Logi: HijackThis, SilentRunners, ComboFix, Gmer

[CatchMe]

Do sprawdzenia zawsze wklejamy na początek dwa logi tj. HijackThis i Silent Runners. Resztę logów generujemy na prośbę osoby sprawdzającej logi.

Opisy programów i sposoby generowania logów:

→ HijackThis
→ Silent Runners
→ ComboFix
→ DSS (Deckard's System Scanner)
→ Gmer

Temat zamieszczony za zgodą Kornik52.

 

[Kanciastoporty]

to moze tamten z hijackthisem wywalic? Bo po co maja byc dwa, nieprawdaz?

 

[cFX`]

linki nieaktywne, proponuję z edytować i naprawić linki.

 

[0wn3r]

HijackThis - http://dobreprogramy.pl/index.php?dz=2&amp...ijackThis+2.0.2
ComboFix - http://www.programosy.pl/program,combofix.html
SilentRunners - http://www.silentrunners.org/
DSS - http://www.geekstogo.com/forum/index.php?a...amp;showfile=19
Gmer - http://www.gmer.net/index.php?lang=pl

 

[johnytrawa]

Prosze o sprawdzenie loga



"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"TOSCDSPD" = "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" ["TOSHIBA"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Orb" = ""C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background" ["Orb Networks"]
"ares" = ""C:\Program Files\Ares\Ares.exe" -h" ["Ares Development Group"]
"PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ["Nokia"]
"Nokia.PCSync" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog" ["Time Information Services Ltd."]
"Google Update" = ""C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"Toshiba Hotkey Utility" = ""C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PL" ["TOSHIBA Inc."]
"PadTouch" = "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" ["TOSHIBA"]
"NDSTray.exe" = "NDSTray.exe" ["TOSHIBA CORPORATION"]
"SmoothView" = "C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" ["TOSHIBA Corporation"]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"CFSServ.exe" = "CFSServ.exe -NoClient" ["TOSHIBA CORPORATION"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]
"ISTray" = ""C:\Program Files\Spyware Doctor\pctsTray.exe"" ["PC Tools"]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll" ["Google Inc."]
{FA205D44-FB29-4901-B3F7-2F6A723EC09C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\xxyaawxw.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

 

[venom2312]

Prosze o sprawdzenie loga...

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Poprzednie uruchomienie -------
.
c:\program files\Internet Explorer\setupapi.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\hpowiax3.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-01 do 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-31 15:07 . 2009-01-31 15:07 <DIR> d-------- c:\windows\San Andreas Mod Installer
2009-01-30 23:11 . 2009-01-31 21:01 155 --a------ c:\windows\NeroDigital.ini
2009-01-30 13:13 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-01-30 13:13 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-30 13:12 . 2009-01-30 13:12 <DIR> d-------- c:\program files\Ahead
2009-01-30 13:12 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-30 13:12 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-30 13:12 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-30 13:12 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-01-30 13:12 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-30 13:12 . 2006-01-12 15:40 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-30 13:12 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-01-30 12:38 . 2009-01-30 12:38 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-30 12:38 . 2001-03-08 18:30 24,064 --------- c:\windows\system32\msxml3a.dll
2009-01-30 12:37 . 2009-01-30 13:12 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-30 12:37 . 2009-01-30 12:37 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Ahead
2009-01-30 11:14 . 2009-01-30 11:14 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-30 11:13 . 2008-04-14 00:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-01-30 11:13 . 2008-04-14 00:15 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2009-01-30 11:13 . 2008-03-21 13:57 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-01-30 11:13 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-30 11:13 . 2009-01-30 11:13 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-30 11:13 . 2009-01-30 11:13 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-29 21:52 . 2009-01-29 21:52 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-29 21:52 . 2009-01-29 21:52 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-29 21:48 . 2009-01-29 21:48 <DIR> d-------- c:\program files\Google
2009-01-29 21:43 . 2009-01-29 21:43 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-29 18:04 . 2009-02-01 00:30 154 --a------ c:\windows\wcx_ftp.ini
2009-01-29 14:59 . 2009-01-29 14:59 <DIR> d-------- c:\program files\Winamp Toolbar
2009-01-29 14:59 . 2009-01-29 14:59 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar
2009-01-29 14:58 . 2009-01-29 14:58 <DIR> d-------- c:\program files\Winamp Remote
2009-01-29 14:58 . 2009-01-29 14:58 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\OrbNetworks
2009-01-29 14:57 . 2009-01-29 14:57 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-29 14:53 . 2009-01-29 15:00 <DIR> d-------- c:\program files\Winamp
2009-01-29 14:53 . 2009-01-29 15:33 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\Winamp
2009-01-29 14:43 . 2009-01-31 21:24 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\PC Suite
2009-01-29 14:43 . 2009-01-30 11:13 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\Nokia
2009-01-29 14:43 . 2009-01-30 11:13 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\PC Suite
2009-01-29 14:41 . 2009-01-29 14:41 <DIR> d-------- c:\program files\DIFX
2009-01-29 14:41 . 2009-01-29 14:41 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-01-29 14:41 . 2009-01-29 14:41 <DIR> d-------- c:\program files\Common Files\Nokia
2009-01-29 14:41 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-01-29 14:40 . 2009-01-29 14:40 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-01-29 14:40 . 2009-01-29 14:41 <DIR> d-------- c:\program files\Nokia
2009-01-29 14:40 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-01-29 14:40 . 2009-01-29 14:40 892,928 --a------ c:\windows\system32\iconv.dll
2009-01-29 14:40 . 2009-01-29 14:40 675,840 --a------ c:\windows\system32\ac3filter.ax
2009-01-29 14:40 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-01-29 14:40 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll
2009-01-29 14:40 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-01-29 14:40 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-01-29 14:40 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-01-29 14:40 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-01-29 14:39 . 2009-01-29 14:39 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Installations
2009-01-29 14:39 . 2009-01-29 14:39 1,415,680 --a------ c:\windows\system32\WMV9VCM.dll
2009-01-29 14:39 . 2009-01-29 14:39 921,600 --a------ c:\windows\system32\vorbisenc.dll
2009-01-29 14:39 . 2009-01-29 14:39 245,760 --a------ c:\windows\system32\mplvpx.dll
2009-01-29 14:39 . 2009-01-29 14:39 237,568 --a------ c:\windows\system32\OggDS.dll
2009-01-29 14:39 . 2009-01-29 14:39 188,416 --a------ c:\windows\system32\vorbis.dll
2009-01-29 14:39 . 2009-01-29 14:39 106,496 --a------ c:\windows\system32\lmpgspl.ax
2009-01-29 14:39 . 2009-01-29 14:39 94,208 --a------ c:\windows\system32\lmpgvd.ax
2009-01-29 14:39 . 2009-01-29 14:39 86,528 --a------ c:\windows\system32\DVDVideo.ax
2009-01-29 14:39 . 2009-01-29 14:39 45,056 --a------ c:\windows\system32\ogg.dll
2009-01-29 14:39 . 2009-01-29 14:39 9,216 --a------ c:\windows\system32\cpuinf32.dll
2009-01-29 14:38 . 2009-01-29 14:38 <DIR> d-------- c:\program files\NAPI-PROJEKT
2009-01-29 14:38 . 2009-01-29 14:38 77,824 --a------ c:\windows\system32\xvid.ax
2009-01-29 14:37 . 2009-01-30 23:11 <DIR> d-------- c:\program files\ALLPlayer
2009-01-29 14:35 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2009-01-29 14:35 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-29 14:35 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini
2009-01-29 14:34 . 2009-01-29 14:34 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-29 14:34 . 2008-09-16 01:14 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-29 14:34 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-29 14:34 . 2009-01-29 14:38 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-01-29 14:34 . 2008-09-16 01:11 683,520 --a------ c:\windows\system32\divx.dll
2009-01-29 14:34 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-29 14:34 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-01-29 14:34 . 2009-01-29 14:38 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-29 14:34 . 2009-01-29 14:40 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-01-29 14:34 . 2008-09-16 01:12 81,920 --a------ c:\windows\system32\dpl100.dll
2009-01-29 14:34 . 2008-06-12 19:36 7,680 --a------ c:\windows\system32\ff_vfw.dll
2009-01-29 14:34 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-29 14:30 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-29 14:29 . 2009-01-30 12:33 <DIR> d-------- c:\program files\uTorrent
2009-01-29 14:28 . 2009-01-29 14:28 <DIR> d-------- c:\program files\MSBuild
2009-01-29 14:28 . 2009-01-29 14:28 <DIR> d-------- c:\program files\Microsoft Works
2009-01-29 14:28 . 2009-01-30 12:42 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\uTorrent
2009-01-29 14:25 . 2009-01-29 14:28 <DIR> d-------- c:\windows\SHELLNEW
2009-01-29 14:25 . 2009-01-29 14:30 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-01-29 14:24 . 2009-01-29 14:24 <DIR> dr-h----- C:\MSOCache
2009-01-29 14:19 . 2009-01-29 14:19 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-29 14:19 . 2009-02-01 11:37 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-29 14:19 . 2009-02-01 00:58 1,089,568 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-29 14:19 . 2009-02-01 11:40 245,792 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-29 14:19 . 2009-01-29 14:34 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-29 14:19 . 2009-01-29 14:34 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-29 14:19 . 2009-02-01 00:58 11,688 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-29 14:19 . 2009-02-01 11:40 4,016 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-29 14:18 . 2009-01-29 14:18 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-01-29 14:14 . 2009-01-29 14:14 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\DAEMON Tools Pro
2009-01-29 14:14 . 2009-01-29 14:14 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\DAEMON Tools
2009-01-29 14:13 . 2009-01-29 14:13 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-29 14:13 . 2009-01-29 14:21 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-29 14:13 . 2009-01-29 14:13 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-01-29 14:12 . 2009-01-29 14:12 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\DAEMON Tools Lite
2009-01-29 14:12 . 2009-01-29 14:12 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-28 20:30 . 2009-01-28 20:30 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\HP
2009-01-28 20:30 . 2009-01-28 20:30 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-01-28 20:29 . 2009-01-28 20:29 <DIR> d-------- c:\documents and settings\Damian\Dane aplikacji\HPAppData
2009-01-28 20:29 . 2009-01-28 20:29 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY
2009-01-28 20:28 . 2009-01-28 20:28 <DIR> d-------- c:\program files\Common Files\HP
2009-01-28 20:28 . 2009-01-28 20:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-01-28 20:28 . 2009-01-28 20:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP
2009-01-28 20:27 . 2009-01-28 20:27 <DIR> d-------- c:\program files\Hewlett-Packard
2009-01-28 20:27 . 2009-01-28 20:27 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-28 20:27 . 2007-03-08 05:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-28 20:27 . 2007-03-08 05:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-01-28 20:27 . 2007-03-08 05:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-28 20:26 . 2009-01-29 14:41 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-28 20:26 . 2009-01-28 20:29 <DIR> d-------- c:\program files\HP
2009-01-28 20:26 . 2009-01-28 20:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-01-28 20:26 . 2007-03-17 17:11 569,344 -ra------ c:\windows\system32\hpotscl3.dll
2009-01-28 20:26 . 2007-03-08 05:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-01-28 20:26 . 2007-03-08 05:20 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-01-28 20:26 . 2007-03-17 17:11 303,104 -ra------ c:\windows\system32\hpovst10.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 11:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 22:33 --------- d-----w c:\program files\Realtek
2009-01-27 22:31 --------- d-----w c:\program files\Intel
2009-01-27 22:31 --------- d-----w c:\program files\Analog Devices
2009-01-27 22:29 --------- d-----w c:\program files\My Company Name
2009-01-27 22:27 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-27 21:48 --------- d-----w c:\program files\Usługi online
2009-01-27 21:46 --------- d-----w c:\program files\Windows Media Connect 2
.

------- Sigcheck -------

2008-05-02 07:48 361344 8e036eec565910417ea020ce0962aa24 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot_2009-01-29_17.05.21.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1045-7B44-A90000000001}\SC_Reader.exe
+ 2009-01-31 14:07:06 451,072 ----a-w c:\windows\San Andreas Mod Installer\uninstall.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe
+ 2008-10-29 10:29:54 531,968 ----a-w c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2008-03-27 15:27:46 503,008 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2008-03-27 15:27:48 35,040 ------w c:\windows\system32\drivers\wdfldr.sys
- 2008-05-02 06:46:41 77,568 ----a-w c:\windows\system32\drivers\wudfpf.sys
+ 2006-09-15 21:29:52 76,544 ----a-w c:\windows\system32\drivers\WudfPf.sys
- 2008-05-02 06:46:42 82,944 ----a-w c:\windows\system32\drivers\wudfrd.sys
+ 2006-09-15 21:30:10 82,688 ----a-w c:\windows\system32\drivers\WudfRd.sys
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2009-01-29 20:48:43 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2009-01-27 21:53:21 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-31 23:22:59 40,836 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-27 21:53:21 49,492 ----a-w c:\windows\system32\perfc015.dat
+ 2009-01-31 23:22:59 50,748 ----a-w c:\windows\system32\perfc015.dat
- 2009-01-27 21:53:21 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-31 23:22:59 314,508 ----a-w c:\windows\system32\perfh009.dat
- 2009-01-27 21:53:21 355,486 ----a-w c:\windows\system32\perfh015.dat
+ 2009-01-31 23:22:59 358,834 ----a-w c:\windows\system32\perfh015.dat
- 2007-03-06 03:28:33 16,096 ------w c:\windows\system32\spmsg.dll
+ 2006-09-16 02:02:34 14,640 ------w c:\windows\system32\spmsg.dll
- 2008-05-02 06:46:41 95,344 ----a-w c:\windows\system32\wudfcoinstaller.dll
+ 2006-09-15 22:30:16 87,040 ----a-w c:\windows\system32\WUDFCoinstaller.dll
- 2008-05-02 06:46:41 146,432 ----a-w c:\windows\system32\wudfhost.exe
+ 2006-09-15 22:30:06 142,848 ----a-w c:\windows\system32\WudfHost.exe
- 2008-05-02 06:46:41 165,376 ----a-w c:\windows\system32\wudfplatform.dll
+ 2006-09-15 21:29:54 163,840 ----a-w c:\windows\system32\WudfPlatform.dll
- 2008-05-02 06:46:42 55,808 ----a-w c:\windows\system32\wudfsvc.dll
+ 2006-09-15 22:30:16 55,296 ----a-w c:\windows\system32\WudfSvc.dll
+ 2008-10-29 10:24:36 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll
- 2008-05-02 06:46:42 316,416 ----a-w c:\windows\system32\wudfx.dll
+ 2006-09-15 22:30:16 308,224 ----a-w c:\windows\system32\WUDFx.dll
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-29 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-01 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c3d7df1-ed32-11dd-a413-0018f365470b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com g:
\Shell\Open\command - resycled\ntldr.com g:
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 11:44:02
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\klogon.dll[/b]

 

[Wieslaweczek]

Proszę o sprawdzenie

ComboFix 09-02-02.04 - SGJ 2009-02-04 16:24:05.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.767.485 [GMT 1:00]
Uruchomiony z: c:\documents and settings\SGJ\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\SGJ\Pulpit\WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-04 do 2009-02-04  )))))))))))))))))))))))))))))))
.

2009-02-04 11:38 . 2009-02-04 11:38    <DIR>    d--------    c:\program files\MSXML 4.0
2009-02-04 11:21 . 2008-06-14 19:01    273,024    ---------    c:\windows\system32\drivers\bthport.sys
2009-02-04 11:21 . 2008-06-14 19:01    273,024    -----c---    c:\windows\system32\dllcache\bthport.sys
2009-02-04 11:19 . 2008-08-14 14:46    2,181,632    -----c---    c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-04 11:19 . 2008-08-14 14:46    2,137,600    -----c---    c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-04 11:19 . 2008-08-14 14:46    2,059,008    -----c---    c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-04 11:19 . 2008-08-14 14:46    2,017,280    -----c---    c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-04 11:09 . 2009-02-04 11:50    <DIR>    d--h-----    c:\windows\$hf_mig$
2009-02-04 11:09 . 2005-02-25 04:36    22,752    --a------    c:\windows\system32\spupdsvc.exe
2009-02-03 19:04 . 2009-02-04 10:30    <DIR>    d--------    c:\program files\Odkurzacz
2009-02-03 17:00 . 2009-02-03 17:00    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\Kaspersky_Key_Finder_(KKF
2009-02-03 16:31 . 2009-02-03 19:39    101,287    --a------    c:\windows\system32\drivers\klin.dat
2009-02-03 16:31 . 2009-02-03 19:39    89,601    --a------    c:\windows\system32\drivers\klick.dat
2009-02-03 16:30 . 2009-02-03 16:30    <DIR>    d--------    c:\program files\Kaspersky Lab
2009-02-03 16:30 . 2009-02-04 16:28    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-02-03 16:30 . 2009-02-04 16:26    3,813,408    --ahs----    c:\windows\system32\drivers\fidbox.dat
2009-02-03 16:30 . 2009-02-04 16:26    327,712    --ahs----    c:\windows\system32\drivers\fidbox2.dat
2009-02-03 16:30 . 2009-02-04 16:26    32,968    --ahs----    c:\windows\system32\drivers\fidbox.idx
2009-02-03 16:30 . 2009-02-04 16:26    3,248    --ahs----    c:\windows\system32\drivers\fidbox2.idx
2009-02-03 16:27 . 2009-02-03 16:27    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-02-03 13:42 . 2009-02-03 13:42    <DIR>    d--------    c:\program files\Trend Micro
2009-02-01 10:46 . 2009-02-01 10:46    <DIR>    d--------    c:\documents and settings\SGJ\.borland
2009-02-01 10:41 . 2001-11-29 00:50    430,080    --a------    c:\windows\system32\ibmgr.cpl
2009-02-01 10:41 . 2001-11-29 00:50    376,832    --a------    c:\windows\system32\gds32.dll
2009-02-01 10:41 . 2001-11-29 00:50    177,152    --a------    c:\windows\system32\ibinstall.dll
2009-02-01 10:41 . 2001-11-29 00:50    28,672    --a------    c:\windows\system32\ibxml.dll
2009-01-31 23:40 . 2009-01-31 23:40    <DIR>    d--------    c:\program files\SpyNet
2009-01-31 23:40 . 2009-01-31 23:40    <DIR>    d--------    c:\documents and settings\SGJ\WINDOWS
2009-01-31 23:40 . 1998-10-02 19:00    327,168    --a------    c:\windows\IsUninst.exe
2009-01-31 23:40 . 1999-06-10 00:17    65,024    --a------    c:\windows\system32\W32N50.dll
2009-01-31 23:40 . 1999-10-30 10:16    33,792    --a------    c:\windows\system32\Flatbtn.ocx
2009-01-31 23:40 . 1999-06-10 00:17    23,040    --a------    c:\windows\system32\Pcandis5.sys
2009-01-31 23:40 . 1999-06-10 00:17    15,408    --a------    c:\windows\system32\Pcandis4.sys
2009-01-31 23:40 . 1999-06-10 00:17    13,561    --a------    c:\windows\system32\Pcandis3.vxd
2009-01-31 23:37 . 2009-01-31 23:37    <DIR>    d--------    c:\program files\WinPcap
2009-01-31 23:36 . 2009-01-31 23:36    <DIR>    d--------    c:\program files\netcut
2009-01-31 17:49 . 2009-02-03 19:13    <DIR>    d--------    c:\program files\NAPI-PROJEKT
2009-01-31 16:27 . 2009-01-31 16:29    <DIR>    d--------    c:\program files\sXe Injected
2009-01-29 22:07 . 2009-01-29 22:07    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\Gadu-Gadu
2009-01-29 22:06 . 2009-02-03 19:13    <DIR>    d--------    c:\program files\GG Skin Manager
2009-01-29 21:53 . 2009-01-29 21:53    <DIR>    d--------    c:\program files\Gadu-Gadu
2009-01-29 21:53 . 2009-02-03 16:24    <DIR>    d--------    c:\documents and settings\SGJ\Gadu-Gadu
2009-01-29 18:17 . 2009-01-29 18:17    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\SolidWorksNewsReader
2009-01-29 18:16 . 2009-02-03 19:13    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\SolidWorks
2009-01-29 18:15 . 2009-01-29 18:15    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\DWGeditor
2009-01-29 18:14 . 2009-01-29 18:14    <DIR>    d--------    c:\program files\SolidWorks Installation Manager
2009-01-29 18:14 . 2009-01-29 18:14    0    --a------    c:\windows\eDrawingOfficeAutomator.INI
2009-01-29 18:13 . 2004-11-05 11:08    670,208    --a------    c:\windows\system32\drivers\hardlock.sys
2009-01-29 18:12 . 2009-01-29 18:14    <DIR>    d--------    c:\program files\Common Files\eDrawings2007
2009-01-29 18:12 . 2009-01-29 18:12    23    --ah-----    c:\windows\yacht.xws
2009-01-29 18:07 . 2009-01-29 18:15    <DIR>    d--------    c:\program files\Common Files\SolidWorks Shared
2009-01-29 18:06 . 2009-01-29 18:06    42    --a------    c:\windows\trailer.xws
2009-01-29 14:59 . 2009-01-29 14:59    <DIR>    d--------    c:\program files\PowerISO
2009-01-28 09:58 . 1998-10-07 12:54    327,168    --a------    c:\windows\IsUn0415.exe
2009-01-27 15:03 . 2009-01-27 15:03    <DIR>    d--------    c:\program files\Asprate
2009-01-26 13:09 . 2009-01-26 13:12    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\Tibia
2009-01-26 01:35 . 2009-01-26 01:35    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\Thinstall
2009-01-24 20:34 . 2009-01-24 20:34    <DIR>    d--------    c:\program files\Counter-Strike 1.6 V35
2009-01-24 15:37 . 2009-02-03 10:14    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\Hamachi
2009-01-24 15:36 . 2009-01-24 15:37    <DIR>    d--------    c:\program files\Hamachi
2009-01-24 15:36 . 2009-01-24 15:36    25,280    --a------    c:\windows\system32\drivers\hamachi.sys
2009-01-24 13:19 . 2009-01-24 13:19    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-01-24 13:08 . 2009-01-24 13:08    <DIR>    d--h-----    c:\windows\system32\GroupPolicy
2009-01-24 08:52 . 2009-01-24 08:52    <DIR>    d--------    c:\program files\Logitech
2009-01-24 08:52 . 2008-12-17 06:55    195,096    --a------    c:\windows\system32\lvci11901262.dll
2009-01-23 19:44 . 2004-08-03 23:10    19,328    --a------    c:\windows\system32\drivers\WSTCODEC.SYS
2009-01-23 19:44 . 2004-08-03 23:10    19,328    --a--c---    c:\windows\system32\dllcache\wstcodec.sys
2009-01-23 19:44 . 2004-08-04 00:44    16,384    --a------    c:\windows\system32\ipsink.ax
2009-01-23 19:44 . 2004-08-04 00:44    16,384    --a--c---    c:\windows\system32\dllcache\ipsink.ax
2009-01-23 19:44 . 2004-08-03 23:10    15,360    --a------    c:\windows\system32\drivers\StreamIP.sys
2009-01-23 19:44 . 2004-08-03 23:10    15,360    --a--c---    c:\windows\system32\dllcache\streamip.sys
2009-01-23 19:44 . 2004-08-03 23:10    11,136    --a------    c:\windows\system32\drivers\SLIP.sys
2009-01-23 19:44 . 2004-08-03 23:10    11,136    --a--c---    c:\windows\system32\dllcache\slip.sys
2009-01-23 19:44 . 2004-08-03 23:10    10,880    --a------    c:\windows\system32\drivers\NdisIP.sys
2009-01-23 19:44 . 2004-08-03 23:10    10,880    --a--c---    c:\windows\system32\dllcache\ndisip.sys
2009-01-23 19:42 . 2009-01-24 08:53    <DIR>    d--------    c:\program files\Common Files\LogiShrd
2009-01-23 19:42 . 2009-01-23 19:42    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\Logitech
2009-01-23 19:42 . 2009-01-24 08:52    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\Logishrd
2009-01-23 18:59 . 2009-01-23 18:59    <DIR>    d--------    c:\program files\Restorator 2007
2009-01-23 18:59 . 2007-07-29 15:53    117,248    --a------    c:\windows\system32\RestoratorContextMenu.dll
2009-01-23 18:40 . 2009-01-23 19:30    <DIR>    d--------    c:\program files\HideAnyWindow
2009-01-23 18:31 . 2009-01-23 18:31    <DIR>    d--------    c:\program files\Microsoft Silverlight
2009-01-20 07:50 . 2009-01-20 07:50    <DIR>    d--------    c:\program files\XBox 360 Controller for Windows Software
2009-01-17 17:41 . 2009-01-17 17:41    <DIR>    d--------    c:\program files\Common Files\Macrovision Shared
2009-01-16 20:15 . 2009-01-16 20:15    <DIR>    d---s----    c:\documents and settings\SGJ\UserData
2009-01-16 20:14 . 2009-01-16 20:14    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\HP
2009-01-16 14:41 . 2004-08-04 00:44    159,232    --a------    c:\windows\system32\ptpusd.dll
2009-01-16 14:41 . 2001-10-26 17:29    5,632    --a------    c:\windows\system32\ptpusb.dll
2009-01-15 20:17 . 2009-01-15 20:17    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\fretsonfire
2009-01-15 19:32 . 2009-01-29 11:47    <DIR>    d--------    C:\Fraps
2009-01-15 19:32 . 2009-01-31 22:02    <DIR>    d-a------    c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-15 09:37 . 2009-01-15 09:37    42,320    --a------    c:\windows\system32\xfcodec.dll
2009-01-13 15:15 . 2009-01-13 15:15    4,096    --a------    c:\windows\d3dx.dat
2009-01-13 07:51 . 2009-01-13 07:51    <DIR>    d--------    c:\program files\Microsoft Works
2009-01-13 07:48 . 2009-01-13 07:48    <DIR>    d--------    c:\windows\SHELLNEW
2009-01-13 07:47 . 2009-01-13 07:47    <DIR>    dr-h-----    C:\MSOCache
2009-01-13 07:47 . 2009-02-03 17:48    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-01-12 18:51 . 2009-01-12 18:51    <DIR>    d--------    c:\program files\FDRLab
2009-01-11 17:24 . 2009-01-17 17:49    <DIR>    d--------    c:\program files\Common Files\Adobe
2009-01-10 13:15 . 2009-01-10 13:15    <DIR>    d--------    c:\program files\7-Zip
2009-01-10 11:25 . 2009-01-26 17:32    <DIR>    d--------    c:\program files\Oront Burning Kit 2
2009-01-10 11:25 . 2009-01-10 11:25    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\Obsidium
2009-01-10 11:25 . 2009-01-10 11:25    <DIR>    d--h-----    c:\documents and settings\All Users\Dane aplikacji\{0D1CA9D8-C5EE-4BD3-9609-546CE906187E}
2009-01-09 16:23 . 2009-01-09 16:36    733    --a------    c:\windows\CoD.INI
2009-01-09 15:47 . 2009-01-09 15:47    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\DivX
2009-01-09 15:39 . 2009-01-09 15:39    <DIR>    d--------    c:\program files\DivX
2009-01-09 15:33 . 2009-01-09 15:33    <DIR>    d--------    c:\program files\Headshot Player
2009-01-08 22:59 . 2009-01-08 22:59    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-01-08 22:58 . 2009-01-08 22:58    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\HPAppData
2009-01-08 22:58 . 2009-01-08 22:58    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY
2009-01-08 22:57 . 2009-01-08 22:57    <DIR>    d--------    c:\program files\Hewlett-Packard
2009-01-08 22:57 . 2009-01-08 22:57    <DIR>    d--------    c:\program files\Common Files\HP
2009-01-08 22:57 . 2009-01-08 22:57    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-01-08 22:57 . 2009-01-08 22:57    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\HP
2009-01-08 22:56 . 2009-01-08 22:56    <DIR>    d--------    c:\program files\Common Files\Hewlett-Packard
2009-01-08 22:56 . 2009-01-08 22:56    <DIR>    d--------    c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-01-08 22:56 . 2007-03-28 14:01    118,272    --a------    c:\windows\system32\hpz3l5ha.dll
2009-01-08 22:56 . 2004-08-03 22:58    15,104    --a------    c:\windows\system32\drivers\usbscan.sys
2009-01-08 22:56 . 2004-08-03 22:58    15,104    --a--c---    c:\windows\system32\dllcache\usbscan.sys
2009-01-08 22:55 . 2009-01-08 22:58    <DIR>    d--------    c:\program files\HP
2009-01-08 22:31 . 2004-08-03 23:01    25,856    --a------    c:\windows\system32\drivers\usbprint.sys
2009-01-08 22:31 . 2004-08-03 23:01    25,856    --a--c---    c:\windows\system32\dllcache\usbprint.sys
2009-01-08 22:30 . 2009-01-08 22:31    <DIR>    d--------    c:\program files\Real Alternative
2009-01-08 22:30 . 2009-01-08 22:30    <DIR>    d--------    c:\documents and settings\SGJ\Dane aplikacji\Media Player Classic
2009-01-08 22:30 . 2003-03-19 04:14    499,712    --a------    c:\windows\system32\msvcp71.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 10:09    ---------    d-----w    c:\program files\FlashGet
2009-02-03 18:13    ---------    d-----w    c:\program files\Xfire
2009-02-03 15:20    ---------    d-----w    c:\documents and settings\SGJ\Dane aplikacji\Tlen.pl
2009-01-31 17:09    ---------    d--h--w    c:\program files\InstallShield Installation Information
2009-01-31 14:31    ---------    d-----w    c:\documents and settings\SGJ\Dane aplikacji\Xfire
2009-01-07 13:16    444,952    ----a-w    c:\windows\system32\wrap_oal.dll
2009-01-07 13:16    109,080    ----a-w    c:\windows\system32\OpenAL32.dll
2009-01-06 19:58    ---------    d-----w    c:\program files\Common Files\INCA Shared
2009-01-06 19:36    ---------    d-----w    c:\program files\Common Files\InstallShield
2009-01-06 19:35    ---------    d-----w    c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-01-06 18:57    ---------    d-----w    c:\program files\Tlen.pl
2009-01-06 18:57    ---------    d-----w    c:\documents and settings\All Users\Dane aplikacji\Tlen.pl
2009-01-06 18:49    ---------    d-----w    c:\program files\WLAN
2009-01-06 18:47    ---------    d-----w    c:\program files\Realtek Sound Manager
2009-01-06 18:47    ---------    d-----w    c:\program files\AvRack
2009-01-06 18:46    ---------    d-----w    c:\program files\Intel
2009-01-06 18:40    ---------    d-----w    c:\program files\microsoft frontpage
2009-01-06 18:38    ---------    d-----w    c:\program files\Usługi online
2008-12-19 15:39    81,920    ----a-w    c:\windows\system32\frapsvid.dll
2008-12-17 06:01    432,664    ----a-w    c:\windows\system32\LVUI2RC.dll
2008-12-17 06:01    41,752    ----a-w    c:\windows\system32\drivers\LVUSBSta.sys
2008-12-17 06:00    494,104    ----a-w    c:\windows\system32\LVUI2.dll
2008-12-17 05:55    416,280    ----a-w    c:\windows\system32\lvcodec2.dll
2008-12-17 05:54    495,640    ----a-w    c:\windows\system32\drivers\LV561AV.SYS
2008-12-16 20:58    25,624    ----a-w    c:\windows\system32\drivers\LVPr2Mon.sys
2008-12-16 20:50    13,584    ----a-w    c:\windows\system32\drivers\iKeyLgFT.dll
2008-12-16 20:38    85,302    ----a-w    c:\windows\system32\drivers\LVFeL002.cfg
2008-12-16 20:38    69,592    ----a-w    c:\windows\system32\drivers\LVFaL000.cfg
2008-12-16 20:38    227,172    ----a-w    c:\windows\system32\drivers\LVFeL000.cfg
2008-12-16 20:38    146,680    ----a-w    c:\windows\system32\drivers\LVFeL001.cfg
2008-12-11 11:57    333,184    ----a-w    c:\windows\system32\drivers\srv.sys
2008-12-11 00:33    86,016    ----a-w    c:\windows\system32\dpl100.dll
2008-12-11 00:33    200,704    ----a-w    c:\windows\system32\dtu100.dll
2008-12-09 02:28    593,920    ----a-w    c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28    57,344    ----a-w    c:\windows\system32\dpv11.dll
2008-12-09 02:28    344,064    ----a-w    c:\windows\system32\dpus11.dll
2008-12-09 02:28    294,912    ----a-w    c:\windows\system32\dpu11.dll
2008-12-01 20:52    425,984    ----a-w    c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51    318,464    ----a-w    c:\windows\system32\ati2dvag.dll
2008-12-01 20:46    11,304,960    ----a-w    c:\windows\system32\atioglxx.dll
2008-12-01 20:41    188,416    ----a-w    c:\windows\system32\atipdlxx.dll
2008-12-01 20:40    43,520    ----a-w    c:\windows\system32\ati2edxx.dll
2008-12-01 20:40    26,112    ----a-w    c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40    147,456    ----a-w    c:\windows\system32\Oemdspif.dll
2008-12-01 20:40    143,360    ----a-w    c:\windows\system32\ati2evxx.dll
2008-12-01 20:38    598,016    ----a-w    c:\windows\system32\ati2evxx.exe
2008-12-01 20:37    53,248    ----a-w    c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27    4,120,384    ----a-w    c:\windows\system32\ati3duag.dll
2008-12-01 20:19    307,200    ----a-w    c:\windows\system32\atiiiexx.dll
2008-12-01 20:11    2,495,360    ----a-w    c:\windows\system32\ativvaxx.dll
2008-12-01 19:57    48,640    ----a-w    c:\windows\system32\amdpcom32.dll
2008-12-01 19:53    45,056    ----a-w    c:\windows\system32\amdcalrt.dll
2008-12-01 19:53    45,056    ----a-w    c:\windows\system32\amdcalcl.dll
2008-12-01 19:53    401,408    ----a-w    c:\windows\system32\atikvmag.dll
2008-12-01 19:52    86,016    ----a-w    c:\windows\system32\atiadlxx.dll
2008-12-01 19:52    17,408    ----a-w    c:\windows\system32\atitvo32.dll
2008-12-01 19:50    3,252,224    ----a-w    c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50    286,720    ----a-w    c:\windows\system32\atiok3x2.dll
2008-12-01 19:45    577,536    ----a-w    c:\windows\system32\ati2cqag.dll
2008-12-01 13:35    593,920    ------w    c:\windows\system32\ati2sgag.exe
2008-11-06 16:37    524,288    ----a-w    c:\windows\system32\DivXsm.exe
2008-11-06 16:37    3,596,288    ----a-w    c:\windows\system32\qt-dx331.dll
2008-11-06 16:37    129,784    ------w    c:\windows\system32\pxafs.dll
2008-11-06 16:37    120,056    ------w    c:\windows\system32\pxcpyi64.exe
2008-11-06 16:37    118,520    ------w    c:\windows\system32\pxinsi64.exe
2008-11-06 16:35    200,704    ----a-w    c:\windows\system32\ssldivx.dll
2008-11-06 16:35    1,044,480    ----a-w    c:\windows\system32\libdivx.dll
2008-11-06 16:33    823,296    ----a-w    c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33    823,296    ----a-w    c:\windows\system32\divx_xx07.dll
2008-11-06 16:33    815,104    ----a-w    c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33    802,816    ----a-w    c:\windows\system32\divx_xx11.dll
2008-11-06 16:33    684,032    ----a-w    c:\windows\system32\DivX.dll
2008-11-06 16:33    12,288    ----a-w    c:\windows\system32\DivXWMPExtType.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2008-11-28 5837800]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
WConfig.lnk - c:\program files\WLAN\WConfig\WConfig.exe [2009-01-06 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SGJ^Menu Start^Programy^Autostart^hamachi.lnk]
path=c:\documents and settings\SGJ\Menu Start\Programy\Autostart\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 c:\program files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2008-11-28 11:48 5837800 c:\program files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-12-20 07:50 2656528 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-07 17:57 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]
--a------ 2008-12-19 23:31 1372160 c:\program files\sXe Injected\sXe Injected.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
R3 RT2400PCI;802.11b WLAN PCI;c:\windows\system32\drivers\rt2400.sys [2009-01-06 61056]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2008-12-19 49408]
S3 InterServer;InterBase InterClient Server;e:\program files\Borland\InterBase\InterClient\bin\interserver.exe [2009-02-01 114176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-HideAnyWindow - c:\documents and settings\SGJ\Pulpit\Hide.Any.Window.v2.7.Crack.ReadNFO-tRUE\Hide.Any.Window.v2.7.Crack.ReadNFO-tRUE\haw.exe


.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm
IE: &Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm
IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {09026B6A-671E-4C7C-88BB-1789EA7CDB6B} = 192.168.1.4
FF - ProfilePath - c:\documents and settings\SGJ\Dane aplikacji\Mozilla\Firefox\Profiles\7lgp44g3.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2009-02-04 16:28:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1196)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(7728)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
e:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
e:\program files\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-04 16:31:29 - komputer został uruchomiony ponownie [SGJ]
ComboFix-quarantined-files.txt  2009-02-04 15:31:11

Przed: 2,040,008,704 bajtów wolnych
Po: 2,130,939,904 bajtów wolnych

333    --- E O F ---    2009-02-04 10:51:02

 

[tremendous07]

Log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:03, on 2009-05-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ULi5287\ULi5287.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

--
End of file - 5118 bytes[/b]

Log z ComboFix

ComboFix 09-05-15.01 - Mateusz 2009-05-15 19:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1535.729 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Mateusz\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\smss.exe
c:\windows\system32\ccbcccfc4_z.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_PowerManager


((((((((((((((((((((((((( Pliki utworzone od 2009-04-15 do 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-15 17:30 . 2009-05-15 17:33 -------- d-----w c:\program files\Unlocker
2009-05-15 11:39 . 2009-05-15 11:39 -------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\Tibia
2009-05-15 11:38 . 2009-05-15 11:38 -------- d-----w c:\program files\Tibia
2009-05-15 11:36 . 2009-05-15 11:36 -------- d-----w c:\program files\TibiaCam TV Lite
2009-05-14 14:05 . 2009-05-14 14:05 -------- d-----w c:\program files\IrfanView
2009-05-14 11:57 . 2009-05-14 11:57 -------- d-----w c:\program files\Trend Micro
2009-05-14 09:02 . 2009-05-14 11:14 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-05-14 09:02 . 2009-05-14 09:02 -------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\OpenFM
2009-05-14 09:01 . 2009-05-15 11:39 -------- d-----w C:\Logs
2009-05-14 08:00 . 2009-05-14 08:01 -------- d-----w c:\program files\Nowe Gadu-Gadu
2009-05-14 07:51 . 2009-05-14 09:01 -------- d-----w c:\windows\SxsCaPendDel
2009-05-13 18:12 . 2009-05-14 07:53 -------- d--h--w C:\$AVG8.VAULT$
2009-05-13 18:10 . 2009-05-15 11:20 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-13 18:10 . 2009-05-15 11:20 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-13 18:09 . 2009-05-15 11:20 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-13 18:09 . 2009-05-15 11:21 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-13 18:09 . 2009-05-14 07:38 -------- d-----w c:\documents and settings\Mateusz\Dane aplikacji\AVGTOOLBAR
2009-05-13 18:09 . 2009-05-13 18:09 -------- d-----w c:\program files\AVG
2009-05-13 18:09 . 2009-05-13 18:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\avg8
2009-05-13 17:41 . 2009-05-13 17:42 -------- d-----w c:\program files\jv16 PowerTools 2008
2009-04-20 18:33 . 2009-05-14 07:25 -------- d-----w c:\documents and settings\Mateusz\Tracing
2009-04-20 18:22 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-20 18:20 . 2009-04-20 18:24 -------- d-----w c:\program files\Microsoft
2009-04-20 18:07 . 2009-04-20 18:07 -------- d-----w c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 07:45 . 2008-06-24 12:52 -------- d-----w c:\program files\Ahead
2009-05-14 07:45 . 2008-06-24 12:52 -------- d-----w c:\program files\Common Files\Ahead
2009-05-14 07:33 . 2008-03-27 19:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-20 20:33 . 2001-10-26 16:15 84336 ----a-w c:\windows\system32\perfc015.dat
2009-04-20 20:33 . 2001-10-26 16:15 491140 ----a-w c:\windows\system32\perfh015.dat
2009-04-20 18:33 . 2008-03-27 19:43 41056 ----a-w c:\documents and settings\Mateusz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-04 11:26 . 2009-04-04 11:26 -------- d-----w c:\program files\microsoft frontpage
2009-03-24 12:54 . 2009-03-24 12:54 -------- d-----w c:\program files\MSBuild
2009-03-24 12:54 . 2009-03-24 12:54 115944 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-03-24 12:50 . 2009-03-24 12:50 -------- d-----w c:\program files\Reference Assemblies
2009-03-15 08:49 . 2009-03-15 08:49 70 ----a-w c:\windows\brassi.dat
2009-03-15 08:49 . 2009-03-15 08:49 413184 ----a-w c:\windows\system32\paintball.scr
2009-03-14 23:03 . 2009-03-14 23:03 1700352 ----a-w c:\windows\system32\gdiplus.dll
2009-02-17 16:58 . 2009-02-17 16:58 65536 ----a-w c:\windows\IFinst27.exe
2009-02-11 07:44 . 2009-02-11 07:44 10022 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2008-01-15 6290944]
"EdHTML"="c:\program files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-04-20 9818728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ULiRaid"="c:\program files\ULi5287\ULi5287.exe" [2005-08-23 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-15 1947928]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-07-13 14679552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-15 11:20 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SnagIt 8.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Tibia\\tibia.exe"=
"c:\\Documents and Settings\\Mateusz\\Pulpit\\Kostladek =)\\Tibia =)\\OT =]\\DevLand_0.96b_XML\\DevLand_0.96b_XML\\Project-XML\\DevLand-XML.exe"=
"c:\\Documents and Settings\\Mateusz\\Pulpit\\Kostladek =)\\Tibia =)\\OT =]\\Evolution 8.1 - By Aciek .. WERSJA POPRAWNA\\Evolution 8.1 - By Aciek .. WERSJA POPRAWNA\\By Aciek v2.0.exe"=
"c:\\Documents and Settings\\Mateusz\\Pulpit\\Kostladek =)\\Tibia =)\\OT =]\\DevLand-XML 0 1 .97b\\Project-XML\\DevLand-XML.exe"=
"c:\\Documents and Settings\\Mateusz\\Pulpit\\Kostladek =)\\Tibia =)\\OT =]\\Aries 0.4.5 XML\\Aries 0.4.5 - XML\\Aries-XML.exe"=
"c:\\Documents and Settings\\Mateusz\\Pulpit\\Kostladek =)\\Tibia =)\\OT =]\\Servfull\\Servfull\\Servfull.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Documents and Settings\\Mateusz\\Ustawienia lokalne\\Dane aplikacji\\MM-Project Evolutions-XML.exe"=
"c:\\Documents and Settings\\Mateusz\\Pulpit\\Kostladek =)\\Tibia =)\\OT =]\\Salvion44+Film\\Salvion44\\Salvion 4.4 XML + POI\\Salvion.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2006-03-10 101120]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-05-13 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-05-13 108552]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-13 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-13 298776]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e2ef5f0-13d3-11dd-963a-00142a9e8abc}]
\Shell\AutoRun\command - F:\vnlcurgm.exe
\Shell\explore\Command - F:\vnlcurgm.exe
\Shell\open\Command - F:\vnlcurgm.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{AE90C38C-97CF-4696-B290-C7973DC9675E} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
Toolbar-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKCU-Run-KxptG - c:\windows\KxptG.exe
HKLM-Run-lsass.exe - c:\windows\lsass.exe
HKLM-Run-System Files Updater - c:\windows\FlyakiteOSX\System Files Updater.exe
Notify-WgaLogon - (no file)


.
------- Skan uzupełniający -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\tow28hmx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 19:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
lsass.exe = c:\windows\lsass.exe?????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7700)
c:\program files\Tlen.pl\hook.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe
c:\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-15 19:44 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-05-15 17:44

Przed: 44 573 671 424 bajtów wolnych
Po: 44 868 743 168 bajtów wolnych

182 --- E O F --- 2008-12-19 07:38[/b]

 

[Khalt]

Mateuszu ... xP

Ja nic nie znalazłem. Natomiast polecam przestać grać w Tibię i odpuścić sobie zabawę z OTS'ami .

 

[tremendous07]

Regulamin zabrania o rozmawianiu o Tibii, ale... W Tibie właśnie przestałem grać... Strata czasu jak i pieniędzy. Pozostałem przy filmach.

Na innym forum uzyskałem odpowiedź, że to nie potrzebne

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"[/b]

 

[Khalt]

No cóż... "niepotrzebna" to jest większość rzeczy, które tam masz w tych logach. Bo co jest tak na prawdę potrzebne ... ?

Winamp Agent szkodliwy nie jest. Ułatwia korzystanie z/pracę Winamp'a. Jeśli już tak bardzo go nie chcesz to wejdź do opcji Winamp'a i w "File Types" wyłącz go.

Regulamin zabrania o rozmawianiu o Tibii[/b]

Żeby się pozbyć przeciwnika (w tym przypadku - szkodnika) trzeba mu stawić czoła, a nie unikać go niczym tchórz ... XD.

 

[Wieslaweczek]

ComboFix 09-06-05.07 - WieslaweK 2009-06-06 14:59.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.767.530 [GMT 2:00]
Uruchomiony z: c:\downloads\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-05-06 do 2009-06-06  )))))))))))))))))))))))))))))))
.

2009-06-05 18:25 . 2009-06-05 18:25    --------    d-----w-    c:\program files\PowerQuest
2009-06-05 14:07 . 2009-06-05 14:27    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\mIRC
2009-06-05 14:07 . 2009-06-05 14:08    --------    d-----w-    c:\program files\mIRC
2009-06-05 14:07 . 2007-11-06 20:13    1985024    ----a-w-    c:\windows\system32\verify.exe
2009-06-05 14:07 . 2007-11-05 07:16    1725000    ----a-w-    c:\windows\system32\mirc631.exe
2009-06-04 18:45 . 2009-06-04 18:45    --------    d-----w-    c:\program files\Tasker
2009-06-04 17:57 . 2009-06-04 18:05    137928    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2009-06-04 17:57 . 2009-06-04 18:19    189768    ----a-w-    c:\windows\system32\PnkBstrB.exe
2009-06-04 17:56 . 2009-06-04 17:56    75064    ----a-w-    c:\windows\system32\PnkBstrA.exe
2009-06-04 17:56 . 2009-06-04 17:56    --------    d-----w-    c:\windows\system32\LogFiles
2009-06-04 17:56 . 2009-06-04 17:56    --------    d-----w-    c:\documents and settings\WieslaweK\Ustawienia lokalne\Dane aplikacji\PunkBuster
2009-06-03 19:02 . 2009-06-03 19:02    --------    d-sh--w-    c:\windows\ftpcache
2009-06-03 13:10 . 2009-06-03 13:10    --------    d-----w-    c:\program files\Elaborate Bytes
2009-06-02 13:22 . 2009-06-02 17:24    --------    d-----w-    c:\documents and settings\All Users\Dane aplikacji\TrackMania
2009-06-02 12:32 . 2009-06-02 12:32    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\Ashampoo
2009-06-02 12:31 . 2009-06-02 12:31    --------    d-----w-    c:\documents and settings\WieslaweK\Ustawienia lokalne\Dane aplikacji\ashampoo
2009-06-02 12:31 . 2009-06-02 12:31    --------    d-----w-    c:\documents and settings\All Users\Dane aplikacji\ashampoo
2009-06-02 12:31 . 2009-06-02 12:31    --------    d-----w-    c:\program files\Ashampoo
2009-06-01 18:41 . 2009-06-05 14:28    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\AIMP
2009-06-01 18:41 . 2009-06-01 18:41    --------    d-----w-    c:\program files\AIMP2
2009-06-01 13:28 . 2006-06-29 11:07    14048    ------w-    c:\windows\system32\spmsg2.dll
2009-06-01 13:27 . 2009-06-01 13:27    --------    d-----w-    c:\windows\system32\pl-PL
2009-06-01 13:25 . 2009-06-01 13:25    69024    ----a-w-    c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-06-01 13:24 . 2009-06-01 13:24    --------    d-----w-    c:\windows\system32\XPSViewer
2009-06-01 13:24 . 2009-06-01 13:24    --------    d-----w-    c:\program files\MSBuild
2009-06-01 13:24 . 2009-06-01 13:24    --------    d-----w-    c:\program files\Reference Assemblies
2009-06-01 13:23 . 2008-07-06 12:06    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-01 13:23 . 2008-07-06 12:06    575488    -c----w-    c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-01 13:23 . 2008-07-06 12:06    575488    ------w-    c:\windows\system32\xpsshhdr.dll
2009-06-01 13:23 . 2008-07-06 12:06    1676288    -c----w-    c:\windows\system32\dllcache\xpssvcs.dll
2009-06-01 13:23 . 2008-07-06 12:06    1676288    ------w-    c:\windows\system32\xpssvcs.dll
2009-06-01 13:23 . 2008-07-06 12:06    117760    ------w-    c:\windows\system32\prntvpt.dll
2009-06-01 13:23 . 2008-07-06 10:50    597504    -c----w-    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-01 13:19 . 2007-11-30 11:18    26488    ----a-w-    c:\windows\system32\spupdsvc.exe
2009-06-01 13:19 . 2009-06-01 13:19    --------    d-----w-    c:\program files\MSXML 6.0
2009-06-01 11:02 . 2009-06-06 12:58    --------    d-----w-    C:\Downloads
2009-06-01 11:01 . 2009-06-01 11:01    --------    d-----w-    c:\program files\MoorHunt
2009-05-30 10:54 . 2009-05-30 10:55    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\Tibia
2009-05-30 10:54 . 2009-05-30 10:54    --------    d-----w-    c:\program files\Tibia
2009-05-28 20:16 . 2003-03-29 14:45    89184    ----a-w-    c:\windows\system32\drivers\imagedrv.sys
2009-05-28 20:16 . 2009-05-28 20:16    --------    d-----w-    c:\program files\Common Files\Ahead
2009-05-28 20:16 . 2001-07-06 16:24    283920    ----a-w-    c:\windows\system32\ImagXpr5.dll
2009-05-28 20:16 . 2001-07-06 12:41    569344    ----a-w-    c:\windows\system32\imagr5.dll
2009-05-28 20:16 . 2001-07-06 10:44    544768    ----a-w-    c:\windows\system32\imagx5.dll
2009-05-28 20:16 . 2001-06-26 06:15    38912    ----a-w-    c:\windows\system32\picn20.dll
2009-05-28 20:16 . 2001-07-09 09:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe
2009-05-28 20:16 . 2009-05-28 20:16    --------    d-----w-    c:\program files\Ahead
2009-05-28 19:41 . 2009-05-28 19:41    --------    d-----w-    c:\program files\CdCoverCreator
2009-05-28 15:15 . 2009-05-28 19:50    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2009-05-28 15:13 . 2009-05-28 15:13    167376    ----a-w-    c:\documents and settings\WieslaweK\Dane aplikacji\Mozilla\Firefox\Profiles\kmshc764.default\FlashGot.exe
2009-05-28 15:12 . 2009-06-06 12:58    --------    d-----w-    c:\program files\FlashGet
2009-05-28 14:20 . 2009-05-28 14:20    --------    d-----w-    c:\documents and settings\WieslaweK\Ustawienia lokalne\Dane aplikacji\Identities
2009-05-28 14:06 . 2009-06-02 17:58    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\Tlen.pl
2009-05-28 14:06 . 2009-05-28 14:06    --------    d-----w-    c:\documents and settings\All Users\Dane aplikacji\Tlen.pl
2009-05-28 14:06 . 2009-05-28 14:06    --------    d-----w-    c:\program files\Tlen.pl
2009-05-28 13:48 . 2009-05-28 13:48    --------    d-----w-    c:\documents and settings\WieslaweK\Ustawienia lokalne\Dane aplikacji\HP
2009-05-28 13:40 . 2007-03-08 04:20    16496    ----a-r-    c:\windows\system32\drivers\HPZipr12.sys
2009-05-28 13:40 . 2007-03-08 04:20    49920    ----a-r-    c:\windows\system32\drivers\HPZid412.sys
2009-05-28 13:40 . 2009-05-28 13:40    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\HP
2009-05-28 13:40 . 2009-05-28 13:40    --------    d-----w-    c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-05-28 13:40 . 2007-03-30 15:29    267864    ----a-r-    c:\windows\system32\hpzids01.dll
2009-05-28 13:40 . 2007-03-28 12:01    118272    ----a-w-    c:\windows\system32\hpz3l5ha.dll
2009-05-28 13:40 . 2007-03-08 04:20    21568    ----a-r-    c:\windows\system32\drivers\HPZius12.sys
2009-05-28 13:39 . 2007-03-17 06:39    303104    ----a-r-    c:\windows\system32\hpovst11.dll
2009-05-28 13:39 . 2007-03-17 06:39    958464    ----a-r-    c:\windows\system32\hpotiop4.dll
2009-05-28 13:39 . 2007-03-08 04:20    364544    ----a-r-    c:\windows\system32\hppldcoi.dll
2009-05-28 13:39 . 2007-03-08 04:20    309760    ----a-r-    c:\windows\system32\difxapi.dll
2009-05-28 13:39 . 2007-03-17 06:39    675840    ----a-r-    c:\windows\system32\hpowiax4.dll
2009-05-28 13:39 . 2004-08-03 20:58    15104    -c--a-w-    c:\windows\system32\dllcache\usbscan.sys
2009-05-28 13:39 . 2004-08-03 20:58    15104    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2009-05-28 13:32 . 2009-05-28 13:32    --------    d-----w-    c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY
2009-05-28 13:31 . 2009-05-28 13:31    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\HPAppData
2009-05-28 13:29 . 2009-05-28 13:29    --------    d-----w-    c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-05-28 13:29 . 2009-05-28 13:30    --------    d-----w-    c:\documents and settings\All Users\Dane aplikacji\HP
2009-05-28 13:29 . 2009-05-28 13:29    --------    d-----w-    c:\program files\Common Files\HP
2009-05-28 13:28 . 2009-05-28 13:28    --------    d-----w-    c:\program files\Hewlett-Packard
2009-05-28 13:28 . 2009-05-28 13:28    --------    d-----w-    c:\program files\Common Files\Hewlett-Packard
2009-05-28 13:27 . 2009-05-28 13:28    --------    dc----w-    c:\windows\system32\DRVSTORE
2009-05-28 13:27 . 2009-05-28 13:32    --------    d-----w-    c:\program files\HP
2009-05-28 13:25 . 2009-05-28 13:38    152051    ----a-w-    c:\windows\hpoins15.dat
2009-05-28 13:25 . 2007-06-05 23:04    1039    ------w-    c:\windows\hpomdl15.dat
2009-05-27 13:01 . 2009-05-28 14:34    --------    d-----w-    c:\documents and settings\WieslaweK\Ustawienia lokalne\Dane aplikacji\ApplicationHistory
2009-05-27 13:01 . 2009-05-27 13:01    134    ----a-w-    c:\documents and settings\WieslaweK\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-05-27 13:01 . 2009-05-27 13:01    1078    ----a-r-    c:\documents and settings\WieslaweK\Dane aplikacji\Microsoft\Installer\{1F66D380-CA34-40B4-87BC-CEB5FFA723FA}\_2cd672ae.exe
2009-05-27 13:01 . 2009-05-27 13:01    --------    d-----w-    c:\program files\Gios
2009-05-27 12:59 . 2009-05-27 13:00    --------    d-----w-    c:\windows\system32\URTTemp
2009-05-25 12:16 . 2009-05-25 12:16    134312    ----a-w-    c:\windows\system32\ElbyVCD.dll
2009-05-25 12:01 . 2009-05-25 12:01    89256    ----a-w-    c:\windows\system32\ElbyCDIO.dll
2009-05-24 16:06 . 2009-05-24 16:06    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\fretsonfire
2009-05-24 13:55 . 2009-05-24 13:55    --------    d-----w-    c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-05-24 13:55 . 2009-06-04 19:20    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\Xfire
2009-05-24 13:55 . 2009-06-03 15:09    --------    d-----w-    c:\program files\Xfire
2009-05-24 13:47 . 2004-08-03 22:44    221184    ----a-w-    c:\windows\system32\wmpns.dll
2009-05-24 12:12 . 2004-08-03 21:01    25856    -c--a-w-    c:\windows\system32\dllcache\usbprint.sys
2009-05-24 12:12 . 2004-08-03 21:01    25856    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2009-05-24 12:12 . 2004-08-03 21:08    31616    -c--a-w-    c:\windows\system32\dllcache\usbccgp.sys
2009-05-24 12:12 . 2004-08-03 21:08    31616    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2009-05-24 09:23 . 2009-06-05 14:37    34    ----a-w-    c:\documents and settings\WieslaweK\jagex_runescape_preferences.dat
2009-05-24 09:23 . 2009-05-24 09:23    --------    d-----w-    c:\windows\.jagex_cache_32
2009-05-24 09:06 . 2005-05-26 13:34    2297552    ----a-w-    c:\windows\system32\d3dx9_26.dll
2009-05-24 07:25 . 2009-06-01 13:33    16504    ----a-w-    c:\documents and settings\WieslaweK\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-05-23 17:20 . 2009-05-23 17:20    --------    d-----w-    c:\program files\Kaspersky Lab
2009-05-23 17:19 . 2009-05-23 17:19    --------    d-----w-    c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-05-23 17:16 . 2009-05-27 09:44    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\Nowe Gadu-Gadu
2009-05-23 17:15 . 2009-05-23 17:15    --------    d-----w-    c:\program files\Nowe Gadu-Gadu

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 15:24 . 2009-05-23 16:49    1    ----a-w-    c:\documents and settings\WieslaweK\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-04 17:17 . 2004-07-17 09:36    163644    ----a-w-    c:\windows\system32\drivers\secdrv.sys
2009-06-01 13:26 . 2001-10-26 16:15    88618    ----a-w-    c:\windows\system32\perfc015.dat
2009-06-01 13:26 . 2001-10-26 16:15    499958    ----a-w-    c:\windows\system32\perfh015.dat
2009-05-25 16:01 . 2009-05-23 14:21    86327    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-23 17:40 . 2009-05-23 17:39    --------    d-----w-    c:\program files\K-Lite Codec Pack
2009-05-23 16:48 . 2009-05-23 16:48    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\OpenOffice.org
2009-05-23 16:47 . 2009-05-23 16:47    410984    ----a-w-    c:\windows\system32\deploytk.dll
2009-05-23 16:47 . 2009-05-23 16:47    --------    d-----w-    c:\program files\Java
2009-05-23 16:47 . 2009-05-23 16:47    152576    ----a-w-    c:\documents and settings\WieslaweK\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-23 16:46 . 2009-05-23 16:46    --------    d-----w-    c:\program files\OpenOffice.org 3
2009-05-23 16:12 . 2009-05-23 16:12    --------    d-----w-    c:\program files\3do
2009-05-23 16:12 . 2009-05-23 14:29    --------    d-----w-    c:\program files\Common Files\InstallShield
2009-05-23 15:41 . 2009-05-23 15:41    0    ----a-w-    c:\windows\nsreg.dat
2009-05-23 15:26 . 2009-05-23 15:25    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\TrueCrypt
2009-05-23 15:25 . 2009-05-23 15:25    217536    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2009-05-23 15:25 . 2009-05-23 15:25    --------    d-----w-    c:\program files\TrueCrypt
2009-05-23 14:45 . 2009-05-23 14:45    107888    ----a-w-    c:\windows\system32\CmdLineExt.dll
2009-05-23 14:42 . 2009-05-23 14:29    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-05-23 14:38 . 2009-05-23 14:38    6820    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-05-23 14:38 . 2009-05-23 14:38    552    ----a-w-    c:\windows\system32\d3d8caps.dat
2009-05-23 14:38 . 2009-05-23 14:38    --------    d-----w-    c:\documents and settings\WieslaweK\Dane aplikacji\atitray
2009-05-23 14:34 . 2009-05-23 14:34    472576    ----a-w-    c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-05-23 14:34 . 2009-05-23 14:34    --------    d-----w-    c:\program files\Radeon Omega Drivers
2009-05-23 14:33 . 2009-05-23 14:33    --------    d-----w-    c:\program files\WLAN
2009-05-23 14:31 . 2009-05-23 14:31    --------    d-----w-    c:\program files\Realtek Sound Manager
2009-05-23 14:31 . 2009-05-23 14:31    --------    d-----w-    c:\program files\AvRack
2009-05-23 14:30 . 2009-05-23 14:30    --------    d-----w-    c:\program files\Intel
2009-05-23 14:22 . 2009-05-23 14:22    --------    d-----w-    c:\program files\microsoft frontpage
2009-05-23 14:21 . 2009-05-23 14:21    --------    d-----w-    c:\program files\Usługi online
2009-05-23 14:19 . 2009-05-23 14:19    21856    ----a-w-    c:\windows\system32\emptyregdb.dat
2009-05-22 23:08 . 2009-05-22 23:08    29696    ----a-w-    c:\windows\system32\drivers\VClone.sys
2009-05-21 22:51 . 2009-05-21 22:51    41808    ----a-w-    c:\windows\system32\xfcodec.dll
.

------- Sigcheck -------

[7] 2004-08-03 21:14    359040    9F4B36614A0FC234525BA224957DE55C    c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14    359040    6A603809F598332DBEDD535BDBCE313E    c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-23 148888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 159744]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]
"Windows 32-bit DLL Integrity Verifier"="verify.exe" - c:\windows\system32\verify.exe [2007-11-06 1985024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows 32-bit DLL Integrity Verifier"="verify.exe" - c:\windows\system32\verify.exe [2007-11-06 1985024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
WConfig.lnk - c:\program files\WLAN\WConfig\WConfig.exe [2009-5-23 385024]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^WieslaweK^Menu Start^Programy^Autostart^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\WieslaweK\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Steam\\SteamApps\\hruswik\\counter-strike\\hl.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2009-05-23 17952]
R3 RT2400PCI;802.11b WLAN PCI;c:\windows\system32\drivers\rt2400.sys [2009-05-23 61056]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - PQNTDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
- - - - USUNIĘTO PUSTE WPISY - - - -

SafeBoot-procexp90.Sys


.
------- Skan uzupełniający -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\WieslaweK\Dane aplikacji\Mozilla\Firefox\Profiles\kmshc764.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2009-06-06 15:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-06-06 15:02
ComboFix-quarantined-files.txt  2009-06-06 13:02

Przed: 5 316 169 728 bajtów wolnych
Po: 5 484 355 584 bajtów wolnych

232

 

[thc_flow]

Brawo, wreszcie dobry dział, ale chyba warn poleci...

 

[Wieslaweczek]

A ty posty nabijasz? Musisz 40 postów napisać o tym, że wkleiłem loga z ComboFixa do tematu z HijackThisem, bo mam klawiaturę pełną śmiecia?

 

[thc_flow]

Nie, nie nabijam postów, po prostu nie lubię ludzi twojego pokroju.

...bo mam klawiaturę pełną śmiecia?[/b]

Tzn? bo to się ma nijak do nieczytanego regulaminu...

 

[Wieslaweczek]

Fakt, założyłem temat zamiast napisać w już istniejącym, ale co post

Brawo, wreszcie dobry dział, ale chyba warn poleci...[/b]

wniósł do tematu? Mam zaśmieconą klawiaturę i nie działa mi dobrze Ctrl. Nie skopiowałem loga z hijackthisa tylko wkleiłem stary z Combofixa. Poprawiłem, więc po co te posty? Może zamiast nabijać kolejnego posta rzuciłbyś okiem na logi?

 

[thc_flow]

2009-06-05 14:07 . 2007-11-06 20:13    1985024    ----a-w-    c:\windows\system32\verify.exe - podejrzane...
2009-06-01 13:19 . 2007-11-30 11:18    26488    ----a-w-    c:\windows\system32\spupdsvc.exe - nie jestem pewien co to
2009-05-30 10:54 . 2009-05-30 10:54    --------    d-----w-    c:\program files\Tibia - no to to polecam wywalić
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 159744] - MSconfig nie odpala się przy starcie!
"Windows 32-bit DLL Integrity Verifier"="verify.exe" - c:\windows\system32\verify.exe [2007-11-06 1985024] - patrz na samą górę...

Ogólnie to poza tym co wymieniłem masz ładny syf na PC... poczyść trochę i powywalaj to co niepotrzebne.

//Dziwne, pierwszy gracz w T***ę używający TrueCrypt'a jakiego spotkałem

A tak poza tym to za to wcześniejsze i za granie w ten "hit" MMO dalej cię nie lubię.

 

[karololszak]

Proszę o przeanalizowanie tego loga z ComboFix'a: http://wklej.org/hash/4bf94a8e57/txt (to nie mój, tylko znajomego)

#Edit: a co mi szkodzi, przy okazji dam swój: http://wklej.org/hash/7a753e38f0/txt

 

[Wojtas464]

witam was po długiej przerwie

proszę o przeanalizowanie tych 2 logów gdyż mam podejrzenia ze jakiś syf siedzi na kompie

ComboFix -
\/
http://wklej.org/hash/7cb8fa7e5e/

HiJackThis -
\/
http://wklej.org/id/121474/

dzięki & pozdro

 

[Levy272]

Może ktoś z wprawionym okiem zerknąć?

<a href="http://wklej.org/id/121915/" target="_blank">
<<KLIK>></a>