Skocz do zawartości

  2. Przeglądanie profilu: Posty: axelek

axelek

Rejestracja: 20 cze 2008
OFFLINE Ostatnio: 21 06 2008 07:39
-----

Moje posty

W temacie: Logi - Poczta sama wysyła spam

20 06 2008 - 17:59

zrobilem to wzsystko i wyglada ze jest ok bo norton nie informuje ze probuje cos wyslac spam no ale wrazie czego zalaczam logi dla pewnosci:
ComboFix 08-06-19.2 - Krystian 2008-06-20 17:49:27.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.151 [GMT 2:00]Running from: C:\Documents and Settings\Krystian\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Krystian\Desktop\CFScript.txt * Created a new restore pointFILE ::C:\WINDOWS\system32\jbshtfvp.dllC:\WINDOWS\system32\pqasghjd.sysC:\WINDOWS\system32\vtUmNFxv.dll.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\jbshtfvp.dllC:\WINDOWS\system32\pnmnhbjp.iniC:\WINDOWS\system32\pqasghjd.sysC:\WINDOWS\system32\vtUmNFxv.dllC:\WINDOWS\system32\vtUnOhEW.dllC:\WINDOWS\system32\WEhOnUtv.iniC:\WINDOWS\system32\WEhOnUtv.ini2.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_pqasghjd(((((((((((((((((((((((((   Files Created from 2008-05-20 to 2008-06-20  ))))))))))))))))))))))))))))))).2008-06-20 17:56 . 2008-06-20 17:56	53,248	--a------	C:\Temp\catchme.dll2008-06-20 17:02 . 2008-06-20 17:04	<DIR>	d--------	C:\!KillBox2008-06-20 17:02 . 2008-06-20 17:02	79,360	--a------	C:\WINDOWS\system32\pjbhnmnp.dll2008-06-20 15:00 . 2008-06-20 15:00	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-20 14:33 . 2008-06-20 14:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared2008-06-19 08:03 . 2006-03-21 05:23	23,040	---------	C:\WINDOWS\kb913800.exe2008-06-18 20:40 . 2008-06-19 16:39	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\SPORE Creature Creator2008-06-18 20:39 . 2008-06-18 20:39	<DIR>	d--------	C:\WINDOWS\Logs2008-06-18 19:29 . 2008-04-13 20:47	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys2008-06-18 19:29 . 2008-04-13 20:47	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys2008-06-16 18:12 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Kamil\iss144C.tmp2008-06-16 18:12 . 2008-06-16 18:12	<DIR>	d--------	C:\Documents and Settings\Kamil2008-06-16 16:16 . 2008-06-16 16:16	69	--a------	C:\WINDOWS\NeroDigital.ini2008-06-15 15:29 . 2008-06-15 15:29	<DIR>	d--------	C:\Program Files\uTorrent2008-06-15 15:29 . 2008-06-19 21:42	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\uTorrent2008-06-15 14:55 . 2004-08-04 14:12	142,848	--a------	C:\WINDOWS\gamedelete.exe2008-06-15 09:59 . 2008-06-15 09:59	<DIR>	d--------	C:\WINDOWS\system32\VIRepair2008-06-15 09:38 . 2008-06-15 09:39	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\ViStart2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Program Files\WinFlip2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Program Files\TrueTransparency2008-06-15 09:36 . 2008-06-15 09:59	<DIR>	d--------	C:\Program Files\Styler2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\Styler2008-06-15 09:30 . 2008-06-15 10:01	<DIR>	d--------	C:\WINDOWS\system32\VITrans2008-06-15 09:30 . 2006-12-03 17:15	111,104	--a------	C:\WINDOWS\system32\Uharc.exe2008-06-15 09:30 . 2008-06-15 09:30	78,942	--a------	C:\WINDOWS\Icon_1.ico2008-06-15 09:30 . 2006-12-03 17:15	69,632	--a------	C:\WINDOWS\system32\moveex.exe2008-06-15 09:30 . 2006-12-03 17:15	19,968	--a------	C:\WINDOWS\system32\reico.exe2008-06-15 09:30 . 2006-12-03 17:14	8,636	--a------	C:\WINDOWS\system32\modifype.exe2008-06-14 22:45 . 2008-04-14 02:11	21,504	--a------	C:\WINDOWS\system32\hidserv.dll2008-06-14 22:45 . 2008-04-13 20:39	14,592	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-14 22:45 . 2001-08-17 13:48	12,160	--a------	C:\WINDOWS\system32\drivers\mouhid.sys2008-06-14 22:45 . 2001-08-17 13:48	12,160	--a--c---	C:\WINDOWS\system32\dllcache\mouhid.sys2008-06-14 22:44 . 2008-06-14 22:44	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\nView_Profiles2008-06-14 22:44 . 2008-04-13 20:45	10,368	--a------	C:\WINDOWS\system32\drivers\hidusb.sys2008-06-14 22:29 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll2008-06-14 22:29 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui2008-06-14 22:06 . 2008-04-13 20:46	85,248	--a------	C:\WINDOWS\system32\drivers\nabtsfec.sys2008-06-14 22:06 . 2008-04-13 20:46	19,200	--a------	C:\WINDOWS\system32\drivers\wstcodec.sys2008-06-14 22:06 . 2008-04-13 20:46	17,024	--a------	C:\WINDOWS\system32\drivers\ccdecode.sys2008-06-14 22:06 . 2008-04-14 02:12	16,384	--a------	C:\WINDOWS\system32\ipsink.ax2008-06-14 22:06 . 2008-04-13 20:46	15,232	--a------	C:\WINDOWS\system32\drivers\streamip.sys2008-06-14 22:06 . 2008-04-13 20:46	11,136	--a------	C:\WINDOWS\system32\drivers\slip.sys2008-06-14 22:06 . 2008-04-13 20:46	10,880	--a------	C:\WINDOWS\system32\drivers\ndisip.sys2008-06-14 22:06 . 2008-04-13 20:39	5,504	--a------	C:\WINDOWS\system32\drivers\mstee.sys2008-06-14 22:04 . 2008-04-14 02:12	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax2008-06-14 22:04 . 2008-04-14 02:12	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax2008-06-14 22:04 . 2008-04-14 02:12	53,760	--a------	C:\WINDOWS\system32\vfwwdm32.dll2008-06-14 22:04 . 2008-04-14 02:12	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax2008-06-14 22:04 . 2008-04-14 02:12	28,672	--a------	C:\WINDOWS\system32\vidcap.ax2008-06-14 21:58 . 2005-01-31 10:30	141,246	---------	C:\WINDOWS\system32\drivers\NVCAP.SYS2008-06-14 21:58 . 2005-01-31 10:30	29,696	---------	C:\WINDOWS\system32\FILTER.AX2008-06-14 21:58 . 2005-01-31 10:30	16,176	---------	C:\WINDOWS\system32\drivers\NVXBAR.SYS2008-06-14 21:57 . 2008-06-14 21:59	<DIR>	d--------	C:\WINDOWS\nview2008-06-14 21:57 . 2006-04-28 09:47	208,896	--a------	C:\WINDOWS\system32\nvudisp.exe2008-06-14 21:57 . 2008-06-20 17:56	51,048	--a------	C:\WINDOWS\system32\nvapps.xml2008-06-14 21:57 . 2006-04-28 09:47	16,960	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-06-14 21:55 . 2006-04-28 04:27	208,896	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-06-14 21:52 . 2004-05-02 10:47	23,040	-ra------	C:\WINDOWS\system32\drivers\GVCplDrv.sys2008-06-14 21:42 . 2008-06-20 17:56	<DIR>	d---s----	C:\Temp\Temporary Internet Files2008-06-14 21:42 . 2008-06-14 21:42	<DIR>	d--------	C:\Recorded TV2008-06-14 21:42 . 2008-04-13 20:45	32,128	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-14 21:33 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys2008-06-14 21:29 . 2008-06-14 21:29	<DIR>	d--------	C:\Program Files\Windows XP MUI Pack2008-06-14 21:29 . 2001-12-05 05:00	65,536	--a------	C:\WINDOWS\system32\WMErrPLK.dll2008-06-14 21:29 . 2001-12-05 05:00	36,946	--a------	C:\WINDOWS\WMPrfPLK.prx2008-06-14 21:27 . 2008-06-14 21:27	<DIR>	d--------	C:\Program Files\Windows Media Connect 22008-06-14 21:26 . 2008-06-14 21:26	<DIR>	d--------	C:\Program Files\Toub2008-06-14 21:20 . 2008-04-13 20:45	46,592	---------	C:\WINDOWS\system32\drivers\irbus.sys2008-06-14 21:20 . 2008-04-13 20:45	19,200	---------	C:\WINDOWS\system32\drivers\hidir.sys2008-06-14 21:19 . 2008-04-14 14:30	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-06-14 21:17 . 2008-06-14 21:17	<DIR>	d--------	C:\Program Files\ffdshow2008-06-14 21:17 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Krystian\iss144C.tmp2008-06-14 21:17 . 2008-06-14 19:35	<DIR>	d--------	C:\Documents and Settings\Krystian2008-06-14 21:17 . 2005-12-29 19:00	237,568	--ah-----	C:\HTConfTest.dll2008-06-14 21:15 . 2008-06-14 21:15	<DIR>	d--hs----	C:\Documents and Settings\NetworkService2008-06-14 21:15 . 2008-06-14 21:15	<DIR>	d--hs----	C:\Documents and Settings\LocalService2008-06-14 21:15 . 2008-06-14 21:15	8,192	--a------	C:\WINDOWS\REGLOCS.OLD2008-06-14 21:13 . 2008-06-14 21:05	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\iss144C.tmp2008-06-14 21:13 . 2004-08-10 15:00	221,184	--a--c---	C:\WINDOWS\system32\dllcache\wmpns.dll2008-06-14 21:13 . 2004-08-10 13:13	73,728	--a--c---	C:\WINDOWS\system32\dllcache\ehresja.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresko.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresfr.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresde.dll2008-06-14 21:13 . 2004-08-10 13:13	61,440	--a--c---	C:\WINDOWS\system32\dllcache\ehreschs.dll2008-06-14 21:13 . 2004-08-10 15:00	28,288	--a--c---	C:\WINDOWS\system32\dllcache\xjis.nls2008-06-14 21:11 . 2008-04-14 02:09	13,463,552	--a--c---	C:\WINDOWS\system32\dllcache\hwxjpn.dll2008-06-14 21:10 . 2008-06-14 21:10	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-06-14 21:10 . 2008-06-14 21:10	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-06-14 21:10 . 2004-08-10 15:00	94,720	--a--c---	C:\WINDOWS\system32\dllcache\certmap.ocx2008-06-14 21:10 . 2007-07-30 19:19	43,352	--a------	C:\WINDOWS\system32\wups2.dll2008-06-14 21:07 . 2008-06-14 21:07	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-06-14 21:07 . 2008-06-14 23:53	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-06-14 21:07 . 2008-06-14 21:07	<DIR>	d--------	C:\Program Files\HighMAT CD Writing Wizard2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Real2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\NVIDIA Corporation2008-06-14 21:05 . 2008-06-18 16:03	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\EnglishOtto2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Common Files\xing shared2008-06-14 21:05 . 2008-06-14 21:58	<DIR>	d--------	C:\Program Files\Common Files\InstallShield2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\AC3Filter2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Default User\iss144C.tmp2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation2008-06-14 21:05 . 2005-06-14 01:28	671,744	--a------	C:\WINDOWS\system32\DolbyHph.dll2008-06-14 21:05 . 2003-08-19 09:20	180,224	--a------	C:\WINDOWS\system32\ac3filter.cpl2008-06-14 21:05 . 2005-06-14 01:29	60,416	--a------	C:\WINDOWS\system32\DSETUP.dll2008-06-14 21:05 . 2005-06-14 01:27	9,856	--a------	C:\WINDOWS\system32\drivers\pfc.sys2008-06-14 21:05 . 2005-08-23 00:29	4,608	--a------	C:\WINDOWS\system32\drivers\nvport.sys2008-06-14 21:04 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Common Files\Real2008-06-14 21:04 . 2008-06-20 14:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Windows Journal Viewer2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Java2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Common Files\Java2008-06-14 21:00 . 2008-06-14 21:00	<DIR>	d---s----	C:\WINDOWS\system32\Microsoft2008-06-14 19:38 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui2008-06-14 19:35 . 2008-06-14 19:35	<DIR>	d---s----	C:\Documents and Settings\Krystian\UserData2008-06-14 17:31 . 2008-06-14 17:31	<DIR>	d--------	C:\Program Files\Alcohol Soft2008-06-14 17:28 . 2008-06-14 17:28	685,816	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-06-14 17:27 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll.wusetup.1679781.new2008-06-14 17:27 . 2007-07-30 19:18	34,136	--a------	C:\WINDOWS\system32\wucltui.dll.mui2008-06-14 17:27 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui_en2008-06-14 17:27 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuapi.dll.mui2008-06-14 17:27 . 2007-07-30 19:18	20,312	--a------	C:\WINDOWS\system32\wuaueng.dll.mui2008-06-14 17:23 . 2008-06-20 17:23	16	--a------	C:\WINDOWS\system32\coh.cache2008-06-14 17:16 . 2008-06-14 17:16	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-06-14 17:16 . 2008-06-20 10:50	<DIR>	d--------	C:\Documents and Settings\Krystian\Gadu-Gadu.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-20 14:50	---------	d-----w	C:\Program Files\Common Files\Symantec Shared2008-06-20 13:58	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec2008-06-14 19:18	---------	d-----w	C:\Program Files\AIDA322008-06-14 19:17	---------	d-----w	C:\Program Files\IntelPCB2008-06-14 18:29	---------	d-----w	C:\Documents and Settings\Krystian\Application Data\Gadu-Gadu2008-06-14 18:26	---------	d-----w	C:\Program Files\Windows Plus2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys2008-04-14 00:12	69,120	----a-w	C:\WINDOWS\notepad.exe2008-04-14 00:12	50,688	----a-w	C:\WINDOWS\twain_32.dll2008-04-14 00:12	32,866	------w	C:\WINDOWS\slrundll.exe2008-04-14 00:12	283,648	----a-w	C:\WINDOWS\winhlp32.exe2008-04-14 00:12	146,432	----a-w	C:\WINDOWS\regedit.exe2008-04-14 00:12	10,752	----a-w	C:\WINDOWS\hh.exe2008-04-14 00:12	1,033,728	----a-w	C:\WINDOWS\explorer.exe2008-04-14 00:11	451,072	----a-w	C:\WINDOWS\AppPatch\aclayers.dll2008-04-14 00:11	39,424	------w	C:\WINDOWS\AppPatch\acadproc.dll2008-04-14 00:11	245,248	----a-w	C:\WINDOWS\AppPatch\acspecfc.dll2008-04-14 00:11	141,312	----a-w	C:\WINDOWS\AppPatch\aclua.dll2008-04-14 00:11	116,224	----a-w	C:\WINDOWS\AppPatch\acxtrnal.dll2008-04-14 00:11	1,852,928	----a-w	C:\WINDOWS\AppPatch\acgenral.dll.(((((((((((((((((((((((((((((   snapshot@2008-06-20_16.55.21.50   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-20 14:52:49	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-06-20 15:55:19	2,048	--s-a-w	C:\WINDOWS\bootstat.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 20:17 222592][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMan"="SOUNDMAN.EXE" [2005-12-29 11:00 577536 C:\WINDOWS\SOUNDMAN.EXE]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 09:47 7573504]"nwiz"="nwiz.exe" [2006-04-28 09:47 1519616 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 09:47 86016]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816]"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 09:11 771704]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"6ca9aad1"="C:\WINDOWS\system32\pjbhnmnp.dll" [2008-06-20 17:02 79360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]C:\Documents and Settings\Krystian\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNFxv]vtUmNFxv.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"=*Newly Created Service* - COMHOST.Contents of the 'Scheduled Tasks' folder"2008-06-14 14:22:49 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Krystian.job"- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-06-20 17:56:07Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... C:\WINDOWS\system32\pnmnhbjp.ini 294 bytesscan completed successfullyhidden files: 1**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\explorer.exe-> C:\WINDOWS\system32\pjbhnmnp.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\ehome\ehrecvr.exeC:\WINDOWS\ehome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ehome\ehmsas.exeC:\WINDOWS\system32\rundll32.exe.**************************************************************************.Completion time: 2008-06-20 17:57:38 - machine was rebootedComboFix-quarantined-files.txt  2008-06-20 15:57:31ComboFix2.txt  2008-06-20 14:56:08Pre-Run: 28,275,871,744 bytes freePost-Run: 28,261,150,720 bytes free268	--- E O F ---	2008-06-20 05:06:54

W temacie: Logi - Poczta sama wysyła spam

20 06 2008 - 17:12

no wiec tak logi z ComboFix jeszcze przed wykasowaniem tych plikow poeniwaz pmnkJeD.dll pisze ze nie da sie wywalic pliczku a vtUmNFxv.dll nie istnieje w ogole... nie wiem jakim cudem. (pliki sa widoczne wszystkie, nie ma nic ulrytego)
ComboFix 08-06-19.2 - Krystian 2008-06-20 16:45:18.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.209 [GMT 2:00]Running from: C:\Documents and Settings\Krystian\Desktop\ComboFix.exe * Created a new restore point.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\DedJknmp.iniC:\WINDOWS\system32\DedJknmp.ini2C:\WINDOWS\system32\haskel32.dllC:\WINDOWS\system32\pmnkJdeD.dllC:\WINDOWS\system32\pskill.exeC:\WINDOWS\system32\pvfthsbj.iniC:\WINDOWS\system32\xmd.dat.(((((((((((((((((((((((((   Files Created from 2008-05-20 to 2008-06-20  ))))))))))))))))))))))))))))))).2008-06-20 16:54 . 2008-06-20 16:54	53,248	--a------	C:\Temp\catchme.dll2008-06-20 15:00 . 2008-06-20 15:00	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-20 14:46 . 2008-06-20 14:46	79,360	--a------	C:\WINDOWS\system32\jbshtfvp.dll2008-06-20 14:36 . 2008-06-20 16:54	62,384	--a------	C:\WINDOWS\system32\pqasghjd.sys2008-06-20 14:35 . 2008-06-20 14:35	24,576	--a------	C:\WINDOWS\system32\vtUmNFxv.dll2008-06-20 14:33 . 2008-06-20 14:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared2008-06-19 08:03 . 2006-03-21 05:23	23,040	---------	C:\WINDOWS\kb913800.exe2008-06-18 20:40 . 2008-06-19 16:39	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\SPORE Creature Creator2008-06-18 20:39 . 2008-06-18 20:39	<DIR>	d--------	C:\WINDOWS\Logs2008-06-18 19:29 . 2008-04-13 20:47	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys2008-06-18 19:29 . 2008-04-13 20:47	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys2008-06-16 18:12 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Kamil\iss144C.tmp2008-06-16 18:12 . 2008-06-16 18:12	<DIR>	d--------	C:\Documents and Settings\Kamil2008-06-16 16:16 . 2008-06-16 16:16	69	--a------	C:\WINDOWS\NeroDigital.ini2008-06-15 15:29 . 2008-06-15 15:29	<DIR>	d--------	C:\Program Files\uTorrent2008-06-15 15:29 . 2008-06-19 21:42	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\uTorrent2008-06-15 14:55 . 2004-08-04 14:12	142,848	--a------	C:\WINDOWS\gamedelete.exe2008-06-15 09:59 . 2008-06-15 09:59	<DIR>	d--------	C:\WINDOWS\system32\VIRepair2008-06-15 09:38 . 2008-06-15 09:39	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\ViStart2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Program Files\WinFlip2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Program Files\TrueTransparency2008-06-15 09:36 . 2008-06-15 09:59	<DIR>	d--------	C:\Program Files\Styler2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\Styler2008-06-15 09:30 . 2008-06-15 10:01	<DIR>	d--------	C:\WINDOWS\system32\VITrans2008-06-15 09:30 . 2006-12-03 17:15	111,104	--a------	C:\WINDOWS\system32\Uharc.exe2008-06-15 09:30 . 2008-06-15 09:30	78,942	--a------	C:\WINDOWS\Icon_1.ico2008-06-15 09:30 . 2006-12-03 17:15	69,632	--a------	C:\WINDOWS\system32\moveex.exe2008-06-15 09:30 . 2006-12-03 17:15	19,968	--a------	C:\WINDOWS\system32\reico.exe2008-06-15 09:30 . 2006-12-03 17:14	8,636	--a------	C:\WINDOWS\system32\modifype.exe2008-06-14 22:45 . 2008-04-14 02:11	21,504	--a------	C:\WINDOWS\system32\hidserv.dll2008-06-14 22:45 . 2008-04-13 20:39	14,592	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-14 22:45 . 2001-08-17 13:48	12,160	--a------	C:\WINDOWS\system32\drivers\mouhid.sys2008-06-14 22:45 . 2001-08-17 13:48	12,160	--a--c---	C:\WINDOWS\system32\dllcache\mouhid.sys2008-06-14 22:44 . 2008-06-14 22:44	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\nView_Profiles2008-06-14 22:44 . 2008-04-13 20:45	10,368	--a------	C:\WINDOWS\system32\drivers\hidusb.sys2008-06-14 22:29 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll2008-06-14 22:29 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui2008-06-14 22:06 . 2008-04-13 20:46	85,248	--a------	C:\WINDOWS\system32\drivers\nabtsfec.sys2008-06-14 22:06 . 2008-04-13 20:46	19,200	--a------	C:\WINDOWS\system32\drivers\wstcodec.sys2008-06-14 22:06 . 2008-04-13 20:46	17,024	--a------	C:\WINDOWS\system32\drivers\ccdecode.sys2008-06-14 22:06 . 2008-04-14 02:12	16,384	--a------	C:\WINDOWS\system32\ipsink.ax2008-06-14 22:06 . 2008-04-13 20:46	15,232	--a------	C:\WINDOWS\system32\drivers\streamip.sys2008-06-14 22:06 . 2008-04-13 20:46	11,136	--a------	C:\WINDOWS\system32\drivers\slip.sys2008-06-14 22:06 . 2008-04-13 20:46	10,880	--a------	C:\WINDOWS\system32\drivers\ndisip.sys2008-06-14 22:06 . 2008-04-13 20:39	5,504	--a------	C:\WINDOWS\system32\drivers\mstee.sys2008-06-14 22:04 . 2008-04-14 02:12	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax2008-06-14 22:04 . 2008-04-14 02:12	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax2008-06-14 22:04 . 2008-04-14 02:12	53,760	--a------	C:\WINDOWS\system32\vfwwdm32.dll2008-06-14 22:04 . 2008-04-14 02:12	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax2008-06-14 22:04 . 2008-04-14 02:12	28,672	--a------	C:\WINDOWS\system32\vidcap.ax2008-06-14 21:58 . 2005-01-31 10:30	141,246	---------	C:\WINDOWS\system32\drivers\NVCAP.SYS2008-06-14 21:58 . 2005-01-31 10:30	29,696	---------	C:\WINDOWS\system32\FILTER.AX2008-06-14 21:58 . 2005-01-31 10:30	16,176	---------	C:\WINDOWS\system32\drivers\NVXBAR.SYS2008-06-14 21:57 . 2008-06-14 21:59	<DIR>	d--------	C:\WINDOWS\nview2008-06-14 21:57 . 2006-04-28 09:47	208,896	--a------	C:\WINDOWS\system32\nvudisp.exe2008-06-14 21:57 . 2008-06-20 16:53	51,048	--a------	C:\WINDOWS\system32\nvapps.xml2008-06-14 21:57 . 2006-04-28 09:47	16,960	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-06-14 21:55 . 2006-04-28 04:27	208,896	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-06-14 21:52 . 2004-05-02 10:47	23,040	-ra------	C:\WINDOWS\system32\drivers\GVCplDrv.sys2008-06-14 21:42 . 2008-06-20 16:53	<DIR>	d---s----	C:\Temp\Temporary Internet Files2008-06-14 21:42 . 2008-06-14 21:42	<DIR>	d--------	C:\Recorded TV2008-06-14 21:42 . 2008-04-13 20:45	32,128	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-14 21:33 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys2008-06-14 21:29 . 2008-06-14 21:29	<DIR>	d--------	C:\Program Files\Windows XP MUI Pack2008-06-14 21:29 . 2001-12-05 05:00	65,536	--a------	C:\WINDOWS\system32\WMErrPLK.dll2008-06-14 21:29 . 2001-12-05 05:00	36,946	--a------	C:\WINDOWS\WMPrfPLK.prx2008-06-14 21:27 . 2008-06-14 21:27	<DIR>	d--------	C:\Program Files\Windows Media Connect 22008-06-14 21:26 . 2008-06-14 21:26	<DIR>	d--------	C:\Program Files\Toub2008-06-14 21:20 . 2008-04-13 20:45	46,592	---------	C:\WINDOWS\system32\drivers\irbus.sys2008-06-14 21:20 . 2008-04-13 20:45	19,200	---------	C:\WINDOWS\system32\drivers\hidir.sys2008-06-14 21:19 . 2008-04-14 14:30	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-06-14 21:17 . 2008-06-14 21:17	<DIR>	d--------	C:\Program Files\ffdshow2008-06-14 21:17 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Krystian\iss144C.tmp2008-06-14 21:17 . 2008-06-14 19:35	<DIR>	d--------	C:\Documents and Settings\Krystian2008-06-14 21:17 . 2005-12-29 19:00	237,568	--ah-----	C:\HTConfTest.dll2008-06-14 21:15 . 2008-06-14 21:15	<DIR>	d--hs----	C:\Documents and Settings\NetworkService2008-06-14 21:15 . 2008-06-14 21:15	<DIR>	d--hs----	C:\Documents and Settings\LocalService2008-06-14 21:15 . 2008-06-14 21:15	8,192	--a------	C:\WINDOWS\REGLOCS.OLD2008-06-14 21:13 . 2008-06-14 21:05	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\iss144C.tmp2008-06-14 21:13 . 2004-08-10 15:00	221,184	--a--c---	C:\WINDOWS\system32\dllcache\wmpns.dll2008-06-14 21:13 . 2004-08-10 13:13	73,728	--a--c---	C:\WINDOWS\system32\dllcache\ehresja.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresko.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresfr.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresde.dll2008-06-14 21:13 . 2004-08-10 13:13	61,440	--a--c---	C:\WINDOWS\system32\dllcache\ehreschs.dll2008-06-14 21:13 . 2004-08-10 15:00	28,288	--a--c---	C:\WINDOWS\system32\dllcache\xjis.nls2008-06-14 21:11 . 2008-04-14 02:09	13,463,552	--a--c---	C:\WINDOWS\system32\dllcache\hwxjpn.dll2008-06-14 21:10 . 2008-06-14 21:10	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-06-14 21:10 . 2008-06-14 21:10	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-06-14 21:10 . 2004-08-10 15:00	94,720	--a--c---	C:\WINDOWS\system32\dllcache\certmap.ocx2008-06-14 21:10 . 2007-07-30 19:19	43,352	--a------	C:\WINDOWS\system32\wups2.dll2008-06-14 21:07 . 2008-06-14 21:07	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-06-14 21:07 . 2008-06-14 23:53	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-06-14 21:07 . 2008-06-14 21:07	<DIR>	d--------	C:\Program Files\HighMAT CD Writing Wizard2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Real2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\NVIDIA Corporation2008-06-14 21:05 . 2008-06-18 16:03	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\EnglishOtto2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Common Files\xing shared2008-06-14 21:05 . 2008-06-14 21:58	<DIR>	d--------	C:\Program Files\Common Files\InstallShield2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\AC3Filter2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Default User\iss144C.tmp2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation2008-06-14 21:05 . 2005-06-14 01:28	671,744	--a------	C:\WINDOWS\system32\DolbyHph.dll2008-06-14 21:05 . 2003-08-19 09:20	180,224	--a------	C:\WINDOWS\system32\ac3filter.cpl2008-06-14 21:05 . 2005-06-14 01:29	60,416	--a------	C:\WINDOWS\system32\DSETUP.dll2008-06-14 21:05 . 2005-06-14 01:27	9,856	--a------	C:\WINDOWS\system32\drivers\pfc.sys2008-06-14 21:05 . 2005-08-23 00:29	4,608	--a------	C:\WINDOWS\system32\drivers\nvport.sys2008-06-14 21:04 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Common Files\Real2008-06-14 21:04 . 2008-06-20 14:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Windows Journal Viewer2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Java2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Common Files\Java2008-06-14 21:00 . 2008-06-14 21:00	<DIR>	d---s----	C:\WINDOWS\system32\Microsoft2008-06-14 19:38 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui2008-06-14 19:35 . 2008-06-14 19:35	<DIR>	d---s----	C:\Documents and Settings\Krystian\UserData2008-06-14 17:31 . 2008-06-14 17:31	<DIR>	d--------	C:\Program Files\Alcohol Soft2008-06-14 17:28 . 2008-06-14 17:28	685,816	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-06-14 17:27 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll.wusetup.1679781.new2008-06-14 17:27 . 2007-07-30 19:18	34,136	--a------	C:\WINDOWS\system32\wucltui.dll.mui2008-06-14 17:27 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui_en2008-06-14 17:27 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuapi.dll.mui2008-06-14 17:27 . 2007-07-30 19:18	20,312	--a------	C:\WINDOWS\system32\wuaueng.dll.mui2008-06-14 17:23 . 2008-06-20 15:42	16	--a------	C:\WINDOWS\system32\coh.cache2008-06-14 17:16 . 2008-06-14 17:16	<DIR>	d--------	C:\Program Files\Gadu-Gadu.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-20 14:50	---------	d-----w	C:\Program Files\Common Files\Symantec Shared2008-06-20 13:58	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec2008-06-14 19:18	---------	d-----w	C:\Program Files\AIDA322008-06-14 19:17	---------	d-----w	C:\Program Files\IntelPCB2008-06-14 18:29	---------	d-----w	C:\Documents and Settings\Krystian\Application Data\Gadu-Gadu2008-06-14 18:26	---------	d-----w	C:\Program Files\Windows Plus2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys2008-04-14 00:11	451,072	----a-w	C:\WINDOWS\AppPatch\aclayers.dll2008-04-14 00:11	39,424	------w	C:\WINDOWS\AppPatch\acadproc.dll2008-04-14 00:11	376,832	----a-w	C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll2008-04-14 00:11	245,248	----a-w	C:\WINDOWS\AppPatch\acspecfc.dll2008-04-14 00:11	141,312	----a-w	C:\WINDOWS\AppPatch\aclua.dll2008-04-14 00:11	116,224	----a-w	C:\WINDOWS\AppPatch\acxtrnal.dll2008-04-14 00:11	1,852,928	----a-w	C:\WINDOWS\AppPatch\acgenral.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f86b11f3-0ce1-475f-9541-5329bf7b3597}]2008-06-20 14:35	24576	--a------	C:\WINDOWS\system32\vtUmNFxv.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 20:17 222592][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMan"="SOUNDMAN.EXE" [2005-12-29 11:00 577536 C:\WINDOWS\SOUNDMAN.EXE]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 09:47 7573504]"nwiz"="nwiz.exe" [2006-04-28 09:47 1519616 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 09:47 86016]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816]"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 09:11 771704]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]C:\Documents and Settings\Krystian\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{F86B11F3-0CE1-475F-9541-5329BF7B3597}"= C:\WINDOWS\system32\vtUmNFxv.dll [2008-06-20 14:35 24576][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNFxv]vtUmNFxv.dll 2008-06-20 14:35 24576 C:\WINDOWS\system32\vtUmNFxv.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"=*Newly Created Service* - COMHOST.Contents of the 'Scheduled Tasks' folder"2008-06-14 14:22:49 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Krystian.job"- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-06-20 16:54:13Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\vtUmNFxv.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\ehome\ehrecvr.exeC:\WINDOWS\ehome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ehome\ehmsas.exeC:\WINDOWS\system32\imapi.exe.**************************************************************************.Completion time: 2008-06-20 16:56:06 - machine was rebootedComboFix-quarantined-files.txt  2008-06-20 14:55:53Pre-Run: 28,007,301,120 bytes freePost-Run: 28,278,755,328 bytes free250	--- E O F ---	2008-06-20 05:06:54

ps taki pliczek jeszcze znalazlem C:\WINDOWS\system32\vtUnOhEW.dll
nazwa podobna do : C:\WINDOWS\system32\vtUmNFxv.dll wiec pisze o nim lepiej :)

ps moze w czyms pomoze, norton przekierowal mnie do tej strony:
http://securityresponse.symantec.com/secur...-99&tabid=1

  1. Forum Komputerowe Tweaks.pl
  2. Przeglądanie profilu: Posty: axelek
  3. Polityka prywatności
  4. Szukaj
  5. Regulamin Forum ·