Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Trojan-Downloader.Win32 Agent varint-HELP!!!
23 Kwi 2008, 22:09
Witam. Mam problem z "Trojan-Downloader.Win32 Agent varint" moj antivir go wykryl ja go usunolem i nic :cry:
PROSZĘ was o pomoc!!!!
Wyskakuje mi między innymi gdy uruchamiam grę World of Warcraft
BŁAGAM POMOCY!!!(mój los w waszych rękach) ://////
PROSZĘ was o pomoc!!!!
Wyskakuje mi między innymi gdy uruchamiam grę World of Warcraft
BŁAGAM POMOCY!!!(mój los w waszych rękach) ://////
23 Kwi 2008, 22:16
Ok tylko ze jestem nobem jesli chodzi o system. Jak mam to zrobic??
te logi. np z sdfix??
te logi. np z sdfix??
28 Kwi 2008, 18:59
ok a jest różnica który program odpale pierwszy combofix, HijackThis czy SDfix?
Od którego zacząć i jaki jest nabezpieczniejszy?
I czy nic się nie stanie mojemu pc jeśli ktoś kto będzie sprawdzał mój log poda mi błędne info na temat co mam usunąć a co zostawić?
Proszę o odpowiedź.
Od którego zacząć i jaki jest nabezpieczniejszy?
I czy nic się nie stanie mojemu pc jeśli ktoś kto będzie sprawdzał mój log poda mi błędne info na temat co mam usunąć a co zostawić?
Proszę o odpowiedź.
28 Kwi 2008, 19:03
Możesz obojętną kolejność logów wybrać i wszystkie są bezpieczne. Ręczę, że nic się nie stanie złego Twojemu PC, mamy tutaj speców od tego 
28 Kwi 2008, 19:26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:01, on 2008-04-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\Program Files\CyberLink\Shared Files\RichVideo.exe
H:\WINDOWS\System32\wdfmgr.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Gigabyte\ET5\GUI.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - I:\QUAKE 3\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [EasyTuneV] H:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "I:\QUAKE 3\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://I:\QUAKE 3\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://I:\QUAKE 3\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://I:\QUAKE 3\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://I:\QUAKE 3\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D5409A-6515-4BE2-BC32-FD7F7B2BED26}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.194 85.255.112.177
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 Home Edition (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7099 bytes
Dobrze??
Scan saved at 19:23:01, on 2008-04-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\Program Files\CyberLink\Shared Files\RichVideo.exe
H:\WINDOWS\System32\wdfmgr.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Gigabyte\ET5\GUI.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - I:\QUAKE 3\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [EasyTuneV] H:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "I:\QUAKE 3\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://I:\QUAKE 3\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://I:\QUAKE 3\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://I:\QUAKE 3\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://I:\QUAKE 3\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D5409A-6515-4BE2-BC32-FD7F7B2BED26}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.194 85.255.112.177
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 Home Edition (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7099 bytes
Dobrze??
28 Kwi 2008, 19:38
Dobrze, daj kolejne i czekaj na sprawdzenie
28 Kwi 2008, 20:11
Przy uruchamianiu combofix'a wyskakuje mi te niebieskie okiienko z napisem please wait ale chwilkę potem wyskakuje okienko 'DISCLAMER OF WARRANTY ON SOFTWARE'' a na samym dole do wyboru TAK lub NIE, gdy klikam TAK to pojawia się drugie okienko "ROUGHLY 1/100 MACHINES FAILEND TO MAKE IT THROUGHT THE DISINFECTION PROCES!!" poniżej ""Are you sure want to do this?? poniżej TAK NIE[/code][/quote]
28 Kwi 2008, 20:22
Logiczne że tak
28 Kwi 2008, 20:23
nic nie wywnioskowalem wcisnac "TAK"??
28 Kwi 2008, 20:31
wciśnij "TAK"
28 Kwi 2008, 20:34
ComboFix 08-04-27.3 - Łukasz 2008-04-28 20:25:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1532 [GMT 2:00]
Running from: H:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\WINDOWS\system32\kdmek.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-28 19:22 . 2008-04-28 19:22 <DIR> d-------- H:\Program Files\Trend Micro
2008-04-28 19:13 . 2008-04-28 19:13 812,344 --a------ H:\HJTInstall.exe
2008-04-25 08:45 . 2008-01-06 14:44 140,288 --a------ H:\WINDOWS\system32\COMDLG32.OCX
2008-04-22 18:38 . 2008-04-22 18:38 <DIR> d-------- H:\Program Files\Kaspersky Lab
2008-04-22 18:38 . 2008-04-28 20:29 6,599,968 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 18:38 . 2008-04-22 18:45 96,645 --a------ H:\WINDOWS\system32\drivers\klin.dat
2008-04-22 18:38 . 2008-04-28 20:27 92,552 --ahs---- H:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 18:38 . 2008-04-22 18:45 87,941 --a------ H:\WINDOWS\system32\drivers\klick.dat
2008-04-22 18:38 . 2008-04-28 20:29 33,824 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 18:38 . 2008-04-28 20:27 5,192 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 18:36 . 2008-04-22 18:36 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-20 13:51 . 2008-04-20 13:51 276 --a------ H:\WINDOWS\BeatBox.INI
2008-04-20 13:41 . 2008-04-20 16:22 67 --a------ H:\WINDOWS\musicmaker.INI
2008-04-20 13:35 . 2008-04-20 13:35 <DIR> d-------- H:\Program Files\Common Files\MAGIX Shared
2008-04-20 12:34 . 2005-09-15 16:55 458,752 --a------ H:\WINDOWS\system32\mgxoschk.dll
2008-04-20 12:34 . 2005-09-07 18:08 2,446 --a------ H:\WINDOWS\mgxoschk.ini
2008-04-20 12:25 . 1998-10-01 15:22 299,520 --a------ H:\WINDOWS\uninst.exe
2008-04-20 12:25 . 1998-05-20 21:36 254,976 --a------ H:\WINDOWS\system32\xaudio.dll
2008-04-20 12:19 . 2008-04-20 12:21 270 --a------ H:\WINDOWS\Muma50dm.INI
2008-04-20 12:19 . 2008-04-20 12:19 97 --a------ H:\WINDOWS\MAGIX.INI
2008-04-20 12:14 . 2008-04-20 12:14 720,896 --a------ H:\WINDOWS\iun6002.exe
2008-04-10 21:52 . 2008-04-10 21:56 <DIR> d-------- H:\Program Files\DAEMON Tools Lite
2008-04-02 12:38 . 2008-04-18 17:28 4,096 --a------ H:\WINDOWS\system32\crash
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 18:29 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-28 18:24 1,778,287 ----a-w H:\ComboFix.exe
2008-04-22 16:47 --------- d-----w H:\Program Files\lg_fwupdate
2008-04-10 17:53 717,296 ----a-w H:\WINDOWS\system32\drivers\sptd.sys
2008-03-19 21:22 --------- d-----w H:\Program Files\Java
2008-03-19 21:21 --------- d-----w H:\Program Files\Common Files\Java
2008-03-19 15:58 --------- d-----w H:\Program Files\Reference Assemblies
2008-03-19 15:58 --------- d-----w H:\Program Files\MSBuild
2008-03-19 15:53 --------- d-----w H:\Program Files\MSXML 6.0
2008-03-12 07:56 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-03-11 18:40 --------- d-----w H:\Program Files\BearShare Applications
2008-03-08 15:56 --------- d-----w H:\Program Files\Gadu-Gadu
2008-03-07 21:59 --------- d-----w H:\Program Files\Common Files\Blizzard Entertainment
2008-03-04 18:55 22,328 ----a-w H:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-04 02:32 --------- d-----w H:\Program Files\MSXML 4.0
2006-07-30 20:20 959 --sha-r H:\WINDOWS\system32\autorun.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 16:13 394680 --a------ H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="H:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 18:44 68856]
"BitComet"="I:\QUAKE 3\BitComet\BitComet.exe" [2007-12-07 17:03 1913656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="H:\Program Files\Gigabyte\ET5\ETcall.exe" [2006-12-15 15:13 31552]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 H:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 10:45 1826816 H:\WINDOWS\SkyTel.exe]
"ISUSPM Startup"="H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 08:15 221184]
"ISUSScheduler"="H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 08:15 81920]
"TkBellExe"="H:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-03 14:51 180269]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"AVP"="H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32]
winbue32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\WINDOWS\\system32\\PnkBstrA.exe"=
"H:\\WINDOWS\\system32\\PnkBstrB.exe"=
"I:\\Nowy folder\\iw3mp.exe"=
"H:\\Program Files\\Gadu-Gadu\\gg.exe"=
"I:\\QUAKE 3\\QuakeIIIArena 1.32 + OSP\\quake3.exe"=
"I:\\QUAKE 3\\BitComet\\BitComet.exe"=
"I:\\programy\\BearShare.exe"=
"I:\\wow\\World of Warcraft\\BackgroundDownloader.exe"=
"H:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=
"H:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"18524:TCP"= 18524:TCP:BitComet 18524 TCP
"18524:UDP"= 18524:UDP:BitComet 18524 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57568:TCP"= 57568:TCP:BitComet 57568 TCP
"57568:UDP"= 57568:UDP:BitComet 57568 UDP
"11851:TCP"= 11851:TCP:BitComet 11851 TCP
"11851:UDP"= 11851:UDP:BitComet 11851 UDP
R3 klim5;Kaspersky Anti-Virus NDIS Filter;H:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 MarkFun_NT;MarkFun_NT;H:\Program Files\Gigabyte\ET5\markfun.w32 [2006-11-21 21:20]
*Newly Created Service* - MARKFUN_NT
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 20:29:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\H:\Program Files\Gigabyte\ET5\markfun.w32"
.
------------------------ Other Running Processes ------------------------
.
H:\WINDOWS\system32\ati2evxx.exe
H:\WINDOWS\system32\ati2evxx.exe
H:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\Program Files\CyberLink\Shared Files\RichVideo.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\Program Files\Gigabyte\ET5\GUI.exe
H:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-28 20:31:12 - machine was rebooted [ťukasz]
ComboFix-quarantined-files.txt 2008-04-28 18:31:09
Pre-Run: 20,889,313,280 bajtów wolnych
Post-Run: 21,766,193,152 bajt˘w wolnych
139 --- E O F --- 2008-04-09 21:42:20
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1532 [GMT 2:00]
Running from: H:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\WINDOWS\system32\kdmek.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-28 19:22 . 2008-04-28 19:22 <DIR> d-------- H:\Program Files\Trend Micro
2008-04-28 19:13 . 2008-04-28 19:13 812,344 --a------ H:\HJTInstall.exe
2008-04-25 08:45 . 2008-01-06 14:44 140,288 --a------ H:\WINDOWS\system32\COMDLG32.OCX
2008-04-22 18:38 . 2008-04-22 18:38 <DIR> d-------- H:\Program Files\Kaspersky Lab
2008-04-22 18:38 . 2008-04-28 20:29 6,599,968 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 18:38 . 2008-04-22 18:45 96,645 --a------ H:\WINDOWS\system32\drivers\klin.dat
2008-04-22 18:38 . 2008-04-28 20:27 92,552 --ahs---- H:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 18:38 . 2008-04-22 18:45 87,941 --a------ H:\WINDOWS\system32\drivers\klick.dat
2008-04-22 18:38 . 2008-04-28 20:29 33,824 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 18:38 . 2008-04-28 20:27 5,192 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 18:36 . 2008-04-22 18:36 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-20 13:51 . 2008-04-20 13:51 276 --a------ H:\WINDOWS\BeatBox.INI
2008-04-20 13:41 . 2008-04-20 16:22 67 --a------ H:\WINDOWS\musicmaker.INI
2008-04-20 13:35 . 2008-04-20 13:35 <DIR> d-------- H:\Program Files\Common Files\MAGIX Shared
2008-04-20 12:34 . 2005-09-15 16:55 458,752 --a------ H:\WINDOWS\system32\mgxoschk.dll
2008-04-20 12:34 . 2005-09-07 18:08 2,446 --a------ H:\WINDOWS\mgxoschk.ini
2008-04-20 12:25 . 1998-10-01 15:22 299,520 --a------ H:\WINDOWS\uninst.exe
2008-04-20 12:25 . 1998-05-20 21:36 254,976 --a------ H:\WINDOWS\system32\xaudio.dll
2008-04-20 12:19 . 2008-04-20 12:21 270 --a------ H:\WINDOWS\Muma50dm.INI
2008-04-20 12:19 . 2008-04-20 12:19 97 --a------ H:\WINDOWS\MAGIX.INI
2008-04-20 12:14 . 2008-04-20 12:14 720,896 --a------ H:\WINDOWS\iun6002.exe
2008-04-10 21:52 . 2008-04-10 21:56 <DIR> d-------- H:\Program Files\DAEMON Tools Lite
2008-04-02 12:38 . 2008-04-18 17:28 4,096 --a------ H:\WINDOWS\system32\crash
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 18:29 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-28 18:24 1,778,287 ----a-w H:\ComboFix.exe
2008-04-22 16:47 --------- d-----w H:\Program Files\lg_fwupdate
2008-04-10 17:53 717,296 ----a-w H:\WINDOWS\system32\drivers\sptd.sys
2008-03-19 21:22 --------- d-----w H:\Program Files\Java
2008-03-19 21:21 --------- d-----w H:\Program Files\Common Files\Java
2008-03-19 15:58 --------- d-----w H:\Program Files\Reference Assemblies
2008-03-19 15:58 --------- d-----w H:\Program Files\MSBuild
2008-03-19 15:53 --------- d-----w H:\Program Files\MSXML 6.0
2008-03-12 07:56 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-03-11 18:40 --------- d-----w H:\Program Files\BearShare Applications
2008-03-08 15:56 --------- d-----w H:\Program Files\Gadu-Gadu
2008-03-07 21:59 --------- d-----w H:\Program Files\Common Files\Blizzard Entertainment
2008-03-04 18:55 22,328 ----a-w H:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-04 02:32 --------- d-----w H:\Program Files\MSXML 4.0
2006-07-30 20:20 959 --sha-r H:\WINDOWS\system32\autorun.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 16:13 394680 --a------ H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="H:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 18:44 68856]
"BitComet"="I:\QUAKE 3\BitComet\BitComet.exe" [2007-12-07 17:03 1913656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="H:\Program Files\Gigabyte\ET5\ETcall.exe" [2006-12-15 15:13 31552]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 H:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 10:45 1826816 H:\WINDOWS\SkyTel.exe]
"ISUSPM Startup"="H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 08:15 221184]
"ISUSScheduler"="H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 08:15 81920]
"TkBellExe"="H:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-03 14:51 180269]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"AVP"="H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32]
winbue32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\WINDOWS\\system32\\PnkBstrA.exe"=
"H:\\WINDOWS\\system32\\PnkBstrB.exe"=
"I:\\Nowy folder\\iw3mp.exe"=
"H:\\Program Files\\Gadu-Gadu\\gg.exe"=
"I:\\QUAKE 3\\QuakeIIIArena 1.32 + OSP\\quake3.exe"=
"I:\\QUAKE 3\\BitComet\\BitComet.exe"=
"I:\\programy\\BearShare.exe"=
"I:\\wow\\World of Warcraft\\BackgroundDownloader.exe"=
"H:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=
"H:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"18524:TCP"= 18524:TCP:BitComet 18524 TCP
"18524:UDP"= 18524:UDP:BitComet 18524 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57568:TCP"= 57568:TCP:BitComet 57568 TCP
"57568:UDP"= 57568:UDP:BitComet 57568 UDP
"11851:TCP"= 11851:TCP:BitComet 11851 TCP
"11851:UDP"= 11851:UDP:BitComet 11851 UDP
R3 klim5;Kaspersky Anti-Virus NDIS Filter;H:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 MarkFun_NT;MarkFun_NT;H:\Program Files\Gigabyte\ET5\markfun.w32 [2006-11-21 21:20]
*Newly Created Service* - MARKFUN_NT
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 20:29:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\H:\Program Files\Gigabyte\ET5\markfun.w32"
.
------------------------ Other Running Processes ------------------------
.
H:\WINDOWS\system32\ati2evxx.exe
H:\WINDOWS\system32\ati2evxx.exe
H:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\Program Files\CyberLink\Shared Files\RichVideo.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\Program Files\Gigabyte\ET5\GUI.exe
H:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-28 20:31:12 - machine was rebooted [ťukasz]
ComboFix-quarantined-files.txt 2008-04-28 18:31:09
Pre-Run: 20,889,313,280 bajtów wolnych
Post-Run: 21,766,193,152 bajt˘w wolnych
139 --- E O F --- 2008-04-09 21:42:20
28 Kwi 2008, 20:42
Zrobić log z SDfix'a?? I czy te logi powyrzej są ok?
a co do combofixa to gdy uruchomiłsię pc ponownie to uruchomiło mi się roche programów:antivir kaspersky, bitcomet, gg i gdy się tylko pojawiły to odrazu je wyłączylem.Nieprzeszkadza to?
a co do combofixa to gdy uruchomiłsię pc ponownie to uruchomiło mi się roche programów:antivir kaspersky, bitcomet, gg i gdy się tylko pojawiły to odrazu je wyłączylem.Nieprzeszkadza to?