piodor utworzono 3 lipca 2008 utworzono 3 lipca 2008 Combo fix: ComboFix 08-07-02.5 - dorsz 2008-07-03 21:42:37.5 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.107 [GMT 2:00]Running from: C:\Documents and Settings\dorsz\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))).2008-07-02 14:32 . 2008-07-03 21:24 <DIR> d-------- C:\Program Files\SpeedFan2008-07-02 14:32 . 2008-07-02 14:32 45 --a------ C:\WINDOWS\system32\initdebug.nfo2008-07-02 01:19 . 2008-07-03 20:52 153 --a------ C:\WINDOWS\ODBC.INI2008-07-02 01:19 . 2008-07-03 20:52 49 --a------ C:\WINDOWS\transp.gif2008-07-01 21:48 . 1999-10-21 11:12 20,400 --a------ C:\WINDOWS\system32\drivers\entech.sys2008-07-01 15:14 . 2008-07-01 15:14 <DIR> d-------- C:\Program Files\Avira2008-07-01 15:14 . 2008-07-01 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\Agnitum2008-07-01 13:44 . 2008-07-01 14:28 <DIR> d-------- C:\Program Files\Netscape2008-07-01 13:44 . 2008-07-01 13:44 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\Netscape2008-06-30 22:28 . 2008-06-30 22:28 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\VSRevoGroup2008-06-30 18:37 . 2008-06-30 18:37 <DIR> d-------- C:\Program Files\Trend Micro2008-06-30 17:50 . 2008-06-30 17:50 <DIR> d-------- C:\Program Files\VS Revo Group2008-06-30 11:46 . 2008-06-30 12:38 <DIR> d-------- C:\Program Files\BearShare2008-06-21 00:34 . 2008-06-21 00:34 <DIR> d--h----- C:\WINDOWS\PIF2008-06-20 16:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll2008-06-20 16:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll2008-06-20 16:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax2008-06-19 19:00 . 2008-07-03 21:26 <DIR> d-------- C:\Program Files\Steam2008-06-19 17:20 . 2008-06-19 17:20 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat2008-06-18 21:28 . 2008-06-30 22:28 <DIR> d-------- C:\Documents and Settings\dorsz\Dane aplikacji\XnView2008-06-17 12:36 . 2008-06-17 12:36 <DIR> d-------- C:\Program Files\Half-Life Model Viewer2008-06-10 17:15 . 2008-06-10 17:15 <DIR> d-------- C:\Program Files\Ad Muncher2008-06-05 15:58 . 2008-06-05 15:58 <DIR> d-------- C:\Program Files\Trust2008-06-05 15:45 . 2004-08-03 23:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys2008-06-05 15:45 . 2004-08-03 23:08 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys2008-06-05 15:45 . 2004-08-04 00:44 7,168 --a------ C:\WINDOWS\system32\hccoin.dll2008-06-05 15:45 . 2004-08-04 00:44 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll2008-06-05 15:41 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys2008-06-05 15:41 . 2004-08-03 23:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-01 23:27 --------- d-----w C:\Program Files\SMC2008-06-30 20:25 --------- d-----w C:\Program Files\Common Files\InstallShield2008-06-30 20:24 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-22 11:38 --------- d-----w C:\Program Files\Common Files\Adobe2008-05-25 19:02 --------- d-----w C:\Program Files\HLTooLz2008-05-24 21:15 --------- d-----w C:\Documents and Settings\dorsz\Dane aplikacji\Dev-Cpp2008-05-22 12:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Prism2008-05-22 12:28 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys2008-05-19 17:09 --------- d-----w C:\Documents and Settings\dorsz\Dane aplikacji\gtk-2.02008-01-02 22:02 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008010220080103\index.dat2008-01-02 22:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WheelMouse"="C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe" [2006-09-29 11:00 163840]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoExpandedNewMenu"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"= ctwdm32.dll"VIDC.YV12"= yv12vfw.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkbackup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^dorsz^Menu Start^Programy^Autostart^Deewoo.lnk]path=C:\Documents and Settings\dorsz\Menu Start\Programy\Autostart\Deewoo.lnkbackup=C:\WINDOWS\pss\Deewoo.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]NvQTwk [X][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]--a------ 2004-08-04 01:44 110592 C:\WINDOWS\system32\bthprops.cpl[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"wuauserv"=2 (0x2)"wscsvc"=2 (0x2)"SharedAccess"=2 (0x2)"Schedule"=2 (0x2)"BthServ"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Steam\\steamapps\\dorszu6\\counter-strike\\hl.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"=R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2006-03-30 10:53]R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 10:53]R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 10:53]R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 10:53]R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 10:53]R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 10:53]R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 10:53]R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 10:53]R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 10:53]R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 10:53]R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 10:53]R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 10:53]R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 10:53]R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 10:53]R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-06-28 18:28]*Newly Created Service* - CATCHME.- - - - ORPHANS REMOVED - - - -MSConfigStartUp-ares - C:\Program Files\Ares\Ares.exeMSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exeMSConfigStartUp-PRISMSVR - C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-03 21:44:07Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-03 21:45:48ComboFix-quarantined-files.txt 2008-07-03 19:45:37Pre-Run: 4,852,047,872 bajtów wolnychPost-Run: 4,842,184,704 bajtów wolnych145 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:29:12, on 2008-07-03Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{EA594444-8924-418B-AAFF-6F62EE40FBE9}: NameServer = 208.67.222.222,208.67.220.220O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dllO23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe--End of file - 4091 bytes
piodor komentarz 3 lipca 2008 Autor komentarz 3 lipca 2008 czyste?? bo w avirze jakis trojan mi wyskoczył
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.