WITAM ,mam taki problem:
podczas proby logowania na stronie lub wejscia w jakas zakladke tej strony natychmiast jestem przekierowany na strone yahoo. na strone glowna moge wejsc bez problemu , problem pojawia sie podczas proby logowania. na wszystkich innych stronach www jest ok . prosze o pomoc i sorry za nie fachowe wyjasnienie problemu. pozdrawiam
problem z logowaniem
Rozpoczęty przez
sambo
, 14 05 2008 17:47
2 odpowiedzi w tym temacie
#2
Gość_Wojtex16_*
Gość_Wojtex16_*
Napisano 14 05 2008 - 18:16
Podaj logi programu HijackThis i ComboFix.
#3
sambo
-
-
- 2 postów
Nowy
Napisano 14 05 2008 - 19:32
ComboFix 08-05-12.1 - jarek478 2008-05-14 19:18:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.665 [GMT 2:00]
Running from: C:\Documents and Settings\jarek478\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Użytkownik\Dane aplikacji\Install.dat
C:\Documents and Settings\Użytkownik\Menu Start\Programy\Brave-Sentry
C:\Documents and Settings\Użytkownik\Menu Start\Programy\Brave-Sentry\BraveSentry.lnk
C:\Documents and Settings\Użytkownik\Menu Start\Programy\Brave-Sentry\Uninstall.lnk
C:\Documents and Settings\Użytkownik\Pulpit\bravesentry.lnk
C:\Documents and Settings\Użytkownik\spooldr.ini
C:\WINDOWS\exefld
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\kzq5re.sys
C:\WINDOWS\system32\shell31.dll
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSLIBRARY
-------\Service_kzq5re
-------\Service_runtime
-------\Service_smtpdrv
-------\Service_SysLibrary
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.
2008-05-14 19:22 . 2004-08-04 00:44 5,120 --------- C:\WINDOWS\system32\sfc.dll
2008-05-14 19:22 . 2004-08-04 00:44 5,120 --a--c--- C:\WINDOWS\system32\dllcache\sfc.dll
2008-05-14 19:09 . 2008-05-14 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 19:01 . 2008-05-14 19:01 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-05-14 17:40 . 2008-05-14 17:40 <DIR> d-------- C:\Program Files\Avant Browser
2008-05-14 17:40 . 2008-05-14 17:40 <DIR> d-------- C:\Documents and Settings\jarek478\Dane aplikacji\Avant Profiles
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-13 15:31 . 2008-05-13 15:31 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-13 15:24 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-13 15:22 . 2001-10-26 19:29 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-13 15:22 . 2001-10-26 19:29 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-13 15:21 . 2004-08-04 01:27 1,086,058 -ra------ C:\WINDOWS\SETBD.tmp
2008-05-13 15:21 . 2004-08-04 01:32 1,014,483 -ra------ C:\WINDOWS\SETBA.tmp
2008-05-13 15:21 . 2004-08-04 01:26 14,043 -ra------ C:\WINDOWS\SETC9.tmp
2008-05-12 19:11 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-12 18:23 . 2008-05-12 18:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\G DATA
2008-05-12 18:19 . 2008-05-12 18:19 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-12 18:19 . 2008-05-12 18:19 41,928 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2008-05-12 18:19 . 2008-05-12 18:19 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2008-05-12 18:18 . 2008-05-12 18:18 <DIR> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-05-12 18:18 . 2008-05-12 18:18 <DIR> d-------- C:\Program Files\Common Files\G DATA
2008-05-12 18:17 . 2008-05-12 18:17 <DIR> d-------- C:\Documents and Settings\jarek478\Dane aplikacji\InstallShield
2008-05-12 16:49 . 2008-05-13 15:33 4,635 --a------ C:\WINDOWS\imsins.BAK
2008-05-10 22:16 . 2008-05-10 22:39 <DIR> d-------- C:\Program Files\Empire Interactive
2008-05-03 14:25 . 2008-05-12 20:34 266,022 --a------ C:\WINDOWS\setupapi.old
2008-05-03 12:14 . 2008-05-03 12:14 48,847 --a------ C:\WINDOWS\system32\msdvdr.pif
2008-05-03 12:14 . 2008-05-03 12:14 8 --a------ C:\WINDOWS\system32\msdvdr.dat
2008-04-27 15:36 . 2008-04-27 15:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\sentinel
2008-04-27 15:35 . 2008-05-14 18:58 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 14:27 . 2008-04-05 01:06 <DIR> d-------- C:\Program Files\languages
2008-04-27 14:27 . 2007-08-30 14:05 1,639,728 --a------ C:\Program Files\pskahk.dll
2008-04-27 14:27 . 2007-06-26 12:28 450,560 --a------ C:\Program Files\PSKCMP.dll
2008-04-27 14:27 . 2004-07-19 13:11 348,160 --a------ C:\Program Files\MSVCR71.DLL
2008-04-27 14:27 . 2007-07-18 11:26 296,240 --a------ C:\Program Files\pskscs.dll
2008-04-27 14:27 . 2007-06-04 09:58 218,672 --a------ C:\Program Files\PSKHTML.dll
2008-04-27 14:27 . 2007-06-29 08:58 183,088 --a------ C:\Program Files\PSKVM.dll
2008-04-27 14:27 . 2008-04-01 09:30 128,304 --a------ C:\Program Files\Pavcl.exe
2008-04-27 14:27 . 2007-07-02 15:44 103,728 --a------ C:\Program Files\pskfss.dll
2008-04-27 14:27 . 2007-07-05 15:18 83,760 --a------ C:\Program Files\pskvfs.dll
2008-04-27 14:27 . 2007-07-12 14:41 81,712 --a------ C:\Program Files\PSKUTIL.dll
2008-04-27 14:27 . 2007-05-24 17:29 71,216 --a------ C:\Program Files\pskas.dll
2008-04-27 14:27 . 2007-05-16 18:44 54,832 --a------ C:\Program Files\pavdr.exe
2008-04-27 14:27 . 2004-01-26 19:09 49,152 --a------ C:\Program Files\PORT32.DLL
2008-04-27 14:27 . 2007-05-31 14:11 45,104 --a------ C:\Program Files\rawvfile.dll
2008-04-27 14:27 . 2007-02-14 13:36 39,984 --a------ C:\Program Files\PSKPACK.dll
2008-04-27 14:27 . 2007-01-15 11:55 31,792 --a------ C:\Program Files\SCRemLSP.exe
2008-04-27 14:27 . 2007-06-20 15:48 26,928 --a------ C:\Program Files\pfdnnt64.exe
2008-04-27 14:27 . 2007-06-07 17:05 26,160 --a------ C:\Program Files\PSKALLOC.dll
2008-04-27 14:27 . 2007-04-17 16:04 20,016 --a------ C:\Program Files\pskmdfs.dll
2008-04-27 14:27 . 2007-03-27 22:45 18,992 --a------ C:\Program Files\PSKVFILE.dll
2008-04-27 14:27 . 2007-06-20 15:48 18,224 --a------ C:\Program Files\PFDNNT.exe
2008-04-27 14:27 . 2003-03-17 18:35 11,776 --a------ C:\Program Files\PORT16.DLL
2008-04-27 14:27 . 2007-02-21 19:26 11,312 --a------ C:\Program Files\prcvfile.dll
2008-04-27 13:18 . 2008-05-14 18:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-26 19:38 . 2008-04-26 19:38 <DIR> d-------- C:\WINDOWS\AM
2008-04-26 19:38 . 2008-04-26 19:38 <DIR> d-------- C:\Program Files\directx
2008-04-26 19:37 . 2008-04-26 19:37 <DIR> d-------- C:\Program Files\AidemMedia
2008-04-21 21:33 . 2001-08-17 23:47 4,224 --a------ C:\WINDOWS\system32\beep.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 17:27 262,144 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT.000\NTUSER.DAT
2008-05-14 17:27 262,144 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT.000\NTUSER.DAT
2008-05-14 17:27 262,144 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT.000\NTUSER.DAT
2008-05-14 17:27 262,144 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT.000\NTUSER.DAT
2008-05-13 18:55 162,304 ----a-w C:\UNWISE.EXE
2008-05-13 18:40 20,480 ----a-w C:\Program Files\uninstall.exe
2008-05-12 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 14:02 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-05-12 13:59 --------- d-----w C:\Program Files\a-squared Free
2008-05-07 10:48 --------- d-----w C:\Program Files\ESET
2008-04-27 11:52 --------- d-----w C:\Program Files\Azureus
2008-04-12 21:28 --------- d-----w C:\Program Files\Virtools Web Player 2.5
2008-04-04 16:10 --------- d-----w C:\Documents and Settings\jarek478\Dane aplikacji\Simply Super Software
2008-04-04 16:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Simply Super Software
2008-04-04 12:20 80,730,904 ----a-w C:\Program Files\pav.sig
2008-03-24 20:54 --------- d-----w C:\Documents and Settings\jarek478\Dane aplikacji\Azureus
2008-03-24 20:46 3,009,003 ----a-w C:\Program Files\ABC-win32-v2.6.9.exe
2008-03-24 20:40 4,599,577 ----a-w C:\Program Files\Azureus_2.1.0.4_Win32.setup.exe
2008-03-24 17:46 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-24 17:44 --------- d-----w C:\Program Files\eMule
2007-11-20 17:31 262,144 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2007-11-20 17:31 262,144 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2007-10-15 14:26 8,454,584 ----a-w C:\Program Files\winamp55_full_emusic-7plus_en-us.exe
2007-10-11 14:09 70,768,312 ----a-w C:\Program Files\163.71_forceware_winxp_32bit_international_whql.exe
2007-10-11 14:06 2,392,722 ----a-w C:\Program Files\ac3filter_1_46.exe
2007-10-11 14:01 23,567,008 ----a-w C:\Program Files\AdbeRdr80_pl_PL.exe
2007-10-11 13:58 13,256,032 ----a-w C:\Program Files\PDFCreator-0_9_3_GPLGhostscript.exe
2007-10-11 13:56 213 ----a-w C:\Program Files\AC3Filter_1[1].11.rtf
2007-07-03 06:42 6,455 ----a-w C:\Program Files\panda.chp
2007-06-21 03:31 4,109,584 ----a-w C:\Program Files\gg77.exe
2007-05-12 17:00 4,057,200 ----a-w C:\Program Files\wmfdist.exe
2007-05-12 16:55 5,822,679 ----a-w C:\Program Files\DefilerPak-1.22.exe
2007-03-11 10:03 13,437,232 ----a-w C:\Program Files\setuppol.exe
2007-01-21 13:15 2,065 ----a-w C:\Program Files\debug.txt
2007-01-21 12:38 12,883 ----a-w C:\Program Files\uninstall.ini
2007-01-09 10:52 12,678 ----a-w C:\Program Files\pavcl.lng
2003-10-02 12:03 785 ----a-w C:\Program Files\license.txt
1998-03-02 15:39 4,693 ----a-w C:\Program Files\APVXDUT.VXD
2004-08-03 22:44 4,096 --sha-w C:\WINDOWS\system32\loadftpfi.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,636,040 2006-10-10 15:51:52 C:\Program Files\Gadu-Gadu\bak\gg.exe
----a-w 2,119,104 2007-07-09 07:39:12 C:\Program Files\Gadu-Gadu\gg.exe
----a-w 92,672 2006-11-21 17:38:22 G:\Winamp\bak\winampa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37FF719A-A736-4FAB-8CBF-7B905277648D}]
C:\WINDOWS\TEMP\~util32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [ ]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"AVKTray"="C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe" [2007-10-11 11:24 603720]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Firewall auto setup"="C:\WINDOWS\TEMP\winlogon.exe" [ ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\ntos.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
R2 avkproxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" [2007-10-26 11:16]
R2 avkwctl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe [2007-10-08 11:43]
R2 gdtdiinterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2008-05-12 18:19]
R3 gdmnicpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-05-12 18:19]
R3 hookcentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-05-12 18:19]
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S3 dpti930;dpti930;C:\WINDOWS\system32\drivers\ssmnm.sys []
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2008-01-25 11:58]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2008-01-25 11:58]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2008-01-25 11:58]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2008-01-25 11:58]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2008-01-25 11:58]
S3 msdvddrv;msdvddrv;C:\WINDOWS\system32\msdvdr.sys [2008-05-14 19:29]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 19:28:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\msdvdr.pif [1076] 0x85EF5858
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\ntos.exe 437760 bytes executable
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\msdvdr.sys 3156 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msdvdr]
"ImagePath"="C:\WINDOWS\system32\msdvdr.pif"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2008-05-14 19:31:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 17:31:30
Pre-Run: 1,195,765,760 bajtów wolnych
Post-Run: 1,490,518,016 bajt˘w wolnych
237
chodzilo o to? bo jestem zielony w tych sprawach.
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.665 [GMT 2:00]
Running from: C:\Documents and Settings\jarek478\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Użytkownik\Dane aplikacji\Install.dat
C:\Documents and Settings\Użytkownik\Menu Start\Programy\Brave-Sentry
C:\Documents and Settings\Użytkownik\Menu Start\Programy\Brave-Sentry\BraveSentry.lnk
C:\Documents and Settings\Użytkownik\Menu Start\Programy\Brave-Sentry\Uninstall.lnk
C:\Documents and Settings\Użytkownik\Pulpit\bravesentry.lnk
C:\Documents and Settings\Użytkownik\spooldr.ini
C:\WINDOWS\exefld
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\kzq5re.sys
C:\WINDOWS\system32\shell31.dll
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSLIBRARY
-------\Service_kzq5re
-------\Service_runtime
-------\Service_smtpdrv
-------\Service_SysLibrary
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.
2008-05-14 19:22 . 2004-08-04 00:44 5,120 --------- C:\WINDOWS\system32\sfc.dll
2008-05-14 19:22 . 2004-08-04 00:44 5,120 --a--c--- C:\WINDOWS\system32\dllcache\sfc.dll
2008-05-14 19:09 . 2008-05-14 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 19:01 . 2008-05-14 19:01 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-05-14 17:40 . 2008-05-14 17:40 <DIR> d-------- C:\Program Files\Avant Browser
2008-05-14 17:40 . 2008-05-14 17:40 <DIR> d-------- C:\Documents and Settings\jarek478\Dane aplikacji\Avant Profiles
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-13 15:31 . 2008-05-13 15:31 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-13 15:31 . 2008-05-13 15:31 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-13 15:24 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-13 15:22 . 2001-10-26 19:29 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-13 15:22 . 2001-10-26 19:29 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-13 15:21 . 2004-08-04 01:27 1,086,058 -ra------ C:\WINDOWS\SETBD.tmp
2008-05-13 15:21 . 2004-08-04 01:32 1,014,483 -ra------ C:\WINDOWS\SETBA.tmp
2008-05-13 15:21 . 2004-08-04 01:26 14,043 -ra------ C:\WINDOWS\SETC9.tmp
2008-05-12 19:11 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-12 18:23 . 2008-05-12 18:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\G DATA
2008-05-12 18:19 . 2008-05-12 18:19 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-12 18:19 . 2008-05-12 18:19 41,928 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2008-05-12 18:19 . 2008-05-12 18:19 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2008-05-12 18:18 . 2008-05-12 18:18 <DIR> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-05-12 18:18 . 2008-05-12 18:18 <DIR> d-------- C:\Program Files\Common Files\G DATA
2008-05-12 18:17 . 2008-05-12 18:17 <DIR> d-------- C:\Documents and Settings\jarek478\Dane aplikacji\InstallShield
2008-05-12 16:49 . 2008-05-13 15:33 4,635 --a------ C:\WINDOWS\imsins.BAK
2008-05-10 22:16 . 2008-05-10 22:39 <DIR> d-------- C:\Program Files\Empire Interactive
2008-05-03 14:25 . 2008-05-12 20:34 266,022 --a------ C:\WINDOWS\setupapi.old
2008-05-03 12:14 . 2008-05-03 12:14 48,847 --a------ C:\WINDOWS\system32\msdvdr.pif
2008-05-03 12:14 . 2008-05-03 12:14 8 --a------ C:\WINDOWS\system32\msdvdr.dat
2008-04-27 15:36 . 2008-04-27 15:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\sentinel
2008-04-27 15:35 . 2008-05-14 18:58 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 14:27 . 2008-04-05 01:06 <DIR> d-------- C:\Program Files\languages
2008-04-27 14:27 . 2007-08-30 14:05 1,639,728 --a------ C:\Program Files\pskahk.dll
2008-04-27 14:27 . 2007-06-26 12:28 450,560 --a------ C:\Program Files\PSKCMP.dll
2008-04-27 14:27 . 2004-07-19 13:11 348,160 --a------ C:\Program Files\MSVCR71.DLL
2008-04-27 14:27 . 2007-07-18 11:26 296,240 --a------ C:\Program Files\pskscs.dll
2008-04-27 14:27 . 2007-06-04 09:58 218,672 --a------ C:\Program Files\PSKHTML.dll
2008-04-27 14:27 . 2007-06-29 08:58 183,088 --a------ C:\Program Files\PSKVM.dll
2008-04-27 14:27 . 2008-04-01 09:30 128,304 --a------ C:\Program Files\Pavcl.exe
2008-04-27 14:27 . 2007-07-02 15:44 103,728 --a------ C:\Program Files\pskfss.dll
2008-04-27 14:27 . 2007-07-05 15:18 83,760 --a------ C:\Program Files\pskvfs.dll
2008-04-27 14:27 . 2007-07-12 14:41 81,712 --a------ C:\Program Files\PSKUTIL.dll
2008-04-27 14:27 . 2007-05-24 17:29 71,216 --a------ C:\Program Files\pskas.dll
2008-04-27 14:27 . 2007-05-16 18:44 54,832 --a------ C:\Program Files\pavdr.exe
2008-04-27 14:27 . 2004-01-26 19:09 49,152 --a------ C:\Program Files\PORT32.DLL
2008-04-27 14:27 . 2007-05-31 14:11 45,104 --a------ C:\Program Files\rawvfile.dll
2008-04-27 14:27 . 2007-02-14 13:36 39,984 --a------ C:\Program Files\PSKPACK.dll
2008-04-27 14:27 . 2007-01-15 11:55 31,792 --a------ C:\Program Files\SCRemLSP.exe
2008-04-27 14:27 . 2007-06-20 15:48 26,928 --a------ C:\Program Files\pfdnnt64.exe
2008-04-27 14:27 . 2007-06-07 17:05 26,160 --a------ C:\Program Files\PSKALLOC.dll
2008-04-27 14:27 . 2007-04-17 16:04 20,016 --a------ C:\Program Files\pskmdfs.dll
2008-04-27 14:27 . 2007-03-27 22:45 18,992 --a------ C:\Program Files\PSKVFILE.dll
2008-04-27 14:27 . 2007-06-20 15:48 18,224 --a------ C:\Program Files\PFDNNT.exe
2008-04-27 14:27 . 2003-03-17 18:35 11,776 --a------ C:\Program Files\PORT16.DLL
2008-04-27 14:27 . 2007-02-21 19:26 11,312 --a------ C:\Program Files\prcvfile.dll
2008-04-27 13:18 . 2008-05-14 18:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-26 19:38 . 2008-04-26 19:38 <DIR> d-------- C:\WINDOWS\AM
2008-04-26 19:38 . 2008-04-26 19:38 <DIR> d-------- C:\Program Files\directx
2008-04-26 19:37 . 2008-04-26 19:37 <DIR> d-------- C:\Program Files\AidemMedia
2008-04-21 21:33 . 2001-08-17 23:47 4,224 --a------ C:\WINDOWS\system32\beep.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 17:27 262,144 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT.000\NTUSER.DAT
2008-05-14 17:27 262,144 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT.000\NTUSER.DAT
2008-05-14 17:27 262,144 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT.000\NTUSER.DAT
2008-05-14 17:27 262,144 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT.000\NTUSER.DAT
2008-05-13 18:55 162,304 ----a-w C:\UNWISE.EXE
2008-05-13 18:40 20,480 ----a-w C:\Program Files\uninstall.exe
2008-05-12 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 14:02 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-05-12 13:59 --------- d-----w C:\Program Files\a-squared Free
2008-05-07 10:48 --------- d-----w C:\Program Files\ESET
2008-04-27 11:52 --------- d-----w C:\Program Files\Azureus
2008-04-12 21:28 --------- d-----w C:\Program Files\Virtools Web Player 2.5
2008-04-04 16:10 --------- d-----w C:\Documents and Settings\jarek478\Dane aplikacji\Simply Super Software
2008-04-04 16:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Simply Super Software
2008-04-04 12:20 80,730,904 ----a-w C:\Program Files\pav.sig
2008-03-24 20:54 --------- d-----w C:\Documents and Settings\jarek478\Dane aplikacji\Azureus
2008-03-24 20:46 3,009,003 ----a-w C:\Program Files\ABC-win32-v2.6.9.exe
2008-03-24 20:40 4,599,577 ----a-w C:\Program Files\Azureus_2.1.0.4_Win32.setup.exe
2008-03-24 17:46 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-24 17:44 --------- d-----w C:\Program Files\eMule
2007-11-20 17:31 262,144 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2007-11-20 17:31 262,144 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2007-10-15 14:26 8,454,584 ----a-w C:\Program Files\winamp55_full_emusic-7plus_en-us.exe
2007-10-11 14:09 70,768,312 ----a-w C:\Program Files\163.71_forceware_winxp_32bit_international_whql.exe
2007-10-11 14:06 2,392,722 ----a-w C:\Program Files\ac3filter_1_46.exe
2007-10-11 14:01 23,567,008 ----a-w C:\Program Files\AdbeRdr80_pl_PL.exe
2007-10-11 13:58 13,256,032 ----a-w C:\Program Files\PDFCreator-0_9_3_GPLGhostscript.exe
2007-10-11 13:56 213 ----a-w C:\Program Files\AC3Filter_1[1].11.rtf
2007-07-03 06:42 6,455 ----a-w C:\Program Files\panda.chp
2007-06-21 03:31 4,109,584 ----a-w C:\Program Files\gg77.exe
2007-05-12 17:00 4,057,200 ----a-w C:\Program Files\wmfdist.exe
2007-05-12 16:55 5,822,679 ----a-w C:\Program Files\DefilerPak-1.22.exe
2007-03-11 10:03 13,437,232 ----a-w C:\Program Files\setuppol.exe
2007-01-21 13:15 2,065 ----a-w C:\Program Files\debug.txt
2007-01-21 12:38 12,883 ----a-w C:\Program Files\uninstall.ini
2007-01-09 10:52 12,678 ----a-w C:\Program Files\pavcl.lng
2003-10-02 12:03 785 ----a-w C:\Program Files\license.txt
1998-03-02 15:39 4,693 ----a-w C:\Program Files\APVXDUT.VXD
2004-08-03 22:44 4,096 --sha-w C:\WINDOWS\system32\loadftpfi.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,636,040 2006-10-10 15:51:52 C:\Program Files\Gadu-Gadu\bak\gg.exe
----a-w 2,119,104 2007-07-09 07:39:12 C:\Program Files\Gadu-Gadu\gg.exe
----a-w 92,672 2006-11-21 17:38:22 G:\Winamp\bak\winampa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37FF719A-A736-4FAB-8CBF-7B905277648D}]
C:\WINDOWS\TEMP\~util32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [ ]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"AVKTray"="C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe" [2007-10-11 11:24 603720]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Firewall auto setup"="C:\WINDOWS\TEMP\winlogon.exe" [ ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\ntos.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
R2 avkproxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" [2007-10-26 11:16]
R2 avkwctl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe [2007-10-08 11:43]
R2 gdtdiinterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2008-05-12 18:19]
R3 gdmnicpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-05-12 18:19]
R3 hookcentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-05-12 18:19]
S2 qandr;qandr;C:\WINDOWS\system32\drivers\qandr.sys []
S3 dpti930;dpti930;C:\WINDOWS\system32\drivers\ssmnm.sys []
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2008-01-25 11:58]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2008-01-25 11:58]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2008-01-25 11:58]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2008-01-25 11:58]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2008-01-25 11:58]
S3 msdvddrv;msdvddrv;C:\WINDOWS\system32\msdvdr.sys [2008-05-14 19:29]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 19:28:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\msdvdr.pif [1076] 0x85EF5858
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\ntos.exe 437760 bytes executable
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\msdvdr.sys 3156 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msdvdr]
"ImagePath"="C:\WINDOWS\system32\msdvdr.pif"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2008-05-14 19:31:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 17:31:30
Pre-Run: 1,195,765,760 bajtów wolnych
Post-Run: 1,490,518,016 bajt˘w wolnych
237
chodzilo o to? bo jestem zielony w tych sprawach.
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
