sername "artur" - 2008-06-10 21:03:12 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=" "
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NWEReboot"=""
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"Windows Sound"="svdhost.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"ISTray"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
"New Application"="C:\\Program Files\\PC Tools Firewall Plus\\FirewallGUI.exe"
"Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Ktos pomoze mi sprawdzic logi z fixwareout?
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
10 posty(ów)
• Strona 1 z 1
log z roguefix
przez jamajjjjjjjjjjjjjjjj » 11 Cze 2008, 08:34
UA:
hej. nie moge zmienic tapety i co chwila wlacza mi sie widows secirity center!!!!!!!!!!!!! okienko z propozycja kupna programow antyspyware:) wklejam log z rofuefix:) nie mopge tez menadzera zadan otworzyc, bo podobno administrator zablokowal to!!! paranoja:)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logfile of scans by Roguefix V2.169
Scan performed on
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ Files found ~~~~
"C:\WINDOWS\default.htm"
successfully deleted default.htm
successfully deleted lfn.exe
"C:\WINDOWS\system32\sft.res"
successfully deleted sft.res
Cleaned Temporary files
Cleaned Prefetch folder
**********Checking wininet.dll for infection**********
~~~~~~~~~~wininet.dll has not been infected~~~~~~~~~~~
Registry was cleaned and repaired
Desktop background was reset
Internet Explorer homepage was reset
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logfile of scans by Roguefix V2.169
Scan performed on
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ Files found ~~~~
"C:\WINDOWS\default.htm"
successfully deleted default.htm
successfully deleted lfn.exe
"C:\WINDOWS\system32\sft.res"
successfully deleted sft.res
Cleaned Temporary files
Cleaned Prefetch folder
**********Checking wininet.dll for infection**********
~~~~~~~~~~wininet.dll has not been infected~~~~~~~~~~~
Registry was cleaned and repaired
Desktop background was reset
Internet Explorer homepage was reset
- jamajjjjjjjjjjjjjjjj
- Forumowicz
- Posty: 6
- Dołączenie: 10 Cze 2008, 21:24
inne wirusy ktore mam>
przez jamajjjjjjjjjjjjjjjj » 11 Cze 2008, 08:37
UA:
do tego wyswietla mi sie co kilka minut okienko ze mam trojandownloader.xs, coolwebsearch, funny.exe.......... masakra:) czy przeinstalowanie windowsa moze pomoc???
- jamajjjjjjjjjjjjjjjj
- Forumowicz
- Posty: 6
- Dołączenie: 10 Cze 2008, 21:24
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
log z hijackthis:)
przez jamajjjjjjjjjjjjjjjj » 11 Cze 2008, 18:26
UA:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:57, on 2008-06-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\444.0
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\System32\pmnmmLEw.dll (file missing)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {B05F02E7-1FD0-4B72-9EAD-512226F20FAF} - C:\WINDOWS\System32\qoMFXOHw.dll (file missing)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [New Application] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: pmnmmLEw - pmnmmLEw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.0.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7764 bytes
Scan saved at 18:21:57, on 2008-06-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\444.0
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\System32\pmnmmLEw.dll (file missing)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {B05F02E7-1FD0-4B72-9EAD-512226F20FAF} - C:\WINDOWS\System32\qoMFXOHw.dll (file missing)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [New Application] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: pmnmmLEw - pmnmmLEw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.0.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7764 bytes
- jamajjjjjjjjjjjjjjjj
- Forumowicz
- Posty: 6
- Dołączenie: 10 Cze 2008, 21:24
przez pp3088 » 11 Cze 2008, 18:42
UA:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\System32\pmnmmLEw.dll (file missing)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {B05F02E7-1FD0-4B72-9EAD-512226F20FAF} - C:\WINDOWS\System32\qoMFXOHw.dll (file missing)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O20 - Winlogon Notify: pmnmmLEw - pmnmmLEw.dll (file missing)
Usuń w HijackThis. Daj loga z Combofix.
Pobierz ComboFix,
Wklej do notatnika:
- Kod: Zaznacz wszystko
File::
C:\WINDOWS\System32\pmnmmLEw.dll
C:\WINDOWS\System32\pmnmmLEw.dll
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\444.0.exe
C:\WINDOWS\System32\svdhost.exe
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
-
pp3088 - Aktywny w piśmie
- Posty: 999
- Dołączenie: 11 Sie 2006, 23:59
- Miejscowość: Szczecin
hmm jak usunac te logi??
przez jamajjjjjjjjjjjjjjjj » 11 Cze 2008, 18:54
UA:
combofix jest bezpieczny??????????????/
- jamajjjjjjjjjjjjjjjj
- Forumowicz
- Posty: 6
- Dołączenie: 10 Cze 2008, 21:24
to LOG z combofix.
przez jamajjjjjjjjjjjjjjjj » 11 Cze 2008, 20:09
UA:
ComboFix 08-06-10.5 - artur 2008-06-11 19:57:35.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.118 [GMT 2:00]
Running from: C:\Documents and Settings\artur\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\artur\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\444.0.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\System32\pmnmmLEw.dll
C:\WINDOWS\System32\svdhost.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\[email protected]\Dane aplikacji\.#
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@AB8@3A4208.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@AB8@3A4238.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@AB8@3A4268.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@E54@3A4208.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@E54@3A4238.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@E54@3A4268.###
C:\Documents and Settings\[email protected]\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\artur\Dane aplikacji\.#
C:\Documents and Settings\artur\Dane aplikacji\.#\MBX@DF4@3A4208.###
C:\Documents and Settings\artur\Dane aplikacji\.#\MBX@DF4@3A4238.###
C:\Documents and Settings\artur\Dane aplikacji\.#\MBX@DF4@3A4268.###
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc\23049.exe
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc\FIFA.06 KEYGEN-FFF.torrent
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc\FIFA.06 KEYGEN-FFF.zip
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc\s
C:\Documents and Settings\artur\Moje dokumenty\RACLE~1
C:\Program Files\Common Files\{1D5D1~1
C:\Program Files\Common Files\{1D5D1~2
C:\Program Files\Common Files\{1D5D1~3
C:\Program Files\Common Files\{3D5D1~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\index.html
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\5158\28157.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\kttbpkhw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\whkpbttk.ini
C:\WINDOWS\system32\wHOXFMoq.ini
C:\WINDOWS\system32\wHOXFMoq.ini2
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.
2008-06-11 18:14 . 2008-06-11 18:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 20:59 . 2008-06-10 20:59 <DIR> d-------- C:\fixwareout
2008-06-10 20:42 . 2008-06-10 20:42 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Uniblue
2008-06-10 20:41 . 2008-06-10 20:41 <DIR> d-------- C:\Program Files\Uniblue
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-10 20:20 . 2008-06-10 20:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-10 17:58 . 2008-06-10 17:58 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-10 17:58 . 2008-06-10 17:58 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\PC Tools
2008-06-10 17:58 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-10 17:58 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-10 17:58 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-10 17:58 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-10 00:42 . 2008-06-10 00:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-09 23:53 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-06-09 23:53 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-06-09 23:42 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-09 23:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002251_.tmp
2008-06-09 23:36 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-09 19:35 . 2008-06-09 23:50 2,017 --a------ C:\WINDOWS\system32\default.htm
2008-06-09 19:34 . 2008-06-09 19:34 <DIR> d--hs---- C:\FOUND.010
2008-06-09 18:17 . 2008-06-09 18:17 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\PCToolsFirewallPlus
2008-06-09 17:40 . 2008-06-09 17:40 <DIR> d--hs---- C:\FOUND.009
2008-06-09 17:25 . 2008-06-09 17:25 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-09 17:25 . 2008-03-12 09:30 159,896 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-09 17:25 . 2008-02-25 16:38 93,440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2008-06-09 17:25 . 2008-02-21 08:56 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2008-06-09 17:25 . 2008-02-21 08:56 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
2008-06-09 17:24 . 2008-06-09 17:25 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-06-09 17:15 . 2008-06-09 18:13 591 --a------ C:\WINDOWS\wininit.ini
2008-06-09 17:05 . 2008-06-10 17:52 55,808 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-06-09 17:05 . 2008-06-09 17:05 55,808 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-06-09 16:44 . 2008-06-09 16:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 16:44 . 2008-06-09 16:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy
2008-06-09 16:39 . 2008-06-09 16:39 <DIR> d-------- C:\WINDOWS\system32\5158
2008-06-09 16:39 . 2008-06-09 16:39 55,808 --a------ C:\WINDOWS\portsv.exe
2008-06-09 16:24 . 2008-06-09 16:09 775,680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys.~
2008-06-09 16:09 . 2008-06-09 16:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Grisoft
2008-06-09 16:09 . 2008-06-09 16:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\avg7
2008-06-09 15:57 . 2008-06-09 15:57 <DIR> d--hs---- C:\FOUND.008
2008-06-09 15:47 . 2008-06-09 15:47 <DIR> d--hs---- C:\WINDOWS\amFuaXN6ZXdza2k
2008-06-09 15:43 . 2008-06-09 15:43 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-09 15:43 . 2008-06-09 15:43 <DIR> d-------- C:\WINDOWS\system32\abD
2008-06-09 15:43 . 2008-06-09 15:43 67,124 --a------ C:\Temp\prev2dx.exe
2008-06-09 15:42 . 2008-06-09 15:42 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-06-09 15:42 . 2008-06-09 15:42 <DIR> d-------- C:\Temp
2008-06-09 15:39 . 2008-06-09 15:39 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\uTorrent
2008-06-09 15:35 . 2008-06-09 15:35 <DIR> d-------- C:\Program Files\uTorrent
2008-06-09 15:35 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-06-09 15:35 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-06-09 15:35 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-06-09 15:34 . 2008-06-09 15:34 49,158 --a------ C:\WINDOWS\444.0
2008-06-08 13:07 . 2008-06-08 13:07 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Winamp
2008-06-07 21:46 . 2008-06-07 21:47 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\SultansLabyrinth
2008-06-07 21:40 . 2008-06-07 21:40 <DIR> d-------- C:\WINDOWS\Tower Bloxx Deluxe
2008-06-07 21:40 . 2008-06-07 21:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DigitalChocolate
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\smc
2008-06-06 19:11 . 2008-06-06 19:11 <DIR> d--hs---- C:\FOUND.007
2008-06-05 15:01 . 2008-06-05 15:01 <DIR> d--hs---- C:\FOUND.006
2008-06-05 09:39 . 2008-06-05 09:39 <DIR> d--hs---- C:\FOUND.005
2008-06-03 14:01 . 2008-06-03 14:01 427 --a------ C:\WINDOWS\ODBC.INI
2008-06-03 13:55 . 2008-06-03 13:55 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Microsoft Web Folders
2008-05-30 22:23 . 2008-05-30 22:23 <DIR> d-------- C:\SWOS
2008-05-30 02:56 . 2008-05-30 02:56 <DIR> d--hs---- C:\FOUND.004
2008-05-29 17:32 . 2008-05-29 17:32 <DIR> d-------- C:\WINDOWS\Caribbean Pirate Quest
2008-05-29 07:47 . 2008-05-29 07:47 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-05-28 19:19 . 2008-05-28 19:19 <DIR> d--hs---- C:\FOUND.003
2008-05-28 06:52 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-28 06:22 . 2008-05-28 06:22 <DIR> d--hs---- C:\FOUND.002
2008-05-27 21:25 . 2008-05-27 21:25 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Alawar
2008-05-27 21:21 . 2008-05-27 21:21 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Teleca
2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Teleca
2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Sony Ericsson
2008-05-27 20:34 . 2008-05-27 20:34 6,176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-05-27 20:34 . 2008-05-27 20:34 5,808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-05-27 20:31 . 2004-08-04 00:44 192,000 --a------ C:\WINDOWS\system32\iuengine.dll
2008-05-27 20:00 . 2008-05-27 20:00 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Apple Computer
2008-05-27 19:59 . 2008-05-27 19:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2008-05-27 19:20 . 2008-05-27 19:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-05-27 19:14 . 2008-06-11 17:25 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-27 19:07 . 2008-05-27 19:07 <DIR> d-------- C:\Program Files\Soulseek
2008-05-27 18:51 . 2008-05-27 18:51 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Ahead
2008-05-27 18:48 . 2008-06-08 12:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-27 18:48 . 2008-05-27 19:36 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-27 18:48 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-27 18:48 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-27 18:46 . 2008-05-27 18:46 <DIR> d-------- C:\Program Files\Nero
2008-05-27 18:46 . 2008-06-09 23:53 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-27 18:46 . 2004-08-11 01:45 141,312 --a------ C:\WINDOWS\system32\setb3.tmp
2008-05-27 18:41 . 2008-05-27 18:41 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-05-27 18:36 . 2008-05-27 18:36 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Azureus
2008-05-27 18:36 . 2008-05-27 18:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Azureus
2008-05-27 18:35 . 2008-05-27 18:35 <DIR> d-------- C:\Program Files\Sun
2008-05-27 18:35 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 18:13 . 2003-12-02 21:10 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 18:13 . 2003-12-02 16:48 229,376 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-27 18:11 . 2008-05-27 18:11 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 18:11 . 2008-05-27 18:11 <DIR> d-------- C:\WINDOWS\Profiles
2008-05-27 18:11 . 2008-05-27 18:11 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\InterTrust
2008-05-27 18:11 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-27 18:06 . 2003-04-01 11:47 6,652,928 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-05-27 18:03 . 2008-05-27 18:03 <DIR> d-------- C:\Documents and Settings\artur\Seven Zip
2008-05-27 17:54 . 2008-05-27 17:54 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Gadu-Gadu
2008-05-27 17:50 . 2008-05-27 17:50 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-27 17:48 . 2008-05-27 17:48 <DIR> d---s---- C:\Documents and Settings\All Users\UserData
2008-05-27 17:48 . 2008-05-27 17:48 <DIR> dr------- C:\Documents and Settings\All Users\Moje dokumenty
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Gadu-Gadu
2008-05-27 17:29 . 2008-05-27 17:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> d--h----- C:\Documents and Settings\artur\Ustawienia lokalne
2008-05-27 17:21 . 2008-06-09 23:54 <DIR> dr------- C:\Documents and Settings\artur\Ulubione
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> d--h----- C:\Documents and Settings\artur\Szablony
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> d-------- C:\Documents and Settings\artur\Pulpit
2008-05-27 17:21 . 2008-06-09 23:54 <DIR> dr------- C:\Documents and Settings\artur\Moje dokumenty
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> dr------- C:\Documents and Settings\artur\Menu Start
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> dr-h----- C:\Documents and Settings\artur\Dane aplikacji
2008-05-27 17:21 . 2008-05-27 17:21 <DIR> d-------- C:\Documents and Settings\artur
2008-05-27 17:19 . 2008-05-27 17:19 <DIR> d--hs---- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 15:14 558,142 ----a-w C:\WINDOWS\java\Packages\FPBT35VZ.ZIP
2008-05-27 15:14 155,995 ----a-w C:\WINDOWS\java\Packages\8WR3LVB1.ZIP
2008-05-07 22:50 --------- d-----w C:\Program Files\Nexus Radio
2008-05-06 23:42 --------- d-----w C:\Documents and Settings\[email protected]\Dane aplikacji\TuneUp Software
2008-05-03 19:52 --------- d-----w C:\Documents and Settings\[email protected]\Dane aplikacji\PlayFirst
2008-04-28 07:28 3,532 ----a-w C:\drmHeader.bin
2008-04-23 16:24 --------- d-----w C:\Documents and Settings\[email protected]\Dane aplikacji\Boomzap
2008-04-19 16:55 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-13 16:24 --------- d-----w C:\Documents and Settings\[email protected]\Dane aplikacji\Thinstall
2007-11-05 16:14 23 ----a-w C:\Documents and Settings\[email protected]\helperd.bat
2007-10-17 22:38 337,408 ----a-w C:\Documents and Settings\[email protected]\ftpoiom.exe
2007-10-15 18:33 337,408 ----a-w C:\Documents and Settings\[email protected]\ftper.exe
2006-11-02 00:33 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]
"New Application"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 14:37 2598808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 10:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
"NWEReboot"="" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\artur\Menu Start\Programy\Autostart\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [2006-05-11 03:05:12 254976]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:20:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 09:30]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-02-21 08:56]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-02-21 08:56]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 21:21]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 20:02:10
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\PC TOOLS FIREWALL PLUS\FWSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-11 20:04:33 - machine was rebooted [artur]
ComboFix-quarantined-files.txt 2008-06-11 18:04:28
Pre-Run: 4,382,081,024 bajtów wolnych
Post-Run: 5,510,381,568 bajt˘w wolnych
326
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.118 [GMT 2:00]
Running from: C:\Documents and Settings\artur\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\artur\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\444.0.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\System32\pmnmmLEw.dll
C:\WINDOWS\System32\svdhost.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\[email protected]\Dane aplikacji\.#
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@AB8@3A4208.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@AB8@3A4238.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@AB8@3A4268.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@E54@3A4208.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@E54@3A4238.###
C:\Documents and Settings\[email protected]\Dane aplikacji\.#\MBX@E54@3A4268.###
C:\Documents and Settings\[email protected]\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\artur\Dane aplikacji\.#
C:\Documents and Settings\artur\Dane aplikacji\.#\MBX@DF4@3A4208.###
C:\Documents and Settings\artur\Dane aplikacji\.#\MBX@DF4@3A4238.###
C:\Documents and Settings\artur\Dane aplikacji\.#\MBX@DF4@3A4268.###
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc\23049.exe
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc\FIFA.06 KEYGEN-FFF.torrent
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc\FIFA.06 KEYGEN-FFF.zip
C:\Documents and Settings\artur\Dane aplikacji\Microsoft\dtsc\s
C:\Documents and Settings\artur\Moje dokumenty\RACLE~1
C:\Program Files\Common Files\{1D5D1~1
C:\Program Files\Common Files\{1D5D1~2
C:\Program Files\Common Files\{1D5D1~3
C:\Program Files\Common Files\{3D5D1~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\index.html
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\5158\28157.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\kttbpkhw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\whkpbttk.ini
C:\WINDOWS\system32\wHOXFMoq.ini
C:\WINDOWS\system32\wHOXFMoq.ini2
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.
2008-06-11 18:14 . 2008-06-11 18:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 20:59 . 2008-06-10 20:59 <DIR> d-------- C:\fixwareout
2008-06-10 20:42 . 2008-06-10 20:42 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Uniblue
2008-06-10 20:41 . 2008-06-10 20:41 <DIR> d-------- C:\Program Files\Uniblue
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-06-10 20:20 . 2008-05-27 17:04 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-10 20:20 . 2008-06-10 20:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-10 17:58 . 2008-06-10 17:58 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-10 17:58 . 2008-06-10 17:58 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\PC Tools
2008-06-10 17:58 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-10 17:58 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-10 17:58 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-10 17:58 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-10 00:42 . 2008-06-10 00:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-09 23:53 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-06-09 23:53 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Menu Start
2008-06-09 23:42 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-09 23:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002251_.tmp
2008-06-09 23:36 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-09 19:35 . 2008-06-09 23:50 2,017 --a------ C:\WINDOWS\system32\default.htm
2008-06-09 19:34 . 2008-06-09 19:34 <DIR> d--hs---- C:\FOUND.010
2008-06-09 18:17 . 2008-06-09 18:17 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\PCToolsFirewallPlus
2008-06-09 17:40 . 2008-06-09 17:40 <DIR> d--hs---- C:\FOUND.009
2008-06-09 17:25 . 2008-06-09 17:25 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-09 17:25 . 2008-03-12 09:30 159,896 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-09 17:25 . 2008-02-25 16:38 93,440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2008-06-09 17:25 . 2008-02-21 08:56 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2008-06-09 17:25 . 2008-02-21 08:56 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
2008-06-09 17:24 . 2008-06-09 17:25 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-06-09 17:15 . 2008-06-09 18:13 591 --a------ C:\WINDOWS\wininit.ini
2008-06-09 17:05 . 2008-06-10 17:52 55,808 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-06-09 17:05 . 2008-06-09 17:05 55,808 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-06-09 16:44 . 2008-06-09 16:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 16:44 . 2008-06-09 16:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy
2008-06-09 16:39 . 2008-06-09 16:39 <DIR> d-------- C:\WINDOWS\system32\5158
2008-06-09 16:39 . 2008-06-09 16:39 55,808 --a------ C:\WINDOWS\portsv.exe
2008-06-09 16:24 . 2008-06-09 16:09 775,680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys.~
2008-06-09 16:09 . 2008-06-09 16:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Grisoft
2008-06-09 16:09 . 2008-06-09 16:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\avg7
2008-06-09 15:57 . 2008-06-09 15:57 <DIR> d--hs---- C:\FOUND.008
2008-06-09 15:47 . 2008-06-09 15:47 <DIR> d--hs---- C:\WINDOWS\amFuaXN6ZXdza2k
2008-06-09 15:43 . 2008-06-09 15:43 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-09 15:43 . 2008-06-09 15:43 <DIR> d-------- C:\WINDOWS\system32\abD
2008-06-09 15:43 . 2008-06-09 15:43 67,124 --a------ C:\Temp\prev2dx.exe
2008-06-09 15:42 . 2008-06-09 15:42 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-06-09 15:42 . 2008-06-09 15:42 <DIR> d-------- C:\Temp
2008-06-09 15:39 . 2008-06-09 15:39 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\uTorrent
2008-06-09 15:35 . 2008-06-09 15:35 <DIR> d-------- C:\Program Files\uTorrent
2008-06-09 15:35 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-06-09 15:35 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-06-09 15:35 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-06-09 15:34 . 2008-06-09 15:34 49,158 --a------ C:\WINDOWS\444.0
2008-06-08 13:07 . 2008-06-08 13:07 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Winamp
2008-06-07 21:46 . 2008-06-07 21:47 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\SultansLabyrinth
2008-06-07 21:40 . 2008-06-07 21:40 <DIR> d-------- C:\WINDOWS\Tower Bloxx Deluxe
2008-06-07 21:40 . 2008-06-07 21:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DigitalChocolate
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\smc
2008-06-06 19:11 . 2008-06-06 19:11 <DIR> d--hs---- C:\FOUND.007
2008-06-05 15:01 . 2008-06-05 15:01 <DIR> d--hs---- C:\FOUND.006
2008-06-05 09:39 . 2008-06-05 09:39 <DIR> d--hs---- C:\FOUND.005
2008-06-03 14:01 . 2008-06-03 14:01 427 --a------ C:\WINDOWS\ODBC.INI
2008-06-03 13:55 . 2008-06-03 13:55 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Microsoft Web Folders
2008-05-30 22:23 . 2008-05-30 22:23 <DIR> d-------- C:\SWOS
2008-05-30 02:56 . 2008-05-30 02:56 <DIR> d--hs---- C:\FOUND.004
2008-05-29 17:32 . 2008-05-29 17:32 <DIR> d-------- C:\WINDOWS\Caribbean Pirate Quest
2008-05-29 07:47 . 2008-05-29 07:47 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-05-28 19:19 . 2008-05-28 19:19 <DIR> d--hs---- C:\FOUND.003
2008-05-28 06:52 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-28 06:22 . 2008-05-28 06:22 <DIR> d--hs---- C:\FOUND.002
2008-05-27 21:25 . 2008-05-27 21:25 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Alawar
2008-05-27 21:21 . 2008-05-27 21:21 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Teleca
2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Teleca
2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Sony Ericsson
2008-05-27 20:34 . 2008-05-27 20:34 6,176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-05-27 20:34 . 2008-05-27 20:34 5,808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-05-27 20:31 . 2004-08-04 00:44 192,000 --a------ C:\WINDOWS\system32\iuengine.dll
2008-05-27 20:00 . 2008-05-27 20:00 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Apple Computer
2008-05-27 19:59 . 2008-05-27 19:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2008-05-27 19:20 . 2008-05-27 19:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-05-27 19:14 . 2008-06-11 17:25 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-27 19:07 . 2008-05-27 19:07 <DIR> d-------- C:\Program Files\Soulseek
2008-05-27 18:51 . 2008-05-27 18:51 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Ahead
2008-05-27 18:48 . 2008-06-08 12:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-27 18:48 . 2008-05-27 19:36 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-27 18:48 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-27 18:48 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-27 18:46 . 2008-05-27 18:46 <DIR> d-------- C:\Program Files\Nero
2008-05-27 18:46 . 2008-06-09 23:53 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-27 18:46 . 2004-08-11 01:45 141,312 --a------ C:\WINDOWS\system32\setb3.tmp
2008-05-27 18:41 . 2008-05-27 18:41 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-05-27 18:36 . 2008-05-27 18:36 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Azureus
2008-05-27 18:36 . 2008-05-27 18:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Azureus
2008-05-27 18:35 . 2008-05-27 18:35 <DIR> d-------- C:\Program Files\Sun
2008-05-27 18:35 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 18:13 . 2003-12-02 21:10 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 18:13 . 2003-12-02 16:48 229,376 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-27 18:11 . 2008-05-27 18:11 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-27 18:11 . 2008-05-27 18:11 <DIR> d-------- C:\WINDOWS\Profiles
2008-05-27 18:11 . 2008-05-27 18:11 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\InterTrust
2008-05-27 18:11 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-27 18:06 . 2003-04-01 11:47 6,652,928 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-05-27 18:03 . 2008-05-27 18:03 <DIR> d-------- C:\Documents and Settings\artur\Seven Zip
2008-05-27 17:54 . 2008-05-27 17:54 <DIR> d-------- C:\Documents and Settings\artur\Dane aplikacji\Gadu-Gadu
2008-05-27 17:50 . 2008-05-27 17:50 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-27 17:48 . 2008-05-27 17:48 <DIR> d---s---- C:\Documents and Settings\All Users\UserData
2008-05-27 17:48 . 2008-05-27 17:48 <DIR> dr------- C:\Documents and Settings\All Users\Moje dokumenty
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Gadu-Gadu
2008-05-27 17:29 . 2008-05-27 17:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> d--h----- C:\Documents and Settings\artur\Ustawienia lokalne
2008-05-27 17:21 . 2008-06-09 23:54 <DIR> dr------- C:\Documents and Settings\artur\Ulubione
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> d--h----- C:\Documents and Settings\artur\Szablony
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> d-------- C:\Documents and Settings\artur\Pulpit
2008-05-27 17:21 . 2008-06-09 23:54 <DIR> dr------- C:\Documents and Settings\artur\Moje dokumenty
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> dr------- C:\Documents and Settings\artur\Menu Start
2008-05-27 17:21 . 2008-05-27 17:04 <DIR> dr-h----- C:\Documents and Settings\artur\Dane aplikacji
2008-05-27 17:21 . 2008-05-27 17:21 <DIR> d-------- C:\Documents and Settings\artur
2008-05-27 17:19 . 2008-05-27 17:19 <DIR> d--hs---- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 15:14 558,142 ----a-w C:\WINDOWS\java\Packages\FPBT35VZ.ZIP
2008-05-27 15:14 155,995 ----a-w C:\WINDOWS\java\Packages\8WR3LVB1.ZIP
2008-05-07 22:50 --------- d-----w C:\Program Files\Nexus Radio
2008-05-06 23:42 --------- d-----w C:\Documents and Settings\[email protected]\Dane aplikacji\TuneUp Software
2008-05-03 19:52 --------- d-----w C:\Documents and Settings\[email protected]\Dane aplikacji\PlayFirst
2008-04-28 07:28 3,532 ----a-w C:\drmHeader.bin
2008-04-23 16:24 --------- d-----w C:\Documents and Settings\[email protected]\Dane aplikacji\Boomzap
2008-04-19 16:55 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-13 16:24 --------- d-----w C:\Documents and Settings\[email protected]\Dane aplikacji\Thinstall
2007-11-05 16:14 23 ----a-w C:\Documents and Settings\[email protected]\helperd.bat
2007-10-17 22:38 337,408 ----a-w C:\Documents and Settings\[email protected]\ftpoiom.exe
2007-10-15 18:33 337,408 ----a-w C:\Documents and Settings\[email protected]\ftper.exe
2006-11-02 00:33 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]
"New Application"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 14:37 2598808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 10:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
"NWEReboot"="" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\artur\Menu Start\Programy\Autostart\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [2006-05-11 03:05:12 254976]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:20:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 09:30]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-02-21 08:56]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-02-21 08:56]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 21:21]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 20:02:10
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\PC TOOLS FIREWALL PLUS\FWSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-11 20:04:33 - machine was rebooted [artur]
ComboFix-quarantined-files.txt 2008-06-11 18:04:28
Pre-Run: 4,382,081,024 bajtów wolnych
Post-Run: 5,510,381,568 bajt˘w wolnych
326
- jamajjjjjjjjjjjjjjjj
- Forumowicz
- Posty: 6
- Dołączenie: 10 Cze 2008, 21:24
przez huber2t » 12 Cze 2008, 05:17
UA:
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
- Kod: Zaznacz wszystko
File::
C:\WINDOWS\002251_.tmp
C:\WINDOWS\system32\default.htm
C:\WINDOWS\444.0
Folder::
C:\FOUND.010
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"=-
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
10 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Google [Bot]