Aktualizacje na programosy.pl:
Game Maker • Arduino IDE • Python • Extreme Picture Finder • ReSharper • Monkey′s Audio • Farbar Recovery Scan Tool • DAEMON Tools Lite • ESET Internet Security
-
- Ogłoszenie:
z błędem pokazującym się po uruchomieniu
18 posty(ów) • Strona 1 z 1
z błędem pokazującym się po uruchomieniu
przez NoName 22 Lip 2008, 16:41
Ostatnio edytowany przez NoName, 22 Lip 2008, 17:28, edytowano w sumie 1 raz
Intel Core Duo D935, 2,75GB Ram, Gigabyte GeForce 8500GT 512RAM, IBOX 400W
- NoName
- ~user
- Posty: 102
- Dołączenie: 25 Gru 2006, 15:28
przez Magik 22 Lip 2008, 17:05
NoName napisał(a):tak jak w temacie, od jakiegoś czasu pojawia mi się taki o to błąd, gdy uruchomi już mi się windows (XP oczywiśćie), nie wiem o co chodzi, proszę o pomoc
odinstaluj ostatnio zainstalowane programy
przeskanuj pamiec za pomoca memtest
odpal start-->uruchom-->cmd
- Kod: Zaznacz wszystko
chkdsk /r
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez kahoona 22 Lip 2008, 19:31
Ja bym raczej dał logi z HijackThis! i ComboFix - pod kątem amvo...
...no to żegnam... i kropka.
- kahoona
- ~user
- Posty: 5637
- Dołączenie: 24 Kwi 2006, 10:19
- Pochwały: 475
-
przez NoName 25 Lip 2008, 14:12
emo Magik
nie mam pojęcia o jakie programy może chodzić
przeskanowałem pamięć za pomocą memtestu - doszło do 764,6% i nie wykrył żadnych błędów więc zatrzymałem
nie rozumiem co mi daje odpalenie cmd w "uruchom", nie za bardzo się na tym znam
kahoona
mogę dać te logi ale co znaczy - pod kątem amvo?
nie mam pojęcia o jakie programy może chodzić
przeskanowałem pamięć za pomocą memtestu - doszło do 764,6% i nie wykrył żadnych błędów więc zatrzymałem
nie rozumiem co mi daje odpalenie cmd w "uruchom", nie za bardzo się na tym znam
kahoona
mogę dać te logi ale co znaczy - pod kątem amvo?
Intel Core Duo D935, 2,75GB Ram, Gigabyte GeForce 8500GT 512RAM, IBOX 400W
- NoName
- ~user
- Posty: 102
- Dołączenie: 25 Gru 2006, 15:28
-
przez Magik 25 Lip 2008, 14:16
NoName napisał(a):kahoona
mogę dać te logi ale co znaczy
to daj
NoName napisał(a):pod kątem amvo?
to jest wirus, i sprawdzimy logi pod jego katem
NoName napisał(a):nie rozumiem co mi daje odpalenie cmd w "uruchom", nie za bardzo się na tym znam
odpal to "cmd"-->czyli linie polecen....i wpisz w niej komende
emo Magik napisał(a):chkdsk /r
oprocz niej
- Kod: Zaznacz wszystko
sfc /scannow
ale najpierw wrzuc logi
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez NoName 25 Lip 2008, 14:40
z HijackThis:
oraz z ComboFix:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33, on 2008-07-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Beniamin\tguard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SVRemote\TVCardRemote.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Ninoo\Menu Start\Programy\Autostart\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.pol.chello.pl/ssi/welcome/welcome.php?url=search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez chello broadband n.v.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [tguard] C:\Program Files\Beniamin\tguard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SVRemote] c:\Program Files\SVRemote\TVCardRemote.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
--
End of file - 9837 bytes
oraz z ComboFix:
- Kod: Zaznacz wszystko
ComboFix 08-07-24.3 - Ninoo 2008-07-25 14:35:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511 [GMT 2:00]
Running from: C:\Documents and Settings\Ninoo\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Ninoo\Menu Start\Programy\Autostart\ctfmon.exe
C:\f.exe
C:\hgu.bat
C:\Recycled\Recycled
C:\Recycled\Recycled\ctfmon.exe
C:\v.exe
D:\Autorun.inf
D:\hgu.bat
.
---- Previous Run -------
.
C:\autorun.inf
C:\DOCUME~1\Ninoo\USTAWI~1\Temp\ovlx.dll
C:\DOCUME~1\Ninoo\USTAWI~1\Temp\rlbaort.dll
C:\ffojc.com
C:\njibyekk.com
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\ActivationManager.dll
C:\Program Files\ActivationManager\Uninstall.exe
C:\qxbx9blb.com
C:\Recycled\Recycled
C:\Recycled\Recycled\ctfmon.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\MSINET.oca
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.
2008-07-25 14:11 . 2008-07-25 14:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 13:17 . 2008-07-24 13:16 118,144 -r-hs---- C:\e.com
2008-07-23 19:02 . 2008-07-25 12:44 87,297 -r-hs---- C:\g2pfnid.com
2008-07-22 14:10 . 2008-07-23 15:58 118,757 -r-hs---- C:\6.bat
2008-07-21 20:58 . 2008-07-22 13:39 116,906 -r-hs---- C:\e9ehn1m8.com
2008-07-19 23:00 . 2008-07-20 20:57 119,202 -r-hs---- C:\f0.cmd
2008-07-19 11:24 . 2008-07-21 13:55 118,782 -r-hs---- C:\ybj8df.exe
2008-07-17 17:36 . 2008-07-18 10:36 117,757 -r-hs---- C:\ivcvknr.bat
2008-07-16 15:09 . 2008-07-16 15:09 116,492 -r-hs---- C:\33gmhso.bat
2008-07-15 14:59 . 2008-07-15 18:57 116,862 -r-hs---- C:\k.com
2008-07-10 17:22 . 2008-07-20 18:47 77,312 -r-hs---- C:\WINDOWS\system32\ckvo2.dll
2008-07-10 16:53 . 2008-07-11 15:33 117,053 -r-hs---- C:\[u]0[/u]gjn3yw.exe
2008-07-08 17:14 . 2008-07-25 12:44 77,312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-07 21:02 . 2008-07-07 21:18 51,576,832 --a------ C:\dump_dvd.vob
2008-07-06 22:51 . 2008-07-06 22:51 268 --ah----- C:\sqmdata02.sqm
2008-07-06 22:51 . 2008-07-06 22:51 244 --ah----- C:\sqmnoopt02.sqm
2008-07-04 13:08 . 2008-07-04 13:08 2,541 --a------ C:\Enlish.lng
2008-07-04 12:57 . 2008-07-08 22:43 118,269 -r-hs---- C:\[u]0[/u]0hoeav.com
2008-07-04 09:10 . 2008-07-04 09:10 114,611 -r-hs---- C:\xmnm2.cmd
2008-06-29 13:24 . 2008-06-29 13:24 112,227 -r-hs---- C:\klp8j6i.com
2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\Documents and Settings\Ninoo\Dane aplikacji\Printer Info Cache
2008-06-27 21:11 . 2008-06-27 21:26 <DIR> d-------- C:\Documents and Settings\Ninoo\Dane aplikacji\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 17:07 --------- d-----w C:\Program Files\eMule
2008-07-22 16:46 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\mIRC
2008-07-22 16:44 --------- d-----w C:\Program Files\mIRC
2008-07-04 11:43 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\Skype
2008-06-26 15:14 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-22 15:53 111,715 --sh--r C:\1nkbd8h.bat
2008-06-21 18:16 112,086 --sh--r C:\udr.com
2008-06-19 21:48 112,234 --sh--r C:\f6cavn.bat
2008-06-16 10:15 117,568 --sh--r C:\6x8be16.cmd
2008-06-07 22:26 107,736 --sh--r C:\iefqwp.cmd
2008-06-01 15:18 108,400 --sh--r C:\invwft2h.com
2008-05-31 13:31 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\uTorrent
2008-05-30 08:28 108,535 --sh--r C:\jdwx.exe
2008-05-24 11:09 107,966 --sh--r C:\qa8sywva.cmd
2008-05-23 09:37 107,568 --sh--r C:\tfk8.exe
2008-05-17 11:16 105,745 --sh--r C:\d.cmd
2008-04-28 09:13 104,269 --sh--r C:\jfvkcsy.bat
2008-04-27 15:54 105,128 --sh--r C:\oq.cmd
2007-01-01 13:13 1 ----a-w C:\Documents and Settings\Ninoo\SI.bin
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 217,088 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 12:22 219008]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 10:42 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 11:54 200704]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"tguard"="C:\Program Files\Beniamin\tguard.exe" [2008-01-31 01:13 561152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 16:29 176128]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 12:31 819712]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]
"SVRemote"="c:\Program Files\SVRemote\TVCardRemote.exe" [2007-03-23 15:34 24576]
"V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-06 19:01 32768]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44 20480]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-06-24 15:08 860160 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 19:38 35328 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Ninoo\\Moje dokumenty\\Gry\\q3\\quake3.exe"=
"D:\\Gry\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"D:\\Gry\\Warcraft III\\Warcraft III.exe"=
"D:\\Steam\\steamapps\\b4dyl\\counter-strike\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\condition zero deleted scenes\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\deathmatch classic\\hl.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 Cap7134;OEM 7130AA Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2006-12-06 04:06]
R3 PhTVTune;OEM 7130AA WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2006-12-06 04:06]
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 19:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-28 19:01]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 ZD1201U(ZyXEL);ZyAIR B-220 IEEE 802.11b Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1201u.sys []
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1279e924-fb73-11dc-8269-0000cad1c4a9}]
\Shell\AutoRun\command - M:\jdwx.exe
\Shell\explore\Command - M:\jdwx.exe
\Shell\open\Command - M:\jdwx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39b52ee9-4112-11dd-836d-0000cad1c4a9}]
\Shell\AutoRun\command - M:\1nkbd8h.bat
\Shell\explore\Command - M:\1nkbd8h.bat
\Shell\open\Command - M:\1nkbd8h.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cc25b34-b25e-11dc-817a-0000cad1c4a9}]
\Shell\AutoRun\command - M:\d.com
\Shell\explore\Command - M:\d.com
\Shell\open\Command - M:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{706b11a1-10ab-11dd-82cb-0000cad1c4a9}]
\Shell\AutoRun\command - M:\pa39xth.cmd
\Shell\explore\Command - M:\pa39xth.cmd
\Shell\open\Command - M:\pa39xth.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e00d440-a66a-11dc-8151-0000cad1c4a9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{827febd1-d0d0-11dc-81d9-0000cad1c4a9}]
\Shell\AutoRun\command - q.com
\Shell\explore\Command - q.com
\Shell\open\Command - q.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ad2808-447c-11dd-8374-0000cad1c4a9}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ad2809-447c-11dd-8374-0000cad1c4a9}]
\Shell\AutoRun\command - N:\[u]0[/u]0hoeav.com
\Shell\explore\Command - N:\[u]0[/u]0hoeav.com
\Shell\open\Command - N:\[u]0[/u]0hoeav.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3718e56-fb1c-11da-bd9c-ab2d6103fe31}]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6feeb75-27c2-11dc-8001-0000cad1c4a9}]
\Shell\AutoRun\command - v.exe
\Shell\explore\Command - v.exe
\Shell\open\Command - v.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88e3961-9387-11db-be67-001485c71bbf}]
\Shell\AutoRun\command - M:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff7c8c20-bfab-11dc-819c-0000cad1c4a9}]
\Shell\AutoRun\command - M:\[u]0[/u]0hoeav.com
\Shell\explore\Command - M:\[u]0[/u]0hoeav.com
\Shell\open\Command - M:\[u]0[/u]0hoeav.com
.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 19:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Komunikator - C:\Program Files\Tlen.pl\tlen.exe
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Run-VVSN - C:\Program Files\VVSN\VVSN.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R0 -: HKLM-Main,Start Page = hxxp://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab
C:\WINDOWS\Downloaded Program Files\SignActivX.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 14:38:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\bnmndrv.dll
.
Completion time: 2008-07-25 14:39:30
ComboFix-quarantined-files.txt 2008-07-25 12:39:23
Pre-Run: 10,555,043,840 bajtów wolnych
Post-Run: 17,960,534,016 bajtów wolnych
263
Ostatnio edytowany przez NoName, 25 Lip 2008, 14:59, edytowano w sumie 1 raz
Intel Core Duo D935, 2,75GB Ram, Gigabyte GeForce 8500GT 512RAM, IBOX 400W
- NoName
- ~user
- Posty: 102
- Dołączenie: 25 Gru 2006, 15:28
-
przez Magik 25 Lip 2008, 14:51
Logi wstawiaj w tagi 'code' popraw to
wklej do notatnika
zapisz jako fix.reg i odpal
uzyj
http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html
nastepnie
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
popraw to
wklej do notatnika
- Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1279e924-fb73-11dc-8269-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39b52ee9-4112-11dd-836d-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cc25b34-b25e-11dc-817a-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{706b11a1-10ab-11dd-82cb-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e00d440-a66a-11dc-8151-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{827febd1-d0d0-11dc-81d9-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ad2808-447c-11dd-8374-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ad2809-447c-11dd-8374-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3718e56-fb1c-11da-bd9c-ab2d6103fe31}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6feeb75-27c2-11dc-8001-0000cad1c4a9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88e3961-9387-11db-be67-001485c71bbf}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff7c8c20-bfab-11dc-819c-0000cad1c4a9}]
zapisz jako fix.reg i odpal
uzyj
http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html
nastepnie
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez NoName 25 Lip 2008, 15:29
wszystko zrobiłem wedle instrukcji, o to zawartość pliku report.txt:
...log z combofixa...:
...oraz log z hijacka:
- Kod: Zaznacz wszystko
[b]SDFix: Version 1.208 [/b]
Run by Ninoo on 2008-07-25 at 15:14
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\Ninoo\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted
Folder C:\Documents and Settings\Ninoo\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 15:20:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:4b8e5a7a
"s2"=dword:c35068bd
"h0"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:ab,10,59,70,06,f5,a5,69,a1,c6,ab,fb,cc,21,63,3a,62,eb,c9,2a,96,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:85,8e,ef,8f,e9,4e,24,a2,f9,03,87,bc,32,f5,9e,2d,dc,ab,89,a7,d8,..
"p0"="C:\Program Files\DAEMON Tools Pro\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,a4,bf,6e,77,ff,8b,21,85,44,55,bf,ae,98,be,7d,62,6a,..
"hdf12"=hex:11,ad,34,67,99,cc,ab,f4,52,ff,26,5d,64,1a,de,c1,db,91,45,1b,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:19,af,85,ba,1b,7e,e9,b6,f0,2b,2e,b5,30,75,77,34,ff,d5,e5,b6,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,4f,78,6f,77,b4,0c,0d,49,a3,50,77,a9,b0,8f,a7,82,92,..
"hdf12"=hex:f6,08,dc,e1,67,df,eb,85,e3,e8,db,b5,2b,10,da,f3,2d,5d,40,d6,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:25,a2,bd,68,ac,10,d4,f0,f9,8b,9c,cc,c7,84,32,7e,2d,12,d0,cb,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:68,e9,5e,db,59,7f,43,30,a0,cd,ee,88,41,8f,f9,10,65,74,0b,a1,3a,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3c,7c,ea,33,cd,95,dc,45,9c,af,49,62,20,c6,45,e8,52,..
"khjeh"=hex:d5,03,dd,09,34,df,db,9d,90,70,73,4c,b3,17,9b,9b,94,7e,0d,bd,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ed,b1,06,8a,34,e3,92,76,6e,5c,03,9a,34,43,ec,d0,c2,85,43,ca,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ae,6c,38,a8,17,2d,a5,2a,32,b4,54,02,7f,57,8d,6b,b5,50,e5,86,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a1,8b,2d,b8,1e,d6,2c,e8,11,80,a6,09,bf,60,87,9e,27,..
"khjeh"=hex:d5,03,dd,09,34,df,db,9d,90,70,73,4c,b3,17,9b,9b,94,7e,0d,bd,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,29,95,f3,1b,85,6c,95,bc,7a,a6,9a,fd,2b,56,88,7c,2d,46,94,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ae,6c,38,a8,17,2d,a5,2a,32,b4,54,02,7f,57,8d,6b,b5,50,e5,86,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a1,8b,2d,b8,1e,d6,2c,e8,11,80,a6,09,bf,60,87,9e,27,..
"khjeh"=hex:d5,03,dd,09,34,df,db,9d,90,70,73,4c,b3,17,9b,9b,94,7e,0d,bd,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,29,95,f3,1b,85,6c,95,bc,7a,a6,9a,fd,2b,56,88,7c,2d,46,94,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:ab,10,59,70,06,f5,a5,69,a1,c6,ab,fb,cc,21,63,3a,62,eb,c9,2a,96,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:85,8e,ef,8f,e9,4e,24,a2,f9,03,87,bc,32,f5,9e,2d,dc,ab,89,a7,d8,..
"p0"="C:\Program Files\DAEMON Tools Pro\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,a4,bf,6e,77,ff,8b,21,85,44,55,bf,ae,98,be,7d,62,6a,..
"hdf12"=hex:11,ad,34,67,99,cc,ab,f4,52,ff,26,5d,64,1a,de,c1,db,91,45,1b,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:19,af,85,ba,1b,7e,e9,b6,f0,2b,2e,b5,30,75,77,34,ff,d5,e5,b6,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,4f,78,6f,77,b4,0c,0d,49,a3,50,77,a9,b0,8f,a7,82,92,..
"hdf12"=hex:f6,08,dc,e1,67,df,eb,85,e3,e8,db,b5,2b,10,da,f3,2d,5d,40,d6,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:25,a2,bd,68,ac,10,d4,f0,f9,8b,9c,cc,c7,84,32,7e,2d,12,d0,cb,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:68,e9,5e,db,59,7f,43,30,a0,cd,ee,88,41,8f,f9,10,65,74,0b,a1,3a,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3c,7c,ea,33,cd,95,dc,45,9c,af,49,62,20,c6,45,e8,52,..
"khjeh"=hex:d5,03,dd,09,34,df,db,9d,90,70,73,4c,b3,17,9b,9b,94,7e,0d,bd,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ed,b1,06,8a,34,e3,92,76,6e,5c,03,9a,34,43,ec,d0,c2,85,43,ca,43,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{119E0AF7-37FB-4C39-5FA9-73A3DB8F835F}]
"ialbgfofpoggippnjl"=hex:6a,61,67,68,62,64,67,66,6e,61,66,6c,66,6f,67,6e,6d,67,64,6b,00,..
"habhiinjffapedgj"=hex:6a,61,67,68,62,64,67,66,6e,61,66,6c,66,6f,67,6e,6d,67,64,6b,00,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D41A3E66-0BB2-BA94-6F16-BA68DE397D00}]
"iaiieenbpapbkgpacc"=hex:6b,61,6d,66,69,67,6a,66,64,67,6f,6b,63,67,69,61,63,6e,61,63,63,..
"hacjkdeheemiikhe"=hex:6b,61,6d,66,69,67,6a,66,64,67,6f,6b,63,67,69,61,63,6e,61,63,63,..
"hamhmbgdcflakfga"=hex:63,61,6f,68,66,63,00,77
"hamhmbgdphedegbg"=hex:6a,61,6c,66,66,67,6a,6f,61,6d,61,6b,67,6f,69,6d,6b,63,6b,6a,00,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain]
"y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="C:\WINDOWS\Twain_32\hpsj_0000\hpsj_0000.ds"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Documents and Settings\\Ninoo\\Moje dokumenty\\Gry\\q3\\quake3.exe"="C:\\Documents and Settings\\Ninoo\\Moje dokumenty\\Gry\\q3\\quake3.exe:*:Enabled:quake3"
"D:\\Gry\\Halo Trial\\halo.exe"="D:\\Gry\\Halo Trial\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Konnekt\\konnekt.exe"="C:\\Program Files\\Konnekt\\konnekt.exe:*:Enabled:Konnekt - Core"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe:*:Enabled:pes5.exe"
"D:\\Gry\\Warcraft III\\Warcraft III.exe"="D:\\Gry\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Steam\\steamapps\\b4dyl\\counter-strike\\hl.exe"="D:\\Steam\\steamapps\\b4dyl\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Steam\\steamapps\\b4dyl\\condition zero deleted scenes\\hl.exe"="D:\\Steam\\steamapps\\b4dyl\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Steam\\steamapps\\b4dyl\\deathmatch classic\\hl.exe"="D:\\Steam\\steamapps\\b4dyl\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"="D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas"
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"="D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 8 Jul 2008 118,269 ..SHR --- "C:\00hoeav.com"
Fri 11 Jul 2008 117,053 ..SHR --- "C:\0gjn3yw.exe"
Fri 28 Mar 2008 102,080 ..SHR --- "C:\1weicxa.com"
Thu 24 Jul 2008 118,144 ..SHR --- "C:\e.com"
Tue 22 Jul 2008 116,906 ..SHR --- "C:\e9ehn1m8.com"
Fri 25 Jul 2008 87,297 ..SHR --- "C:\g2pfnid.com"
Mon 24 Mar 2008 100,130 ..SHR --- "C:\ino6.com"
Sun 1 Jun 2008 108,400 ..SHR --- "C:\invwft2h.com"
Fri 30 May 2008 108,535 ..SHR --- "C:\jdwx.exe"
Tue 15 Jul 2008 116,862 ..SHR --- "C:\k.com"
Sun 29 Jun 2008 112,227 ..SHR --- "C:\klp8j6i.com"
Fri 23 May 2008 107,568 ..SHR --- "C:\tfk8.exe"
Sat 21 Jun 2008 112,086 ..SHR --- "C:\udr.com"
Mon 21 Jul 2008 118,782 ..SHR --- "C:\ybj8df.exe"
Tue 20 Feb 2007 20,480 ..SHR --- "C:\Recycled\ctfmon.exe"
Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"
Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"
Fri 7 Oct 2005 308,224 A.SHR --- "C:\WINDOWS\system32\avisynth.dll"
Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
Fri 25 Jul 2008 77,312 ..SHR --- "C:\WINDOWS\system32\ckvo1.dll"
Sun 20 Jul 2008 77,312 ..SHR --- "C:\WINDOWS\system32\ckvo2.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll"
Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
Sun 25 Jan 2004 217,088 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
Wed 25 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 27 Dec 2006 72,192 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Wed 11 Jan 2006 16,384 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 94,208 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 548,940 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Thu 18 Oct 2007 4,077 ...HR --- "C:\Documents and Settings\Ninoo\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Ninoo\Dane aplikacji\U3\temp\Launchpad Removal.exe"
Wed 25 Oct 2006 4,348 A..H. --- "C:\Documents and Settings\Ninoo\Moje dokumenty\Moja muzyka\Mp3\Kopia zapasowa licencji\drmv1key.bak"
Tue 27 Mar 2007 20 A..H. --- "C:\Documents and Settings\Ninoo\Moje dokumenty\Moja muzyka\Mp3\Kopia zapasowa licencji\drmv1lic.bak"
Thu 25 Jan 2007 9,856 A.SH. --- "C:\Documents and Settings\Ninoo\Moje dokumenty\Moja muzyka\Mp3\Kopia zapasowa licencji\drmv2key.bak"
[b]Finished![/b]
...log z combofixa...:
- Kod: Zaznacz wszystko
ComboFix 08-07-24.3 - Ninoo 2008-07-25 15:26:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.505 [GMT 2:00]
Running from: C:\Documents and Settings\Ninoo\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.
2008-07-25 15:10 . 2008-07-25 15:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-25 15:06 . 2008-07-25 15:23 <DIR> d-------- C:\SDFix
2008-07-25 14:11 . 2008-07-25 14:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 13:17 . 2008-07-24 13:16 118,144 -r-hs---- C:\e.com
2008-07-23 19:02 . 2008-07-25 12:44 87,297 -r-hs---- C:\g2pfnid.com
2008-07-22 14:10 . 2008-07-23 15:58 118,757 -r-hs---- C:\6.bat
2008-07-21 20:58 . 2008-07-22 13:39 116,906 -r-hs---- C:\e9ehn1m8.com
2008-07-19 23:00 . 2008-07-20 20:57 119,202 -r-hs---- C:\f0.cmd
2008-07-19 11:24 . 2008-07-21 13:55 118,782 -r-hs---- C:\ybj8df.exe
2008-07-17 17:36 . 2008-07-18 10:36 117,757 -r-hs---- C:\ivcvknr.bat
2008-07-16 15:09 . 2008-07-16 15:09 116,492 -r-hs---- C:\33gmhso.bat
2008-07-15 14:59 . 2008-07-15 18:57 116,862 -r-hs---- C:\k.com
2008-07-10 17:22 . 2008-07-20 18:47 77,312 -r-hs---- C:\WINDOWS\system32\ckvo2.dll
2008-07-10 16:53 . 2008-07-11 15:33 117,053 -r-hs---- C:\[u]0[/u]gjn3yw.exe
2008-07-08 17:14 . 2008-07-25 12:44 77,312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-07 21:02 . 2008-07-07 21:18 51,576,832 --a------ C:\dump_dvd.vob
2008-07-06 22:51 . 2008-07-06 22:51 268 --ah----- C:\sqmdata02.sqm
2008-07-06 22:51 . 2008-07-06 22:51 244 --ah----- C:\sqmnoopt02.sqm
2008-07-04 13:08 . 2008-07-04 13:08 2,541 --a------ C:\Enlish.lng
2008-07-04 12:57 . 2008-07-08 22:43 118,269 -r-hs---- C:\[u]0[/u]0hoeav.com
2008-07-04 09:10 . 2008-07-04 09:10 114,611 -r-hs---- C:\xmnm2.cmd
2008-06-29 13:24 . 2008-06-29 13:24 112,227 -r-hs---- C:\klp8j6i.com
2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\Documents and Settings\Ninoo\Dane aplikacji\Printer Info Cache
2008-06-27 21:11 . 2008-06-27 21:26 <DIR> d-------- C:\Documents and Settings\Ninoo\Dane aplikacji\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 17:07 --------- d-----w C:\Program Files\eMule
2008-07-22 16:46 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\mIRC
2008-07-22 16:44 --------- d-----w C:\Program Files\mIRC
2008-07-04 11:43 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\Skype
2008-06-26 15:14 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-22 15:53 111,715 --sh--r C:\1nkbd8h.bat
2008-06-21 18:16 112,086 --sh--r C:\udr.com
2008-06-19 21:48 112,234 --sh--r C:\f6cavn.bat
2008-06-16 10:15 117,568 --sh--r C:\6x8be16.cmd
2008-06-07 22:26 107,736 --sh--r C:\iefqwp.cmd
2008-06-01 15:18 108,400 --sh--r C:\invwft2h.com
2008-05-31 13:31 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\uTorrent
2008-05-30 08:28 108,535 --sh--r C:\jdwx.exe
2008-05-24 11:09 107,966 --sh--r C:\qa8sywva.cmd
2008-05-23 09:37 107,568 --sh--r C:\tfk8.exe
2008-05-17 11:16 105,745 --sh--r C:\d.cmd
2008-04-28 09:13 104,269 --sh--r C:\jfvkcsy.bat
2008-04-27 15:54 105,128 --sh--r C:\oq.cmd
2007-01-01 13:13 1 ----a-w C:\Documents and Settings\Ninoo\SI.bin
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 217,088 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-25_14.39.12.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-23 23:25:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-25 13:11:32 15,413,248 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-25 13:11:32 442,368 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-23 23:25:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-25 13:11:14 15,413,248 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-25 13:11:14 442,368 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 12:22 219008]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 10:42 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 11:54 200704]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"tguard"="C:\Program Files\Beniamin\tguard.exe" [2008-01-31 01:13 561152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 16:29 176128]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 12:31 819712]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]
"SVRemote"="c:\Program Files\SVRemote\TVCardRemote.exe" [2007-03-23 15:34 24576]
"V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-06 19:01 32768]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44 20480]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-06-24 15:08 860160 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 19:38 35328 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Ninoo\\Moje dokumenty\\Gry\\q3\\quake3.exe"=
"D:\\Gry\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"D:\\Gry\\Warcraft III\\Warcraft III.exe"=
"D:\\Steam\\steamapps\\b4dyl\\counter-strike\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\condition zero deleted scenes\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\deathmatch classic\\hl.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 Cap7134;OEM 7130AA Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2006-12-06 04:06]
R3 PhTVTune;OEM 7130AA WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2006-12-06 04:06]
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 19:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-28 19:01]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 ZD1201U(ZyXEL);ZyAIR B-220 IEEE 802.11b Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1201u.sys []
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS []
.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 19:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
R0 -: HKLM-Main,Start Page = hxxp://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab
C:\WINDOWS\Downloaded Program Files\SignActivX.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 15:27:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\bnmndrv.dll
.
Completion time: 2008-07-25 15:28:26
ComboFix-quarantined-files.txt 2008-07-25 13:28:15
ComboFix2.txt 2008-07-25 12:39:31
Pre-Run: 17,911,988,224 bajtów wolnych
Post-Run: 17,897,373,696 bajtów wolnych
197
...oraz log z hijacka:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:15, on 2008-07-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Beniamin\tguard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [tguard] C:\Program Files\Beniamin\tguard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SVRemote] c:\Program Files\SVRemote\TVCardRemote.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
--
End of file - 9071 bytes
Intel Core Duo D935, 2,75GB Ram, Gigabyte GeForce 8500GT 512RAM, IBOX 400W
- NoName
- ~user
- Posty: 102
- Dołączenie: 25 Gru 2006, 15:28
-
przez Magik 25 Lip 2008, 15:33
wklej do notatnika
zapisz jako CFScript.txt, przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
- Kod: Zaznacz wszystko
FILE::
C:\e.com
C:\g2pfnid.com
C:\6.bat
C:\e9ehn1m8.com
C:\f0.cmd
C:\ybj8df.exe
C:\ivcvknr.bat
C:\33gmhso.bat
C:\k.com
C:\WINDOWS\system32\ckvo2.dll
C:\[u]0[/u]gjn3yw.exe
C:\WINDOWS\system32\ckvo1.dll
C:\jdwx.exe
C:\qa8sywva.cmd
C:\tfk8.exe
C:\d.cmd
C:\jfvkcsy.bat
C:\oq.cmd
zapisz jako CFScript.txt, przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez NoName 25 Lip 2008, 15:39
zrobione, o to log:
- Kod: Zaznacz wszystko
ComboFix 08-07-24.3 - Ninoo 2008-07-25 15:37:33.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.458 [GMT 2:00]
Running from: C:\Documents and Settings\Ninoo\Pulpit\Nowy folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ninoo\Pulpit\Nowy folder\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
- C:\g2pfnid.com
C:\e.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\e.com
.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.
2008-07-25 15:10 . 2008-07-25 15:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-25 15:06 . 2008-07-25 15:23 <DIR> d-------- C:\SDFix
2008-07-25 14:11 . 2008-07-25 14:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 19:02 . 2008-07-25 12:44 87,297 -r-hs---- C:\g2pfnid.com
2008-07-22 14:10 . 2008-07-23 15:58 118,757 -r-hs---- C:\6.bat
2008-07-21 20:58 . 2008-07-22 13:39 116,906 -r-hs---- C:\e9ehn1m8.com
2008-07-19 23:00 . 2008-07-20 20:57 119,202 -r-hs---- C:\f0.cmd
2008-07-19 11:24 . 2008-07-21 13:55 118,782 -r-hs---- C:\ybj8df.exe
2008-07-17 17:36 . 2008-07-18 10:36 117,757 -r-hs---- C:\ivcvknr.bat
2008-07-16 15:09 . 2008-07-16 15:09 116,492 -r-hs---- C:\33gmhso.bat
2008-07-15 14:59 . 2008-07-15 18:57 116,862 -r-hs---- C:\k.com
2008-07-10 17:22 . 2008-07-20 18:47 77,312 -r-hs---- C:\WINDOWS\system32\ckvo2.dll
2008-07-10 16:53 . 2008-07-11 15:33 117,053 -r-hs---- C:\[u]0[/u]gjn3yw.exe
2008-07-08 17:14 . 2008-07-25 12:44 77,312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-07 21:02 . 2008-07-07 21:18 51,576,832 --a------ C:\dump_dvd.vob
2008-07-06 22:51 . 2008-07-06 22:51 268 --ah----- C:\sqmdata02.sqm
2008-07-06 22:51 . 2008-07-06 22:51 244 --ah----- C:\sqmnoopt02.sqm
2008-07-04 13:08 . 2008-07-04 13:08 2,541 --a------ C:\Enlish.lng
2008-07-04 12:57 . 2008-07-08 22:43 118,269 -r-hs---- C:\[u]0[/u]0hoeav.com
2008-07-04 09:10 . 2008-07-04 09:10 114,611 -r-hs---- C:\xmnm2.cmd
2008-06-29 13:24 . 2008-06-29 13:24 112,227 -r-hs---- C:\klp8j6i.com
2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\Documents and Settings\Ninoo\Dane aplikacji\Printer Info Cache
2008-06-27 21:11 . 2008-06-27 21:26 <DIR> d-------- C:\Documents and Settings\Ninoo\Dane aplikacji\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 17:07 --------- d-----w C:\Program Files\eMule
2008-07-22 16:46 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\mIRC
2008-07-22 16:44 --------- d-----w C:\Program Files\mIRC
2008-07-04 11:43 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\Skype
2008-06-26 15:14 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-22 15:53 111,715 --sh--r C:\1nkbd8h.bat
2008-06-21 18:16 112,086 --sh--r C:\udr.com
2008-06-19 21:48 112,234 --sh--r C:\f6cavn.bat
2008-06-16 10:15 117,568 --sh--r C:\6x8be16.cmd
2008-06-07 22:26 107,736 --sh--r C:\iefqwp.cmd
2008-06-01 15:18 108,400 --sh--r C:\invwft2h.com
2008-05-31 13:31 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\uTorrent
2008-05-30 08:28 108,535 --sh--r C:\jdwx.exe
2008-05-24 11:09 107,966 --sh--r C:\qa8sywva.cmd
2008-05-23 09:37 107,568 --sh--r C:\tfk8.exe
2008-05-17 11:16 105,745 --sh--r C:\d.cmd
2008-04-28 09:13 104,269 --sh--r C:\jfvkcsy.bat
2008-04-27 15:54 105,128 --sh--r C:\oq.cmd
2007-01-01 13:13 1 ----a-w C:\Documents and Settings\Ninoo\SI.bin
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 217,088 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-25_14.39.12.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-23 23:25:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-25 13:11:32 15,413,248 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-25 13:11:32 442,368 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-23 23:25:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-25 13:11:14 15,413,248 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-25 13:11:14 442,368 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-04-02 14:05:07 5,120 ----a-r C:\WINDOWS\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-07-25 13:36:27 5,120 ----a-r C:\WINDOWS\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 12:22 219008]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 10:42 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 11:54 200704]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"tguard"="C:\Program Files\Beniamin\tguard.exe" [2008-01-31 01:13 561152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 16:29 176128]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 12:31 819712]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]
"SVRemote"="c:\Program Files\SVRemote\TVCardRemote.exe" [2007-03-23 15:34 24576]
"V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-06 19:01 32768]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44 20480]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-06-24 15:08 860160 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 19:38 35328 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Ninoo\\Moje dokumenty\\Gry\\q3\\quake3.exe"=
"D:\\Gry\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"D:\\Gry\\Warcraft III\\Warcraft III.exe"=
"D:\\Steam\\steamapps\\b4dyl\\counter-strike\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\condition zero deleted scenes\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\deathmatch classic\\hl.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 Cap7134;OEM 7130AA Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2006-12-06 04:06]
R3 PhTVTune;OEM 7130AA WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2006-12-06 04:06]
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 19:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-28 19:01]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 ZD1201U(ZyXEL);ZyAIR B-220 IEEE 802.11b Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1201u.sys []
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS []
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 19:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 15:38:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\bnmndrv.dll
.
Completion time: 2008-07-25 15:38:57
ComboFix-quarantined-files.txt 2008-07-25 13:38:45
ComboFix2.txt 2008-07-25 13:28:27
ComboFix3.txt 2008-07-25 12:39:31
Pre-Run: 17,876,258,816 bajtów wolnych
Post-Run: 17,861,251,072 bajtów wolnych
197
Intel Core Duo D935, 2,75GB Ram, Gigabyte GeForce 8500GT 512RAM, IBOX 400W
- NoName
- ~user
- Posty: 102
- Dołączenie: 25 Gru 2006, 15:28
-
przez Magik 25 Lip 2008, 15:45
zrob jeszcze raz
bo nie zostaly usuniete.....zapisz jako CFScript.txt i postepuj j/w
- Kod: Zaznacz wszystko
FILE::
C:\jdwx.exe
C:\qa8sywva.cmd
C:\tfk8.exe
C:\d.cmd
C:\jfvkcsy.bat
C:\oq.cmd
C:\WINDOWS\system32\ckvo2.dll
C:\[u]0[/u]gjn3yw.exe
C:\WINDOWS\system32\ckvo1.dll
bo nie zostaly usuniete.....zapisz jako CFScript.txt i postepuj j/w
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez NoName 25 Lip 2008, 15:57
done
- Kod: Zaznacz wszystko
ComboFix 08-07-24.3 - Ninoo 2008-07-25 15:54:55.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.454 [GMT 2:00]
Running from: C:\Documents and Settings\Ninoo\Pulpit\Nowy folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ninoo\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\[u]0[/u]gjn3yw.exe
C:\d.cmd
C:\jdwx.exe
C:\jfvkcsy.bat
C:\oq.cmd
C:\qa8sywva.cmd
C:\tfk8.exe
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo2.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.cmd
C:\jdwx.exe
C:\jfvkcsy.bat
C:\oq.cmd
C:\qa8sywva.cmd
C:\tfk8.exe
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo2.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.
2008-07-25 15:10 . 2008-07-25 15:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-25 15:06 . 2008-07-25 15:23 <DIR> d-------- C:\SDFix
2008-07-25 14:11 . 2008-07-25 14:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 19:02 . 2008-07-25 12:44 87,297 -r-hs---- C:\g2pfnid.com
2008-07-22 14:10 . 2008-07-23 15:58 118,757 -r-hs---- C:\6.bat
2008-07-21 20:58 . 2008-07-22 13:39 116,906 -r-hs---- C:\e9ehn1m8.com
2008-07-19 23:00 . 2008-07-20 20:57 119,202 -r-hs---- C:\f0.cmd
2008-07-19 11:24 . 2008-07-21 13:55 118,782 -r-hs---- C:\ybj8df.exe
2008-07-17 17:36 . 2008-07-18 10:36 117,757 -r-hs---- C:\ivcvknr.bat
2008-07-16 15:09 . 2008-07-16 15:09 116,492 -r-hs---- C:\33gmhso.bat
2008-07-15 14:59 . 2008-07-15 18:57 116,862 -r-hs---- C:\k.com
2008-07-10 16:53 . 2008-07-11 15:33 117,053 -r-hs---- C:\[u]0[/u]gjn3yw.exe
2008-07-07 21:02 . 2008-07-07 21:18 51,576,832 --a------ C:\dump_dvd.vob
2008-07-06 22:51 . 2008-07-06 22:51 268 --ah----- C:\sqmdata02.sqm
2008-07-06 22:51 . 2008-07-06 22:51 244 --ah----- C:\sqmnoopt02.sqm
2008-07-04 13:08 . 2008-07-04 13:08 2,541 --a------ C:\Enlish.lng
2008-07-04 12:57 . 2008-07-08 22:43 118,269 -r-hs---- C:\[u]0[/u]0hoeav.com
2008-07-04 09:10 . 2008-07-04 09:10 114,611 -r-hs---- C:\xmnm2.cmd
2008-06-29 13:24 . 2008-06-29 13:24 112,227 -r-hs---- C:\klp8j6i.com
2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\Documents and Settings\Ninoo\Dane aplikacji\Printer Info Cache
2008-06-27 21:11 . 2008-06-27 21:26 <DIR> d-------- C:\Documents and Settings\Ninoo\Dane aplikacji\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 17:07 --------- d-----w C:\Program Files\eMule
2008-07-22 16:46 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\mIRC
2008-07-22 16:44 --------- d-----w C:\Program Files\mIRC
2008-07-04 11:43 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\Skype
2008-06-26 15:14 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-22 15:53 111,715 --sh--r C:\1nkbd8h.bat
2008-06-21 18:16 112,086 --sh--r C:\udr.com
2008-06-19 21:48 112,234 --sh--r C:\f6cavn.bat
2008-06-16 10:15 117,568 --sh--r C:\6x8be16.cmd
2008-06-07 22:26 107,736 --sh--r C:\iefqwp.cmd
2008-06-01 15:18 108,400 --sh--r C:\invwft2h.com
2008-05-31 13:31 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\uTorrent
2007-01-01 13:13 1 ----a-w C:\Documents and Settings\Ninoo\SI.bin
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 217,088 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-25_14.39.12.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-23 23:25:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-25 13:11:32 15,413,248 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-25 13:11:32 442,368 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-23 23:25:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-25 13:11:14 15,413,248 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-25 13:11:14 442,368 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-04-02 14:05:07 5,120 ----a-r C:\WINDOWS\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-07-25 13:36:27 5,120 ----a-r C:\WINDOWS\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 12:22 219008]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 10:42 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 11:54 200704]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"tguard"="C:\Program Files\Beniamin\tguard.exe" [2008-01-31 01:13 561152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 16:29 176128]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 12:31 819712]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]
"SVRemote"="c:\Program Files\SVRemote\TVCardRemote.exe" [2007-03-23 15:34 24576]
"V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-06 19:01 32768]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44 20480]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-06-24 15:08 860160 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 19:38 35328 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Ninoo\\Moje dokumenty\\Gry\\q3\\quake3.exe"=
"D:\\Gry\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"D:\\Gry\\Warcraft III\\Warcraft III.exe"=
"D:\\Steam\\steamapps\\b4dyl\\counter-strike\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\condition zero deleted scenes\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\deathmatch classic\\hl.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 Cap7134;OEM 7130AA Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2006-12-06 04:06]
R3 PhTVTune;OEM 7130AA WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2006-12-06 04:06]
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 19:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-28 19:01]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 ZD1201U(ZyXEL);ZyAIR B-220 IEEE 802.11b Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1201u.sys []
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS []
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 19:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 15:55:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\bnmndrv.dll
.
Completion time: 2008-07-25 15:56:26
ComboFix-quarantined-files.txt 2008-07-25 13:56:11
ComboFix2.txt 2008-07-25 13:38:58
ComboFix3.txt 2008-07-25 13:28:27
ComboFix4.txt 2008-07-25 12:39:31
Pre-Run: 17,840,304,128 bajtów wolnych
Post-Run: 17,824,542,720 bajtów wolnych
204
Intel Core Duo D935, 2,75GB Ram, Gigabyte GeForce 8500GT 512RAM, IBOX 400W
- NoName
- ~user
- Posty: 102
- Dołączenie: 25 Gru 2006, 15:28
-
przez Magik 25 Lip 2008, 16:01
i teraz jest gut
standardowo do notatnika
reszta standardowo
i na koniec
1. wykonaj optymalizację windowsa
2.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
Autor postu otrzymał pochwałę
standardowo do notatnika
- Kod: Zaznacz wszystko
FILE::
C:\g2pfnid.com
C:\6.bat
C:\e9ehn1m8.com
C:\f0.cmd
C:\ybj8df.exe
C:\ivcvknr.bat
C:\33gmhso.bat
C:\k.com
reszta standardowo
i na koniec
1. wykonaj optymalizację windowsa
2.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
Autor postu otrzymał pochwałę
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez NoName 28 Lip 2008, 15:03
błąd już się nie wyświetla, dzięki wielkie!
Intel Core Duo D935, 2,75GB Ram, Gigabyte GeForce 8500GT 512RAM, IBOX 400W
- NoName
- ~user
- Posty: 102
- Dołączenie: 25 Gru 2006, 15:28
-
Re: z błędem pokazującym się po uruchomieniu
przez NoName 01 Sie 2008, 12:44
proszę bardzo:
p.s. w ATF-Cleaner powiedział mi że nie usunął żadnych plików, nie wiem czy to tak ma być
- Kod: Zaznacz wszystko
ComboFix 08-07-31.04 - Ninoo 2008-08-01 12:38:27.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.522 [GMT 2:00]
Running from: C:\Documents and Settings\Ninoo\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ninoo\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\33gmhso.bat
C:\6.bat
C:\e9ehn1m8.com
C:\f0.cmd
C:\g2pfnid.com
C:\ivcvknr.bat
C:\k.com
C:\ybj8df.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1nkbd8h.bat
C:\33gmhso.bat
C:\6.bat
C:\e9ehn1m8.com
C:\f0.cmd
C:\g2pfnid.com
C:\ivcvknr.bat
C:\k.com
C:\ybj8df.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.
2008-07-25 15:10 . 2008-07-25 15:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-25 15:06 . 2008-07-25 15:23 <DIR> d-------- C:\SDFix
2008-07-25 14:11 . 2008-07-25 14:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-10 16:53 . 2008-07-11 15:33 117,053 -r-hs---- C:\[u]0[/u]gjn3yw.exe
2008-07-07 21:02 . 2008-07-07 21:18 51,576,832 --a------ C:\dump_dvd.vob
2008-07-06 22:51 . 2008-07-06 22:51 268 --ah----- C:\sqmdata02.sqm
2008-07-06 22:51 . 2008-07-06 22:51 244 --ah----- C:\sqmnoopt02.sqm
2008-07-04 13:08 . 2008-07-04 13:08 2,541 --a------ C:\Enlish.lng
2008-07-04 12:57 . 2008-07-08 22:43 118,269 -r-hs---- C:\[u]0[/u]0hoeav.com
2008-07-04 09:10 . 2008-07-04 09:10 114,611 -r-hs---- C:\xmnm2.cmd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 00:39 --------- d-----w C:\Program Files\eMule
2008-07-22 16:46 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\mIRC
2008-07-22 16:44 --------- d-----w C:\Program Files\mIRC
2008-07-04 11:43 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\Skype
2008-06-29 11:24 112,227 --sh--r C:\klp8j6i.com
2008-06-27 19:26 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\U3
2008-06-27 19:12 --------- d-----w C:\Documents and Settings\Ninoo\Dane aplikacji\Printer Info Cache
2008-06-26 15:14 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-21 18:16 112,086 --sh--r C:\udr.com
2008-06-19 21:48 112,234 --sh--r C:\f6cavn.bat
2008-06-16 10:15 117,568 --sh--r C:\6x8be16.cmd
2008-06-07 22:26 107,736 --sh--r C:\iefqwp.cmd
2008-06-01 15:18 108,400 --sh--r C:\invwft2h.com
2007-01-01 13:13 1 ----a-w C:\Documents and Settings\Ninoo\SI.bin
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 217,088 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-25_14.39.12.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-23 23:25:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-25 13:11:32 15,413,248 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-25 13:11:32 442,368 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-23 23:25:41 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-25 13:11:14 15,413,248 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-25 13:11:14 442,368 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-04-02 14:05:07 5,120 ----a-r C:\WINDOWS\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-07-29 00:17:39 5,120 ----a-r C:\WINDOWS\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 12:22 219008]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 10:42 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 11:54 200704]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"tguard"="C:\Program Files\Beniamin\tguard.exe" [2008-01-31 01:13 561152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 16:29 176128]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 12:31 819712]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]
"SVRemote"="c:\Program Files\SVRemote\TVCardRemote.exe" [2007-03-23 15:34 24576]
"V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-06 19:01 32768]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44 20480]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-06-24 15:08 860160 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 19:38 35328 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Ninoo\\Moje dokumenty\\Gry\\q3\\quake3.exe"=
"D:\\Gry\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"D:\\Gry\\Warcraft III\\Warcraft III.exe"=
"D:\\Steam\\steamapps\\b4dyl\\counter-strike\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\condition zero deleted scenes\\hl.exe"=
"D:\\Steam\\steamapps\\b4dyl\\deathmatch classic\\hl.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Gry\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 Cap7134;OEM 7130AA Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2006-12-06 04:06]
R3 PhTVTune;OEM 7130AA WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2006-12-06 04:06]
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 19:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-28 19:01]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 ZD1201U(ZyXEL);ZyAIR B-220 IEEE 802.11b Wireless LAN Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1201u.sys []
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS []
.
Contents of the 'Scheduled Tasks' folder
2008-07-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 13:15]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 12:40:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\bnmndrv.dll
.
Completion time: 2008-08-01 12:41:39
ComboFix-quarantined-files.txt 2008-08-01 10:41:34
ComboFix2.txt 2008-07-25 13:56:26
ComboFix3.txt 2008-07-25 13:38:58
ComboFix4.txt 2008-07-25 13:28:27
ComboFix5.txt 2008-08-01 10:37:59
Pre-Run: 17,765,076,992 bajtów wolnych
Post-Run: 17,760,161,792 bajtów wolnych
194
p.s. w ATF-Cleaner powiedział mi że nie usunął żadnych plików, nie wiem czy to tak ma być
Intel Core Duo D935, 2,75GB Ram, Gigabyte GeForce 8500GT 512RAM, IBOX 400W
- NoName
- ~user
- Posty: 102
- Dołączenie: 25 Gru 2006, 15:28
-
Z błędem pokazującym się po uruchomieniu
przez Magik 02 Sie 2008, 18:27
NoName napisał(a):ATF-Cleaner powiedział mi że nie usunął żadnych plików, nie wiem czy to tak ma być
mozliwe, ale nie sadze zebys mial az tak czystego kompa zeby nic nie znalazl
wklej do notatnika
- Kod: Zaznacz wszystko
FILE::
C:\udr.com
C:\f6cavn.bat
C:\6x8be16.cmd
C:\iefqwp.cmd
C:\invwft2h.com
C:\WINDOWS\meta4.exe
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\x2.64.exe
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\i420vfw.dll
C:\WINDOWS\system32\Smab.dll
C:\WINDOWS\system32\x.264.exe
C:\WINDOWS\system32\yv12vfw.dll
zapisz jako CFScript.txt, przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
Z błędem pokazującym się po uruchomieniu
przez kahoona 02 Sie 2008, 19:19
NoName, zaznacz po prostu wszystkie elementy w ATF cleaner - i jeszcze raz.
...no to żegnam... i kropka.
- kahoona
- ~user
- Posty: 5637
- Dołączenie: 24 Kwi 2006, 10:19
- Pochwały: 475
-
18 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 23 gości