Prosze o sprawdzenie skana (mialem avpo.exe ale czesc zrobilem)
SKAn
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.
2007-12-13 22:15 . 2007-12-13 22:15 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-09 21:09 . 2007-12-09 21:09 d-------- C:\Documents and Settings\dom\Dane aplikacji\Prevx
2007-12-06 18:21 . 2007-12-06 18:21 41 ---h----- C:\WINDOWS\dsez9025.dat
2007-12-06 18:12 . 2007-12-06 18:16 d-------- C:\Program Files\IrfanView
2007-12-06 17:47 . 2007-12-06 17:47 d-------- C:\Program Files\Picasa2
2007-11-30 19:28 . 2007-11-30 19:28 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-25 16:21 . 2007-11-25 16:21 d-------- C:\Documents and Settings\dom\Dane aplikacji\Corel
2007-11-25 16:20 . 1998-09-25 12:18 607,744 --------- C:\WINDOWS\system32\Decslib.dll
2007-11-25 16:19 . 1999-03-08 07:53 28,252 --------- C:\WINDOWS\corelpf.lrs
2007-11-25 16:18 . 2007-11-25 16:18 d-------- C:\Program Files\Corel
2007-11-25 16:17 . 2007-11-25 16:21 d-------- C:\WINDOWS\Corel
2007-11-24 14:51 . 2007-11-24 14:51 d-------- C:\Program Files\K-Lite Codec Pack
2007-11-24 14:51 . 2006-11-15 22:01 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-24 14:51 . 2006-11-01 14:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-24 14:51 . 2006-05-13 23:16 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2007-11-23 20:26 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-11-23 20:26 . 2007-11-24 07:48 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2007-11-23 20:26 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-11-23 20:25 . 2007-11-23 20:25 d-------- C:\NVIDIA
2007-11-23 20:25 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-11-21 18:18 . 1992-06-10 03:10 9,279 --a------ C:\WINDOWS\TDDEBUG.386
2007-11-21 18:18 . 1992-06-10 03:10 8,096 --a------ C:\WINDOWS\GROUPS.EXE
2007-11-21 18:18 . 2007-11-21 18:18 1,191 --a------ C:\WINDOWS\GROUPS.B$$
2007-11-21 18:18 . 1992-06-10 03:10 766 --a------ C:\WINDOWS\HELP.ICO
2007-11-21 18:18 . 1992-06-10 03:10 766 --a------ C:\WINDOWS\BC.ICO
2007-11-21 18:18 . 1992-06-10 03:10 545 --a------ C:\WINDOWS\BC.PIF
2007-11-21 18:18 . 2007-11-21 18:18 144 --a------ C:\WINDOWS\TDW.INI
2007-11-21 18:17 . 1992-06-10 03:10 130,224 --a------ C:\WINDOWS\system\BWCC.DLL
2007-11-17 00:08 . 2007-11-17 00:08 d-------- C:\Program Files\Common Files\Vbox
2007-11-17 00:04 . 2002-08-13 17:00 1,046,288 --------- C:\WINDOWS\system32\msjet35.dll
2007-11-17 00:04 . 2004-08-03 23:43 611,328 --a------ C:\WINDOWS\system32\COMCTL32.NU7
2007-11-17 00:04 . 2002-08-13 17:00 368,912 --------- C:\WINDOWS\system32\vbar332.dll
2007-11-17 00:04 . 2002-08-13 17:00 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-11-17 00:04 . 2002-08-13 17:00 123,664 --------- C:\WINDOWS\system32\Msjint35.dll
2007-11-17 00:04 . 2002-08-13 17:00 24,848 --------- C:\WINDOWS\system32\msjter35.dll
2007-11-17 00:01 . 2007-11-17 00:01 d-------- C:\Documents and Settings\dom\Dane aplikacji\Symantec
2007-11-13 20:53 . 2007-11-13 20:53 d-------- C:\Documents and Settings\dom\Dane aplikacji\Spik
2007-11-13 20:51 . 2007-11-13 20:58 d-------- C:\Program Files\Spik
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 20:52 --------- d-----w C:\Program Files\Symantec
2007-12-13 20:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-13 20:51 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Symantec
2007-12-13 19:42 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\BearShare
2007-12-11 22:15 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\Skype
2007-12-07 14:51 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2007-12-06 16:54 --------- d-----w C:\Program Files\NAPI-PROJEKT
2007-12-04 15:31 --------- d-----w C:\Program Files\Tibia
2007-11-27 02:15 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\uTorrent
2007-11-26 21:15 --------- d-----w C:\Program Files\FlashGet
2007-11-26 16:12 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-24 13:51 --------- d-----w C:\Program Files\ffdshow
2007-11-20 06:48 --------- d-----w C:\Program Files\Kliper
2007-11-17 20:14 --------- d-----w C:\Program Files\Paint.NET
2007-11-07 15:36 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\DMCache
2007-11-07 15:28 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\IDM
2007-11-06 14:26 --------- d-----w C:\Program Files\DAP
2007-11-06 14:25 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-11-03 10:54 --------- d-----w C:\Program Files\Winamp
2007-10-30 19:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 17:14 --------- d-----w C:\Program Files\wheel
2007-10-23 19:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-23 18:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Adobe Systems
2007-10-23 18:35 --------- d-----w C:\Program Files\Bonjour
2007-10-21 06:28 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 06:28 --------- d--h--r C:\Documents and Settings\dom\Dane aplikacji\SecuROM
2007-10-21 06:06 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-21 06:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 09:46 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\Bakoma
2007-10-19 13:51 --------- d-----w C:\Program Files\AVOne
2007-10-16 17:53 --------- d-----w C:\Program Files\RonOTS Client
2007-10-15 18:05 --------- d-----w C:\Program Files\rossmann
2007-10-13 22:04 --------- d-----w C:\Program Files\MIKSOFT
2007-10-10 16:57 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2007-10-10 16:57 119,568 ------w C:\WINDOWS\system32\vb6fr.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55]
"DAEMON Tools"="D:\Programy\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-22 11:18]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
C:\Documents and Settings\dom\Menu Start\Programy\AutostartAdobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
Rejestrowanie produkt˘w Corela.lnk - D:\Programy\Corel\Graphics9\Register\Remind32.exe [2007-11-25 16:18:56]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\AutostartWConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2007-10-10 20:00:59]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R3 WLC811GPCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\WLC811G.sys
S3 FSGuard Service;FSGuard Service;D:\Programy\fotograficzne\pc inspector\FSGS.exe
S3 NuVision;Hauppauge WinTV USB Pro (PAL/SECAM FM);C:\WINDOWS\system32\DRIVERS\NUVision.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e3be2c-6c3e-11dc-ba81-0008a16c719a}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e3be2d-6c3e-11dc-ba81-0008a16c719a}]
\Shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{250d7690-86ee-11dc-baec-0008a16c719a}]
\Shell\AutoRun\command - I:\ntde1ect.com
\Shell\explore\Command - I:\ntde1ect.com
\Shell\open\Command - I:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5d8634-7b41-11dc-bab7-0008a16c719a}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd45fc1e-78d0-11dc-baad-0008a16c719a}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd45fc1f-78d0-11dc-baad-0008a16c719a}]
\Shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e663da40-3f41-11dc-b9f6-0008a16c719a}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb2f3033-5ca0-11dc-ba51-0008a16c719a}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - utdetect.com
\Shell\open\Command - utdetect.com
.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 21:01:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 22:20:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-13 22:21:04
C:\ComboFix2.txt ... 2007-12-13 21:57
C:\ComboFix3.txt ... 2007-12-13 21:24
.
2007-10-19 06:33:06 --- E O F ---
Odpowiedzi: 1
Do kasacji klucze:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e3be2c-6c3e-11dc-ba81-0008a16c719a}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{250d7690-86ee-11dc-baec-0008a16c719a}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5d8634-7b41-11dc-bab7-0008a16c719a}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd45fc1e-78d0-11dc-baad-0008a16c719a}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e663da40-3f41-11dc-b9f6-0008a16c719a}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb2f3033-5ca0-11dc-ba51-0008a16c719a}
Pliki - pewnie na pendrivach są:
G:\ntde1ect.com
I:\ntde1ect.com
H:\ntde1ect.com
Plik:
ntdelect.com
jest bez ściezki - on może być na dysku twardym.
Pamiętaj, że systemowym plikiem jest c:\ntdetect.com i jego nie powinieneś kasować - róznice są znikome (małe literki T, L i cyfra 1 wyglądaja bardzo podobnie)
Strona 1 / 1