avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tdebkwdc
*******************
Script file located at: \??\C:\Documents and Settings\jedwgjxp.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open registry key \Registry\Machine\System\CurrentControlSet\Services\jxeefiis for deletion
Unload of driver jxeefiis failed!
Could not process line:
jxeefiis
Status: 0xc0000022
Could not open file C:\WINDOWS\system32\c_g1803.dll for deletion
Deletion of file C:\WINDOWS\system32\c_g1803.dll failed!
Could not process line:
C:\WINDOWS\system32\c_g1803.dll
Status: 0xc0000022
Could not open file C:\WINDOWS\system32\drivers\vmtwqxza.dat for deletion
Deletion of file C:\WINDOWS\system32\drivers\vmtwqxza.dat failed!
Could not process line:
C:\WINDOWS\system32\drivers\vmtwqxza.dat
Status: 0xc0000022
Completed script processing.
*******************
Finished! Terminate.
combofix
ComboFix 07-11-19.4C - wojtek 2007-12-06 21:55:25.9 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.463 [GMT 1:00]
Running from: C:\Documents and Settings\wojtek\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.
2007-12-06 13:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-06 12:40 <DIR> d--hs---- C:\FOUND.000
2007-12-06 12:35 <DIR> d-------- C:\Program Files\FileASSASSIN
2007-12-04 23:51 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-02 20:44 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-02 20:44 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-02 20:44 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-02 20:43 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-02 20:39 <DIR> d-------- C:\Program Files\Activision
2007-12-02 15:03 <DIR> d-------- C:\Downloads
2007-12-02 15:03 <DIR> d-------- C:\Documents and Settings\wojtek\Dane aplikacji\GetRight
2007-11-29 10:38 <DIR> dr------- C:\Documents and Settings\NetworkService\Ulubione
2007-11-26 12:05 <DIR> d-------- C:\Program Files\Soulseek-Test
2007-11-24 15:19 89,088 --a------ C:\WINDOWS\system32\c_g1803.dll
2007-11-24 15:19 19,456 C:\WINDOWS\system32\drivers\vmtwqxza.dat
2007-11-11 10:07 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-10 13:13 8,704 --a------ C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-11-10 13:13 8,192 --a------ C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-11-10 13:13 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-11-10 13:13 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-11-10 13:13 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd106.dll
2007-11-10 13:13 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-11-10 13:13 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-11-10 13:13 5,632 --a------ C:\WINDOWS\system32\dllcache\kbd103.dll
2007-11-09 13:32 <DIR> d-------- C:\VundoFix Backups
2007-11-09 08:31 <DIR> d-------- C:\!KillBox
2007-11-09 08:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-09 08:12 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-09 08:12 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-09 08:12 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-09 08:12 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-09 08:11 <DIR> d-------- C:\Documents and Settings\wojtek\Dane aplikacji\PC Tools
2007-11-09 08:11 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-09 08:07 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-08 22:58 <DIR> d-------- C:\Documents and Settings\wojtek\Dane aplikacji\Apple Computer
2007-11-08 22:54 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-08 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2007-11-08 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-11-08 17:43 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-11-08 17:43 <DIR> d-------- C:\Documents and Settings\wojtek\Dane aplikacji\BitTorrent DNA
2007-11-08 17:43 <DIR> d-------- C:\Documents and Settings\wojtek\Dane aplikacji\BitTorrent
2007-11-08 12:48 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 12:37 --------- d-----w C:\Documents and Settings\jacek\Dane aplikacji\Talkback
2007-10-23 15:20 229,727 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_7375.exe
2007-10-23 15:20 --------- d-----w C:\Program Files\Burn4Free Toolbar
2007-10-23 15:20 --------- d-----w C:\Program Files\Burn4Free
2007-10-21 08:54 --------- d-----w C:\Documents and Settings\wojtek\Dane aplikacji\Media Player Classic
2007-10-15 20:34 --------- d-----w C:\Documents and Settings\wojtek\Dane aplikacji\Talkback
2007-10-03 09:53 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-07-27 21:54 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot_2007-12-04_23.04.48.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-12-03 11:52:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-04 22:51:54 3,080,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-12-04 22:51:54 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-03 11:52:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-04 22:51:54 3,080,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-12-04 22:51:54 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-12-05 16:51:04 585,791 ----a-w C:\WINDOWS\gmer.dll
+ 2007-06-29 08:38:18 581,632 ----a-w C:\WINDOWS\gmer.exe
+ 2007-12-05 16:51:04 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2007-12-06 20:54:02 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_5dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{983CFA1B-7559-45CB-B7D2-FA8CF03C9F75}]
2001-10-26 17:27 89088 --a------ C:\WINDOWS\system32\c_g1803.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" []
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-11-08 17:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 C:\WINDOWS\RTHDCPL.exe]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 14:01 C:\WINDOWS\sm56hlpr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="F:\QuickTime\qttask.exe" [2007-10-19 20:16]
"SDTray"="f:\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R0 jxeefiis;jxeefiis;C:\WINDOWS\system32\drivers\vmtwqxza.dat
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R2 MSSQL$INSERTGT;SQL Server (INSERTGT);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINSERTGT
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 11:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 21:56:59
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-06 21:57:38
C:\ComboFix3.txt ... 2007-12-05 22:01
C:\ComboFix2.txt ... 2007-12-05 22:59
.
--- E O F ---
[ Dodano: Dzisiaj o 21:59 ]
a wpisu skasowac sie nie da niestety
- http://67.15.101.3/g_bin/pl/billard8_2_0_0_35.cab
