Prosze o pomoc cos nie tak chodzi mi komputer czasami jest to odczuwalne jak chce otworzyc zawartosc dysku
nie wiem co to ten raid
ani apache i nie moge sie tego pozbyc
uzywam spybot ad awere oraz eset nod32
a o to moje logi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:57, on 2008-02-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2099 bytes
Prosba o sprawdzenie loga
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
7 posty(ów)
• Strona 1 z 1
Prosba o sprawdzenie loga
przez jepsik » 14 Lut 2008, 11:20
UA:
Q6600 2.4
Asus P5E3
GF Gigabyte 8800 GTS
Ram Ocz 2x 1GB 1333Mhz
HDD Sygate 500GB
Razor Copperhead
Klawiatura Logitech
Asus P5E3
GF Gigabyte 8800 GTS
Ram Ocz 2x 1GB 1333Mhz
HDD Sygate 500GB
Razor Copperhead
Klawiatura Logitech
- jepsik
- Forumowicz
- Posty: 4
- Dołączenie: 14 Lut 2008, 11:10
przez jepsik » 14 Lut 2008, 13:46
UA:
na dole sa logi z sillent runnera i combofix'a
Ostatnio edytowany przez jepsik, 14 Lut 2008, 17:42, edytowano w sumie 1 raz
Q6600 2.4
Asus P5E3
GF Gigabyte 8800 GTS
Ram Ocz 2x 1GB 1333Mhz
HDD Sygate 500GB
Razor Copperhead
Klawiatura Logitech
Asus P5E3
GF Gigabyte 8800 GTS
Ram Ocz 2x 1GB 1333Mhz
HDD Sygate 500GB
Razor Copperhead
Klawiatura Logitech
- jepsik
- Forumowicz
- Posty: 4
- Dołączenie: 14 Lut 2008, 11:10
-
Bozz - Moderator
- Posty: 2862
- Dołączenie: 21 Sie 2006, 14:08
- Miejscowość: 49°54' N 21°03' E
- Pochwały: 20
przez jepsik » 14 Lut 2008, 16:57
UA:
Logi sillent runners
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
{HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
{HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
{HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
{HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
{HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
{HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
{HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
{HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
{HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
{HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
{HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\junkee\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
---------- (launch time: 2008-02-14 15:56:23)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 17 seconds, including 4 seconds for message boxes)
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
{HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
{HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
{HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
{HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
{HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
{HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
{HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
{HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
{HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
{HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
{HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\junkee\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
---------- (launch time: 2008-02-14 15:56:23)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 17 seconds, including 4 seconds for message boxes)
Q6600 2.4
Asus P5E3
GF Gigabyte 8800 GTS
Ram Ocz 2x 1GB 1333Mhz
HDD Sygate 500GB
Razor Copperhead
Klawiatura Logitech
Asus P5E3
GF Gigabyte 8800 GTS
Ram Ocz 2x 1GB 1333Mhz
HDD Sygate 500GB
Razor Copperhead
Klawiatura Logitech
- jepsik
- Forumowicz
- Posty: 4
- Dołączenie: 14 Lut 2008, 11:10
przez jepsik » 14 Lut 2008, 17:17
UA:
ComboFix log
ComboFix 08-02-14.2 - junkee 2008-02-14 15:58:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1211 [GMT 1:00]
Running from: E:\DL FF\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dytxkvyp.ini
C:\WINDOWS\system32\earxedwn.ini
C:\WINDOWS\system32\fgrouwbv.ini
C:\WINDOWS\system32\fqwaidfu.ini
C:\WINDOWS\system32\huxxmekq.ini
C:\WINDOWS\system32\ilhmolbw.ini
C:\WINDOWS\system32\jwfalvfm.ini
C:\WINDOWS\system32\nwfxeoqp.ini
C:\WINDOWS\system32\pqxijnth.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\rcwrwlud.ini
C:\WINDOWS\system32\rttopqpy.ini
C:\WINDOWS\system32\txtqxunf.ini
C:\WINDOWS\system32\usvwggul.ini
C:\WINDOWS\system32\yajbrpxl.ini
.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.
2008-02-13 13:56 . 2008-02-13 13:56 496,462 --a------ C:\WINDOWS\t_eJay4.inf
2008-02-13 13:33 . 2008-02-13 13:33 <DIR> d-------- C:\WINDOWS\speech
2008-02-13 13:33 . 2008-02-13 13:33 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-13 13:33 . 2008-02-13 13:33 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-11 05:03 . 2008-02-11 08:46 <DIR> d-------- C:\VundoFix Backups
2008-02-10 16:02 . 2008-02-11 04:58 354 ---hs---- C:\WINDOWS\system32\pecmampl.ini
2008-02-09 16:05 . 2008-02-09 16:05 294 ---hs---- C:\WINDOWS\system32\uxsaitus.ini
2008-02-08 16:03 . 2008-02-08 16:03 594 ---hs---- C:\WINDOWS\system32\iyxhchnu.ini
2008-02-08 14:19 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-02-08 14:19 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-02-08 14:19 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-02-08 14:19 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-08 14:19 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-02-08 14:19 . 2008-02-08 14:19 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-08 14:17 . 2008-02-08 14:33 <DIR> d-------- C:\Program Files\coolpro2
2008-02-08 11:43 . 2008-02-08 11:43 <DIR> d-------- C:\Program Files\ICCup
2008-02-07 16:02 . 2008-02-08 09:58 534 ---hs---- C:\WINDOWS\system32\dphedbfk.ini
2008-02-06 15:59 . 2008-02-07 16:00 414 ---hs---- C:\WINDOWS\system32\tvcumcyc.ini
2008-02-06 14:06 . 2008-02-06 14:06 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-02-06 13:59 . 2008-02-06 13:59 <DIR> d---s---- C:\Documents and Settings\junkee\UserData
2008-02-06 13:55 . 2008-02-06 13:55 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Image Zone Express
2008-02-05 16:01 . 2008-02-06 00:06 354 ---hs---- C:\WINDOWS\system32\bcxfidbr.ini
2008-02-04 20:10 . 2008-02-04 20:10 35,971 --a------ C:\WINDOWS\FontData.fdb
2008-02-04 05:21 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-04 05:21 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-04 05:21 . 2008-02-04 05:21 38 --a------ C:\WINDOWS\avisplitter.INI
2008-02-04 05:20 . 2008-02-04 05:43 <DIR> d-------- C:\Program Files\Picasa2
2008-02-04 05:20 . 2008-02-04 05:20 <DIR> d-------- C:\Program Files\Google
2008-02-04 02:02 . 2008-02-04 02:02 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Corel
2008-02-04 01:57 . 2008-02-04 01:57 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-02 03:00 . 2008-02-02 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-31 23:03 . 2008-01-31 23:03 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-01-31 23:03 . 2008-01-31 23:06 <DIR> d-------- C:\VTPFiles
2008-01-31 23:03 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-01-31 23:03 . 2008-01-31 23:03 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-01-31 23:03 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-01-31 23:03 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-01-31 22:18 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-31 22:13 . 2008-01-31 22:13 <DIR> d-------- C:\Program Files\MSBuild
2008-01-31 22:13 . 2008-01-31 22:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-31 22:12 . 2008-01-31 22:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-31 22:09 . 2008-01-31 22:09 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-31 22:08 . 2008-01-31 22:08 <DIR> dr-h----- C:\MSOCache
2008-01-31 22:02 . 2008-02-01 00:46 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Hamachi
2008-01-31 22:00 . 2008-02-02 05:23 <DIR> d-------- C:\Program Files\Hamachi
2008-01-31 22:00 . 2008-01-31 22:00 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-31 20:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-31 20:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-31 20:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-31 20:44 . 2008-01-31 20:44 <DIR> d-------- C:\Program Files\directx
2008-01-31 20:32 . 2008-02-14 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-01-31 16:10 . 2004-09-29 21:36 15,360 -rah----- C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-01-30 03:01 . 2008-02-11 04:58 1,107 --a------ C:\WINDOWS\wininit.ini
2008-01-30 02:35 . 2008-01-30 02:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-30 02:35 . 2008-01-31 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-01-29 15:55 . 2008-01-29 15:55 65,088 --a------ C:\WINDOWS\system32\sipywynf.dll
2008-01-28 20:34 . 2008-01-28 20:34 <DIR> d-------- C:\Program Files\DivX
2008-01-26 16:17 . 2008-01-26 16:17 <DIR> d-------- C:\WINDOWS\USB Vibration
2008-01-26 16:17 . 2008-01-26 16:17 <DIR> d-------- C:\Program Files\USB Vibration
2008-01-26 03:50 . 2007-04-04 23:39 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-25 21:03 . 2008-01-25 21:03 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Media Player Classic
2008-01-25 17:18 . 2008-01-25 17:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-25 17:18 . 2008-01-30 03:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 17:16 . 2008-01-25 17:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 17:14 . 2008-01-25 17:14 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-01-25 03:41 . 2008-01-25 03:41 38,400 --a------ C:\WINDOWS\system32\tuvturq.dll.vir
2008-01-24 20:26 . 2008-01-29 13:54 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Bioshock
2008-01-22 23:31 . 2008-02-11 16:02 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\U3
2008-01-21 23:48 . 2008-01-30 03:10 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-21 23:48 . 2008-01-22 00:04 973 --a------ C:\WINDOWS\ARPR.INI
2008-01-21 22:17 . 2008-02-14 09:10 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\skypePM
2008-01-21 22:17 . 2008-01-21 22:17 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-21 22:16 . 2008-01-21 22:16 <DIR> d-------- C:\Program Files\Skype
2008-01-21 22:16 . 2008-01-21 22:16 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-21 22:16 . 2008-02-14 09:16 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Skype
2008-01-21 22:16 . 2008-01-21 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-21 18:11 . 2008-01-21 18:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-21 18:00 . 2008-01-21 18:00 <DIR> d-------- C:\WINDOWS\Sun
2008-01-21 11:13 . 2008-01-21 11:13 <DIR> d-------- C:\Program Files\Java
2008-01-21 11:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-21 11:12 . 2008-01-21 11:12 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-20 22:09 . 2008-01-20 22:09 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-20 22:09 . 2008-01-20 22:09 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\DAEMON Tools
2008-01-20 21:56 . 2008-01-20 21:56 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-20 21:56 . 2008-01-20 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-01-20 21:55 . 2008-01-20 21:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-20 21:55 . 2008-01-20 21:55 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-20 21:51 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-20 21:51 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-01-20 21:51 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-01-20 21:51 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-01-20 21:51 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-01-20 21:51 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-01-20 21:51 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-01-20 21:19 . 2008-01-20 21:56 <DIR> d-------- C:\Program Files\HP
2008-01-20 21:19 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-20 21:19 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-20 21:18 . 2008-01-20 21:18 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\HP
2008-01-20 21:18 . 2008-01-20 21:56 113,525 --a------ C:\WINDOWS\hpoins07.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 14:59 --------- d-----w C:\Documents and Settings\junkee\Dane aplikacji\uTorrent
2008-02-05 09:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 00:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-24 08:53 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-20 21:06 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 21:06 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-17 15:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-17 15:14 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-16 22:31 --------- d-----w C:\Program Files\StarCraft Brood War by Monikon
2008-01-16 16:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-16 16:14 --------- d-----w C:\Program Files\Electronic Arts
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 23:18 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 04:35]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 21:52]
R2 MRUWebService;MRU Web Service;"C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe" [2007-05-23 01:17]
R3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 10:54]
S3 Marvell RAID;Marvell RAID Event Agent;C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-05-23 01:36]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Launch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{569ae39a-a52d-11dc-9ae0-00096b07ce09}]
\Shell\AutoRun\command - G:\Autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 16:01:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-02-14 16:01:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 15:01:49
.
2008-02-14 02:02:04 --- E O F ---
dodam jeszcze ze strasznie dlugo startuje system jak na taki sprzecik
ComboFix 08-02-14.2 - junkee 2008-02-14 15:58:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1211 [GMT 1:00]
Running from: E:\DL FF\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dytxkvyp.ini
C:\WINDOWS\system32\earxedwn.ini
C:\WINDOWS\system32\fgrouwbv.ini
C:\WINDOWS\system32\fqwaidfu.ini
C:\WINDOWS\system32\huxxmekq.ini
C:\WINDOWS\system32\ilhmolbw.ini
C:\WINDOWS\system32\jwfalvfm.ini
C:\WINDOWS\system32\nwfxeoqp.ini
C:\WINDOWS\system32\pqxijnth.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\rcwrwlud.ini
C:\WINDOWS\system32\rttopqpy.ini
C:\WINDOWS\system32\txtqxunf.ini
C:\WINDOWS\system32\usvwggul.ini
C:\WINDOWS\system32\yajbrpxl.ini
.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.
2008-02-13 13:56 . 2008-02-13 13:56 496,462 --a------ C:\WINDOWS\t_eJay4.inf
2008-02-13 13:33 . 2008-02-13 13:33 <DIR> d-------- C:\WINDOWS\speech
2008-02-13 13:33 . 2008-02-13 13:33 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-13 13:33 . 2008-02-13 13:33 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-11 05:03 . 2008-02-11 08:46 <DIR> d-------- C:\VundoFix Backups
2008-02-10 16:02 . 2008-02-11 04:58 354 ---hs---- C:\WINDOWS\system32\pecmampl.ini
2008-02-09 16:05 . 2008-02-09 16:05 294 ---hs---- C:\WINDOWS\system32\uxsaitus.ini
2008-02-08 16:03 . 2008-02-08 16:03 594 ---hs---- C:\WINDOWS\system32\iyxhchnu.ini
2008-02-08 14:19 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-02-08 14:19 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-02-08 14:19 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-02-08 14:19 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-08 14:19 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-02-08 14:19 . 2008-02-08 14:19 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-08 14:17 . 2008-02-08 14:33 <DIR> d-------- C:\Program Files\coolpro2
2008-02-08 11:43 . 2008-02-08 11:43 <DIR> d-------- C:\Program Files\ICCup
2008-02-07 16:02 . 2008-02-08 09:58 534 ---hs---- C:\WINDOWS\system32\dphedbfk.ini
2008-02-06 15:59 . 2008-02-07 16:00 414 ---hs---- C:\WINDOWS\system32\tvcumcyc.ini
2008-02-06 14:06 . 2008-02-06 14:06 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-02-06 13:59 . 2008-02-06 13:59 <DIR> d---s---- C:\Documents and Settings\junkee\UserData
2008-02-06 13:55 . 2008-02-06 13:55 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Image Zone Express
2008-02-05 16:01 . 2008-02-06 00:06 354 ---hs---- C:\WINDOWS\system32\bcxfidbr.ini
2008-02-04 20:10 . 2008-02-04 20:10 35,971 --a------ C:\WINDOWS\FontData.fdb
2008-02-04 05:21 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-04 05:21 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-04 05:21 . 2008-02-04 05:21 38 --a------ C:\WINDOWS\avisplitter.INI
2008-02-04 05:20 . 2008-02-04 05:43 <DIR> d-------- C:\Program Files\Picasa2
2008-02-04 05:20 . 2008-02-04 05:20 <DIR> d-------- C:\Program Files\Google
2008-02-04 02:02 . 2008-02-04 02:02 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Corel
2008-02-04 01:57 . 2008-02-04 01:57 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-02 03:00 . 2008-02-02 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-31 23:03 . 2008-01-31 23:03 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-01-31 23:03 . 2008-01-31 23:06 <DIR> d-------- C:\VTPFiles
2008-01-31 23:03 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-01-31 23:03 . 2008-01-31 23:03 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-01-31 23:03 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-01-31 23:03 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-01-31 22:18 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-31 22:13 . 2008-01-31 22:13 <DIR> d-------- C:\Program Files\MSBuild
2008-01-31 22:13 . 2008-01-31 22:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-31 22:12 . 2008-01-31 22:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-31 22:09 . 2008-01-31 22:09 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-31 22:08 . 2008-01-31 22:08 <DIR> dr-h----- C:\MSOCache
2008-01-31 22:02 . 2008-02-01 00:46 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Hamachi
2008-01-31 22:00 . 2008-02-02 05:23 <DIR> d-------- C:\Program Files\Hamachi
2008-01-31 22:00 . 2008-01-31 22:00 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-31 20:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-31 20:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-31 20:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-31 20:44 . 2008-01-31 20:44 <DIR> d-------- C:\Program Files\directx
2008-01-31 20:32 . 2008-02-14 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-01-31 16:10 . 2004-09-29 21:36 15,360 -rah----- C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-01-30 03:01 . 2008-02-11 04:58 1,107 --a------ C:\WINDOWS\wininit.ini
2008-01-30 02:35 . 2008-01-30 02:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-30 02:35 . 2008-01-31 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-01-29 15:55 . 2008-01-29 15:55 65,088 --a------ C:\WINDOWS\system32\sipywynf.dll
2008-01-28 20:34 . 2008-01-28 20:34 <DIR> d-------- C:\Program Files\DivX
2008-01-26 16:17 . 2008-01-26 16:17 <DIR> d-------- C:\WINDOWS\USB Vibration
2008-01-26 16:17 . 2008-01-26 16:17 <DIR> d-------- C:\Program Files\USB Vibration
2008-01-26 03:50 . 2007-04-04 23:39 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-25 21:03 . 2008-01-25 21:03 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Media Player Classic
2008-01-25 17:18 . 2008-01-25 17:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-25 17:18 . 2008-01-30 03:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 17:16 . 2008-01-25 17:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 17:14 . 2008-01-25 17:14 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-01-25 03:41 . 2008-01-25 03:41 38,400 --a------ C:\WINDOWS\system32\tuvturq.dll.vir
2008-01-24 20:26 . 2008-01-29 13:54 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Bioshock
2008-01-22 23:31 . 2008-02-11 16:02 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\U3
2008-01-21 23:48 . 2008-01-30 03:10 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-21 23:48 . 2008-01-22 00:04 973 --a------ C:\WINDOWS\ARPR.INI
2008-01-21 22:17 . 2008-02-14 09:10 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\skypePM
2008-01-21 22:17 . 2008-01-21 22:17 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-21 22:16 . 2008-01-21 22:16 <DIR> d-------- C:\Program Files\Skype
2008-01-21 22:16 . 2008-01-21 22:16 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-21 22:16 . 2008-02-14 09:16 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\Skype
2008-01-21 22:16 . 2008-01-21 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-21 18:11 . 2008-01-21 18:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-21 18:00 . 2008-01-21 18:00 <DIR> d-------- C:\WINDOWS\Sun
2008-01-21 11:13 . 2008-01-21 11:13 <DIR> d-------- C:\Program Files\Java
2008-01-21 11:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-21 11:12 . 2008-01-21 11:12 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-20 22:09 . 2008-01-20 22:09 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-20 22:09 . 2008-01-20 22:09 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\DAEMON Tools
2008-01-20 21:56 . 2008-01-20 21:56 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-20 21:56 . 2008-01-20 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-01-20 21:55 . 2008-01-20 21:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-20 21:55 . 2008-01-20 21:55 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-20 21:51 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-20 21:51 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-01-20 21:51 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-01-20 21:51 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-01-20 21:51 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-01-20 21:51 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-01-20 21:51 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-01-20 21:19 . 2008-01-20 21:56 <DIR> d-------- C:\Program Files\HP
2008-01-20 21:19 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-20 21:19 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-20 21:18 . 2008-01-20 21:18 <DIR> d-------- C:\Documents and Settings\junkee\Dane aplikacji\HP
2008-01-20 21:18 . 2008-01-20 21:56 113,525 --a------ C:\WINDOWS\hpoins07.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 14:59 --------- d-----w C:\Documents and Settings\junkee\Dane aplikacji\uTorrent
2008-02-05 09:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 00:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-24 08:53 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-20 21:06 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 21:06 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-17 15:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-17 15:14 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-16 22:31 --------- d-----w C:\Program Files\StarCraft Brood War by Monikon
2008-01-16 16:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-16 16:14 --------- d-----w C:\Program Files\Electronic Arts
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 23:18 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 04:35]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 21:52]
R2 MRUWebService;MRU Web Service;"C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe" [2007-05-23 01:17]
R3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 10:54]
S3 Marvell RAID;Marvell RAID Event Agent;C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-05-23 01:36]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Launch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{569ae39a-a52d-11dc-9ae0-00096b07ce09}]
\Shell\AutoRun\command - G:\Autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 16:01:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-02-14 16:01:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 15:01:49
.
2008-02-14 02:02:04 --- E O F ---
dodam jeszcze ze strasznie dlugo startuje system jak na taki sprzecik
Q6600 2.4
Asus P5E3
GF Gigabyte 8800 GTS
Ram Ocz 2x 1GB 1333Mhz
HDD Sygate 500GB
Razor Copperhead
Klawiatura Logitech
Asus P5E3
GF Gigabyte 8800 GTS
Ram Ocz 2x 1GB 1333Mhz
HDD Sygate 500GB
Razor Copperhead
Klawiatura Logitech
- jepsik
- Forumowicz
- Posty: 4
- Dołączenie: 14 Lut 2008, 11:10
przez pp3088 » 16 Lut 2008, 13:56
UA:
Wklej do Notatnika:
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combofix.
File::
C:\WINDOWS\msdownld.tmp
C:\VundoFix Backups
C:\WINDOWS\system32\pecmampl.ini
C:\WINDOWS\system32\uxsaitus.ini
C:\WINDOWS\system32\iyxhchnu.ini
C:\WINDOWS\system32\dphedbfk.ini
C:\WINDOWS\system32\tvcumcyc.ini
C:\WINDOWS\system32\bcxfidbr.ini
C:\WINDOWS\avisplitter.INI
C:\WINDOWS\system32\tuvturq.dll.vir
C:\WINDOWS\HideWin.exe
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combofix.
-
pp3088 - Aktywny w piśmie
- Posty: 999
- Dołączenie: 11 Sie 2006, 23:59
- Miejscowość: Szczecin
7 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Brak zarejestrowanych użytkowników