Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Autorun.inf win32 problemy - log
15 Cze 2008, 10:27
witam,proszę o sprawdzenie loga,miałem ostatni problemy w autorun.inf win32
ComboFix 08-06-12.2 - kokos 2008-06-15 10:07:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.572 [GMT 2:00]
Running from: C:\Documents and Settings\kokos\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\app.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-14 12:17 . 2008-06-14 12:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-14 12:12 . 2008-06-14 12:12 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\DAEMON Tools
2008-06-14 12:12 . 2008-06-14 12:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-13 17:30 . 2008-06-13 17:30 46,080 --a------ C:\win.exe
2008-06-12 18:10 . 2008-06-15 09:55 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-12 18:10 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-12 18:10 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-12 18:10 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-12 18:10 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-12 18:09 . 2008-06-13 18:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-12 18:09 . 2008-06-12 18:09 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\PC Tools
2008-06-12 13:40 . 2008-06-12 13:40 48,392 --a------ C:\Documents and Settings\kokos\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-11 08:46 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:46 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 21:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-07 21:20 . 2008-06-07 21:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 10:12 . 2008-06-07 10:12 <DIR> d-------- C:\Program Files\SopCast
2008-06-07 09:34 . 2008-06-07 09:34 <DIR> d-------- C:\Program Files\AskSBar
2008-06-07 09:09 . 2008-06-07 09:09 <DIR> d-------- C:\Program Files\Sun
2008-06-01 23:39 . 2008-06-01 23:39 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\directx
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-05-28 21:44 . 2008-06-07 10:31 <DIR> d-------- C:\CS1.6 pod-Bot
2008-05-27 22:27 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-05-18 22:05 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-18 22:05 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-18 22:05 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-16 23:58 . 2008-05-16 23:58 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\Zylom
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 08:09 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\Skype
2008-06-15 07:55 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\skypePM
2008-06-14 22:22 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\Azureus
2008-06-14 10:17 --------- d-----w C:\Program Files\AIMP2
2008-06-08 21:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 19:21 --------- d-----w C:\Program Files\Java
2008-06-07 07:34 --------- d-----w C:\Program Files\Azureus
2008-06-07 07:26 --------- d-----w C:\Program Files\BitComet
2008-05-27 20:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 23:23 --------- d-----w C:\Program Files\Zylom Games
2008-05-10 20:21 --------- d-----w C:\Program Files\PopCap Games
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 20:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom
2008-04-29 18:13 --------- d-----w C:\Program Files\Launch Manager
2008-04-25 06:24 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-22 19:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-16 21:23 --------- d-----w C:\Program Files\ESET
2008-04-16 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-19 23:32 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-14 16:20 88 --sh--r C:\WINDOWS\system32\472A96D937.sys
2008-02-14 16:20 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-07 09:34 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-06-07 09:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-06-07 09:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-10 03:03 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-02 15:49 813840]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 12:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 12:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 12:07 131072]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-10-10 03:03 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-27 22:29:36 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23232:TCP"= 23232:TCP:BitComet 23232 TCP
"23232:UDP"= 23232:UDP:BitComet 23232 UDP
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 igfx;igfx;C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2007-03-06 06:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29e70b20-0482-11dd-a727-001dd92f7e87}]
\Shell\AutoRun\command - 32e2.com
\Shell\explore\Command - 32e2.com
\Shell\open\Command - 32e2.com
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 10:10:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-15 10:10:46
ComboFix-quarantined-files.txt 2008-06-15 08:10:43
Pre-Run: 9,252,974,592 bajtów wolnych
Post-Run: 9,572,409,344 bajtów wolnych
145 --- E O F --- 2008-06-11 19:27:14
ComboFix 08-06-12.2 - kokos 2008-06-15 10:07:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.572 [GMT 2:00]
Running from: C:\Documents and Settings\kokos\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\app.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-14 12:17 . 2008-06-14 12:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-14 12:12 . 2008-06-14 12:12 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\DAEMON Tools
2008-06-14 12:12 . 2008-06-14 12:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-13 17:30 . 2008-06-13 17:30 46,080 --a------ C:\win.exe
2008-06-12 18:10 . 2008-06-15 09:55 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-12 18:10 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-12 18:10 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-12 18:10 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-12 18:10 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-12 18:09 . 2008-06-13 18:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-12 18:09 . 2008-06-12 18:09 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\PC Tools
2008-06-12 13:40 . 2008-06-12 13:40 48,392 --a------ C:\Documents and Settings\kokos\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-11 08:46 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:46 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 21:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-07 21:20 . 2008-06-07 21:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 10:12 . 2008-06-07 10:12 <DIR> d-------- C:\Program Files\SopCast
2008-06-07 09:34 . 2008-06-07 09:34 <DIR> d-------- C:\Program Files\AskSBar
2008-06-07 09:09 . 2008-06-07 09:09 <DIR> d-------- C:\Program Files\Sun
2008-06-01 23:39 . 2008-06-01 23:39 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\directx
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-05-28 21:44 . 2008-06-07 10:31 <DIR> d-------- C:\CS1.6 pod-Bot
2008-05-27 22:27 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-05-18 22:05 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-18 22:05 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-18 22:05 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-16 23:58 . 2008-05-16 23:58 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\Zylom
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 08:09 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\Skype
2008-06-15 07:55 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\skypePM
2008-06-14 22:22 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\Azureus
2008-06-14 10:17 --------- d-----w C:\Program Files\AIMP2
2008-06-08 21:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 19:21 --------- d-----w C:\Program Files\Java
2008-06-07 07:34 --------- d-----w C:\Program Files\Azureus
2008-06-07 07:26 --------- d-----w C:\Program Files\BitComet
2008-05-27 20:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 23:23 --------- d-----w C:\Program Files\Zylom Games
2008-05-10 20:21 --------- d-----w C:\Program Files\PopCap Games
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 20:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom
2008-04-29 18:13 --------- d-----w C:\Program Files\Launch Manager
2008-04-25 06:24 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-22 19:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-16 21:23 --------- d-----w C:\Program Files\ESET
2008-04-16 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-19 23:32 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-14 16:20 88 --sh--r C:\WINDOWS\system32\472A96D937.sys
2008-02-14 16:20 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-07 09:34 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-06-07 09:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-06-07 09:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-10 03:03 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-02 15:49 813840]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 12:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 12:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 12:07 131072]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-10-10 03:03 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-27 22:29:36 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23232:TCP"= 23232:TCP:BitComet 23232 TCP
"23232:UDP"= 23232:UDP:BitComet 23232 UDP
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 igfx;igfx;C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2007-03-06 06:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29e70b20-0482-11dd-a727-001dd92f7e87}]
\Shell\AutoRun\command - 32e2.com
\Shell\explore\Command - 32e2.com
\Shell\open\Command - 32e2.com
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 10:10:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-15 10:10:46
ComboFix-quarantined-files.txt 2008-06-15 08:10:43
Pre-Run: 9,252,974,592 bajtów wolnych
Post-Run: 9,572,409,344 bajtów wolnych
145 --- E O F --- 2008-06-11 19:27:14
15 Cze 2008, 13:47
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Pokaż jeszcze log z HijackThis
Wklej do notatnika:
- Kod:
File::
C:\win.exe
Folder:
C:\Program Files\AskSBar
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Pokaż jeszcze log z HijackThis
logi z combofix i hijackthis
15 Cze 2008, 19:51
ComboFix:
ComboFix 08-06-12.2 - kokos 2008-06-15 19:43:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.167 [GMT 2:00]
Running from: C:\Documents and Settings\kokos\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\kokos\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\win.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\win.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-14 12:17 . 2008-06-14 12:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-14 12:12 . 2008-06-14 12:12 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\DAEMON Tools
2008-06-14 12:12 . 2008-06-14 12:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 18:10 . 2008-06-15 10:29 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-12 13:40 . 2008-06-12 13:40 48,392 --a------ C:\Documents and Settings\kokos\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-11 08:46 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:46 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 21:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-07 21:20 . 2008-06-07 21:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 10:12 . 2008-06-07 10:12 <DIR> d-------- C:\Program Files\SopCast
2008-06-07 09:34 . 2008-06-07 09:34 <DIR> d-------- C:\Program Files\AskSBar
2008-06-07 09:09 . 2008-06-07 09:09 <DIR> d-------- C:\Program Files\Sun
2008-06-01 23:39 . 2008-06-01 23:39 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\directx
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-05-28 21:44 . 2008-06-07 10:31 <DIR> d-------- C:\CS1.6 pod-Bot
2008-05-27 22:27 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-05-18 22:05 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-18 22:05 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-18 22:05 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-16 23:58 . 2008-05-16 23:58 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\Zylom
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 17:45 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\Skype
2008-06-15 17:45 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\Azureus
2008-06-15 14:02 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\skypePM
2008-06-15 11:04 --------- d-----w C:\Program Files\AIMP2
2008-06-08 21:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 19:21 --------- d-----w C:\Program Files\Java
2008-06-07 07:34 --------- d-----w C:\Program Files\Azureus
2008-06-07 07:26 --------- d-----w C:\Program Files\BitComet
2008-05-27 20:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 23:23 --------- d-----w C:\Program Files\Zylom Games
2008-05-10 20:21 --------- d-----w C:\Program Files\PopCap Games
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 20:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom
2008-04-29 18:13 --------- d-----w C:\Program Files\Launch Manager
2008-04-25 06:24 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-22 19:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-16 21:23 --------- d-----w C:\Program Files\ESET
2008-04-16 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-19 23:32 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-14 16:20 88 --sh--r C:\WINDOWS\system32\472A96D937.sys
2008-02-14 16:20 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-15_10.10.30,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 07:54:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 08:31:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-07 09:34 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-06-07 09:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-06-07 09:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-10 03:03 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-02 15:49 813840]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 12:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 12:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 12:07 131072]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-10-10 03:03 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-27 22:29:36 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23232:TCP"= 23232:TCP:BitComet 23232 TCP
"23232:UDP"= 23232:UDP:BitComet 23232 UDP
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 igfx;igfx;C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2007-03-06 06:24]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 19:45:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-15 19:46:16
ComboFix-quarantined-files.txt 2008-06-15 17:46:04
ComboFix2.txt 2008-06-15 08:10:47
Pre-Run: 8,831,508,480 bajtów wolnych
Post-Run: 8,822,493,184 bajtów wolnych
141 --- E O F --- 2008-06-11 19:27:14
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:36, on 2008-06-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://www.zaglebie-lubin.pl/www/inc/kl ... push04.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6220 bytes
ComboFix 08-06-12.2 - kokos 2008-06-15 19:43:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.167 [GMT 2:00]
Running from: C:\Documents and Settings\kokos\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\kokos\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\win.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\win.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-14 12:17 . 2008-06-14 12:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-14 12:12 . 2008-06-14 12:12 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\DAEMON Tools
2008-06-14 12:12 . 2008-06-14 12:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 18:10 . 2008-06-15 10:29 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-12 13:40 . 2008-06-12 13:40 48,392 --a------ C:\Documents and Settings\kokos\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-11 08:46 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:46 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 21:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-07 21:20 . 2008-06-07 21:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 10:12 . 2008-06-07 10:12 <DIR> d-------- C:\Program Files\SopCast
2008-06-07 09:34 . 2008-06-07 09:34 <DIR> d-------- C:\Program Files\AskSBar
2008-06-07 09:09 . 2008-06-07 09:09 <DIR> d-------- C:\Program Files\Sun
2008-06-01 23:39 . 2008-06-01 23:39 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\directx
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-05-28 21:44 . 2008-06-07 10:31 <DIR> d-------- C:\CS1.6 pod-Bot
2008-05-27 22:27 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-05-18 22:05 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-18 22:05 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-18 22:05 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-16 23:58 . 2008-05-16 23:58 <DIR> d-------- C:\Documents and Settings\kokos\Dane aplikacji\Zylom
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 17:45 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\Skype
2008-06-15 17:45 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\Azureus
2008-06-15 14:02 --------- d-----w C:\Documents and Settings\kokos\Dane aplikacji\skypePM
2008-06-15 11:04 --------- d-----w C:\Program Files\AIMP2
2008-06-08 21:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 19:21 --------- d-----w C:\Program Files\Java
2008-06-07 07:34 --------- d-----w C:\Program Files\Azureus
2008-06-07 07:26 --------- d-----w C:\Program Files\BitComet
2008-05-27 20:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 23:23 --------- d-----w C:\Program Files\Zylom Games
2008-05-10 20:21 --------- d-----w C:\Program Files\PopCap Games
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 20:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom
2008-04-29 18:13 --------- d-----w C:\Program Files\Launch Manager
2008-04-25 06:24 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-22 19:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-16 21:23 --------- d-----w C:\Program Files\ESET
2008-04-16 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-19 23:32 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-14 16:20 88 --sh--r C:\WINDOWS\system32\472A96D937.sys
2008-02-14 16:20 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-15_10.10.30,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 07:54:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 08:31:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-07 09:34 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-06-07 09:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-06-07 09:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-10 03:03 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-02 15:49 813840]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 12:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 12:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 12:07 131072]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-10-10 03:03 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-27 22:29:36 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23232:TCP"= 23232:TCP:BitComet 23232 TCP
"23232:UDP"= 23232:UDP:BitComet 23232 UDP
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 igfx;igfx;C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2007-03-06 06:24]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 19:45:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-15 19:46:16
ComboFix-quarantined-files.txt 2008-06-15 17:46:04
ComboFix2.txt 2008-06-15 08:10:47
Pre-Run: 8,831,508,480 bajtów wolnych
Post-Run: 8,822,493,184 bajtów wolnych
141 --- E O F --- 2008-06-11 19:27:14
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:36, on 2008-06-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://www.zaglebie-lubin.pl/www/inc/kl ... push04.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6220 bytes
15 Cze 2008, 20:36
Czysto, tylko zle 1 rzecz napisalem i zrob jeszcze raz:
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Loga juz nie musisz podawac
Wklej do notatnika:
- Kod:
Folder::
C:\Program Files\AskSBar
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Loga juz nie musisz podawac
odp
15 Cze 2008, 21:34
tak właśnie zrobiłem:) mogę teraz usunąć comboFix?
bardzo dziękuję za pomoc i pozdrawiam?
bardzo dziękuję za pomoc i pozdrawiam?