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


Po wykonaniu tego daj loga z combofixa

  • 0

#3 Kac222

Kac222

    Początkujący

  • 17 postów

Napisano 30 03 2008 - 17:15

ComboFix 08-03-22.3 - Daniel 2008-03-30 17:11:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.951 [GMT 2:00]
Running from: C:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\chckshll.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.

2008-03-30 17:15 . 2008-03-30 17:15 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-03-30 17:15 . 2008-03-30 17:15 <DIR> d-------- C:\WINDOWS\srchasst
2008-03-30 17:15 . 2008-03-30 17:15 <DIR> d-------- C:\WINDOWS\msagent
2008-03-30 17:15 . 2008-03-30 17:15 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-03-30 17:10 . 2008-03-23 14:44 1,606,997 --a------ C:\ComboFix.exe
2008-03-30 17:06 . 2008-03-30 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-26 21:27 . 2008-03-26 21:27 <DIR> d-------- C:\Program Files\GameHouse
2008-03-22 20:58 . 2008-03-22 20:58 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-22 20:58 . 2005-01-19 12:52 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-03-22 20:57 . 2008-03-22 20:57 <DIR> d-------- C:\Program Files\Logitech
2008-03-21 19:58 . 2008-03-21 19:58 <DIR> d-------- C:\Program Files\Passware
2008-03-20 22:49 . 2008-03-20 22:49 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-03-17 00:22 . 2008-03-17 00:22 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-03-17 00:22 . 2008-03-17 00:22 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-03-17 00:22 . 2008-03-17 00:22 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-03-17 00:22 . 2008-03-17 00:22 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-03-17 00:22 . 2008-03-17 00:22 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-03-17 00:22 . 2008-03-17 00:22 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-03-17 00:21 . 2008-03-17 00:21 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-17 00:21 . 2008-03-17 00:21 391,168 --a------ C:\WINDOWS\system32\i263_32.drv
2008-03-17 00:21 . 2008-03-17 00:21 344,394 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-17 00:21 . 2008-03-17 00:21 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll
2008-03-17 00:21 . 2008-03-17 00:21 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax
2008-03-17 00:21 . 2008-03-17 00:21 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax
2008-03-17 00:21 . 2008-03-17 00:21 86,528 --a------ C:\WINDOWS\system32\DVDVideo.ax
2008-03-17 00:21 . 2008-03-17 00:21 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-03-15 00:32 . 2008-03-15 00:32 319 --a------ C:\drmHeader.bin
2008-03-14 22:21 . 2008-03-16 00:28 <DIR> d-------- C:\Program Files\TomTomActivation
2008-03-10 17:41 . 2008-03-10 17:41 <DIR> d-------- C:\Program Files\DivX
2008-03-10 17:41 . 2008-03-10 17:41 <DIR> d-------- C:\Documents and Settings\Daniel\Dane aplikacji\DivX
2008-03-10 17:35 . 2008-03-10 17:35 <DIR> d-------- C:\Program Files\Easy RealMedia Tools
2008-03-10 17:35 . 2008-03-10 17:35 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-03-10 17:35 . 2008-03-10 17:35 <DIR> d-------- C:\Program Files\AC3Filter
2008-03-10 17:35 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-03-09 17:36 . 2008-03-09 17:36 <DIR> d-------- C:\Program Files\JiWire
2008-03-09 01:18 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-09 01:18 . 2006-12-08 13:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-03-09 01:18 . 2006-09-28 17:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-09 01:18 . 2006-07-28 10:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-03-09 01:18 . 2006-07-28 10:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-03-09 00:35 . 2007-04-18 02:20 566,624 --a------ C:\WINDOWS\system32\d3d10.dll
2008-03-08 19:37 . 2008-02-07 21:01 <DIR> d--h----- C:\Documents and Settings\MasterAdmin\Ustawienia lokalne
2008-03-08 19:37 . 2008-03-08 19:37 <DIR> dr------- C:\Documents and Settings\MasterAdmin\Ulubione
2008-03-08 19:37 . 2008-02-07 20:07 <DIR> d--h----- C:\Documents and Settings\MasterAdmin\Szablony
2008-03-08 19:37 . 2008-02-07 21:01 <DIR> d-------- C:\Documents and Settings\MasterAdmin\Pulpit
2008-03-08 19:37 . 2008-03-08 19:37 <DIR> dr------- C:\Documents and Settings\MasterAdmin\Moje dokumenty
2008-03-08 19:37 . 2008-02-07 21:01 <DIR> dr------- C:\Documents and Settings\MasterAdmin\Menu Start
2008-03-08 19:37 . 2008-02-07 21:01 <DIR> dr-h----- C:\Documents and Settings\MasterAdmin\Dane aplikacji
2008-03-08 19:37 . 2004-08-04 04:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-29 20:47 . 2008-03-03 20:47 <DIR> d-------- C:\Program Files\Advanced XP Tweak
2008-02-29 20:36 . 2008-02-29 22:44 <DIR> d-------- C:\Program Files\Disk Checker
2008-02-29 20:36 . 2007-09-24 12:12 29,768 --a------ C:\WINDOWS\system32\drivers\elrawdsk.sys
2008-02-29 15:39 . 2008-02-29 15:39 54 --a------ C:\WINDOWS\mmates.ini
2008-02-28 21:48 . 2005-05-03 19:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-02-27 23:17 . 2006-08-01 16:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-02-27 23:16 . 2008-02-28 21:48 <DIR> d-------- C:\Program Files\Realtek
2008-02-27 23:16 . 2007-01-12 17:54 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-02-27 23:16 . 2008-02-27 23:16 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-02-27 23:03 . 2008-02-27 23:03 <DIR> d-------- C:\Virtual Sound.temp
2008-02-27 22:31 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-27 22:09 . 2008-02-27 22:09 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-27 18:18 . 2001-05-11 14:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-02-27 18:18 . 2001-05-16 18:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-27 18:18 . 2001-03-26 05:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-02-26 20:33 . 2008-02-26 20:33 83 --a------ C:\WINDOWS\forminfo.ini
2008-02-26 20:29 . 2008-02-26 20:29 13 --a------ C:\WINDOWS\system32\WinVid.crc
2008-02-26 19:59 . 2008-02-27 21:58 <DIR> d-------- C:\Documents and Settings\Daniel\SpectroN
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Program Files\WapSter
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Documents and Settings\Daniel\WapSter
2008-02-25 21:58 . 2008-02-25 21:58 32 --a------ C:\WINDOWS\go
2008-02-24 22:26 . 2008-02-24 22:26 41,888 --a------ C:\WINDOWS\system32\drivers\Oreans.sys
2008-02-24 21:45 . 2008-02-24 21:45 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-02-24 21:45 . 2008-02-24 21:45 <DIR> d-------- C:\Program Files\FLV Player
2008-02-24 14:08 . 2008-02-24 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-02-24 14:07 . 2008-02-24 14:07 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-24 14:07 . 2004-08-04 01:44 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-24 14:07 . 2004-08-04 01:44 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-24 14:07 . 2004-08-04 01:44 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-24 14:07 . 2004-08-04 01:44 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-24 14:07 . 2004-08-04 01:44 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-24 13:04 . 2008-02-24 13:04 <DIR> d-------- C:\Documents and Settings\Daniel\Dane aplikacji\Toshiba
2008-02-24 01:36 . 2008-02-24 01:36 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-24 01:36 . 2008-02-24 01:36 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-23 16:31 . 2008-02-23 16:32 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- C:\Program Files\Photo Viewer
2008-02-22 17:07 . 2008-02-22 17:07 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-21 18:42 . 2008-02-21 18:42 <DIR> dr-h----- C:\Documents and Settings\Daniel\Dane aplikacji\SecuROM
2008-02-21 18:42 . 2008-02-21 18:42 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-21 18:24 . 2006-09-28 17:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-02-21 18:23 . 2008-02-21 18:23 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-02-21 18:23 . 2008-02-21 18:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 18:23 . 2008-02-21 18:23 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-02-21 04:05 . 2008-02-21 04:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 04:05 . 2008-02-21 04:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 04:05 . 2008-03-17 00:21 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-21 04:05 . 2008-02-21 04:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-21 04:05 . 2008-02-21 04:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-02-21 04:03 . 2008-02-21 04:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-02-21 04:03 . 2008-02-21 04:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-02-21 04:03 . 2008-02-21 04:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 20:57 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-07 18:19 --------- d-----w C:\Program Files\avmwlanstick
2008-02-07 18:09 --------- d-----w C:\Program Files\Usługi online
2008-02-07 18:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2006-12-12 10:13 32,768 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\EBLib.dll
2006-07-28 15:25 19,456 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\LPCFilter.sys
.

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll

2007-10-16 01:19 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys

2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe

2007-10-17 21:30 974848 16df8a100e8966e48ba00c86f6c89972 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 17:09 6290944]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-17 19:10 21686568]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:44 15360]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Resume copy"="copyfstq.exe" [2008-02-07 22:04 73728 C:\WINDOWS\copyfstq.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 13:10 143360]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 17:40 413696]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 14:45 28672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 07:49 651264]
"NDSTray.exe"="NDSTray.exe" []
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 06:40 53248]
"INPROCOMMWireless"="C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 12:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 12:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 12:07 131072]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 17:21 270336]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 15:49 16377344 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CFSServ.exe"="CFSServ.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 12:05 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 12:45 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 12:39 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-10-09 02:01 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44193:TCP"= 44193:TCP:emule tcp
"28496:UDP"= 28496:UDP:emule udp

R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\WINDOWS\system32\DRIVERS\tos_sps32.sys [2006-10-26 11:52]
R1 ElRawDisk;ElRawDisk;C:\WINDOWS\system32\drivers\elrawdsk.sys [2007-09-24 12:12]
R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2008-02-24 22:26]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-12-28 02:02]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 UVCFTR;UVCFTR;C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS [2007-04-16 11:19]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 20:46]
S3 avmeject;AVM Eject;C:\WINDOWS\system32\drivers\avmeject.sys [2006-12-28 02:02]
S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Daniel\Pulpit\Pliki internetowe\NRKCTL32.SYS []
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 05:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a3d584a-f836-11dc-b921-001a4f9dd303}]
\Shell\AutoRun\command - InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 20:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 17:15:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Tlen.pl\hook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-03-30 17:17:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-30 15:17:28
  • 0

#4 laszjwrz

laszjwrz

    Początkujący

  • 11 postów

Napisano 30 03 2008 - 21:15 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Można Zfixować. Log chyba czysty. Możesz również użyć narzędzia SDFix w trybie awaryjnym. Instrukcje dostępne w sieci.

odpal hjt.Wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadrat obok poniższego wpisu i daj fix

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


Po wykonaniu tego daj loga z combofixa


Plik ALCMTR.EXE jest bezpieczny, tak samo sprawa się ma, jak bym kazał komuś wyłączyć z autostartu np javę lub adobe, ale uwaga jak najbardziej trafna:)
  • 0

#5 Kac222

Kac222

    Początkujący

  • 17 postów

Napisano 30 03 2008 - 21:22 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Można Zfixować. Log chyba czysty. Możesz również użyć narzędzia SDFix w trybie awaryjnym. Instrukcje dostępne w sieci.



Plik ALCMTR.EXE jest bezpieczny, tak samo sprawa się ma, jak bym kazał komuś wyłączyć z autostartu np javę lub adobe, ale uwaga jak najbardziej trafna:)



Jak Byś czytał uważnie to już podałem loga z ComboFixa.
A w HJ zfixowałem ten wpis ALCMTR.EXE.
  • 0

#6 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 30 03 2008 - 22:10

Ja zawsze zalecam usuwanie go bo Realtek nie musi mieć informacji o Tobie.A co do loga z combofix.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"=-


Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG >>>
plik uruchom (dwuklik i OK).
Zrestartuj komputer.

Poniższe pliki sprawdź na http://virusscan.jotti.org/ no chyba że je znasz.


C:\WINDOWS\mmates.ini
C:\WINDOWS\forminfo.ini



copyfstq.exe - używasz tego programu.?

Po wykonaniu usuwania daj nowego loga combofix + daj znać co jotti pokazało.
  • 0

#7 Kac222

Kac222

    Początkujący

  • 17 postów

Napisano 31 03 2008 - 20:55

copyfstq.exe - używasz tego programu.? - tak uzywam tego programu.

jotti nic nie wykrył tzn. wszystko ok.

A to nowy log z Combo


ComboFix 08-03-22.3 - Daniel 2008-03-31 20:34:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1504 [GMT 2:00]
Running from: C:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-31 19:50 . 2008-03-31 19:51 353,352 --a------ C:\WINDOWS\system32\prfh0415.dat
2008-03-31 19:50 . 2008-03-31 19:51 48,316 --a------ C:\WINDOWS\system32\prfc0415.dat
2008-03-30 18:57 . 2008-03-30 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TomTom
2008-03-30 17:15 . 2008-03-30 17:15 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-03-30 17:15 . 2008-03-30 17:15 <DIR> d-------- C:\WINDOWS\srchasst
2008-03-30 17:15 . 2008-03-30 17:15 <DIR> d-------- C:\WINDOWS\msagent
2008-03-30 17:15 . 2008-03-30 17:15 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-03-30 17:10 . 2008-03-23 14:44 1,606,997 --a------ C:\ComboFix.exe
2008-03-30 17:06 . 2008-03-30 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-26 21:27 . 2008-03-26 21:27 <DIR> d-------- C:\Program Files\GameHouse
2008-03-22 20:58 . 2008-03-22 20:58 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-22 20:58 . 2005-01-19 12:52 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-03-22 20:57 . 2008-03-22 20:57 <DIR> d-------- C:\Program Files\Logitech
2008-03-21 19:58 . 2008-03-21 19:58 <DIR> d-------- C:\Program Files\Passware
2008-03-20 22:49 . 2008-03-20 22:49 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-03-17 00:22 . 2008-03-17 00:22 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-03-17 00:22 . 2008-03-17 00:22 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-03-17 00:22 . 2008-03-17 00:22 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-03-17 00:22 . 2008-03-17 00:22 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-03-17 00:22 . 2008-03-17 00:22 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-03-17 00:22 . 2008-03-17 00:22 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-03-17 00:21 . 2008-03-17 00:21 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-17 00:21 . 2008-03-17 00:21 391,168 --a------ C:\WINDOWS\system32\i263_32.drv
2008-03-17 00:21 . 2008-03-17 00:21 344,394 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-17 00:21 . 2008-03-17 00:21 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll
2008-03-17 00:21 . 2008-03-17 00:21 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax
2008-03-17 00:21 . 2008-03-17 00:21 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax
2008-03-17 00:21 . 2008-03-17 00:21 86,528 --a------ C:\WINDOWS\system32\DVDVideo.ax
2008-03-17 00:21 . 2008-03-17 00:21 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-03-15 00:32 . 2008-03-15 00:32 319 --a------ C:\drmHeader.bin
2008-03-14 22:21 . 2008-03-30 18:36 <DIR> d-------- C:\Program Files\TomTomActivation
2008-03-10 17:41 . 2008-03-10 17:41 <DIR> d-------- C:\Program Files\DivX
2008-03-10 17:41 . 2008-03-10 17:41 <DIR> d-------- C:\Documents and Settings\Daniel\Dane aplikacji\DivX
2008-03-10 17:35 . 2008-03-10 17:35 <DIR> d-------- C:\Program Files\Easy RealMedia Tools
2008-03-10 17:35 . 2008-03-10 17:35 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-03-10 17:35 . 2008-03-10 17:35 <DIR> d-------- C:\Program Files\AC3Filter
2008-03-10 17:35 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-03-09 17:36 . 2008-03-09 17:36 <DIR> d-------- C:\Program Files\JiWire
2008-03-09 01:18 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-09 01:18 . 2006-12-08 13:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-03-09 01:18 . 2006-09-28 17:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-09 01:18 . 2006-07-28 10:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-03-09 01:18 . 2006-07-28 10:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-03-09 00:35 . 2007-04-18 02:20 566,624 --a------ C:\WINDOWS\system32\d3d10.dll
2008-03-08 19:37 . 2008-03-30 17:17 <DIR> d--h----- C:\Documents and Settings\MasterAdmin\Ustawienia lokalne
2008-03-08 19:37 . 2008-03-08 19:37 <DIR> dr------- C:\Documents and Settings\MasterAdmin\Ulubione
2008-03-08 19:37 . 2008-02-07 20:07 <DIR> d--h----- C:\Documents and Settings\MasterAdmin\Szablony
2008-03-08 19:37 . 2008-02-07 21:01 <DIR> d-------- C:\Documents and Settings\MasterAdmin\Pulpit
2008-03-08 19:37 . 2008-03-08 19:37 <DIR> dr------- C:\Documents and Settings\MasterAdmin\Moje dokumenty
2008-03-08 19:37 . 2008-02-07 21:01 <DIR> dr------- C:\Documents and Settings\MasterAdmin\Menu Start
2008-03-08 19:37 . 2008-02-07 21:01 <DIR> dr-h----- C:\Documents and Settings\MasterAdmin\Dane aplikacji
2008-03-08 19:37 . 2004-08-04 04:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-29 20:47 . 2008-03-03 20:47 <DIR> d-------- C:\Program Files\Advanced XP Tweak
2008-02-29 20:36 . 2008-02-29 22:44 <DIR> d-------- C:\Program Files\Disk Checker
2008-02-29 20:36 . 2007-09-24 12:12 29,768 --a------ C:\WINDOWS\system32\drivers\elrawdsk.sys
2008-02-29 15:39 . 2008-02-29 15:39 54 --a------ C:\WINDOWS\mmates.ini
2008-02-28 21:48 . 2005-05-03 19:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-02-27 23:17 . 2006-08-01 16:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-02-27 23:16 . 2008-02-28 21:48 <DIR> d-------- C:\Program Files\Realtek
2008-02-27 23:16 . 2007-01-12 17:54 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-02-27 23:16 . 2008-02-27 23:16 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-02-27 23:03 . 2008-02-27 23:03 <DIR> d-------- C:\Virtual Sound.temp
2008-02-27 22:31 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-27 22:09 . 2008-02-27 22:09 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-27 18:18 . 2001-05-11 14:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-02-27 18:18 . 2001-05-16 18:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-27 18:18 . 2001-03-26 05:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-02-26 20:33 . 2008-02-26 20:33 83 --a------ C:\WINDOWS\forminfo.ini
2008-02-26 20:29 . 2008-02-26 20:29 13 --a------ C:\WINDOWS\system32\WinVid.crc
2008-02-26 19:59 . 2008-02-27 21:58 <DIR> d-------- C:\Documents and Settings\Daniel\SpectroN
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Program Files\WapSter
2008-02-25 22:48 . 2008-02-25 22:48 <DIR> d-------- C:\Documents and Settings\Daniel\WapSter
2008-02-25 21:58 . 2008-02-25 21:58 32 --a------ C:\WINDOWS\go
2008-02-24 22:26 . 2008-02-24 22:26 41,888 --a------ C:\WINDOWS\system32\drivers\Oreans.sys
2008-02-24 21:45 . 2008-02-24 21:45 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-02-24 21:45 . 2008-02-24 21:45 <DIR> d-------- C:\Program Files\FLV Player
2008-02-24 14:08 . 2008-02-24 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-02-24 14:07 . 2008-02-24 14:07 <DIR> d-------- C:\Program Files\IVT Corporation
2008-02-24 14:07 . 2004-08-04 01:44 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-24 14:07 . 2004-08-04 01:44 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-24 14:07 . 2004-08-04 01:44 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-24 14:07 . 2004-08-04 01:44 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-24 14:07 . 2004-08-04 01:44 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-24 13:04 . 2008-02-24 13:04 <DIR> d-------- C:\Documents and Settings\Daniel\Dane aplikacji\Toshiba
2008-02-24 01:36 . 2008-02-24 01:36 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-24 01:36 . 2008-02-24 01:36 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-23 16:31 . 2008-02-23 16:32 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- C:\Program Files\Photo Viewer
2008-02-22 17:07 . 2008-02-22 17:07 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-21 18:42 . 2008-02-21 18:42 <DIR> dr-h----- C:\Documents and Settings\Daniel\Dane aplikacji\SecuROM
2008-02-21 18:42 . 2008-02-21 18:42 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-21 18:24 . 2006-09-28 17:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-02-21 18:23 . 2008-02-21 18:23 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-02-21 18:23 . 2008-02-21 18:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 18:23 . 2008-02-21 18:23 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-02-21 04:05 . 2008-02-21 04:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 04:05 . 2008-02-21 04:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 04:05 . 2008-03-17 00:21 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-21 04:05 . 2008-02-21 04:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-21 04:05 . 2008-02-21 04:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 22:22 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-03-16 22:21 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll
2008-03-08 23:30 1,689,088 ----a-w C:\WINDOWS\system32\d3d9.dll
2008-03-08 23:25 1,179,648 ----a-w C:\WINDOWS\system32\D3D8.DLL
2008-02-29 20:57 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-07 18:19 --------- d-----w C:\Program Files\avmwlanstick
2008-02-07 18:09 --------- d-----w C:\Program Files\Usługi online
2008-02-07 18:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 07:51 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe
2007-12-19 10:32 57,344 ----a-w C:\WINDOWS\system32\igxprd32.dll
2007-12-19 10:32 2,643,456 ----a-w C:\WINDOWS\system32\igxpdx32.dll
2007-12-19 10:32 151,040 ----a-w C:\WINDOWS\system32\igxpgd32.dll
2007-12-19 10:32 1,670,144 ----a-w C:\WINDOWS\system32\igxpdv32.dll
2007-12-19 10:15 2,412,544 ----a-w C:\WINDOWS\system32\ig4icd32.dll
2007-12-19 10:15 1,589,248 ----a-w C:\WINDOWS\system32\ig4dev32.dll
2007-12-19 10:09 524,288 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2007-12-19 10:08 159,744 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-19 10:08 135,168 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-19 10:07 48,128 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
2007-12-19 10:07 249,856 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
2007-12-19 10:07 24,576 ----a-w C:\WINDOWS\system32\igfxexps.dll
2007-12-19 10:07 208,896 ----a-w C:\WINDOWS\system32\igfxdev.dll
2007-12-19 10:07 204,800 ----a-w C:\WINDOWS\system32\igfxpph.dll
2007-12-19 10:07 163,840 ----a-w C:\WINDOWS\system32\igfxzoom.exe
2007-12-19 10:07 163,840 ----a-w C:\WINDOWS\system32\igfxext.exe
2007-12-19 10:07 135,168 ----a-w C:\WINDOWS\system32\igfxdo.dll
2007-12-19 10:07 131,072 ----a-w C:\WINDOWS\system32\igfxpers.exe
2007-12-19 10:07 102,400 ----a-w C:\WINDOWS\system32\hccutils.dll
2007-12-19 10:06 3,293,184 ----a-w C:\WINDOWS\system32\igfxress.dll
2006-12-12 10:13 32,768 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\EBLib.dll
2006-07-28 15:25 19,456 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\LPCFilter.sys
.

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll

2007-10-16 01:19 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys

2007-10-19 00:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe

2007-10-17 21:30 974848 16df8a100e8966e48ba00c86f6c89972 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 17:09 6290944]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-17 19:10 21686568]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:44 15360]
"TomTomHOME.exe"="D:\TOMTOM\program\TomTom HOME 2\HOMERunner.exe" [2008-02-18 12:58 206184]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Resume copy"="copyfstq.exe" [2008-02-07 22:04 73728 C:\WINDOWS\copyfstq.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 13:10 143360]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 17:40 413696]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 14:45 28672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 07:49 651264]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 06:40 53248]
"INPROCOMMWireless"="C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 12:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 12:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 12:07 131072]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 17:21 270336]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 15:49 16377344 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CFSServ.exe"="CFSServ.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 12:05 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 12:45 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 12:39 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-10-09 02:01 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44193:TCP"= 44193:TCP:emule tcp
"28496:UDP"= 28496:UDP:emule udp

R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\WINDOWS\system32\DRIVERS\tos_sps32.sys [2006-10-26 11:52]
R1 ElRawDisk;ElRawDisk;C:\WINDOWS\system32\drivers\elrawdsk.sys [2007-09-24 12:12]
R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2008-02-24 22:26]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-12-28 02:02]
R3 UVCFTR;UVCFTR;C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS [2007-04-16 11:19]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 20:46]
S3 avmeject;AVM Eject;C:\WINDOWS\system32\drivers\avmeject.sys [2006-12-28 02:02]
S3 NRKCTL32;NRKCTL32;C:\Documents and Settings\Daniel\Pulpit\Pliki internetowe\NRKCTL32.SYS []
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 05:06]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 20:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 20:36:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-31 20:36:23
ComboFix-quarantined-files.txt 2008-03-31 18:36:20
  • 0

#8 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 01 04 2008 - 18:12

Log czysty.

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·