Elektroda.pl
Elektroda.pl
X
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Antywirus avast, pc tools firewall plus, log z hijackthis.

Ryba00 15 Oct 2007 16:34 1909 6
  • #1
    Ryba00
    Level 2  
    Witajcie! Otóż statnio mi wchodzi sam syf na kompa.
    Mam avasta(antyvirus) i "pc tools firewall plus"(fire wall)

    Żeby nie było dam scana z "hijackthis"



    Logfile of HijackThis v1.99.1
    Scan saved at 16:27:00, on 2007-10-15
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\PC Tools Firewall Plus\FWService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\CTsvcCDA.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\RealVNC\VNC4\WinVNC4.exe
    D:\WINDOWS\system32\MsPMSPSv.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    D:\PROGRA~1\NEOSTR~1\CnxMon.exe
    D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Gadu-Gadu\gg.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
    D:\Documents and Settings\Patryk\Pulpit\TBI GG 8.0.exe
    D:\Program Files\Opera\Opera.exe
    D:\Program Files\Tibia\Tibia.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Documents and Settings\Patryk\Pulpit\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - D:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [EPSON Stylus D68 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
    O4 - HKLM\..\Run: [BearFlix] "D:\Program Files\BearFlix\bearflix.exe" /pause
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [orcToByloLatwe] C:\WINDOWS\services.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKLM\..\Run: [svgchost ] C:\windows\svgchost.exe
    O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [shell] c:\windows\system32\services32.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CS1\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.152.34 217.98.63.164
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)


    Proszę o pomoc.
  • #2
    Brauniack
    Level 27  
    Spróbuj skanerami antywirusowymi ON-LINE np. mks vir
  • #4
    Kolobos
    IT specialist
    Mks to chyba najgorszy ze skanerow, Ad-Aware tez nie wiele pomoze.

    Zaden program nie bedzie myslal za Ciebie jak sam sciagasz i instalujesz trojany to nic Ci nie pomoze.
    Zrob skan przy pomocy SuperAntiSpyware, Avast zmien na AntVir PE. Nie uzywaj IE oraz OE zamiast tego Opera lub Firefox oraz Thunderbird.

    W hijackthis usun:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - D:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll (file missing)
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [orcToByloLatwe] C:\WINDOWS\services.exe
    O4 - HKLM\..\Run: [svgchost ] C:\windows\svgchost.exe
    O4 - HKLM\..\Run: [shell] c:\windows\system32\services32.exe

    Daj w ZALACZNIKU log z combofix oraz nowy log z hijackthis (z wersji 2.x od trend micro).
  • #5
    Ryba00
    Level 2  
    Ok, wszystko zrobione.
    Zrozumiałem, że logi mają być w załączniku - wyświetla mi się "Rozszerzenie log jest niedozwolone"

    HiJackThis Log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:24:10, on 2007-10-15
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\PC Tools Firewall Plus\FWService.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\CTsvcCDA.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\RealVNC\VNC4\WinVNC4.exe
    D:\WINDOWS\system32\MsPMSPSv.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    D:\PROGRA~1\NEOSTR~1\CnxMon.exe
    D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Gadu-Gadu\gg.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\WINDOWS\system32\notepad.exe
    D:\Documents and Settings\Patryk\Pulpit\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [EPSON Stylus D68 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
    O4 - HKLM\..\Run: [BearFlix] "D:\Program Files\BearFlix\bearflix.exe" /pause
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CS1\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.152.34 217.98.63.164
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - D:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 5571 bytes



    ComboFix Log:

    ComboFix 07-10-12.4 - Patryk 2007-10-15 19:09:38.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.23 [GMT 2:00]
    Running from: D:\Documents and Settings\Patryk\Pulpit\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Program Files\myglobalsearch

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
    .

    2007-10-15 19:07 51,200 --a------ D:\WINDOWS\NirCmd.exe
    2007-10-14 18:56 <DIR> d-------- D:\Program Files\Gimnazjum klasa 1 - Fizyka
    2007-10-14 13:39 <DIR> d--hs---- D:\FOUND.075
    2007-10-10 20:05 <DIR> d-------- D:\Documents and Settings\Alicja\Dane aplikacji\Talkback
    2007-10-08 14:04 <DIR> d-------- D:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
    2007-10-08 14:02 <DIR> d-------- D:\Program Files\Xfire
    2007-10-08 14:02 <DIR> d-------- D:\Documents and Settings\Patryk\Dane aplikacji\Xfire
    2007-10-07 10:02 <DIR> d--hs---- D:\FOUND.074
    2007-10-05 17:41 129,784 --------- D:\WINDOWS\system32\pxafs.dll
    2007-10-04 14:25 <DIR> d--hs---- D:\FOUND.073
    2007-09-30 10:24 <DIR> d-------- D:\Documents and Settings\Alicja\Dane aplikacji\PCToolsFirewallPlus
    2007-09-30 10:22 <DIR> d--h----- D:\Documents and Settings\Alicja\Ustawienia lokalne
    2007-09-30 10:22 <DIR> dr------- D:\Documents and Settings\Alicja\Ulubione
    2007-09-30 10:22 <DIR> d--h----- D:\Documents and Settings\Alicja\Szablony
    2007-09-30 10:22 <DIR> d-------- D:\Documents and Settings\Alicja\Pulpit
    2007-09-30 10:22 <DIR> dr------- D:\Documents and Settings\Alicja\Moje dokumenty
    2007-09-30 10:22 <DIR> dr------- D:\Documents and Settings\Alicja\Menu Start
    2007-09-30 10:22 <DIR> dr-h----- D:\Documents and Settings\Alicja\Dane aplikacji
    2007-09-29 19:43 <DIR> d--hs---- D:\FOUND.072
    2007-09-27 17:18 <DIR> d-------- D:\Program Files\Counter-Strike 1.6
    2007-09-26 13:38 <DIR> d--hs---- D:\FOUND.071

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-08 13:12 --------- d-----w D:\Program Files\Tibia Auto
    2007-09-06 10:09 801,144 ----a-w D:\WINDOWS\system32\aswBoot.exe
    2007-09-06 10:05 94,416 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 10:05 92,848 ----a-w D:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 10:03 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 10:02 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 10:00 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
    2007-09-06 10:00 26,624 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
    2007-08-29 08:43 --------- d-----w D:\Documents and Settings\Patryk\Dane aplikacji\Tibia
    2007-08-29 08:41 --------- d-----w D:\Program Files\Tibia
    2007-08-26 12:24 --------- d-----w D:\Program Files\Maxis
    2007-08-22 13:19 96,768 ----a-w D:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 13:19 661,504 ----a-w D:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 13:19 616,448 ----a-w D:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 13:19 55,808 ----a-w D:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 13:19 532,480 ----a-w D:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 13:19 474,112 ----a-w D:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 13:19 449,024 ----a-w D:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 13:19 39,424 ----a-w D:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 13:19 357,888 ----a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 13:19 3,079,168 ----a-w D:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 13:19 251,392 ----a-w D:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 13:19 205,312 ----a-w D:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 13:19 16,384 ----a-w D:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 13:19 151,552 ----a-w D:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 13:19 146,432 ----a-w D:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 13:19 1,494,528 ----a-w D:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 13:19 1,055,744 ----a-w D:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 13:19 1,022,976 ----a-w D:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:30 18,432 ----a-w D:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:18 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:18 683,520 ----a-w D:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 13:10 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\TEMP
    2007-08-20 11:51 --------- d-----w D:\Program Files\ViralSound.com
    2007-07-30 17:19 92,504 ----a-w D:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 17:19 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 549,720 ----a-w D:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 53,080 ----a-w D:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w D:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 325,976 ----a-w D:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 17:19 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 203,096 ----a-w D:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w D:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:19 1,712,984 ----a-w D:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w D:\WINDOWS\system32\wups.dll
    2007-07-30 17:18 33,624 ----a-w D:\WINDOWS\system32\dllcache\wups.dll
    2007-03-24 09:15 774,144 ----a-w D:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 D:\WINDOWS\system32\CTHELPER.EXE]
    "UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
    "Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
    "CTStartup"="D:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]
    "EPSON Stylus D68 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe" [2005-01-25 06:00]
    "BearFlix"="D:\Program Files\BearFlix\bearflix.exe" []
    "NeroCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "SpeedTouch USB Diagnostics"="D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
    "00PCTFW"="D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13]
    "WooCnxMon"="D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
    "WOOWATCH"="D:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
    "WOOTASKBARICON"="D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07]
    "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2007-07-09 09:39]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    @=


    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-04 11:13:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-15 19:20:48
    Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTStartup = D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???Z????&7???6~??6~Z???????\???\???????????U?6~??6~\???\???????XTa??????C@?\???\??????sZ???\??????s\????&7?A??s?&7??C@?x???`|?w\?????@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-15 19:22:20 - machine was rebooted
    .
    --- E O F ---
  • #6
    Kolobos
    IT specialist
    Wystarczylo zmienic rozszerzenie z log na txt..
    Usun z dysku wszystkie D:\FOUND.* i jak mozesz to zmien system plikow na NTFS.
    Logi sa juz ok.
  • #7
    roman.adamki
    Level 13  
    Norton 2006 i po wszystkich problemach