Jestem Tu nowy jak nie tutaj powinnien byc temat to prosze o przeniesienie.
Komp jest zamulony,na pasku zadań są jakies reklamy których nie można usunąć.
Prosze o pomoc.
Logfile of HijackThis v1.99.1
Scan saved at 17:08:49, on 2008-03-21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\BtUsrBdg.exe
C:\WINDOWS\System32\BTSetBootKey.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start-homepage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\WINANO~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Grzesiek\Dane aplikacji\Deskbar_{019C0AE1-5059-4a40-998F-903665EC4443}\starter.exe
O4 - HKLM\..\Run: [500d1fe6] rundll32.exe "C:\WINDOWS\System32\bwanarbg.dll",b
O4 - HKLM\..\Run: [BM533e2c7a] Rundll32.exe "C:\WINDOWS\System32\kkbhttcc.dll",s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Arcor Wlan-Monitor 1.0.lnk = C:\Program Files\Arcor\Arcor Wlan-Monitor 1.0\ArcorWlanUtility.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {D87F081C-A463-04D5-DC3B-9BFE34EA3261} - http://sec.storageguardsoft.com/oczyszczac...nstaller_pl.cab
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://advancedcleaner.com/.cleaner/cab/installadcleaner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB657445-BD46-42AA-900A-1B9BCDB26E53}: NameServer = 85.255.113.148,85.255.112.185
O23 - Service: Usługa konfiguracji Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.8.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
Logi - Wyskakujące rekalmy
Rozpoczęty przez
Grzegorz1975
, 21 03 2008 17:59
-
Temat jest zamknięty
5 odpowiedzi w tym temacie
#2
wncvirus
-
-
- 851 postów
Leń !
Napisano 21 03 2008 - 22:58
Odpal hjt .Wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadraty obok poniższych wpisów i daj fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Grzesiek\Dane aplikacji\Deskbar_{019C0AE1-5059-4a40-998F-903665EC4443}\starter.exe
O4 - HKLM\..\Run: [500d1fe6] rundll32.exe "C:\WINDOWS\System32\bwanarbg.dll",b
O4 - HKLM\..\Run: [BM533e2c7a] Rundll32.exe "C:\WINDOWS\System32\kkbhttcc.dll",s
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB657445-BD46-42AA-900A-1B9BCDB26E53}: NameServer = 85.255.113.148,85.255.112.185
FixWareout
Po jego użyciu może zajść potrzeba ustawiania od nowa DNS Twojego dostawcy internetowego.
-->Jak przywrócić prawidłowe DNS
Po wykonaniu tego pokaż loga z combofixa.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Grzesiek\Dane aplikacji\Deskbar_{019C0AE1-5059-4a40-998F-903665EC4443}\starter.exe
O4 - HKLM\..\Run: [500d1fe6] rundll32.exe "C:\WINDOWS\System32\bwanarbg.dll",b
O4 - HKLM\..\Run: [BM533e2c7a] Rundll32.exe "C:\WINDOWS\System32\kkbhttcc.dll",s
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB657445-BD46-42AA-900A-1B9BCDB26E53}: NameServer = 85.255.113.148,85.255.112.185
FixWareout
Po jego użyciu może zajść potrzeba ustawiania od nowa DNS Twojego dostawcy internetowego.
-->Jak przywrócić prawidłowe DNS
Po wykonaniu tego pokaż loga z combofixa.
#3
Grzegorz1975
-
-
- 3 postów
Nowy
Napisano 23 03 2008 - 15:49
Jeszcze na pasku zadań są trzy ikony i pisze na nich "Todays Funnies","Fun Flash","Funny Videos",jak to wykasowac???
Niżej log z Combofix-a.
ComboFix 08-03-22.3 - Grzesiek 2008-03-23 14:46:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.133 [GMT 1:00]
Running from: C:\Documents and Settings\Grzesiek\Pulpit\pobrane pliki\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\WINDOWS\BM533e2c7a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afiiydhl.ini
C:\WINDOWS\system32\bbhyyjiw.ini
C:\WINDOWS\system32\bilmrewp.ini
C:\WINDOWS\system32\cdmqpjnv.ini
C:\WINDOWS\system32\cgvyhpoi.ini
C:\WINDOWS\system32\cjqednpc.ini
C:\WINDOWS\system32\cpboevss.dll
C:\WINDOWS\system32\elryttcw.ini
C:\WINDOWS\system32\eulytbcf.ini
C:\WINDOWS\system32\fclvfubv.ini
C:\WINDOWS\system32\fvomgtgl.ini
C:\WINDOWS\system32\gbranawb.ini
C:\WINDOWS\system32\gigswqab.ini
C:\WINDOWS\system32\givgqvlx.ini
C:\WINDOWS\system32\gjgtknkw.ini
C:\WINDOWS\system32\gloxbpjy.ini
C:\WINDOWS\system32\gndxmkyl.ini
C:\WINDOWS\system32\gtsinrtx.ini
C:\WINDOWS\system32\hfjcjnxv.dll
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hopbvtbk.ini
C:\WINDOWS\system32\icqlyhdy.ini
C:\WINDOWS\system32\ilcvgbvn.dll
C:\WINDOWS\system32\iqydrqll.ini
C:\WINDOWS\system32\jcyrlgua.ini
C:\WINDOWS\system32\jdvuelbl.dll
C:\WINDOWS\system32\jolancpy.ini
C:\WINDOWS\system32\jsqujltg.ini
C:\WINDOWS\system32\kbnattbv.dll
C:\WINDOWS\system32\kfleesmc.ini
C:\WINDOWS\system32\kkbhttcc.dll
C:\WINDOWS\system32\kprxkfmh.ini
C:\WINDOWS\system32\kshlwsgm.ini
C:\WINDOWS\system32\ktqqirwx.ini
C:\WINDOWS\system32\kyyotiip.ini
C:\WINDOWS\system32\lbjpsihr.ini
C:\WINDOWS\system32\lflwywic.ini
C:\WINDOWS\system32\lrsjhdxd.dll
C:\WINDOWS\system32\manyqnhp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mecalwfk.dll
C:\WINDOWS\system32\meolrlhh.ini
C:\WINDOWS\system32\mliqhbuw.ini
C:\WINDOWS\system32\mydvxrvq.ini
C:\WINDOWS\system32\naunerjd.ini
C:\WINDOWS\system32\nfugjowq.ini
C:\WINDOWS\system32\nrsayych.ini
C:\WINDOWS\system32\odrxtpix.ini
C:\WINDOWS\system32\oxpkrfln.ini
C:\WINDOWS\system32\plwvehxw.ini
C:\WINDOWS\system32\ppisupqy.ini
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\prwxkctp.ini
C:\WINDOWS\system32\qmshglcm.ini
C:\WINDOWS\system32\qogynrky.ini
C:\WINDOWS\system32\roygubds.ini
C:\WINDOWS\system32\rpdcrnjy.ini
C:\WINDOWS\system32\rrnqjtbo.dll
C:\WINDOWS\system32\shqgacgs.ini
C:\WINDOWS\system32\skkejpvd.ini
C:\WINDOWS\system32\soqpvdte.ini
C:\WINDOWS\system32\ssinuott.ini
C:\WINDOWS\system32\tjbgukdb.ini
C:\WINDOWS\system32\tshwpbcu.ini
C:\WINDOWS\system32\tutqmhgt.ini
C:\WINDOWS\system32\tvaidlrf.ini
C:\WINDOWS\system32\uorlicji.ini
C:\WINDOWS\system32\vbufvlcf.dll
C:\WINDOWS\system32\vmvegrxw.ini
C:\WINDOWS\system32\vnhknire.ini
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\weodhvfc.dll
C:\WINDOWS\system32\wkjenqco.ini
C:\WINDOWS\system32\wwxhryqc.ini
C:\WINDOWS\system32\xekagler.dll
C:\WINDOWS\system32\xohefojk.ini
C:\WINDOWS\system32\ybtoohia.ini
C:\WINDOWS\system32\ynbegfbe.ini
C:\WINDOWS\system32\ynkcpfhq.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DHLP
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 14:25 . 2008-03-23 14:30 <DIR> d-------- C:\fixwareout
2008-03-21 16:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-21 16:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-21 16:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-21 16:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-21 16:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-21 16:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-21 16:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-21 16:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-18 11:53 . 2008-03-18 11:53 241 --a------ C:\Pulpit.reg
2008-03-17 21:12 . 2008-03-17 21:12 <DIR> d-------- C:\Program Files\dbar
2008-03-17 21:12 . 2008-03-17 21:12 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\Deskbar_{019C0AE1-5059-4a40-998F-903665EC4443}
2008-03-17 13:24 . 2008-03-17 21:30 <DIR> d-------- C:\Program Files\winvi
2008-03-17 13:06 . 2008-03-19 16:14 1,319,042 ---hs---- C:\WINDOWS\system32\htysnurr.ini
2008-03-15 22:12 . 2008-03-17 13:03 1,367,043 ---hs---- C:\WINDOWS\system32\uordjfqe.ini
2008-03-14 22:05 . 2008-03-14 22:06 1,416,188 ---hs---- C:\WINDOWS\system32\ydxbmnky.ini
2008-03-14 11:57 . 2008-03-14 22:05 1,416,128 ---hs---- C:\WINDOWS\system32\yhbquuhj.ini
2008-03-05 00:32 . 2008-03-05 00:32 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\ArcaBit
2008-03-04 23:54 . 2008-03-04 23:54 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\WinAnonymous
2008-03-04 23:51 . 2008-03-07 14:07 205,576 --a------ C:\Documents and Settings\Grzesiek\Dane aplikacji\installer_en[1].exe
2008-03-04 22:43 . 2008-03-04 22:43 20 --ahs---- C:\ntuser.ini
2008-03-04 19:10 . 2008-03-04 22:59 1,673,582 ---hs---- C:\WINDOWS\system32\pxlcwgll.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 13:55 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\Skype
2008-03-22 20:55 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\skypePM
2008-03-18 10:08 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-03-13 12:01 --------- d-----w C:\Program Files\eMule
2008-03-10 23:01 --------- d-----w C:\Program Files\SubEdit-Player
2008-03-10 23:01 --------- d-----w C:\Program Files\Atheros
2008-03-04 23:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WinAnonymous
2008-03-04 21:46 --------- d-----w C:\Program Files\Tlen.pl
2008-03-04 20:50 --------- d-----w C:\Program Files\Online Add-on
2008-03-04 20:26 --------- d-----w C:\Program Files\Common Files\aolback
2008-03-04 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 17:11 --------- d-----w C:\Program Files\Cossacks
2008-03-02 09:07 --------- d-----w C:\Program Files\Winamp
2008-01-27 21:29 --------- d-----w C:\Program Files\AdvancedCleaner Free
2008-01-27 20:42 --------- d-----w C:\Program Files\GamaGama Games
2008-01-27 19:03 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-27 08:19 --------- d-----w C:\Program Files\VAG-COM
2008-01-26 02:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-26 02:14 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\winpcdoctor
2008-01-26 01:54 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\WinSecureAv
2008-01-25 09:24 --------- d-----w C:\Program Files\Arcor
2008-01-08 12:44 319 ----a-w C:\drmHeader.bin
2008-01-07 22:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 18:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-03-16 06:28 1,473,845,248 -c--a-w C:\Program Files\MSAutoRoute2007Ger.iso
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2007-01-12 19:31 5 --sha-w C:\WINDOWS\system32\badcdbbd0_s.dll
.
------- Sigcheck -------
2002-09-20 18:18 1959808 11b75fa69bf484d59f5a335a4287fa9b C:\WINDOWS\system32\ntkrnlpa.exe
2002-09-20 18:18 1949184 79d262478c985e736deb38ce2224fc75 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2002-09-20 17:12 2054144 a09d37ac95b588201ce48f41736c1319 C:\WINDOWS\system32\ntoskrnl.exe
2002-09-20 17:12 2043520 ae94ae0da6ed874ce08912fc63f8c6c2 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2002-09-20 18:05 1395712 cfb27a430c7628916c25fdf576b64649 C:\WINDOWS\explorer.exe
2002-09-20 18:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
C:\Program Files\Online Add-on\isfmdl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
2007-11-14 14:36 1486848 --a------ C:\Program Files\dbar\Deskbar.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"= C:\Program Files\Online Add-on\ictmdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="C:\Program Files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 09:52 45056]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-12-07 11:16 6254592]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 09:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43 688218]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 53248 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 36864 C:\WINDOWS\system32\BTSetBootKey.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstts]
rqrstts.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a--c--- 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\NEOSTR~1\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)
R2 athsgt;athsgt;C:\WINDOWS\System32\DRIVERS\athsgt.sys [2007-01-09 13:44]
R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\AWISp50.sys [2006-03-15 09:35]
R2 limsgt;limsgt;C:\WINDOWS\System32\DRIVERS\limsgt.sys [2007-01-09 13:44]
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\System32\drivers\osanbm.sys [2005-01-14 15:57]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys [2003-03-18 10:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2004-12-15 14:18]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.8.1;C:\WINDOWS\System32\drivers\libusb0.sys [2004-11-18 19:47]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\System32\drivers\vadmulti.sys [2005-06-30 11:57]
S3 avmeject;AVM Eject;C:\WINDOWS\System32\drivers\avmeject.sys [2006-12-28 01:02]
S3 BTCOMM;BTCOMM;C:\WINDOWS\System32\drivers\Btcomm.sys [2004-09-28 15:18]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\System32\Drivers\csrbc01.sys [2005-06-28 18:46]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\System32\DRIVERS\fwlanusb.sys [2006-12-28 01:02]
S3 G3GCUMDM;G3G C USB Modem;C:\WINDOWS\System32\DRIVERS\g3gcumdm.sys [2004-07-06 15:24]
S3 G3GCUSER;G3G C USB Serial;C:\WINDOWS\System32\DRIVERS\g3gcuser.sys [2004-07-06 15:24]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 00:48]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 00:32]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 14:54:43
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Tlen.pl\hook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-03-23 14:57:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 13:57:39
Niżej log z Combofix-a.
ComboFix 08-03-22.3 - Grzesiek 2008-03-23 14:46:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.133 [GMT 1:00]
Running from: C:\Documents and Settings\Grzesiek\Pulpit\pobrane pliki\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\WINDOWS\BM533e2c7a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afiiydhl.ini
C:\WINDOWS\system32\bbhyyjiw.ini
C:\WINDOWS\system32\bilmrewp.ini
C:\WINDOWS\system32\cdmqpjnv.ini
C:\WINDOWS\system32\cgvyhpoi.ini
C:\WINDOWS\system32\cjqednpc.ini
C:\WINDOWS\system32\cpboevss.dll
C:\WINDOWS\system32\elryttcw.ini
C:\WINDOWS\system32\eulytbcf.ini
C:\WINDOWS\system32\fclvfubv.ini
C:\WINDOWS\system32\fvomgtgl.ini
C:\WINDOWS\system32\gbranawb.ini
C:\WINDOWS\system32\gigswqab.ini
C:\WINDOWS\system32\givgqvlx.ini
C:\WINDOWS\system32\gjgtknkw.ini
C:\WINDOWS\system32\gloxbpjy.ini
C:\WINDOWS\system32\gndxmkyl.ini
C:\WINDOWS\system32\gtsinrtx.ini
C:\WINDOWS\system32\hfjcjnxv.dll
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hopbvtbk.ini
C:\WINDOWS\system32\icqlyhdy.ini
C:\WINDOWS\system32\ilcvgbvn.dll
C:\WINDOWS\system32\iqydrqll.ini
C:\WINDOWS\system32\jcyrlgua.ini
C:\WINDOWS\system32\jdvuelbl.dll
C:\WINDOWS\system32\jolancpy.ini
C:\WINDOWS\system32\jsqujltg.ini
C:\WINDOWS\system32\kbnattbv.dll
C:\WINDOWS\system32\kfleesmc.ini
C:\WINDOWS\system32\kkbhttcc.dll
C:\WINDOWS\system32\kprxkfmh.ini
C:\WINDOWS\system32\kshlwsgm.ini
C:\WINDOWS\system32\ktqqirwx.ini
C:\WINDOWS\system32\kyyotiip.ini
C:\WINDOWS\system32\lbjpsihr.ini
C:\WINDOWS\system32\lflwywic.ini
C:\WINDOWS\system32\lrsjhdxd.dll
C:\WINDOWS\system32\manyqnhp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mecalwfk.dll
C:\WINDOWS\system32\meolrlhh.ini
C:\WINDOWS\system32\mliqhbuw.ini
C:\WINDOWS\system32\mydvxrvq.ini
C:\WINDOWS\system32\naunerjd.ini
C:\WINDOWS\system32\nfugjowq.ini
C:\WINDOWS\system32\nrsayych.ini
C:\WINDOWS\system32\odrxtpix.ini
C:\WINDOWS\system32\oxpkrfln.ini
C:\WINDOWS\system32\plwvehxw.ini
C:\WINDOWS\system32\ppisupqy.ini
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\prwxkctp.ini
C:\WINDOWS\system32\qmshglcm.ini
C:\WINDOWS\system32\qogynrky.ini
C:\WINDOWS\system32\roygubds.ini
C:\WINDOWS\system32\rpdcrnjy.ini
C:\WINDOWS\system32\rrnqjtbo.dll
C:\WINDOWS\system32\shqgacgs.ini
C:\WINDOWS\system32\skkejpvd.ini
C:\WINDOWS\system32\soqpvdte.ini
C:\WINDOWS\system32\ssinuott.ini
C:\WINDOWS\system32\tjbgukdb.ini
C:\WINDOWS\system32\tshwpbcu.ini
C:\WINDOWS\system32\tutqmhgt.ini
C:\WINDOWS\system32\tvaidlrf.ini
C:\WINDOWS\system32\uorlicji.ini
C:\WINDOWS\system32\vbufvlcf.dll
C:\WINDOWS\system32\vmvegrxw.ini
C:\WINDOWS\system32\vnhknire.ini
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\weodhvfc.dll
C:\WINDOWS\system32\wkjenqco.ini
C:\WINDOWS\system32\wwxhryqc.ini
C:\WINDOWS\system32\xekagler.dll
C:\WINDOWS\system32\xohefojk.ini
C:\WINDOWS\system32\ybtoohia.ini
C:\WINDOWS\system32\ynbegfbe.ini
C:\WINDOWS\system32\ynkcpfhq.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DHLP
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 14:25 . 2008-03-23 14:30 <DIR> d-------- C:\fixwareout
2008-03-21 16:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-21 16:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-21 16:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-21 16:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-21 16:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-21 16:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-21 16:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-21 16:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-18 11:53 . 2008-03-18 11:53 241 --a------ C:\Pulpit.reg
2008-03-17 21:12 . 2008-03-17 21:12 <DIR> d-------- C:\Program Files\dbar
2008-03-17 21:12 . 2008-03-17 21:12 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\Deskbar_{019C0AE1-5059-4a40-998F-903665EC4443}
2008-03-17 13:24 . 2008-03-17 21:30 <DIR> d-------- C:\Program Files\winvi
2008-03-17 13:06 . 2008-03-19 16:14 1,319,042 ---hs---- C:\WINDOWS\system32\htysnurr.ini
2008-03-15 22:12 . 2008-03-17 13:03 1,367,043 ---hs---- C:\WINDOWS\system32\uordjfqe.ini
2008-03-14 22:05 . 2008-03-14 22:06 1,416,188 ---hs---- C:\WINDOWS\system32\ydxbmnky.ini
2008-03-14 11:57 . 2008-03-14 22:05 1,416,128 ---hs---- C:\WINDOWS\system32\yhbquuhj.ini
2008-03-05 00:32 . 2008-03-05 00:32 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\ArcaBit
2008-03-04 23:54 . 2008-03-04 23:54 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\WinAnonymous
2008-03-04 23:51 . 2008-03-07 14:07 205,576 --a------ C:\Documents and Settings\Grzesiek\Dane aplikacji\installer_en[1].exe
2008-03-04 22:43 . 2008-03-04 22:43 20 --ahs---- C:\ntuser.ini
2008-03-04 19:10 . 2008-03-04 22:59 1,673,582 ---hs---- C:\WINDOWS\system32\pxlcwgll.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 13:55 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\Skype
2008-03-22 20:55 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\skypePM
2008-03-18 10:08 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-03-13 12:01 --------- d-----w C:\Program Files\eMule
2008-03-10 23:01 --------- d-----w C:\Program Files\SubEdit-Player
2008-03-10 23:01 --------- d-----w C:\Program Files\Atheros
2008-03-04 23:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WinAnonymous
2008-03-04 21:46 --------- d-----w C:\Program Files\Tlen.pl
2008-03-04 20:50 --------- d-----w C:\Program Files\Online Add-on
2008-03-04 20:26 --------- d-----w C:\Program Files\Common Files\aolback
2008-03-04 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 17:11 --------- d-----w C:\Program Files\Cossacks
2008-03-02 09:07 --------- d-----w C:\Program Files\Winamp
2008-01-27 21:29 --------- d-----w C:\Program Files\AdvancedCleaner Free
2008-01-27 20:42 --------- d-----w C:\Program Files\GamaGama Games
2008-01-27 19:03 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-27 08:19 --------- d-----w C:\Program Files\VAG-COM
2008-01-26 02:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-26 02:14 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\winpcdoctor
2008-01-26 01:54 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\WinSecureAv
2008-01-25 09:24 --------- d-----w C:\Program Files\Arcor
2008-01-08 12:44 319 ----a-w C:\drmHeader.bin
2008-01-07 22:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 18:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-03-16 06:28 1,473,845,248 -c--a-w C:\Program Files\MSAutoRoute2007Ger.iso
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2007-01-12 19:31 5 --sha-w C:\WINDOWS\system32\badcdbbd0_s.dll
.
------- Sigcheck -------
2002-09-20 18:18 1959808 11b75fa69bf484d59f5a335a4287fa9b C:\WINDOWS\system32\ntkrnlpa.exe
2002-09-20 18:18 1949184 79d262478c985e736deb38ce2224fc75 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2002-09-20 17:12 2054144 a09d37ac95b588201ce48f41736c1319 C:\WINDOWS\system32\ntoskrnl.exe
2002-09-20 17:12 2043520 ae94ae0da6ed874ce08912fc63f8c6c2 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2002-09-20 18:05 1395712 cfb27a430c7628916c25fdf576b64649 C:\WINDOWS\explorer.exe
2002-09-20 18:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
C:\Program Files\Online Add-on\isfmdl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
2007-11-14 14:36 1486848 --a------ C:\Program Files\dbar\Deskbar.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"= C:\Program Files\Online Add-on\ictmdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="C:\Program Files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 09:52 45056]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-12-07 11:16 6254592]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 09:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43 688218]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 53248 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 36864 C:\WINDOWS\system32\BTSetBootKey.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstts]
rqrstts.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a--c--- 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\NEOSTR~1\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)
R2 athsgt;athsgt;C:\WINDOWS\System32\DRIVERS\athsgt.sys [2007-01-09 13:44]
R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\AWISp50.sys [2006-03-15 09:35]
R2 limsgt;limsgt;C:\WINDOWS\System32\DRIVERS\limsgt.sys [2007-01-09 13:44]
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\System32\drivers\osanbm.sys [2005-01-14 15:57]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys [2003-03-18 10:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2004-12-15 14:18]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.8.1;C:\WINDOWS\System32\drivers\libusb0.sys [2004-11-18 19:47]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\System32\drivers\vadmulti.sys [2005-06-30 11:57]
S3 avmeject;AVM Eject;C:\WINDOWS\System32\drivers\avmeject.sys [2006-12-28 01:02]
S3 BTCOMM;BTCOMM;C:\WINDOWS\System32\drivers\Btcomm.sys [2004-09-28 15:18]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\System32\Drivers\csrbc01.sys [2005-06-28 18:46]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\System32\DRIVERS\fwlanusb.sys [2006-12-28 01:02]
S3 G3GCUMDM;G3G C USB Modem;C:\WINDOWS\System32\DRIVERS\g3gcumdm.sys [2004-07-06 15:24]
S3 G3GCUSER;G3G C USB Serial;C:\WINDOWS\System32\DRIVERS\g3gcuser.sys [2004-07-06 15:24]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 00:48]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 00:32]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 14:54:43
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Tlen.pl\hook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-03-23 14:57:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 13:57:39
#4
wncvirus
-
-
- 851 postów
Leń !
Napisano 23 03 2008 - 22:04
Wklej do Notatnika:
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
Znasz może poniższy plik?
C:\ntuser.ini
Tu
File::
C:\Documents and Settings\Grzesiek\Dane aplikacji\installer_en[1].exe
C:\WINDOWS\system32\htysnurr.ini
C:\WINDOWS\system32\uordjfqe.ini
C:\WINDOWS\system32\ydxbmnky.ini
C:\WINDOWS\system32\yhbquuhj.ini
C:\WINDOWS\system32\pxlcwgll.ini
Folder::
C:\Documents and Settings\Grzesiek\Dane aplikacji\WinAnonymous
C:\Program Files\dbar
C:\Documents and Settings\Grzesiek\Dane aplikacji\Deskbar_{019C0AE1-5059-4a40-998F-903665EC4443}
C:\Program Files\winvi
C:\Documents and Settings\Grzesiek\Dane aplikacji\winpcdoctor
C:\Documents and Settings\Grzesiek\Dane aplikacji\WinSecureAv
C:\Program Files\AdvancedCleaner Free
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"=-
[-HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstts]>>Plik>>Zapisz jako... >>> CFScriptPrzeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
Znasz może poniższy plik?
C:\ntuser.ini
Tu
#5
Grzegorz1975
-
-
- 3 postów
Nowy
Napisano 26 03 2008 - 15:59
Znasz może poniższy plik?
C:\ntuser.ini
Tu
Nie znam tego.
Ten folder usunąłem.
Nowy log z ComboFix
ComboFix 08-03-22.3 - Grzesiek 2008-03-26 14:56:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.59 [GMT 1:00]
Running from: C:\Documents and Settings\Grzesiek\Pulpit\pobrane pliki\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.
2008-03-23 15:36 . 2008-03-23 15:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 15:36 . 2008-03-23 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-03-23 14:25 . 2008-03-23 14:30 <DIR> d-------- C:\fixwareout
2008-03-21 16:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-21 16:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-21 16:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-21 16:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-21 16:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-21 16:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-21 16:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-21 16:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-05 00:32 . 2008-03-05 00:32 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\ArcaBit
2008-03-04 22:43 . 2008-03-04 22:43 20 --ahs---- C:\ntuser.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 13:50 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\Skype
2008-03-26 07:49 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\skypePM
2008-03-18 10:08 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-03-13 12:01 --------- d-----w C:\Program Files\eMule
2008-03-10 23:01 --------- d-----w C:\Program Files\SubEdit-Player
2008-03-10 23:01 --------- d-----w C:\Program Files\Atheros
2008-03-04 23:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WinAnonymous
2008-03-04 21:46 --------- d-----w C:\Program Files\Tlen.pl
2008-03-04 20:26 --------- d-----w C:\Program Files\Common Files\aolback
2008-03-04 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 17:11 --------- d-----w C:\Program Files\Cossacks
2008-03-02 09:07 --------- d-----w C:\Program Files\Winamp
2008-01-27 20:42 --------- d-----w C:\Program Files\GamaGama Games
2008-01-27 19:03 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-27 08:19 --------- d-----w C:\Program Files\VAG-COM
2008-01-26 02:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-08 12:44 319 ----a-w C:\drmHeader.bin
2008-01-07 22:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 18:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-03-16 06:28 1,473,845,248 -c--a-w C:\Program Files\MSAutoRoute2007Ger.iso
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2007-01-12 19:31 5 --sha-w C:\WINDOWS\system32\badcdbbd0_s.dll
.
------- Sigcheck -------
2002-09-20 18:18 1959808 11b75fa69bf484d59f5a335a4287fa9b C:\WINDOWS\system32\ntkrnlpa.exe
2002-09-20 18:18 1949184 79d262478c985e736deb38ce2224fc75 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2002-09-20 17:12 2054144 a09d37ac95b588201ce48f41736c1319 C:\WINDOWS\system32\ntoskrnl.exe
2002-09-20 17:12 2043520 ae94ae0da6ed874ce08912fc63f8c6c2 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2002-09-20 18:05 1395712 cfb27a430c7628916c25fdf576b64649 C:\WINDOWS\explorer.exe
2002-09-20 18:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="C:\Program Files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 09:52 45056]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-12-07 11:16 6254592]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 09:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43 688218]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 53248 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 36864 C:\WINDOWS\system32\BTSetBootKey.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a--c--- 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\NEOSTR~1\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)
R2 athsgt;athsgt;C:\WINDOWS\System32\DRIVERS\athsgt.sys [2007-01-09 13:44]
R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\AWISp50.sys [2006-03-15 09:35]
R2 limsgt;limsgt;C:\WINDOWS\System32\DRIVERS\limsgt.sys [2007-01-09 13:44]
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\System32\drivers\osanbm.sys [2005-01-14 15:57]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys [2003-03-18 10:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2004-12-15 14:18]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.8.1;C:\WINDOWS\System32\drivers\libusb0.sys [2004-11-18 19:47]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\System32\drivers\vadmulti.sys [2005-06-30 11:57]
S3 avmeject;AVM Eject;C:\WINDOWS\System32\drivers\avmeject.sys [2006-12-28 01:02]
S3 BTCOMM;BTCOMM;C:\WINDOWS\System32\drivers\Btcomm.sys [2004-09-28 15:18]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\System32\Drivers\csrbc01.sys [2005-06-28 18:46]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\System32\DRIVERS\fwlanusb.sys [2006-12-28 01:02]
S3 G3GCUMDM;G3G C USB Modem;C:\WINDOWS\System32\DRIVERS\g3gcumdm.sys [2004-07-06 15:24]
S3 G3GCUSER;G3G C USB Serial;C:\WINDOWS\System32\DRIVERS\g3gcuser.sys [2004-07-06 15:24]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 00:48]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 00:32]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 15:03:40
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Tlen.pl\hook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Arcor\Arcor Wlan-Monitor 1.0\ArcorWlanUtility.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-03-26 15:06:18 - machine was rebooted [Grzesiek]
ComboFix-quarantined-files.txt 2008-03-26 14:06:13
C:\ntuser.ini
Tu
Nie znam tego.
Ten folder usunąłem.
Nowy log z ComboFix
ComboFix 08-03-22.3 - Grzesiek 2008-03-26 14:56:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.59 [GMT 1:00]
Running from: C:\Documents and Settings\Grzesiek\Pulpit\pobrane pliki\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.
2008-03-23 15:36 . 2008-03-23 15:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 15:36 . 2008-03-23 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-03-23 14:25 . 2008-03-23 14:30 <DIR> d-------- C:\fixwareout
2008-03-21 16:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-21 16:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-21 16:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-21 16:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-21 16:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-21 16:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-21 16:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-21 16:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-05 00:32 . 2008-03-05 00:32 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\ArcaBit
2008-03-04 22:43 . 2008-03-04 22:43 20 --ahs---- C:\ntuser.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 13:50 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\Skype
2008-03-26 07:49 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\skypePM
2008-03-18 10:08 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-03-13 12:01 --------- d-----w C:\Program Files\eMule
2008-03-10 23:01 --------- d-----w C:\Program Files\SubEdit-Player
2008-03-10 23:01 --------- d-----w C:\Program Files\Atheros
2008-03-04 23:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WinAnonymous
2008-03-04 21:46 --------- d-----w C:\Program Files\Tlen.pl
2008-03-04 20:26 --------- d-----w C:\Program Files\Common Files\aolback
2008-03-04 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 17:11 --------- d-----w C:\Program Files\Cossacks
2008-03-02 09:07 --------- d-----w C:\Program Files\Winamp
2008-01-27 20:42 --------- d-----w C:\Program Files\GamaGama Games
2008-01-27 19:03 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-27 08:19 --------- d-----w C:\Program Files\VAG-COM
2008-01-26 02:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-08 12:44 319 ----a-w C:\drmHeader.bin
2008-01-07 22:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 18:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-03-16 06:28 1,473,845,248 -c--a-w C:\Program Files\MSAutoRoute2007Ger.iso
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2007-01-12 19:31 5 --sha-w C:\WINDOWS\system32\badcdbbd0_s.dll
.
------- Sigcheck -------
2002-09-20 18:18 1959808 11b75fa69bf484d59f5a335a4287fa9b C:\WINDOWS\system32\ntkrnlpa.exe
2002-09-20 18:18 1949184 79d262478c985e736deb38ce2224fc75 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2002-09-20 17:12 2054144 a09d37ac95b588201ce48f41736c1319 C:\WINDOWS\system32\ntoskrnl.exe
2002-09-20 17:12 2043520 ae94ae0da6ed874ce08912fc63f8c6c2 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2002-09-20 18:05 1395712 cfb27a430c7628916c25fdf576b64649 C:\WINDOWS\explorer.exe
2002-09-20 18:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="C:\Program Files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 09:52 45056]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-12-07 11:16 6254592]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 09:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43 688218]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 53248 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 36864 C:\WINDOWS\system32\BTSetBootKey.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a--c--- 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\NEOSTR~1\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)
R2 athsgt;athsgt;C:\WINDOWS\System32\DRIVERS\athsgt.sys [2007-01-09 13:44]
R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\AWISp50.sys [2006-03-15 09:35]
R2 limsgt;limsgt;C:\WINDOWS\System32\DRIVERS\limsgt.sys [2007-01-09 13:44]
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\System32\drivers\osanbm.sys [2005-01-14 15:57]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys [2003-03-18 10:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2004-12-15 14:18]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.8.1;C:\WINDOWS\System32\drivers\libusb0.sys [2004-11-18 19:47]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\System32\drivers\vadmulti.sys [2005-06-30 11:57]
S3 avmeject;AVM Eject;C:\WINDOWS\System32\drivers\avmeject.sys [2006-12-28 01:02]
S3 BTCOMM;BTCOMM;C:\WINDOWS\System32\drivers\Btcomm.sys [2004-09-28 15:18]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\System32\Drivers\csrbc01.sys [2005-06-28 18:46]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\System32\DRIVERS\fwlanusb.sys [2006-12-28 01:02]
S3 G3GCUMDM;G3G C USB Modem;C:\WINDOWS\System32\DRIVERS\g3gcumdm.sys [2004-07-06 15:24]
S3 G3GCUSER;G3G C USB Serial;C:\WINDOWS\System32\DRIVERS\g3gcuser.sys [2004-07-06 15:24]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 00:48]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 00:32]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 15:03:40
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Tlen.pl\hook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Arcor\Arcor Wlan-Monitor 1.0\ArcorWlanUtility.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-03-26 15:06:18 - machine was rebooted [Grzesiek]
ComboFix-quarantined-files.txt 2008-03-26 14:06:13
#6
wncvirus
-
-
- 851 postów
Leń !
Napisano 26 03 2008 - 16:34
Ale zrób screnshota(obrazek) co Ci wyskoczyło po badaniu tego pliku.Bo ty mi wkleiłeś tylko sam link do skanera.
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
