mam problem moj komputer ostatnio sie zacina ten problem wystepuje przewaznie jak wchodze na internet mam program antywirusowy ale nic nie znajduje mam przestawiona strone glowna w przegladarce internetowej komputer sie zacina co kilka minut tak na sekunde jest to zauwazalne podczas sluchania muzyki ostatnio jak gram rowniez zaczyna mi sie ciac
Logi - Przeglądarka zacina
Rozpoczęty przez
karo0707
, 28 03 2008 20:45
-
Temat jest zamknięty
9 odpowiedzi w tym temacie
#2
Gość_Wojtex16_*
Gość_Wojtex16_*
Napisano 28 03 2008 - 20:52
Podaj logi HiJackThis, do ściągniecia masz program do tego na: www.hijackthis.de .
#3
karo0707
-
-
- 5 postów
Obserwator
Napisano 28 03 2008 - 20:54
Logfile of HijackThis v1.99.1
Scan saved at 17:44:10, on 2008-03-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\T-Media\MMHotKey.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\System32\ctfmon.exe
C:\windows\System32\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\windows\System32\rundll32.exe
C:\windows\rundll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
E:\Program Files\Opera\Opera.exe
C:\windows\System32\mmc.exe
C:\Documents and Settings\Karol\Pulpit\Nowy folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KE9801] C:\PROGRA~1\T-Media\MMHotKey.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\System32\NeroCheck.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Oftice] C:\windows\System32\msmsgs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Microsoft Oftice] C:\windows\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\windows\rundll32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B63E51D5-E1E0-47A0-B541-6ECC9DCDB339}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winsqs32 - winsqs32.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Scan saved at 17:44:10, on 2008-03-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\T-Media\MMHotKey.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\System32\ctfmon.exe
C:\windows\System32\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\windows\System32\rundll32.exe
C:\windows\rundll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
E:\Program Files\Opera\Opera.exe
C:\windows\System32\mmc.exe
C:\Documents and Settings\Karol\Pulpit\Nowy folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KE9801] C:\PROGRA~1\T-Media\MMHotKey.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\System32\NeroCheck.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Oftice] C:\windows\System32\msmsgs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Microsoft Oftice] C:\windows\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\windows\rundll32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B63E51D5-E1E0-47A0-B541-6ECC9DCDB339}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winsqs32 - winsqs32.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
#4
wncvirus
-
-
- 851 postów
Leń !
Napisano 28 03 2008 - 21:19
Odpal hjt.Wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadraty obok poniższych wpisów i daj fix.
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O20 - Winlogon Notify: winsqs32 - winsqs32.dll (file missing)
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\windows\rundll32.exe
Po wykonaniu tego daj loga z combofixa
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O20 - Winlogon Notify: winsqs32 - winsqs32.dll (file missing)
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\windows\rundll32.exe
Po wykonaniu tego daj loga z combofixa
#5
karo0707
-
-
- 5 postów
Obserwator
Napisano 28 03 2008 - 21:28
zaznaczylem wlaczylem fix i utworzyl sie folder z tymi trzema plikami co nalezy dalej zrobic?
#6
ordynat
-
-
- 804 postów
Zaawansowany użytkownik
Napisano 28 03 2008 - 23:03
Przecież @wncvirus napisał, że masz dać log z ComboFixa.O4 - HKCU\..\Run: [Microsoft Oftice] C:\windows\System32\msmsgs.exe
O4 - HKLM\..\Run: [Microsoft Oftice] C:\windows\System32\msmsgs.exe
Ale ponieważ widzę, że masz jeszcze te Robaki, to zrób przedtem to:
1) Zamknij robaczywe porty przy pomocy --> Windows Worms Doors Cleaner (niżej na stronie linku)..
Ustaw znaczki na zielono, Netbios może być na żółto.
Po użyciu narzędzia wymagany jest restart.
2) Użyj -->SDFix. (niżej na stronie linku).
Pokaż Report.txt znajdujący się w folderze SDFix.
ordynat
#7
karo0707
-
-
- 5 postów
Obserwator
Napisano 29 03 2008 - 00:01
SDFix: Version 1.163
Run by Karol on 2008-03-28 at 22:59
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\DOCUME~1\Karol\Pulpit\NOWYFO~2\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HKCU HomePage
Rebooting
Checking Files :
Trojan Files Found:
C:\lo.exe - Deleted
C:\windows\rundll32.exe - Deleted
C:\windows\system32\msmsgs.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 23:04:28
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7279b571
"s2"=dword:c3620f7d
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:de,09,57,d7,c8,ff,68,27,28,45,5b,e8,62,36,5a,4b,0e,59,56,ff,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:a1,8c,32,67,45,22,1d,b7,6c,b5,3d,22,76,44,82,9c,97,f5,2d,fa,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,88,89,78,fa,69,74,c5,01,c0,63,1c,33,ec,7c,f8,71,4e,..
"khjeh"=hex:db,b8,59,1d,fa,f9,6b,7c,1d,05,61,26,a3,49,4c,ec,d2,2d,98,1c,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:80,b2,42,dd,57,b7,f6,9d,be,27,2b,e8,6f,80,d4,5f,01,02,50,f4,d0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:de,09,57,d7,c8,ff,68,27,28,45,5b,e8,62,36,5a,4b,0e,59,56,ff,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:a1,8c,32,67,45,22,1d,b7,6c,b5,3d,22,76,44,82,9c,97,f5,2d,fa,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,88,89,78,fa,69,74,c5,01,c0,63,1c,33,ec,7c,f8,71,4e,..
"khjeh"=hex:db,b8,59,1d,fa,f9,6b,7c,1d,05,61,26,a3,49,4c,ec,d2,2d,98,1c,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:80,b2,42,dd,57,b7,f6,9d,be,27,2b,e8,6f,80,d4,5f,01,02,50,f4,d0,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
Remaining Files :
File Backups: - C:\DOCUME~1\Karol\Pulpit\NOWYFO~2\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 22 Mar 2008 57,859 ..SH. --- "C:\WINDOWS\system32\a.exe"
Sun 24 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
Run by Karol on 2008-03-28 at 22:59
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\DOCUME~1\Karol\Pulpit\NOWYFO~2\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HKCU HomePage
Rebooting
Checking Files :
Trojan Files Found:
C:\lo.exe - Deleted
C:\windows\rundll32.exe - Deleted
C:\windows\system32\msmsgs.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 23:04:28
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7279b571
"s2"=dword:c3620f7d
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:de,09,57,d7,c8,ff,68,27,28,45,5b,e8,62,36,5a,4b,0e,59,56,ff,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:a1,8c,32,67,45,22,1d,b7,6c,b5,3d,22,76,44,82,9c,97,f5,2d,fa,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,88,89,78,fa,69,74,c5,01,c0,63,1c,33,ec,7c,f8,71,4e,..
"khjeh"=hex:db,b8,59,1d,fa,f9,6b,7c,1d,05,61,26,a3,49,4c,ec,d2,2d,98,1c,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:80,b2,42,dd,57,b7,f6,9d,be,27,2b,e8,6f,80,d4,5f,01,02,50,f4,d0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:de,09,57,d7,c8,ff,68,27,28,45,5b,e8,62,36,5a,4b,0e,59,56,ff,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:a1,8c,32,67,45,22,1d,b7,6c,b5,3d,22,76,44,82,9c,97,f5,2d,fa,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,88,89,78,fa,69,74,c5,01,c0,63,1c,33,ec,7c,f8,71,4e,..
"khjeh"=hex:db,b8,59,1d,fa,f9,6b,7c,1d,05,61,26,a3,49,4c,ec,d2,2d,98,1c,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:80,b2,42,dd,57,b7,f6,9d,be,27,2b,e8,6f,80,d4,5f,01,02,50,f4,d0,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
Remaining Files :
File Backups: - C:\DOCUME~1\Karol\Pulpit\NOWYFO~2\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 22 Mar 2008 57,859 ..SH. --- "C:\WINDOWS\system32\a.exe"
Sun 24 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
#8
ordynat
-
-
- 804 postów
Zaawansowany użytkownik
Napisano 29 03 2008 - 08:40
Ale zaleconego przez @wncvirus loga z -->ComboFix dalej nie widzę.Sat 22 Mar 2008 57,859 ..SH. --- "C:\WINDOWS\system32\a.exe"
SDFix usunął trzy "sztuki", ale został jeszcze co najmniej jeden - ten zaznaczony na czerwono.
Ma atrybuty ochronne: "S" i "H".
ordynat
#9
karo0707
-
-
- 5 postów
Obserwator
Napisano 29 03 2008 - 11:27
ComboFix 08-03-27.3 - Karol 2008-03-29 10:24:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.279 [GMT 1:00]
Running from: C:\Documents and Settings\Karol\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\windows\system32\a.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.
2008-03-28 22:57 . 2008-03-28 22:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-17 16:42 . 2001-01-12 19:47 122,884 --a------ C:\WINDOWS\UnGins.exe
2008-03-13 18:47 . 2008-03-13 18:47 <DIR> d-------- C:\Program Files\Kubus3d
2008-03-11 20:35 . 2008-03-11 20:35 <DIR> d-------- C:\Program Files\Dream Day Wedding
2008-03-11 18:45 . 2008-03-11 18:45 <DIR> d-------- C:\Documents and Settings\Karol\Dane aplikacji\Total Eclipse
2008-03-11 18:43 . 2008-03-16 20:38 <DIR> d-------- C:\Program Files\Fashion Boutique
2008-03-10 19:59 . 2008-03-24 22:43 <DIR> d-------- C:\Program Files\Cradle Of Rome
2008-03-10 15:30 . 2008-03-10 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TERMINAL Studio
2008-03-09 19:46 . 2008-03-24 22:43 <DIR> d-------- C:\Program Files\Sallys Salon
2008-03-09 19:46 . 2008-03-09 19:46 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-03-09 18:55 . 2008-03-09 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Gogii
2008-03-09 16:46 . 2008-03-26 16:27 <DIR> d-------- C:\Program Files\Fashion Craze
2008-03-09 14:34 . 2008-03-26 16:27 <DIR> d-------- C:\Program Files\Wedding Dash
2008-03-09 14:34 . 2008-03-09 14:34 <DIR> d-------- C:\Documents and Settings\Karol\Dane aplikacji\PlayFirst
2008-03-09 14:34 . 2008-03-09 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
2008-03-05 09:30 . 2008-03-05 09:30 268 --ah----- C:\sqmdata19.sqm
2008-03-05 09:30 . 2008-03-05 09:30 244 --ah----- C:\sqmnoopt19.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 09:23 --------- d-----w C:\Program Files\Neostrada TP
2008-03-26 15:24 --------- d-----w C:\Program Files\Różowa Pantera
2008-03-25 18:55 --------- d-----w C:\Program Files\BSplayer Pro
2008-03-19 10:10 --------- d-----w C:\Program Files\T-Media
2002-01-04 17:14 92,064 ----a-w C:\Documents and Settings\Karol\mqdmmdm.sys
2002-01-04 17:14 9,232 ----a-w C:\Documents and Settings\Karol\mqdmmdfl.sys
2002-01-04 17:14 79,328 ----a-w C:\Documents and Settings\Karol\mqdmserd.sys
2002-01-04 17:14 66,656 ----a-w C:\Documents and Settings\Karol\mqdmbus.sys
2002-01-04 17:14 6,208 ----a-w C:\Documents and Settings\Karol\mqdmcmnt.sys
2002-01-04 17:14 5,936 ----a-w C:\Documents and Settings\Karol\mqdmwhnt.sys
2002-01-04 17:14 4,048 ----a-w C:\Documents and Settings\Karol\mqdmcr.sys
2002-01-04 17:14 25,600 ----a-w C:\Documents and Settings\Karol\usbsermptxp.sys
2002-01-04 17:14 22,768 ----a-w C:\Documents and Settings\Karol\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\System32\ctfmon.exe" [2001-10-26 18:29 13312]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 15:07 617984]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-07-21 21:52 278528]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2005-07-21 07:33 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2005-07-21 07:33 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"KE9801"="C:\PROGRA~1\T-Media\MMHotKey.EXE" [2001-11-19 16:27 77824]
"NeroFilterCheck"="C:\windows\System32\NeroCheck.exe" [2001-07-09 10:50 155648]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"NvCplDaemon"="C:\windows\System32\NvCpl.dll" [2005-02-24 16:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 16:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\System32\NvMcTray.dll" [2005-02-24 16:32 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29 13312]
"Microsoft Windows Driver"="C:\windows\rundll32.exe" [ ]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - E:\Program Files\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2001-12-31 20:13:55 565248]
R0 viasraid;viasraid;C:\windows\System32\DRIVERS\viasraid.sys [2003-09-05 03:25]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\windows\System32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\windows\System32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\windows\System32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
S3 siusbmod;siusbmod;C:\windows\System32\DRIVERS\siusbmod.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 10:27:59
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\System32\RUNDLL32.EXE
C:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-03-29 10:29:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 09:29:43
Pre-Run: 3,928,285,184 bajtów wolnych
Post-Run: 3,877,838,848 bajt˘w wolnych
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.279 [GMT 1:00]
Running from: C:\Documents and Settings\Karol\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\windows\system32\a.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.
2008-03-28 22:57 . 2008-03-28 22:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-17 16:42 . 2001-01-12 19:47 122,884 --a------ C:\WINDOWS\UnGins.exe
2008-03-13 18:47 . 2008-03-13 18:47 <DIR> d-------- C:\Program Files\Kubus3d
2008-03-11 20:35 . 2008-03-11 20:35 <DIR> d-------- C:\Program Files\Dream Day Wedding
2008-03-11 18:45 . 2008-03-11 18:45 <DIR> d-------- C:\Documents and Settings\Karol\Dane aplikacji\Total Eclipse
2008-03-11 18:43 . 2008-03-16 20:38 <DIR> d-------- C:\Program Files\Fashion Boutique
2008-03-10 19:59 . 2008-03-24 22:43 <DIR> d-------- C:\Program Files\Cradle Of Rome
2008-03-10 15:30 . 2008-03-10 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TERMINAL Studio
2008-03-09 19:46 . 2008-03-24 22:43 <DIR> d-------- C:\Program Files\Sallys Salon
2008-03-09 19:46 . 2008-03-09 19:46 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-03-09 18:55 . 2008-03-09 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Gogii
2008-03-09 16:46 . 2008-03-26 16:27 <DIR> d-------- C:\Program Files\Fashion Craze
2008-03-09 14:34 . 2008-03-26 16:27 <DIR> d-------- C:\Program Files\Wedding Dash
2008-03-09 14:34 . 2008-03-09 14:34 <DIR> d-------- C:\Documents and Settings\Karol\Dane aplikacji\PlayFirst
2008-03-09 14:34 . 2008-03-09 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
2008-03-05 09:30 . 2008-03-05 09:30 268 --ah----- C:\sqmdata19.sqm
2008-03-05 09:30 . 2008-03-05 09:30 244 --ah----- C:\sqmnoopt19.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 09:23 --------- d-----w C:\Program Files\Neostrada TP
2008-03-26 15:24 --------- d-----w C:\Program Files\Różowa Pantera
2008-03-25 18:55 --------- d-----w C:\Program Files\BSplayer Pro
2008-03-19 10:10 --------- d-----w C:\Program Files\T-Media
2002-01-04 17:14 92,064 ----a-w C:\Documents and Settings\Karol\mqdmmdm.sys
2002-01-04 17:14 9,232 ----a-w C:\Documents and Settings\Karol\mqdmmdfl.sys
2002-01-04 17:14 79,328 ----a-w C:\Documents and Settings\Karol\mqdmserd.sys
2002-01-04 17:14 66,656 ----a-w C:\Documents and Settings\Karol\mqdmbus.sys
2002-01-04 17:14 6,208 ----a-w C:\Documents and Settings\Karol\mqdmcmnt.sys
2002-01-04 17:14 5,936 ----a-w C:\Documents and Settings\Karol\mqdmwhnt.sys
2002-01-04 17:14 4,048 ----a-w C:\Documents and Settings\Karol\mqdmcr.sys
2002-01-04 17:14 25,600 ----a-w C:\Documents and Settings\Karol\usbsermptxp.sys
2002-01-04 17:14 22,768 ----a-w C:\Documents and Settings\Karol\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\System32\ctfmon.exe" [2001-10-26 18:29 13312]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 15:07 617984]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-07-21 21:52 278528]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2005-07-21 07:33 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2005-07-21 07:33 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"KE9801"="C:\PROGRA~1\T-Media\MMHotKey.EXE" [2001-11-19 16:27 77824]
"NeroFilterCheck"="C:\windows\System32\NeroCheck.exe" [2001-07-09 10:50 155648]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"NvCplDaemon"="C:\windows\System32\NvCpl.dll" [2005-02-24 16:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 16:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\windows\System32\NvMcTray.dll" [2005-02-24 16:32 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29 13312]
"Microsoft Windows Driver"="C:\windows\rundll32.exe" [ ]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - E:\Program Files\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2001-12-31 20:13:55 565248]
R0 viasraid;viasraid;C:\windows\System32\DRIVERS\viasraid.sys [2003-09-05 03:25]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\windows\System32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\windows\System32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\windows\System32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
S3 siusbmod;siusbmod;C:\windows\System32\DRIVERS\siusbmod.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 10:27:59
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\System32\RUNDLL32.EXE
C:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-03-29 10:29:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 09:29:43
Pre-Run: 3,928,285,184 bajtów wolnych
Post-Run: 3,877,838,848 bajt˘w wolnych
#10
wncvirus
-
-
- 851 postów
Leń !
Napisano 30 03 2008 - 22:18
FILE:: C:\sqmdata19.sqm C:\sqmnoopt19.sqm
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
