Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wielka prośba o sprawdzenie loga
22 Cze 2008, 13:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:31, on 2008-06-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Rmn plugin - {0DE68A8A-8158-4bde-8F5F-849F00AF31FB} - bsndcom.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [50e091dd] rundll32.exe "C:\WINDOWS\system32\gypobpmf.dll",b
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [BM53d3a241] Rundll32.exe "C:\WINDOWS\system32\aeeaoxsw.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=21871
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service (pavfires) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (pavsrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6840 bytes
Scan saved at 12:56:31, on 2008-06-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Rmn plugin - {0DE68A8A-8158-4bde-8F5F-849F00AF31FB} - bsndcom.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [50e091dd] rundll32.exe "C:\WINDOWS\system32\gypobpmf.dll",b
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [BM53d3a241] Rundll32.exe "C:\WINDOWS\system32\aeeaoxsw.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=21871
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service (pavfires) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (pavsrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6840 bytes
22 Cze 2008, 13:21
fix w hijackthis
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
O2 - BHO: Rmn plugin - {0DE68A8A-8158-4bde-8F5F-849F00AF31FB} - bsndcom.dll (file missing)
O4 - HKLM\..\Run: [50e091dd] rundll32.exe "C:\WINDOWS\system32\gypobpmf.dll",b
O4 - HKLM\..\Run: [BM53d3a241] Rundll32.exe "C:\WINDOWS\system32\aeeaoxsw.dll",s
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
- Kod:
File::
C:\WINDOWS\system32\aeeaoxsw.dll
C:\WINDOWS\system32\gypobpmf.dll
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
22 Cze 2008, 13:28
ComboFix 08-06-20.4 - łukasz 2008-06-22 13:23:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1548 [GMT 2:00]
Running from: C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\aeeaoxsw.dll
C:\WINDOWS\system32\gypobpmf.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM53d3a241.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aeeaoxsw.dll
C:\WINDOWS\system32\gypobpmf.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2008-06-22 12:57 . 2008-06-22 12:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-22 12:57 . 2008-06-22 12:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 12:57 . 2008-06-22 12:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Lavasoft
2008-06-22 11:56 . <DIR> C:\Documents and Settings\-ukasz.DOM-700DAC43DC5
2008-06-22 11:56 . <DIR> C:\Documents and Settings\-ukasz
2008-06-22 11:54 . 2008-06-22 13:04 474 ---hs---- C:\WINDOWS\system32\fmpbopyg.ini
2008-06-22 11:52 . 2008-06-22 11:52 9,036 --a------ C:\Documents and Settings\catchme.zip
2008-06-22 11:16 . 2003-09-04 18:05 55,888 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-22 11:16 . 2003-09-04 18:05 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-22 11:16 . 2003-09-04 18:05 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-22 11:15 . 2008-06-22 11:15 <DIR> d-------- C:\Program Files\Panda Software
2008-06-22 11:15 . 2003-10-03 16:17 60,160 --a------ C:\WINDOWS\system32\drivers\Pavdrv51.sys
2008-06-22 11:15 . 1997-09-18 06:12 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2008-06-22 11:04 . 2008-06-22 11:04 <DIR> d-------- C:\Program Files\LizardTech
2008-06-21 16:14 . 2008-06-22 13:24 62,384 --a------ C:\WINDOWS\system32\pqasghjd.sys
2008-06-21 16:14 . 2001-08-17 21:47 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-21 16:13 . 2008-06-21 16:13 45,056 --a------ C:\WINDOWS\system32\bsndcom.dll
2008-06-21 16:07 . 2008-06-21 16:17 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-06-11 15:56 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:56 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 18:44 . 2008-06-06 18:44 <DIR> d-------- C:\Program Files\Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 10:52 --------- d-----w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Dane aplikacji\Lavasoft
2008-06-13 16:21 --------- d-----w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Dane aplikacji\Image Zone Express
2008-05-21 17:58 --------- d-----w C:\Program Files\Google
2008-05-21 14:31 --------- d-----w C:\Program Files\Java
2008-05-21 14:29 --------- d-----w C:\Program Files\Common Files\Java
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 20:44 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3725.sys
2008-05-05 20:43 16,384 ----a-w C:\WINDOWS\TSREBOOT.EXE
2008-05-05 20:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-05-02 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 18:02 --------- d-----w C:\Program Files\Winamp
2008-05-01 18:01 --------- d-----w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Dane aplikacji\Winamp
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-12 04:53 7,780 ----a-w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\FMCodec.dat
2008-04-12 04:53 7,780 ----a-w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\FMCodec.dat
2008-04-12 04:53 4 ----a-w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\WFSCHDL.dat
2008-04-12 04:53 4 ----a-w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\WFSCHDL.dat
2008-04-06 15:47 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_11.56.09.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 09:53:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 11:04:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 00:05 8429568]
"nwiz"="nwiz.exe" [2007-04-20 00:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 00:05 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 10:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 10:30 81920]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 19:16 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" [2003-06-18 13:00 20480]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" [2004-04-29 15:59 299008]
"BM53d3a241"="C:\WINDOWS\system32\aeeaoxsw.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\ukasz\Menu Start\Programy\Autostart\
GIGABYTE VGA Utility.lnk - C:\Documents and Settings\ukasz\Dane aplikacji\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2007-12-27 18:40:56 40960]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-03-28 11:20 1079296 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-02-12 17:22 397312 C:\Program Files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\GIGABYTE\\ETC\\ETC.exe"=
R2 pavfires;Panda Firewall Service;C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [2004-04-05 13:08]
R3 comfiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys []
*Newly Created Service* - catchme
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 13:24:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-22 13:25:01
ComboFix-quarantined-files.txt 2008-06-22 11:24:57
ComboFix2.txt 2008-06-22 09:56:22
Pre-Run: 23,416,541,184 bajtów wolnych
Post-Run: 23,418,654,720 bajtów wolnych
156 --- E O F --- 2008-06-20 05:15:27
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1548 [GMT 2:00]
Running from: C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\aeeaoxsw.dll
C:\WINDOWS\system32\gypobpmf.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM53d3a241.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aeeaoxsw.dll
C:\WINDOWS\system32\gypobpmf.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2008-06-22 12:57 . 2008-06-22 12:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-22 12:57 . 2008-06-22 12:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 12:57 . 2008-06-22 12:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Lavasoft
2008-06-22 11:56 . <DIR> C:\Documents and Settings\-ukasz.DOM-700DAC43DC5
2008-06-22 11:56 . <DIR> C:\Documents and Settings\-ukasz
2008-06-22 11:54 . 2008-06-22 13:04 474 ---hs---- C:\WINDOWS\system32\fmpbopyg.ini
2008-06-22 11:52 . 2008-06-22 11:52 9,036 --a------ C:\Documents and Settings\catchme.zip
2008-06-22 11:16 . 2003-09-04 18:05 55,888 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-22 11:16 . 2003-09-04 18:05 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-22 11:16 . 2003-09-04 18:05 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-22 11:15 . 2008-06-22 11:15 <DIR> d-------- C:\Program Files\Panda Software
2008-06-22 11:15 . 2003-10-03 16:17 60,160 --a------ C:\WINDOWS\system32\drivers\Pavdrv51.sys
2008-06-22 11:15 . 1997-09-18 06:12 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2008-06-22 11:04 . 2008-06-22 11:04 <DIR> d-------- C:\Program Files\LizardTech
2008-06-21 16:14 . 2008-06-22 13:24 62,384 --a------ C:\WINDOWS\system32\pqasghjd.sys
2008-06-21 16:14 . 2001-08-17 21:47 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-21 16:13 . 2008-06-21 16:13 45,056 --a------ C:\WINDOWS\system32\bsndcom.dll
2008-06-21 16:07 . 2008-06-21 16:17 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-06-11 15:56 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:56 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 18:44 . 2008-06-06 18:44 <DIR> d-------- C:\Program Files\Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 10:52 --------- d-----w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Dane aplikacji\Lavasoft
2008-06-13 16:21 --------- d-----w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Dane aplikacji\Image Zone Express
2008-05-21 17:58 --------- d-----w C:\Program Files\Google
2008-05-21 14:31 --------- d-----w C:\Program Files\Java
2008-05-21 14:29 --------- d-----w C:\Program Files\Common Files\Java
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 20:44 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3725.sys
2008-05-05 20:43 16,384 ----a-w C:\WINDOWS\TSREBOOT.EXE
2008-05-05 20:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-05-02 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 18:02 --------- d-----w C:\Program Files\Winamp
2008-05-01 18:01 --------- d-----w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\Dane aplikacji\Winamp
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-12 04:53 7,780 ----a-w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\FMCodec.dat
2008-04-12 04:53 7,780 ----a-w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\FMCodec.dat
2008-04-12 04:53 4 ----a-w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\WFSCHDL.dat
2008-04-12 04:53 4 ----a-w C:\Documents and Settings\łukasz.DOM-700DAC43DC5\WFSCHDL.dat
2008-04-06 15:47 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_11.56.09.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 09:53:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 11:04:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 00:05 8429568]
"nwiz"="nwiz.exe" [2007-04-20 00:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 00:05 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 10:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 10:30 81920]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 19:16 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" [2003-06-18 13:00 20480]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" [2004-04-29 15:59 299008]
"BM53d3a241"="C:\WINDOWS\system32\aeeaoxsw.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\ukasz\Menu Start\Programy\Autostart\
GIGABYTE VGA Utility.lnk - C:\Documents and Settings\ukasz\Dane aplikacji\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2007-12-27 18:40:56 40960]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-03-28 11:20 1079296 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-02-12 17:22 397312 C:\Program Files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\GIGABYTE\\ETC\\ETC.exe"=
R2 pavfires;Panda Firewall Service;C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [2004-04-05 13:08]
R3 comfiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys []
*Newly Created Service* - catchme
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 13:24:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-22 13:25:01
ComboFix-quarantined-files.txt 2008-06-22 11:24:57
ComboFix2.txt 2008-06-22 09:56:22
Pre-Run: 23,416,541,184 bajtów wolnych
Post-Run: 23,418,654,720 bajtów wolnych
156 --- E O F --- 2008-06-20 05:15:27
22 Cze 2008, 13:31
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Logi dajesz na http://www.wklej.org a w poście dajesz tylko link
Wklej do notatnika:
- Kod:
File::
C:\WINDOWS\system32\fmpbopyg.ini
C:\WINDOWS\system32\aeeaoxsw.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM53d3a241"=-
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Logi dajesz na http://www.wklej.org a w poście dajesz tylko link
22 Cze 2008, 13:38
http://www.wklej.org/id/fc7646ad99
Wywala błąd services.exe i komputer się wyłącza w ciągu 1min
Zdjęcie błędu http://www.voila.pl/183/55r32/?1
Wywala błąd services.exe i komputer się wyłącza w ciągu 1min
Zdjęcie błędu http://www.voila.pl/183/55r32/?1