• Ogłoszenie:

instalacja nod'a / usunięcie noda = kod 2753

Wszystko na temat programów: skąd pobrać, instalacja, użytkowanie, problemy, poszukiwane programy.

instalacja nod'a / usunięcie noda = kod 2753

Postprzez fibi07 19 Kwi 2008, 15:45

reklama
mam problem z instalacja programu nod32. musiałem go odinstalować i jak to zrobiłem to gdy chce go z powrotem zainstalować to wyskakuje, że nie może zainstalować się bo jest już zainstalowany :| a wcale nie jest. nie wiem czemu. rejestr wyczyściłem i nic.
Ostatnio edytowany przez fibi07, 19 Kwi 2008, 16:12, edytowano w sumie 1 raz
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez free25 19 Kwi 2008, 15:55

Prawdopodobnie zostawił swoje pliki w katalogu użytkownika. Przejrzyj katalog c:\Documents&Settings\xxxxx\ gdzie xxxxx to twoj login
free25
~user
 
Posty: 235
Dołączenie: 24 Cze 2006, 13:05
Miejscowość: Nieznana
Pochwały: 18



Postprzez fibi07 19 Kwi 2008, 16:11

nic tam nie ma. =/ ani w danych aplikacji ani w żadnym innym folderze.

przy próbie odinstalowania z poziomu instalatora (bo mam 2 opcje napraw i usuń napraw nic nie daje.) to wyskakuje okno, że napotkał błąd o kodzie 2753 i że to problem nie dający się usunąć.
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez wojtas 19 Kwi 2008, 16:25

daj loga z combofixa i hijacka moze cos sie zobaczy :D

Autor postu otrzymał pochwałę
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656



Postprzez Dzi@dek 19 Kwi 2008, 16:27

Usuń katalog: ( mogę być ukryte-w opcjach folderów - odznacz - Ukryj ukryte pliki systemu operacyjnego/ zaznacz - pokaż ukryte pliki i foldery. )

C:\Program Files\ESET\
C:\Documents and Settings\nazwa usera\Dane aplikacji\ESET\
C:\Documents and Settings\nazwa usera\Ustawienia lokalne\Dane aplikacji\ESET\

Po wszystkim - użyj narzędzia do czyszczenia rejestru.
http://www.programosy.pl/program,registry-first.html
Restart i ponowna instalacja.

Autor postu otrzymał pochwałę
Image Image
Dzi@dek
^zasłużony
 
Posty: 3854
Dołączenie: 11 Gru 2006, 20:18
Miejscowość: Warszawa
Pochwały: 210



Postprzez fibi07 19 Kwi 2008, 17:51

Dzi@dek/
nadal wyskakuje ten błąd z tym kodem. i tylko 2 opcje napraw i usuń.


wojtas
logi:

Kod: Zaznacz wszystko
ComboFix 08-04-18.3 - Admin 2008-04-19 17:41:34.9 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.72 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cceeeec_z.dll
C:\WINDOWS\Temporary Internet Files\firmware.inf
C:\WINDOWS\Temporary Internet Files\ip3picfile.temp
C:\WINDOWS\Temporary Internet Files\ip3Wmapic.temp

.
(((((((((((((((((((((((((   Files Created from 2008-03-19 to 2008-04-19  )))))))))))))))))))))))))))))))
.

2008-04-19 17:23 . 2008-04-19 17:23   23   --a------   C:\WINDOWS\SYSTEM32\aefead8_z.ocx
2008-04-19 16:57 . 2008-04-19 16:58   <DIR>   d--------   C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14   766   --a------   C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-16 20:10   <DIR>   d--------   C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59   <DIR>   d--------   C:\security
2008-04-12 19:41 . 2008-04-12 19:41   <DIR>   d--------   C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . 2008-04-12 19:41   <DIR>   d--------   C:\Documents and Settings\GoťŠ
2008-04-12 15:30 . 2008-04-12 15:30   <DIR>   d--------   C:\Documents and Settings\Admin\DoctorWeb
2008-04-12 15:07 . 2008-04-19 15:23   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-12 13:09 . 2008-04-12 13:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47   7,680   --ahs----   C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-19 17:43   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09   36,101   --a------   C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-19 17:41   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43   41,984   -ra------   C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09   <DIR>   d--------   C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56   <DIR>   d--------   C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09   <DIR>   d--------   C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08   2,728   --a------   C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-17 11:46   <DIR>   d--------   C:\iriver plus 3
2008-03-22 17:44 . 2008-03-22 17:46   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\SecondLife

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 15:38   ---------   d-----w   C:\Program Files\AutoConnect
2008-04-19 14:06   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-18 19:53   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-12 21:27   ---------   d-----w   C:\Program Files\podatki.pl
2008-04-12 21:23   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19   ---------   d-----w   C:\Program Files\Winamp
2008-02-28 17:40   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-27 19:17   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire
2008-02-23 09:32   ---------   d-----w   C:\Program Files\GoldWave
2008-02-20 09:11   33,800   ----a-w   C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 09:02   29,704   ----a-w   C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 09:01   39,944   ----a-w   C:\WINDOWS\system32\drivers\eamon.sys
2008-02-19 11:16   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
2005-12-17 17:42   266   --sha-w   C:\Program Files\desktop.ini
2005-12-17 17:42   11,232   ---ha-w   C:\Program Files\folder.htt
2005-05-13 16:12   217,073   --sha-r   C:\WINDOWS\meta4.exe
2005-10-24 10:13   66,560   --sha-r   C:\WINDOWS\MOTA113.exe
2005-10-13 20:27   422,400   --sha-r   C:\WINDOWS\x2.64.exe
2005-10-07 18:14   308,224   --sha-r   C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31   27,648   --sha-r   C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32   616,448   --sha-r   C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37   45,568   --sha-r   C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24   2,945,024   --sha-r   C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16   240,128   --sha-r   C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\yv12vfw.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08   8480768   --a------   C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 17:43:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
Completion time: 2008-04-19 17:45:25
ComboFix-quarantined-files.txt  2008-04-19 15:45:21

Pre-Run: 24,712,621,056 bajtów wolnych
Post-Run: 24,711,757,824 bajtów wolnych

210


Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:01, on 2008-04-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiadomosci.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{293EF9E3-F5F1-4101-9252-6D8F3B0F3BBE}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{293EF9E3-F5F1-4101-9252-6D8F3B0F3BBE}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 4420 bytes
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez Dzi@dek 19 Kwi 2008, 18:57

Usuń te wpisy w HJ:

O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)



Otwórz notatnik i wklej:
File::
C:\WINDOWS\SYSTEM32\aefead8_z.ocx


Plik :arrow: Zapisz jako... :arrow: CFScript - najlepiej jeśli zapiszesz w
takiej lokalizacji, by ikona CFScript.txt znalazła się obok ikony ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na plik :arrow: ComboFix.exe Image
Potwierdz :arrow: zresetuje sie komputer.

Jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER. Rozpocznie się proces usuwania.

Daj nowe logi z Combofix oraz Hijackthis.
Image Image
Dzi@dek
^zasłużony
 
Posty: 3854
Dołączenie: 11 Gru 2006, 20:18
Miejscowość: Warszawa
Pochwały: 210



Postprzez fibi07 20 Kwi 2008, 19:54

Dzi@dek napisał(a):Usuń te wpisy w HJ:

usunąłem


Dzi@dek napisał(a):Przeciągnij i upuść plik CFScript.txt

zrobiłem.

Dzi@dek napisał(a):zresetuje sie komputer.

sam się nie zrestartował. sam to zrobiłem.


Dzi@dek napisał(a):eśli pojawi się pytanie "1 or 2"

nie było.



hjt:

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:53, on 2008-04-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiadomosci.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{293EF9E3-F5F1-4101-9252-6D8F3B0F3BBE}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{293EF9E3-F5F1-4101-9252-6D8F3B0F3BBE}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 4421 bytes



combo

Kod: Zaznacz wszystko
ComboFix 08-04-18.3 - Admin 2008-04-19 19:00:47.10 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.89 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\SYSTEM32\aefead8_z.ocx
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\aefead8_z.ocx

.
(((((((((((((((((((((((((   Files Created from 2008-03-19 to 2008-04-19  )))))))))))))))))))))))))))))))
.

2008-04-19 16:57 . 2008-04-19 16:58   <DIR>   d--------   C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14   766   --a------   C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-16 20:10   <DIR>   d--------   C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59   <DIR>   d--------   C:\security
2008-04-12 19:41 . 2008-04-12 19:41   <DIR>   d--------   C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . 2008-04-12 19:41   <DIR>   d--------   C:\Documents and Settings\GoťŠ
2008-04-12 15:30 . 2008-04-12 15:30   <DIR>   d--------   C:\Documents and Settings\Admin\DoctorWeb
2008-04-12 15:07 . 2008-04-19 15:23   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-12 13:09 . 2008-04-12 13:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47   7,680   --ahs----   C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-19 19:03   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09   36,101   --a------   C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-19 17:41   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43   41,984   -ra------   C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09   <DIR>   d--------   C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56   <DIR>   d--------   C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09   <DIR>   d--------   C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08   2,728   --a------   C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-17 11:46   <DIR>   d--------   C:\iriver plus 3
2008-03-22 17:44 . 2008-03-22 17:46   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\SecondLife

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 15:49   ---------   d-----w   C:\Program Files\AutoConnect
2008-04-19 14:06   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-18 19:53   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-12 21:27   ---------   d-----w   C:\Program Files\podatki.pl
2008-04-12 21:23   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19   ---------   d-----w   C:\Program Files\Winamp
2008-02-28 17:40   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-27 19:17   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire
2008-02-23 09:32   ---------   d-----w   C:\Program Files\GoldWave
2008-02-20 09:11   33,800   ----a-w   C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 09:02   29,704   ----a-w   C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 09:01   39,944   ----a-w   C:\WINDOWS\system32\drivers\eamon.sys
2008-02-19 11:16   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
2005-12-17 17:42   266   --sha-w   C:\Program Files\desktop.ini
2005-12-17 17:42   11,232   ---ha-w   C:\Program Files\folder.htt
2005-05-13 16:12   217,073   --sha-r   C:\WINDOWS\meta4.exe
2005-10-24 10:13   66,560   --sha-r   C:\WINDOWS\MOTA113.exe
2005-10-13 20:27   422,400   --sha-r   C:\WINDOWS\x2.64.exe
2005-10-07 18:14   308,224   --sha-r   C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31   27,648   --sha-r   C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32   616,448   --sha-r   C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37   45,568   --sha-r   C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24   2,945,024   --sha-r   C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16   240,128   --sha-r   C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\yv12vfw.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-04-19_17.44.59,92   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:38:42   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-04-19 15:48:58   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-04-19 15:49:02   16,384   ----atw   C:\WINDOWS\TEMP\Perflib_Perfdata_59c.dat
- 2008-04-19 15:39:52   3,735,552   ----a-w   C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-19 15:51:51   3,735,552   ----a-w   C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08   8480768   --a------   C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 19:03:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
Completion time: 2008-04-19 19:05:21
ComboFix-quarantined-files.txt  2008-04-19 17:05:11

Pre-Run: 24,691,356,672 bajtów wolnych
Post-Run: 24,679,779,840 bajtów wolnych

216
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez wojtas 20 Kwi 2008, 21:45

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\drivers\epfwtdir.sys
C:\WINDOWS\system32\drivers\easdrv.sys
C:\WINDOWS\system32\drivers\eamon.sys

Driver::
EHttpSrv
ekrn


Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656



Postprzez fibi07 23 Kwi 2008, 21:05

wojtas napisał(a):nowy log

Kod: Zaznacz wszystko
ComboFix 08-04-18.3 - Admin 2008-04-22 17:27:06.11 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.73 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\drivers\eamon.sys
C:\WINDOWS\system32\drivers\easdrv.sys
C:\WINDOWS\system32\drivers\epfwtdir.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\eamon.sys
C:\WINDOWS\system32\drivers\easdrv.sys
C:\WINDOWS\system32\drivers\epfwtdir.sys
C:\WINDOWS\Temporary Internet Files\firmware.inf
C:\WINDOWS\Temporary Internet Files\ip3Wmapic.temp

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EKRN
-------\Service_EHttpSrv
-------\Service_ekrn
-------\Legacy_eamon
-------\Legacy_easdrv
-------\Legacy_epfwtdir
-------\eamon
-------\easdrv
-------\epfwtdir


(((((((((((((((((((((((((   Files Created from 2008-03-22 to 2008-04-22  )))))))))))))))))))))))))))))))
.

2008-04-19 21:41 . 2008-04-19 21:52   <DIR>   d--------   C:\Grand Theft Auto Vice City
2008-04-19 20:57 . 2008-04-19 20:57   <DIR>   d--------   C:\Program Files\ESET
2008-04-19 16:57 . 2008-04-19 16:58   <DIR>   d--------   C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14   766   --a------   C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-21 11:27   <DIR>   d--------   C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59   <DIR>   d--------   C:\security
2008-04-12 19:41 . 2008-04-12 19:41   <DIR>   d--------   C:\Documents and Settings\Gość
2008-04-12 19:41 .    <DIR>      C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 .    <DIR>      C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 15:30 . 2008-04-12 15:30   <DIR>   d--------   C:\Documents and Settings\Admin\DoctorWeb
2008-04-12 13:09 . 2008-04-12 13:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47   7,680   --ahs----   C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-22 17:29   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09   36,101   --a------   C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-19 17:41   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43   41,984   -ra------   C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09   <DIR>   d--------   C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56   <DIR>   d--------   C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09   <DIR>   d--------   C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08   2,728   --a------   C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-20 20:42   <DIR>   d--------   C:\iriver plus 3
2008-03-22 17:44 . 2008-03-22 17:46   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\SecondLife

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 15:32   ---------   d-----w   C:\Program Files\AutoConnect
2008-04-21 20:24   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-19 19:42   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-19 14:06   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-12 21:27   ---------   d-----w   C:\Program Files\podatki.pl
2008-04-12 21:23   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19   ---------   d-----w   C:\Program Files\Winamp
2008-02-27 19:17   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire
2008-02-23 09:32   ---------   d-----w   C:\Program Files\GoldWave
2005-12-17 17:42   266   --sha-w   C:\Program Files\desktop.ini
2005-12-17 17:42   11,232   ---ha-w   C:\Program Files\folder.htt
2005-05-13 16:12   217,073   --sha-r   C:\WINDOWS\meta4.exe
2005-10-24 10:13   66,560   --sha-r   C:\WINDOWS\MOTA113.exe
2005-10-13 20:27   422,400   --sha-r   C:\WINDOWS\x2.64.exe
2005-10-07 18:14   308,224   --sha-r   C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31   27,648   --sha-r   C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32   616,448   --sha-r   C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37   45,568   --sha-r   C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24   2,945,024   --sha-r   C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16   240,128   --sha-r   C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\yv12vfw.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-04-19_17.44.59,92   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:38:42   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-04-22 15:31:41   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-04-19 14:08:00   10,134   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
+ 2008-04-19 18:57:55   10,134   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
- 2008-04-19 14:08:00   136,448   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2008-04-19 18:57:56   136,448   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2008-04-22 15:31:50   16,384   ----atw   C:\WINDOWS\TEMP\Perflib_Perfdata_5c8.dat
- 2008-04-19 15:39:52   3,735,552   ----a-w   C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-22 15:32:20   3,735,552   ----a-w   C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08   8480768   --a------   C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 17:32:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\PAStiSvc.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-22 17:34:41 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-22 15:34:34

Pre-Run: 23,029,556,224 bajtów wolnych
Post-Run: 23,031,497,728 bajt˘w wolnych

246
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez wojtas 23 Kwi 2008, 21:17

wklej do notatnika:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

Folder::
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}


i znowu upuśc na ikonke i powiedz jak systuacja
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656



Postprzez fibi07 26 Kwi 2008, 10:30

LOG:

Kod: Zaznacz wszystko
ComboFix 08-04-18.3 - Admin 2008-04-23 23:17:12.12 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.62 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe

.
(((((((((((((((((((((((((   Files Created from 2008-03-23 to 2008-04-23  )))))))))))))))))))))))))))))))
.

2008-04-19 21:41 . 2008-04-19 21:52   <DIR>   d--------   C:\Grand Theft Auto Vice City
2008-04-19 20:57 . 2008-04-19 20:57   <DIR>   d--------   C:\Program Files\ESET
2008-04-19 16:57 . 2008-04-19 16:58   <DIR>   d--------   C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14   766   --a------   C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-21 11:27   <DIR>   d--------   C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59   <DIR>   d--------   C:\security
2008-04-12 19:41 . 2008-04-22 17:34   <DIR>   d--------   C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . 2008-04-12 19:41   <DIR>   d--------   C:\Documents and Settings\GoťŠ
2008-04-12 15:30 . 2008-04-12 15:30   <DIR>   d--------   C:\Documents and Settings\Admin\DoctorWeb
2008-04-12 13:09 . 2008-04-12 13:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47   7,680   --ahs----   C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-23 23:19   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09   36,101   --a------   C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-19 17:41   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43   41,984   -ra------   C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09   <DIR>   d--------   C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56   <DIR>   d--------   C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09   <DIR>   d--------   C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08   2,728   --a------   C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-20 20:42   <DIR>   d--------   C:\iriver plus 3

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:50   ---------   d-----w   C:\Program Files\AutoConnect
2008-04-21 20:24   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-19 19:42   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-19 14:06   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-12 21:27   ---------   d-----w   C:\Program Files\podatki.pl
2008-04-12 21:23   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19   ---------   d-----w   C:\Program Files\Winamp
2008-03-22 15:46   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\SecondLife
2008-02-27 19:17   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire
2008-02-23 09:32   ---------   d-----w   C:\Program Files\GoldWave
2005-12-17 17:42   266   --sha-w   C:\Program Files\desktop.ini
2005-12-17 17:42   11,232   ---ha-w   C:\Program Files\folder.htt
2005-05-13 16:12   217,073   --sha-r   C:\WINDOWS\meta4.exe
2005-10-24 10:13   66,560   --sha-r   C:\WINDOWS\MOTA113.exe
2005-10-13 20:27   422,400   --sha-r   C:\WINDOWS\x2.64.exe
2005-10-07 18:14   308,224   --sha-r   C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31   27,648   --sha-r   C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32   616,448   --sha-r   C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37   45,568   --sha-r   C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24   2,945,024   --sha-r   C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16   240,128   --sha-r   C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\yv12vfw.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-04-19_17.44.59,92   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:38:42   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-04-22 17:50:07   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-04-22 17:50:11   16,384   ----atw   C:\WINDOWS\TEMP\Perflib_Perfdata_5a0.dat
- 2008-04-19 15:39:52   3,735,552   ----a-w   C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 21:01:42   3,735,552   ----a-w   C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08   8480768   --a------   C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 23:19:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
Completion time: 2008-04-23 23:21:28
ComboFix-quarantined-files.txt  2008-04-23 21:21:23
ComboFix2.txt  2008-04-22 15:34:42

Pre-Run: 22,947,852,800 bajtów wolnych
Post-Run: 22,961,337,344 bajtów wolnych

215


nadal jest ten błąd. nie wiem czemu =/
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez kepa416 26 Kwi 2008, 11:34

Wpisz w opcjii uruchom polecenie "services.msc" i sprawdź czy nie ma tam nic od nod'a badz eset'a
Awatar użytkownika
kepa416
~user
 
Posty: 924
Dołączenie: 30 Kwi 2007, 22:14
Miejscowość: Jelenia Góra
Pochwały: 12



Postprzez fibi07 27 Kwi 2008, 13:38

nic nie ma.
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez kahoona 27 Kwi 2008, 15:47

fibi07 -

Trzy sprawy:
1. Pobierz pserv.cpl ze strony:

Kod: Zaznacz wszystko
http://p-nand-q.com/e/pserv.html


Zainstaluj, uruchom. File - wybierz Services - sprawdź, czy istotnie nie ma usługi. Później File - Devices - to samo dla biblioteki.
2. Pobierz Simaika System Properties:

Kod: Zaznacz wszystko
http://www.snapfiles.com/get/systemproperties.html


Tutaj wybór jest znacznie większy - wszystko do sprawdzenia.

3. W katalogu Windows / Installer

KAŻDY z plików msi lub msp trzeba sprawdzić na okoliczność pochodzenia. SKASUJ instalator NODa po jego zidentyfikowaniu.

Na zakończenie - standardowe, czyszczenie rejestru. RegHealer lub AML Free Registry Cleaner.

Po drodze - sprawdziłbym skanerem online system - i usunął Redlof.A i inne (prawdopodobnie :D ).

Ale - najlepiej, tak po prostu - odinstaluj Dr.Web. To drugi antywirus, a tego nie chce NOD32, zgłaszając błąd.

Autor postu otrzymał pochwałę
...no to żegnam... i kropka.
kahoona
~user
 
Posty: 5637
Dołączenie: 24 Kwi 2006, 10:19
Pochwały: 475



Postprzez fibi07 28 Kwi 2008, 17:46

1) nic nie wykryło.
2) nic nie wykryło.
3)

kahoona napisał(a):Windows / Installer

nie mam w folderze Windows folderu installer :?


kahoona napisał(a):czyszczenie rejestru

wyczyszczony.


kahoona napisał(a):Po drodze - sprawdziłbym skanerem online system - i usunął Redlof.A i inne (prawdopodobnie Very Happy ).



hmm a jakim? bo usiłuję z 5 z rzędu i nie działa :?


kahoona napisał(a):odinstaluj Dr.Web

nie mam go. tj. wcześniej odinstalowałem,.
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez kahoona 28 Kwi 2008, 18:02

Kod: Zaznacz wszystko
2008-04-12 15:30 . 2008-04-12 15:30   <DIR>   d--------   C:\Documents and Settings\Admin\DoctorWeb


Skan twierdzi, że go jeszcze w jakiś sposób masz. Nie wiem, jak NOD traktuje SpyBot Search And Destroy i podobne programy - ale usunąłbym dla testów.

Redlof.A to nic innego jak
Kod: Zaznacz wszystko
C:\Program Files\folder.htt


Przez większość nie jest już traktowany jako wirus, ale...
Zwykłe wyszukiwanie (chociażby totalcommanderem) i skasowanie - oraz przeróbka desktop.ini w katalogach, gdzie był.

Folder windows/Installer masz - włącz widok ukrytych plików i folderów.
...no to żegnam... i kropka.
kahoona
~user
 
Posty: 5637
Dołączenie: 24 Kwi 2006, 10:19
Pochwały: 475



Postprzez Okocza 28 Kwi 2008, 18:43

otwórz notatnik wklej w nim:

Kod: Zaznacz wszystko
Files::
C:\Program Files\folder.htt

Folders::
C:\Documents and Settings\Admin\DoctorWeb


Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406



Postprzez fibi07 28 Kwi 2008, 21:11

kahoona napisał(a):Folder windows/Installer masz - włącz widok ukrytych plików i folderów.

właśnie nie. mam
Kod: Zaznacz wszystko
ime
InCD
INF
Internet Logs

to tylko po zaznaczeniu aby wyświetlało ukryte pliki.


okocza napisał(a):nowy log


Kod: Zaznacz wszystko
ComboFix 08-04-18.3 - Admin 2008-04-28 21:04:38.13 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.77 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Temporary Internet Files\firmware.inf
C:\WINDOWS\Temporary Internet Files\ip3picfile.temp
C:\WINDOWS\Temporary Internet Files\ip3Wmapic.temp

.
(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-28  )))))))))))))))))))))))))))))))
.

2008-04-28 17:02 . 2008-04-28 17:02   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\System Properties
2008-04-19 21:41 . 2008-04-19 21:52   <DIR>   d--------   C:\Grand Theft Auto Vice City
2008-04-19 16:57 . 2008-04-19 16:58   <DIR>   d--------   C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14   766   --a------   C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-27 22:03   <DIR>   d--------   C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59   <DIR>   d--------   C:\security
2008-04-12 19:41 . 2008-04-22 17:34   <DIR>   d--------   C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . 2008-04-12 19:41   <DIR>   d--------   C:\Documents and Settings\GoťŠ
2008-04-12 13:09 . 2008-04-12 13:10   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47   7,680   --ahs----   C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-28 21:07   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09   36,101   --a------   C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-27 16:40   1,024   --ah-----   C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43   41,984   -ra------   C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09   <DIR>   d--------   C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56   <DIR>   d--------   C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09   <DIR>   d--------   C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08   2,728   --a------   C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-27 22:11   <DIR>   d--------   C:\iriver plus 3

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 18:29   ---------   d-----w   C:\Program Files\AutoConnect
2008-04-28 14:40   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-21 20:24   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-19 19:42   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-12 21:27   ---------   d-----w   C:\Program Files\podatki.pl
2008-04-12 21:23   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19   ---------   d-----w   C:\Program Files\Winamp
2008-03-22 15:46   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\SecondLife
2005-12-17 17:42   266   --sha-w   C:\Program Files\desktop.ini
2005-05-13 16:12   217,073   --sha-r   C:\WINDOWS\meta4.exe
2005-10-24 10:13   66,560   --sha-r   C:\WINDOWS\MOTA113.exe
2005-10-13 20:27   422,400   --sha-r   C:\WINDOWS\x2.64.exe
2005-10-07 18:14   308,224   --sha-r   C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31   27,648   --sha-r   C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32   616,448   --sha-r   C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37   45,568   --sha-r   C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24   2,945,024   --sha-r   C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16   240,128   --sha-r   C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00   70,656   --sha-r   C:\WINDOWS\SYSTEM32\yv12vfw.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-04-19_17.44.59,92   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:38:42   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-04-28 18:29:01   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-04-19 14:08:00   10,134   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
+ 2008-04-25 18:06:16   10,134   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
- 2008-04-19 14:08:00   136,448   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2008-04-25 18:06:16   136,448   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2007-04-19 18:05:54   937,984   ----a-w   C:\WINDOWS\SYSTEM32\simaika.dll
+ 2007-03-04 18:55:36   53,248   ----a-w   C:\WINDOWS\SYSTEM32\w32msg.dll
+ 2008-04-28 18:29:05   16,384   ----atw   C:\WINDOWS\TEMP\Perflib_Perfdata_59c.dat
- 2008-04-19 15:39:52   3,735,552   ----a-w   C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-28 19:04:53   3,735,552   ----a-w   C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-01 20:56:00   96,256   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 22:25:52   1,101,824   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56   1,093,120   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58   69,632   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00   57,856   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00   40,960   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00   45,056   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00   65,536   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00   57,344   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00   61,440   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00   49,152   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00   49,152   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44   65,536   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08   8480768   --a------   C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 21:07:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
Completion time: 2008-04-28 21:09:18
ComboFix-quarantined-files.txt  2008-04-28 19:09:15
ComboFix2.txt  2008-04-23 21:21:29
ComboFix3.txt  2008-04-22 15:34:42

Pre-Run: 22,485,519,872 bajtów wolnych
Post-Run: 22,487,121,920 bajtów wolnych

234
Awatar użytkownika
fibi07
~user
 
Posty: 2008
Dołączenie: 21 Maj 2006, 12:55
Pochwały: 58



Postprzez kahoona 28 Kwi 2008, 21:29

Kod: Zaznacz wszystko
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2008-04-25 18:06:16   136,448   ----a-r   C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe


No popatrz... A jednak masz Windows/Installer, a w katalogu {17026F9A-0826-4F3B-AF90-BA59C8B12435} na dodatek pliki instalacyjne NOD32.

Zainstaluj totalcommander. Później:

Konfiguracja / Opcje - zakładka Wyświetlanie - ZAZNACZ "Pokaż pliki ukryte/systemowe"

Później - dysk C: - windows - installer - {17026F9A-0826-4F3B-AF90-BA59C8B12435} - skasuj ten folder.
...no to żegnam... i kropka.
kahoona
~user
 
Posty: 5637
Dołączenie: 24 Kwi 2006, 10:19
Pochwały: 475



Następna

Powróć do Programy

Kto jest na forum

Użytkownicy przeglądający to forum: tinade oraz 20 gości