Moja zawartość
.Dzięki wszystkim za pomoc.
- Forum komputerowe
- → Przeglądanie profilu: Posty: Pawel_pl
Statystyki
- Grupa: Użytkownik
- Całość postów: 15
- Odwiedzin: 835
- Tytuł: Początkujący
- Wiek: Wiek nie został ustalony
- Urodziny: Data urodzin nie została podana
-
Płeć
Nie podano
0
Neutralna
Moje posty
W temacie: Logi - Proces explorer.exe zajmuje 100% cpu
07 09 2008 - 10:25
Problem rozwiązany ,skończyło się na pełnym formacie .
Dzięki wszystkim za pomoc.
.Dzięki wszystkim za pomoc.
W temacie: Logi - Proces explorer.exe zajmuje 100% cpu
03 09 2008 - 20:34
ComboFix 08-08-31.01 - MUZYKA 2008-09-03 20:24:51.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.97 [GMT 2:00]
Running from: D:\Documents and Settings\MUZYKA\Pulpit\ComboFix.exe
Command switches used :: D:\Documents and Settings\MUZYKA\Pulpit\CFScript.txt
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\Messenger\msgmr.dll
D:\WINDOWS\AppPatch\AcSpecf.sdb
D:\WINDOWS\Fonts\Framdee.ttf
D:\WINDOWS\sysocmgr.dll
D:\WINDOWS\system32\adsntzt.dll
D:\WINDOWS\system32\adsntzt.nls
D:\WINDOWS\system32\avicapwm.dll
D:\WINDOWS\system32\avicapwm.nls
D:\WINDOWS\system32\bootvidgj.dll
D:\WINDOWS\system32\bootvidgj.nls
D:\WINDOWS\system32\certmgrkd.dll
D:\WINDOWS\system32\certmgrkd.nls
D:\WINDOWS\system32\cliconfgzx.dll
D:\WINDOWS\system32\cliconfgzx.nls
D:\WINDOWS\system32\cupops.dll
D:\WINDOWS\system32\dispexcb.dll
D:\WINDOWS\system32\dispexcb.nls
D:\WINDOWS\system32\dpvvoxmh.dll
D:\WINDOWS\system32\dpvvoxmh.nls
D:\WINDOWS\system32\imgutilhx2.dll
D:\WINDOWS\system32\imgutilhx2.nls
D:\WINDOWS\system32\johandy.dll
D:\WINDOWS\system32\lweurqhx.dll
D:\WINDOWS\system32\lweurqhx.nls
D:\WINDOWS\system32\mshta.dll
D:\WINDOWS\system32\mstimewd.dll
D:\WINDOWS\system32\mstimewd.nls
D:\WINDOWS\system32\qxfel.dll
D:\WINDOWS\system32\qxfelk.exe
D:\WINDOWS\system32\slbiopfs2.dll
D:\WINDOWS\system32\slbiopfs2.nls
D:\WINDOWS\system32\thermaltinc.dll
D:\WINDOWS\system32\tscfgwmijxsj.dll
D:\WINDOWS\system32\tscfgwmijxsj.nls
D:\WINDOWS\Update.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.
2008-09-03 16:29 . 2008-09-03 16:29 73,728 --a------ D:\WINDOWS\W6L65FQ.exe
2008-09-03 16:21 . 2008-09-03 16:21 0 --a------ D:\WINDOWS\ativpsrm.bin
2008-09-03 16:07 . 2008-07-31 21:05 593,920 --------- D:\WINDOWS\system32\ati2sgag.exe
2008-09-03 15:56 . 2008-09-03 15:56 <DIR> d-------- D:\ATI
2008-09-03 15:53 . 2008-09-03 15:53 683,808 --a------ D:\WINDOWS\system32\xolehlpjh.dll
2008-09-03 15:53 . 2008-09-03 15:53 288 --a------ D:\WINDOWS\system32\xolehlpjh.nls
2008-09-03 15:52 . 2008-09-03 15:52 2,580,768 --a------ D:\WINDOWS\system32\nkujwonr.dll
2008-09-03 15:52 . 2008-09-03 15:52 24,576 --a------ D:\WINDOWS\system32\aotoppt.dll
2008-09-03 15:52 . 2008-09-03 15:52 288 --a------ D:\WINDOWS\system32\nkujwonr.nls
2008-09-03 15:51 . 2008-09-03 15:51 2,593,056 --a------ D:\WINDOWS\system32\inetresdxc.dll
2008-09-03 15:51 . 2008-09-03 15:51 288 --a------ D:\WINDOWS\system32\inetresdxc.nls
2008-09-03 15:44 . 2008-09-03 15:44 61,440 -rahs---- D:\WINDOWS\YYLMOF.exe
2008-09-03 15:44 . 2008-09-03 15:44 61,440 -r-hs---- D:\WINDOWS\81BYWD16D.exe
2008-09-03 15:44 . 2008-09-03 15:44 28,672 --a------ D:\WINDOWS\SJLFQIH.exe
2008-09-02 17:29 . 2008-09-03 15:53 2,197,140 --a------ D:\WINDOWS\system32\twainyy.dll
2008-09-02 17:29 . 2008-09-02 17:29 148 --a------ D:\WINDOWS\system32\twainyy.nls
2008-09-02 17:27 . 2008-09-02 17:27 2,411,808 --a------ D:\WINDOWS\system32\qqwlpxio.dll
2008-09-02 17:27 . 2008-09-02 17:27 288 --a------ D:\WINDOWS\system32\qqwlpxio.nls
2008-09-02 11:32 . 2004-08-03 23:08 31,616 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-02 11:32 . 2004-08-03 23:08 31,616 --a--c--- D:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-02 11:32 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-02 10:48 . 2008-09-02 10:48 <DIR> d-------- D:\Program Files\Nowy folder
2008-09-01 17:37 . 2008-09-01 17:37 <DIR> d-------- D:\Program Files\Microsoft.NET
2008-09-01 17:37 . 2008-09-01 17:39 <DIR> d-------- D:\Program Files\Common Files\Merge Modules
2008-09-01 17:37 . 2008-09-01 17:39 <DIR> d-------- D:\Microsoft Visual Studio 8
2008-09-01 17:37 . 2008-09-01 18:12 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-01 17:15 . 2008-09-01 17:15 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-09-01 17:13 . 2008-09-01 17:13 <DIR> d-------- D:\Documents and Settings\MUZYKA\Dane aplikacji\DAEMON Tools
2008-09-01 17:13 . 2008-09-01 17:13 716,272 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-09-01 17:07 . 2008-09-01 17:07 13,646 --a------ D:\WINDOWS\system32\wpa.bak
2008-09-01 17:04 . 2008-09-01 17:04 0 --a------ D:\WINDOWS\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 13:57 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-09-03 13:56 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-09-01 16:02 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET 2003
2008-09-01 14:53 --------- d-----w D:\Program Files\VIAudioi
2008-09-01 14:52 --------- d-----w D:\Program Files\VIA
2008-09-01 14:32 --------- d-----w D:\Program Files\microsoft frontpage
2008-09-01 14:28 --------- d-----w D:\Program Files\Usługi online
2008-08-01 06:38 3,266,560 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 05:40 9,928,704 ----a-w D:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w D:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w D:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w D:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w D:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w D:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w D:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w D:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w D:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w D:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w D:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w D:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w D:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w D:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w D:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w D:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w D:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 53,248 ----a-w D:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-01 03:39 307,200 ----a-w D:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w D:\WINDOWS\system32\ati2cqag.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="D:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 18:28 540672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}"= "D:\WINDOWS\system32\inetresdxc.dll" [2008-09-03 15:51 2593056]
"{F0930A2F-D971-4828-8209-B7DFD266ED44}"= "D:\WINDOWS\system32\xolehlpjh.dll" [2008-09-03 15:53 683808]
"{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}"= "D:\WINDOWS\system32\twainyy.dll" [2008-09-03 15:53 2197140]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"twainyy.dll"= {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - D:\WINDOWS\system32\twainyy.dll [2008-09-03 15:53 2197140]
"inetresdxc.dll"= {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - D:\WINDOWS\system32\inetresdxc.dll [2008-09-03 15:51 2593056]
"xolehlpjh.dll"= {F0930A2F-D971-4828-8209-B7DFD266ED44} - D:\WINDOWS\system32\xolehlpjh.dll [2008-09-03 15:53 683808]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 20:28:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
D:\WINDOWS\system32\drivers\nvmini.sys 17152 bytes executable
D:\WINDOWS\linkinfo.dll 46592 bytes executable
D:\WINDOWS\system32\linkinfo.dll 18944 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: D:\WINDOWS\Explorer.EXE
-> D:\WINDOWS\system32\inetresdxc.dll
-> D:\WINDOWS\system32\xolehlpjh.dll
-> D:\WINDOWS\system32\twainyy.dll
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-03 20:31:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 18:31:14
ComboFix2.txt 2008-09-03 13:36:17
Pre-Run: 16,786,587,648 bajtów wolnych
Post-Run: 16,764,211,200 bajt˘w wolnych
167
W temacie: Logi - Proces explorer.exe zajmuje 100% cpu
03 09 2008 - 15:44
ComboFix 08-08-31.01 - MUZYKA 2008-09-03 15:30:22.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.100 [GMT 2:00]
Running from: D:\Documents and Settings\MUZYKA\Pulpit\ComboFix.exe
Command switches used :: D:\Documents and Settings\MUZYKA\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
FILE ::
D:\WINDOWS\2FLHT3FS.exe
D:\WINDOWS\2XFA7G8.exe
D:\WINDOWS\41C6ZFYR.exe
D:\WINDOWS\57YIXNHZM.exe
D:\WINDOWS\ET6FR1Y1L1.exe
D:\WINDOWS\I8MR9FF3SWHY.exe
D:\WINDOWS\K3THGR.exe
D:\WINDOWS\LH2C80O.exe
D:\WINDOWS\LHMLBDDI.exe
D:\WINDOWS\NIODPQ5Y0F.exe
D:\WINDOWS\SVWJT5GOUW9F.exe
D:\WINDOWS\system32\aotoppt.dll
D:\WINDOWS\system32\inetresdxc.dll
D:\WINDOWS\system32\inetresdxc.nls
D:\WINDOWS\system32\ndyhlclq.dll
D:\WINDOWS\system32\ndyhlclq.nls
D:\WINDOWS\system32\nsvcessp.dll
D:\WINDOWS\system32\nsvcessp.nls
D:\WINDOWS\system32\onarozrr.nls
D:\WINDOWS\system32\towfsjex.dll
D:\WINDOWS\system32\towfsjex.nls
D:\WINDOWS\system32\xolehlpjh.dll
D:\WINDOWS\system32\xolehlpjh.nls
D:\WINDOWS\system32\ytsfdojf.dll
D:\WINDOWS\UAYYI.exe
D:\WINDOWS\V0G3M.exe
D:\WINDOWS\YM39Q.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\Messenger\msgmr.dll
D:\WINDOWS\2FLHT3FS.exe
D:\WINDOWS\2XFA7G8.exe
D:\WINDOWS\41C6ZFYR.exe
D:\WINDOWS\57YIXNHZM.exe
D:\WINDOWS\AppPatch\AcSpecf.sdb
D:\WINDOWS\AppPatch\AcXtrnel.sdb
D:\WINDOWS\ET6FR1Y1L1.exe
D:\WINDOWS\Fonts\Framdee.ttf
D:\WINDOWS\I8MR9FF3SWHY.exe
D:\WINDOWS\K3THGR.exe
D:\WINDOWS\LH2C80O.exe
D:\WINDOWS\LHMLBDDI.exe
D:\WINDOWS\NIODPQ5Y0F.exe
D:\WINDOWS\SVWJT5GOUW9F.exe
D:\WINDOWS\sysocmgr.dll
D:\WINDOWS\system32\adsntzt.dll
D:\WINDOWS\system32\adsntzt.nls
D:\WINDOWS\system32\aotoppt.dll
D:\WINDOWS\system32\avicapwm.dll
D:\WINDOWS\system32\avicapwm.nls
D:\WINDOWS\system32\bootvidgj.dll
D:\WINDOWS\system32\bootvidgj.nls
D:\WINDOWS\system32\certmgrkd.dll
D:\WINDOWS\system32\certmgrkd.nls
D:\WINDOWS\system32\cliconfgzx.dll
D:\WINDOWS\system32\cliconfgzx.nls
D:\WINDOWS\system32\cupops.dll
D:\WINDOWS\system32\cupopsk.exe
D:\WINDOWS\system32\dispexcb.dll
D:\WINDOWS\system32\dispexcb.nls
D:\WINDOWS\system32\dpvvoxmh.dll
D:\WINDOWS\system32\dpvvoxmh.nls
D:\WINDOWS\system32\imgutilhx2.dll
D:\WINDOWS\system32\imgutilhx2.nls
D:\WINDOWS\system32\inetresdxc.dll
D:\WINDOWS\system32\inetresdxc.nls
D:\WINDOWS\system32\johandy.dll
D:\WINDOWS\system32\lweurqhx.dll
D:\WINDOWS\system32\lweurqhx.nls
D:\WINDOWS\system32\mshta.dll
D:\WINDOWS\system32\mstimewd.dll
D:\WINDOWS\system32\mstimewd.nls
D:\WINDOWS\system32\ndyhlclq.dll
D:\WINDOWS\system32\ndyhlclq.nls
D:\WINDOWS\system32\nsvcessp.dll
D:\WINDOWS\system32\nsvcessp.nls
D:\WINDOWS\system32\onarozrr.nls
D:\WINDOWS\system32\qxfel.dll
D:\WINDOWS\system32\qxfelk.exe
D:\WINDOWS\system32\rasdlgcq.dll
D:\WINDOWS\system32\rasdlgcq.nls
D:\WINDOWS\system32\slbiopfs2.dll
D:\WINDOWS\system32\slbiopfs2.nls
D:\WINDOWS\system32\thermaltinc.dll
D:\WINDOWS\system32\towfsjex.dll
D:\WINDOWS\system32\towfsjex.nls
D:\WINDOWS\system32\tscfgwmijxsj.dll
D:\WINDOWS\system32\tscfgwmijxsj.nls
D:\WINDOWS\system32\xolehlpjh.dll
D:\WINDOWS\system32\xolehlpjh.nls
D:\WINDOWS\system32\ytsfdojf.dll
D:\WINDOWS\temp\wmsetup.dll
D:\WINDOWS\UAYYI.exe
D:\WINDOWS\Update.dll
D:\WINDOWS\V0G3M.exe
D:\WINDOWS\YM39Q.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_5ALJTCK
-------\Legacy_NVMINI
-------\Legacy_V85JYU8
-------\Service_5ALJTCK
-------\Service_V85JYU8
((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.
2008-09-02 17:29 . 2008-09-02 17:29 2,388,628 --a------ D:\WINDOWS\system32\twainyy.dll
2008-09-02 17:29 . 2008-09-02 17:29 148 --a------ D:\WINDOWS\system32\twainyy.nls
2008-09-02 17:27 . 2008-09-02 17:27 2,411,808 --a------ D:\WINDOWS\system32\qqwlpxio.dll
2008-09-02 17:27 . 2008-09-02 17:27 288 --a------ D:\WINDOWS\system32\qqwlpxio.nls
2008-09-02 11:32 . 2004-08-03 23:08 31,616 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-02 11:32 . 2004-08-03 23:08 31,616 --a--c--- D:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-02 11:32 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-02 10:48 . 2008-09-02 10:48 <DIR> d-------- D:\Program Files\Nowy folder
2008-09-01 17:37 . 2008-09-01 17:37 <DIR> d-------- D:\Program Files\Microsoft.NET
2008-09-01 17:37 . 2008-09-01 17:39 <DIR> d-------- D:\Program Files\Common Files\Merge Modules
2008-09-01 17:37 . 2008-09-01 17:39 <DIR> d-------- D:\Microsoft Visual Studio 8
2008-09-01 17:37 . 2008-09-01 18:12 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-01 17:15 . 2008-09-01 17:15 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-09-01 17:13 . 2008-09-01 17:13 <DIR> d-------- D:\Documents and Settings\MUZYKA\Dane aplikacji\DAEMON Tools
2008-09-01 17:13 . 2008-09-01 17:13 716,272 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-09-01 17:07 . 2008-09-01 17:07 13,646 --a------ D:\WINDOWS\system32\wpa.bak
2008-09-01 17:04 . 2008-09-01 17:04 0 --a------ D:\WINDOWS\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 16:02 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET 2003
2008-09-01 14:54 --------- d-----w D:\Program Files\InstallShield Installation Information
2008-09-01 14:53 --------- d-----w D:\Program Files\VIAudioi
2008-09-01 14:52 --------- d-----w D:\Program Files\VIA
2008-09-01 14:52 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-09-01 14:32 --------- d-----w D:\Program Files\microsoft frontpage
2008-09-01 14:28 --------- d-----w D:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="D:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 18:28 540672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}"= "D:\WINDOWS\system32\twainyy.dll" [2008-09-02 17:29 2388628]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"twainyy.dll"= {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - D:\WINDOWS\system32\twainyy.dll [2008-09-02 17:29 2388628]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
*Newly Created Service* - NVMINI
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC} - D:\WINDOWS\system32\rasdlgcq.dll
SSODL-rasdlgcq.dll-{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC} - D:\WINDOWS\system32\rasdlgcq.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 15:33:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
D:\WINDOWS\linkinfo.dll 46592 bytes executable
D:\WINDOWS\system32\drivers\nvmini.sys 17152 bytes executable
D:\WINDOWS\system32\linkinfo.dll 18944 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-03 15:36:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 13:36:10
Pre-Run: 16,866,426,880 bajtów wolnych
Post-Run: 16,839,168,000 bajt˘w wolnych
191
W temacie: Logi - Proces explorer.exe zajmuje 100% cpu
02 09 2008 - 17:20
No i kolejny:
ComboFix 08-08-31.01 - MUZYKA 2008-09-02 17:11:51.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.110 [GMT 2:00]
Running from: D:\Documents and Settings\MUZYKA\Pulpit\ComboFix.exe
Command switches used :: D:\Documents and Settings\MUZYKA\Pulpit\CFScript.txt
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\Messenger\msgmr.dll
D:\WINDOWS\Fonts\Framdee.ttf
D:\WINDOWS\temp\wmsetup.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.
2008-09-02 17:04 . 2008-09-02 17:04 73,728 -r-hs---- D:\WINDOWS\V0G3M.exe
2008-09-02 17:04 . 2008-09-02 17:04 73,728 -rahs---- D:\WINDOWS\57YIXNHZM.exe
2008-09-02 17:04 . 2008-09-02 17:04 28,672 --a------ D:\WINDOWS\2FLHT3FS.exe
2008-09-02 17:03 . 2008-09-02 17:03 73,728 -r-hs---- D:\WINDOWS\SVWJT5GOUW9F.exe
2008-09-02 17:03 . 2008-09-02 17:03 73,728 -rahs---- D:\WINDOWS\41C6ZFYR.exe
2008-09-02 17:03 . 2008-09-02 17:03 28,672 --a------ D:\WINDOWS\K3THGR.exe
2008-09-02 16:07 . 2008-09-02 16:07 73,728 -rahs---- D:\WINDOWS\LH2C80O.exe
2008-09-02 16:07 . 2008-09-02 16:07 73,728 -r-hs---- D:\WINDOWS\2XFA7G8.exe
2008-09-02 16:07 . 2008-09-02 16:07 28,672 --a------ D:\WINDOWS\ET6FR1Y1L1.exe
2008-09-02 15:59 . 2008-09-02 15:59 2,448,672 --a------ D:\WINDOWS\system32\towfsjex.dll
2008-09-02 15:59 . 2008-09-02 15:59 288 --a------ D:\WINDOWS\system32\towfsjex.nls
2008-09-02 12:52 . 2008-09-02 12:52 73,728 --a------ D:\WINDOWS\YM39Q.exe
2008-09-02 12:52 . 2008-09-02 12:52 73,728 -rahs---- D:\WINDOWS\LHMLBDDI.exe
2008-09-02 12:52 . 2008-09-02 12:52 73,728 -r-hs---- D:\WINDOWS\I8MR9FF3SWHY.exe
2008-09-02 12:52 . 2008-09-02 12:52 61,440 --a------ D:\WINDOWS\UAYYI.exe
2008-09-02 12:52 . 2008-09-02 12:52 28,672 --a------ D:\WINDOWS\NIODPQ5Y0F.exe
2008-09-02 11:32 . 2004-08-03 23:08 31,616 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-02 11:32 . 2004-08-03 23:08 31,616 --a--c--- D:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-02 11:32 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-02 10:48 . 2008-09-02 10:48 <DIR> d-------- D:\Program Files\Nowy folder
2008-09-02 10:43 . 2008-09-02 10:43 1,059,616 --a------ D:\WINDOWS\system32\ndyhlclq.dll
2008-09-02 10:43 . 2008-09-02 15:59 24,576 --a------ D:\WINDOWS\system32\aotoppt.dll
2008-09-02 10:43 . 2008-09-02 10:43 288 --a------ D:\WINDOWS\system32\ndyhlclq.nls
2008-09-01 21:20 . 2008-09-01 21:20 288 --a------ D:\WINDOWS\system32\onarozrr.nls
2008-09-01 19:59 . 2008-09-02 15:58 2,219,296 --a------ D:\WINDOWS\system32\inetresdxc.dll
2008-09-01 19:59 . 2008-09-02 15:59 1,011,488 --a------ D:\WINDOWS\system32\xolehlpjh.dll
2008-09-01 19:59 . 2008-09-01 19:59 557,856 --a------ D:\WINDOWS\system32\nsvcessp.dll
2008-09-01 19:59 . 2008-09-01 19:59 288 --a------ D:\WINDOWS\system32\xolehlpjh.nls
2008-09-01 19:59 . 2008-09-01 19:59 288 --a------ D:\WINDOWS\system32\nsvcessp.nls
2008-09-01 19:59 . 2008-09-01 19:59 288 --a------ D:\WINDOWS\system32\inetresdxc.nls
2008-09-01 17:37 . 2008-09-01 17:37 <DIR> d-------- D:\Program Files\Microsoft.NET
2008-09-01 17:37 . 2008-09-01 17:39 <DIR> d-------- D:\Program Files\Common Files\Merge Modules
2008-09-01 17:37 . 2008-09-01 17:39 <DIR> d-------- D:\Microsoft Visual Studio 8
2008-09-01 17:37 . 2008-09-01 18:12 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-01 17:15 . 2008-09-01 17:15 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-09-01 17:13 . 2008-09-01 17:13 <DIR> d-------- D:\Documents and Settings\MUZYKA\Dane aplikacji\DAEMON Tools
2008-09-01 17:13 . 2008-09-01 17:13 716,272 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-09-01 17:07 . 2008-09-01 17:07 13,646 --a------ D:\WINDOWS\system32\wpa.bak
2008-09-01 17:04 . 2008-09-01 17:04 0 --a------ D:\WINDOWS\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 16:02 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET 2003
2008-09-01 16:00 1,032,992 ----a-w D:\WINDOWS\system32\ytsfdojf.dll
2008-09-01 14:54 --------- d-----w D:\Program Files\InstallShield Installation Information
2008-09-01 14:53 --------- d-----w D:\Program Files\VIAudioi
2008-09-01 14:52 --------- d-----w D:\Program Files\VIA
2008-09-01 14:52 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-09-01 14:32 --------- d-----w D:\Program Files\microsoft frontpage
2008-09-01 14:28 --------- d-----w D:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="D:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 18:28 540672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}"= "D:\WINDOWS\system32\inetresdxc.dll" [2008-09-02 15:58 2219296]
"{F0930A2F-D971-4828-8209-B7DFD266ED44}"= "D:\WINDOWS\system32\xolehlpjh.dll" [2008-09-02 15:59 1011488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"inetresdxc.dll"= {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - D:\WINDOWS\system32\inetresdxc.dll [2008-09-02 15:58 2219296]
"xolehlpjh.dll"= {F0930A2F-D971-4828-8209-B7DFD266ED44} - D:\WINDOWS\system32\xolehlpjh.dll [2008-09-02 15:59 1011488]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
S3 5ALJTCK;2YR0ZJKHZEM5;D:\WINDOWS\9IDGQ1HH.txt [2008-09-02 16:23]
S3 V85JYU8;4HO0JIU;D:\WINDOWS\DINLYVMV.txt [2008-09-02 12:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6728d0-78d2-11dd-9613-000d8779ecd4}]
\shell\explore\Command - I:\boot.exe
\shell\open\Command - I:\boot.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 17:14:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
D:\WINDOWS\linkinfo.dll 46592 bytes executable
D:\WINDOWS\system32\drivers\nvmini.sys 17152 bytes executable
D:\WINDOWS\system32\linkinfo.dll 18944 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5ALJTCK]
"ImagePath"="\??\D:\WINDOWS\9IDGQ1HH.txt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\V85JYU8]
"ImagePath"="\??\D:\WINDOWS\DINLYVMV.txt"
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-02 17:17:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 15:17:14
ComboFix2.txt 2008-09-02 14:47:36
Pre-Run: 16,863,113,216 bajtów wolnych
Post-Run: 16,858,628,096 bajt˘w wolnych
122
W temacie: Logi - Proces explorer.exe zajmuje 100% cpu
02 09 2008 - 16:51
Zrobione ,nowy log:
ComboFix 08-08-31.01 - MUZYKA 2008-09-02 16:42:47.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.97 [GMT 2:00]
Running from: D:\Documents and Settings\MUZYKA\Pulpit\ComboFix.exe
Command switches used :: D:\Documents and Settings\MUZYKA\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\Messenger\msgmr.dll
D:\WINDOWS\AppPatch\AcSpecf.sdb
D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
D:\WINDOWS\Fonts\Framdee.ttf
D:\WINDOWS\sysocmgr.dll
D:\WINDOWS\system32\adsntzt.dll
D:\WINDOWS\system32\adsntzt.nls
D:\WINDOWS\system32\avicapwm.dll
D:\WINDOWS\system32\avicapwm.nls
D:\WINDOWS\system32\bootvidgj.dll
D:\WINDOWS\system32\bootvidgj.nls
D:\WINDOWS\system32\cliconfgzx.dll
D:\WINDOWS\system32\cliconfgzx.nls
D:\WINDOWS\system32\cupops.dll
D:\WINDOWS\system32\cupopsk.exe
D:\WINDOWS\system32\dispexcb.dll
D:\WINDOWS\system32\dispexcb.nls
D:\WINDOWS\system32\dpvvoxmh.dll
D:\WINDOWS\system32\dpvvoxmh.nls
D:\WINDOWS\system32\imgutilhx2.dll
D:\WINDOWS\system32\imgutilhx2.nls
D:\WINDOWS\system32\lweurqhx.dll
D:\WINDOWS\system32\lweurqhx.nls
D:\WINDOWS\system32\mshta.dll
D:\WINDOWS\system32\mstimewd.dll
D:\WINDOWS\system32\mstimewd.nls
D:\WINDOWS\system32\qxfel.dll
D:\WINDOWS\system32\rasdlgcq.dll
D:\WINDOWS\system32\rasdlgcq.nls
D:\WINDOWS\system32\slbiopfs2.dll
D:\WINDOWS\system32\slbiopfs2.nls
D:\WINDOWS\system32\thermaltinc.dll
D:\WINDOWS\system32\tscfgwmijxsj.dll
D:\WINDOWS\system32\tscfgwmijxsj.nls
D:\WINDOWS\temp\wmsetup.dll
D:\WINDOWS\Update.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.
2008-09-02 16:07 . 2008-09-02 16:07 73,728 -rahs---- D:\WINDOWS\LH2C80O.exe
2008-09-02 16:07 . 2008-09-02 16:07 73,728 -r-hs---- D:\WINDOWS\2XFA7G8.exe
2008-09-02 16:07 . 2008-09-02 16:07 28,672 --a------ D:\WINDOWS\ET6FR1Y1L1.exe
2008-09-02 15:59 . 2008-09-02 15:59 2,448,672 --a------ D:\WINDOWS\system32\towfsjex.dll
2008-09-02 15:59 . 2008-09-02 15:59 288 --a------ D:\WINDOWS\system32\towfsjex.nls
2008-09-02 12:52 . 2008-09-02 12:52 73,728 --a------ D:\WINDOWS\YM39Q.exe
2008-09-02 12:52 . 2008-09-02 12:52 73,728 -rahs---- D:\WINDOWS\LHMLBDDI.exe
2008-09-02 12:52 . 2008-09-02 12:52 73,728 -r-hs---- D:\WINDOWS\I8MR9FF3SWHY.exe
2008-09-02 12:52 . 2008-09-02 12:52 61,440 --a------ D:\WINDOWS\UAYYI.exe
2008-09-02 12:52 . 2008-09-02 12:52 28,672 --a------ D:\WINDOWS\NIODPQ5Y0F.exe
2008-09-02 11:32 . 2004-08-03 23:08 31,616 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-02 11:32 . 2004-08-03 23:08 31,616 --a--c--- D:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-02 11:32 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-02 10:48 . 2008-09-02 10:48 <DIR> d-------- D:\Program Files\Nowy folder
2008-09-02 10:43 . 2008-09-02 10:43 1,059,616 --a------ D:\WINDOWS\system32\ndyhlclq.dll
2008-09-02 10:43 . 2008-09-02 15:59 24,576 --a------ D:\WINDOWS\system32\aotoppt.dll
2008-09-02 10:43 . 2008-09-02 10:43 288 --a------ D:\WINDOWS\system32\ndyhlclq.nls
2008-09-01 21:20 . 2008-09-01 21:20 288 --a------ D:\WINDOWS\system32\onarozrr.nls
2008-09-01 19:59 . 2008-09-02 15:58 2,219,296 --a------ D:\WINDOWS\system32\inetresdxc.dll
2008-09-01 19:59 . 2008-09-02 15:59 1,011,488 --a------ D:\WINDOWS\system32\xolehlpjh.dll
2008-09-01 19:59 . 2008-09-01 19:59 557,856 --a------ D:\WINDOWS\system32\nsvcessp.dll
2008-09-01 19:59 . 2008-09-01 19:59 288 --a------ D:\WINDOWS\system32\xolehlpjh.nls
2008-09-01 19:59 . 2008-09-01 19:59 288 --a------ D:\WINDOWS\system32\nsvcessp.nls
2008-09-01 19:59 . 2008-09-01 19:59 288 --a------ D:\WINDOWS\system32\inetresdxc.nls
2008-09-01 17:37 . 2008-09-01 17:37 <DIR> d-------- D:\Program Files\Microsoft.NET
2008-09-01 17:37 . 2008-09-01 17:39 <DIR> d-------- D:\Program Files\Common Files\Merge Modules
2008-09-01 17:37 . 2008-09-01 17:39 <DIR> d-------- D:\Microsoft Visual Studio 8
2008-09-01 17:37 . 2008-09-01 18:12 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-01 17:15 . 2008-09-01 17:15 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-09-01 17:13 . 2008-09-01 17:13 <DIR> d-------- D:\Documents and Settings\MUZYKA\Dane aplikacji\DAEMON Tools
2008-09-01 17:13 . 2008-09-01 17:13 716,272 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-09-01 17:07 . 2008-09-01 17:07 13,646 --a------ D:\WINDOWS\system32\wpa.bak
2008-09-01 17:04 . 2008-09-01 17:04 0 --a------ D:\WINDOWS\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 16:02 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET 2003
2008-09-01 16:00 1,032,992 ----a-w D:\WINDOWS\system32\ytsfdojf.dll
2008-09-01 14:54 --------- d-----w D:\Program Files\InstallShield Installation Information
2008-09-01 14:53 --------- d-----w D:\Program Files\VIAudioi
2008-09-01 14:52 --------- d-----w D:\Program Files\VIA
2008-09-01 14:52 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-09-01 14:32 --------- d-----w D:\Program Files\microsoft frontpage
2008-09-01 14:28 --------- d-----w D:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="D:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 18:28 540672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}"= "D:\WINDOWS\system32\inetresdxc.dll" [2008-09-02 15:58 2219296]
"{F0930A2F-D971-4828-8209-B7DFD266ED44}"= "D:\WINDOWS\system32\xolehlpjh.dll" [2008-09-02 15:59 1011488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"inetresdxc.dll"= {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - D:\WINDOWS\system32\inetresdxc.dll [2008-09-02 15:58 2219296]
"xolehlpjh.dll"= {F0930A2F-D971-4828-8209-B7DFD266ED44} - D:\WINDOWS\system32\xolehlpjh.dll [2008-09-02 15:59 1011488]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
S3 5ALJTCK;2YR0ZJKHZEM5;D:\WINDOWS\9IDGQ1HH.txt [2008-09-02 16:23]
S3 V85JYU8;4HO0JIU;D:\WINDOWS\DINLYVMV.txt [2008-09-02 12:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6728d0-78d2-11dd-9613-000d8779ecd4}]
\shell\explore\Command - I:\boot.exe
\shell\open\Command - I:\boot.exe
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC} - D:\WINDOWS\system32\rasdlgcq.dll
SSODL-rasdlgcq.dll-{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC} - D:\WINDOWS\system32\rasdlgcq.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 16:45:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
D:\WINDOWS\system32\drivers\nvmini.sys 17152 bytes executable
D:\WINDOWS\linkinfo.dll 46592 bytes executable
D:\WINDOWS\system32\linkinfo.dll 18944 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5ALJTCK]
"ImagePath"="\??\D:\WINDOWS\9IDGQ1HH.txt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\V85JYU8]
"ImagePath"="\??\D:\WINDOWS\DINLYVMV.txt"
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-02 16:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 14:47:31
Pre-Run: 16,873,889,792 bajtów wolnych
Post-Run: 16,852,635,648 bajt˘w wolnych
152
- Forum Komputerowe Tweaks.pl
- → Przeglądanie profilu: Posty: Pawel_pl
- Polityka prywatności
- Szukaj
- Regulamin Forum ·
