Skocz do zawartości
iamthekacper

Wyskakujące Reklamy

Przez iamthekacper, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano (edytowane)

Witam. Co jakis czas wyskakuja mi jakieś reklamy i takie tam dziwne strony 8O Wczoraj an dodatek nie mogłem wejść na zadnastrone ani OPera ani z IE :)

Oto logi z combofix i HIjack oraz silent runers

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix
ComboFix 08-04-29.3 - Administrator 2008-04-30 9:10:49.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2675 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Pulpit\portable\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

I:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))

.

 

2008-04-27 11:32 . 2008-04-27 11:32 <DIR> d-------- C:\SOYO

2008-04-27 11:23 . 2008-04-27 11:27 37 --a------ C:\WINDOWS\CMAURACK.INI

2008-04-27 11:23 . 2008-04-27 11:26 36 --a------ C:\WINDOWS\CMMPLAY.INI

2008-04-27 11:20 . 2008-04-27 12:02 140 --a------ C:\WINDOWS\CMMIXER.INI

2008-04-27 11:20 . 2008-04-27 12:03 84 --a------ C:\WINDOWS\CMSurround.ini

2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\PCI Audio Applications

2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\C-Media

2008-04-27 11:12 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-04-27 11:12 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.dat

2008-04-27 11:12 . 2004-08-11 06:44 15,448 --------- C:\WINDOWS\cmaudio.ini

2008-04-27 11:12 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2008-04-27 11:12 . 2004-08-03 23:08 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys

2008-04-27 11:12 . 2008-04-27 11:15 411 --a------ C:\WINDOWS\CMISETUP.INI

2008-04-27 11:12 . 2008-04-27 11:23 40 --a------ C:\WINDOWS\CMCDPLAY.INI

2008-04-27 11:11 . 2004-08-11 06:44 1,228,800 --a------ C:\WINDOWS\mixer.exe

2008-04-27 11:11 . 2004-08-11 06:44 765,952 --a------ C:\WINDOWS\system\crlds3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\a3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 370,382 --a------ C:\WINDOWS\system32\drivers\cmaudio.sys

2008-04-27 11:11 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.exe

2008-04-27 11:11 . 2004-08-11 06:44 32,768 --a------ C:\WINDOWS\system32\cmnprop.dll

2008-04-27 10:13 . 2008-04-27 10:19 <DIR> d-------- C:\Program Files\Quicken

2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intuit

2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Intuit

2008-04-27 10:13 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll

2008-04-27 10:13 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll

2008-04-27 10:13 . 2008-04-27 10:19 31 --a------ C:\WINDOWS\QUICKEN.INI

2008-04-27 09:44 . 2008-04-27 09:44 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Uniblue

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Program Files\creative bias debug

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\creative bias debug

2008-04-27 09:20 . 2008-04-29 09:08 <DIR> d-------- C:\Program Files\WinZix

2008-04-25 11:37 . 2008-04-25 11:37 267 --a------ C:\WINDOWS\game.ini

2008-04-25 11:17 . 2008-04-25 11:17 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-04-22 21:31 . 2008-04-22 21:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-04-22 21:31 . 2008-04-22 21:31 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-04-22 21:31 . 2008-04-25 19:35 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-04-22 21:31 . 2008-04-25 19:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-04-22 21:31 . 2008-04-25 19:35 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-22 21:31 . 2008-04-25 11:38 22,328 --a------ C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys

2008-04-22 20:59 . 2008-04-22 21:12 <DIR> d-------- C:\Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED

2008-04-21 18:55 . 2008-04-21 18:55 <DIR> d-------- C:\Program Files\Haali

2008-04-21 18:47 . 2008-04-21 18:47 <DIR> d-------- C:\Program Files\ffdshow

2008-04-21 18:47 . 2008-01-01 01:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-04-21 18:47 . 2008-04-10 17:50 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-04-21 18:47 . 2008-04-10 17:50 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-04-21 18:47 . 2008-01-01 01:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-04-18 18:53 . 2006-04-18 14:53 3,548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys

2008-04-18 18:52 . 2008-04-18 18:52 <DIR> d-------- C:\Program Files\ABIT

2008-04-18 18:52 . 2006-08-29 14:51 3,252,224 --a------ C:\WINDOWS\system32\FlashMenu.exe

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d-------- C:\Program Files\AGEIA Technologies

2008-04-14 18:55 . 2008-04-30 09:11 15,115,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-04-14 18:55 . 2008-04-30 08:43 220,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-04-14 18:55 . 2008-04-30 09:11 178,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-04-14 18:55 . 2008-04-07 23:05 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-04-14 18:55 . 2008-04-07 23:05 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-04-14 18:55 . 2008-04-30 08:43 25,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-04-14 09:42 . 2008-04-14 09:42 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2008-04-14 09:42 . 2008-04-14 18:54 <DIR> d-------- C:\Program Files\Microsoft FrontPage Express

2008-04-14 09:42 . 2008-04-14 18:54 91 --a------ C:\WINDOWS\fpxpress.ini

2008-04-14 09:41 . 2008-04-14 09:42 <DIR> d-------- C:\Temp\ext50684

2008-04-13 22:57 . 2008-04-13 23:01 <DIR> d-------- C:\Program Files\SmartFPS.com

2008-04-11 22:20 . 2008-04-11 22:22 <DIR> d-------- C:\Program Files\wamp

2008-04-10 19:13 . 2008-04-10 19:13 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-10 19:13 . 2008-04-10 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

2008-04-09 21:59 . 2008-04-09 22:31 <DIR> d-------- C:\Program Files\nLite

2008-04-08 07:51 . 2008-04-23 19:45 <DIR> d-------- C:\movie

2008-04-07 21:10 . 2008-04-07 21:10 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-04-07 21:10 . 2008-04-07 21:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-04-07 21:10 . 2008-04-07 21:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-04-07 21:10 . 2008-04-14 15:00 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER

2008-04-07 21:10 . 2008-04-07 21:10 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE

2008-04-07 08:58 . 2008-04-07 08:58 <DIR> d-------- C:\WINDOWS\NU_DATA

2008-04-06 14:09 . 2008-04-06 14:09 <DIR> d--h----- C:\WINDOWS\PIF

2008-04-06 13:30 . 2008-02-11 14:42 48,480 --a------ C:\WINDOWS\system32\drivers\SIVX32.sys

2008-04-05 13:09 . 2008-04-05 13:09 <DIR> d-------- C:\Program Files\A4Tech

2008-04-03 21:50 . 2008-04-03 21:50 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-03 00:54 . 2008-04-13 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2008-03-30 20:42 . 2008-03-30 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Locktime

2008-03-30 11:53 . 2008-03-30 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Locktime

2008-03-29 22:38 . 2008-04-14 14:10 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FileZilla

2008-03-29 09:42 . 2008-03-29 09:42 <DIR> d-------- C:\Program Files\DivX

2008-03-28 13:19 . 2008-03-28 13:19 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-03-27 11:37 . 2008-03-27 11:37 <DIR> d-------- C:\Program Files\bPlayer2

2008-03-27 11:34 . 2008-03-27 11:34 <DIR> d-------- C:\Program Files\CDex_150

2008-03-26 18:33 . 2008-04-14 09:41 <DIR> d-------- C:\Temp

2008-03-25 22:51 . 2008-03-25 22:51 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-03-25 22:51 . 2008-04-28 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\skypePM

2008-03-25 22:51 . 2008-03-25 22:51 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-03-25 13:11 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-03-25 13:01 . 2008-03-25 13:12 <DIR> d-------- C:\WINDOWS\nview

2008-03-25 13:01 . 2008-03-25 13:04 140,158 --a------ C:\WINDOWS\system32\nvapps.xml

2008-03-25 13:01 . 2007-12-05 02:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-03-25 12:58 . 2008-03-25 12:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-03-25 12:58 . 2008-03-25 12:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-03-25 12:35 . 2008-03-25 12:35 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-03-25 12:35 . 2008-03-25 12:35 <DIR> d-------- C:\Program Files\NVIDIA Corporation

2008-03-24 23:33 . 2008-03-24 23:33 <DIR> d-------- C:\Program Files\FileZilla FTP Client

2008-03-24 22:36 . 2008-04-05 21:44 <DIR> d-------- C:\Program Files\MegauploadToolbar

2008-03-24 22:36 . 2008-04-29 21:30 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar

2008-03-24 20:43 . 2008-03-24 20:43 <DIR> d-------- C:\Program Files\Notepad++

2008-03-24 20:43 . 2008-03-24 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++

2008-03-24 14:33 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2008-03-24 14:33 . 2004-08-04 00:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys

2008-03-23 06:54 . 2008-04-28 08:59 <DIR> d-------- C:\Program Files\NAPI-PROJEKT

2008-03-22 11:40 . 2008-03-22 11:47 <DIR> d-------- C:\Program Files\uTorrent

2008-03-22 11:40 . 2008-04-30 09:10 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent

2008-03-22 11:21 . 2008-04-29 20:14 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-22 09:37 . 2008-03-22 09:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PrevxCSI

2008-03-22 09:06 . 2007-01-17 02:58 36,864 --a------ C:\WINDOWS\system32\Amhooker.dll

2008-03-22 09:06 . 2007-01-16 16:19 13,824 --a------ C:\WINDOWS\system32\drivers\Amusbprt.sys

2008-03-22 09:06 . 2007-01-16 16:26 13,824 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys

2008-03-22 09:06 . 2007-01-16 15:49 8,704 --a------ C:\WINDOWS\system32\drivers\Amfilter.sys

2008-03-21 20:24 . 2008-03-21 20:26 <DIR> d-------- C:\Program Files\BearShare

2008-03-21 20:24 . 2008-03-21 20:24 <DIR> d-------- C:\My Downloads

2008-03-21 17:47 . 2008-03-25 14:25 <DIR> d-------- C:\Program Files\ATITool

2008-03-21 15:51 . 2008-03-21 15:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-03-21 15:43 . 2000-06-18 15:03 106,544 --a------ C:\WINDOWS\system32\TWEAKUI.CPL

2008-03-21 11:10 . 2008-04-23 08:05 <DIR> d-------- C:\Program Files\fraps

2008-03-21 11:10 . 2008-04-29 20:52 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-03-21 11:08 . 2008-04-22 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

2008-03-21 11:08 . 2008-03-21 11:08 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 06:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-04-28 18:44 --------- d-----w C:\Program Files\Winamp

2008-04-27 09:13 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-04-27 09:13 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll

2008-04-27 08:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-14 16:55 --------- d-----w C:\Program Files\Kaspersky Lab

2008-03-26 17:50 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp

2008-03-20 20:33 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-20 18:31 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-20 07:24 --------- d-----w C:\Program Files\Opera

2008-03-20 06:42 --------- d-----w C:\Program Files\Realtek Sound Manager

2008-03-20 06:42 --------- d-----w C:\Program Files\Realtek AC97

2008-03-20 06:42 --------- d-----w C:\Program Files\AvRack

2008-03-20 06:21 --------- d-----w C:\Program Files\Usługi online

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll

.

<pre>------w		 6,571,664 2002-07-14 17:08:52  C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\recovery\Acronis Recovery Expert Deluxe (Partition Recovery)\Acronis Recovery Expert Deluxe  1.0.0.5 .exe</pre>

 

((((((((((((((((((((((((((((( snapshot_2008-04-29_22.11.55,14 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-29 19:59:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-30 06:46:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-21 17:18 2119104]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-22 11:46 219952]

"BookFace"="C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe" [2008-04-27 09:20 430592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\audio debug boob locks]

--a------ 2008-04-30 08:46 840192 C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug\Proxy mode.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Echo Control]

--a------ 2001-12-05 16:47 147456 C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

--a------ 2004-08-11 06:44 1228800 C:\WINDOWS\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"E:\\fear\\FEARXP2.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Vegas2\\Binaries\\R6Vegas2_Game.exe"=

"E:\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe"=

"E:\\cod4\\iw3mp.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21:TCP"= 21:TCP:andrew

 

R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 15:24]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2006-04-18 14:53]

S3 RTCore32;RTCore32;D:\testing\rmclock_230_bin_upd1\RTCore32.sys [2005-05-25 11:39]

S3 SIVDRIVER;SIV Kernel Driver;C:\WINDOWS\system32\Drivers\SIVX32.sys [2008-02-11 14:42]

S3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 11:24]

S4 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []

S4 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe" wampmysqld []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61e4b9f8-0592-11dd-8d96-000e5cedb805}]

\Shell\AutoRun\command - J:\v.com

\Shell\explore\Command - J:\v.com

\Shell\open\Command - J:\v.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca6704ee-f64c-11dc-bd95-806d6172696f}]

\Shell\AutoRun\command - J:\Autorun.exe root.ini

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

Contents of the 'Scheduled Tasks' folder

"2008-04-30 07:00:00 C:\WINDOWS\Tasks\ADB7D5CC91C049F0.job"

- c:\docume~1\admini~1\daneap~1\creati~1\Skip draw comp.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 09:11:59

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-30 9:12:32

ComboFix-quarantined-files.txt 2008-04-30 07:12:30

ComboFix2.txt 2008-04-29 20:12:10

ComboFix3.txt 2008-04-14 06:07:07

ComboFix4.txt 2008-04-05 21:57:51

ComboFix5.txt 2008-03-21 15:37:47

 

Pre-Run: 10,839,703,552 bajtów wolnych

Post-Run: 10,830,422,016 bajtów wolnych

 

271

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - HijackThis
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:08:58, on 2008-04-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [bookFace] C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - Silent Runners
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" [null data]

"BookFace" = "C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"

-> {HKLM...CLSID} = "Statystyki dla ochrony WWW"

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"

-> {HKLM...CLSID} = "Haali Column Provider"

\InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data]

"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"

-> {HKLM...CLSID} = "Haali Matroska Shell Property Page"

\InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data]

"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor"

-> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"

\InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data]

"{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}" = "WinZixShell extension"

-> {HKLM...CLSID} = "WinZixShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinZix\WinZixManager.dll" [empty string]

 

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"

-> {HKLM...CLSID} = "Haali Column Provider"

\InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data]

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]

Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}"

-> {HKLM...CLSID} = "Notepad++"

\InProcServer32\(Default) = "C:\Program Files\Notepad++\nppcm.dll" ["Burgaud.com"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZixManager\(Default) = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"

-> {HKLM...CLSID} = "WinZixShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinZix\WinZixManager.dll" [empty string]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZixManager\(Default) = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"

-> {HKLM...CLSID} = "WinZixShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinZix\WinZixManager.dll" [empty string]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZixManager\(Default) = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"

-> {HKLM...CLSID} = "WinZixShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinZix\WinZixManager.dll" [empty string]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

 

Enabled Scheduled Tasks:

------------------------

 

"ADB7D5CC91C049F0" -> launches: "c:\docume~1\admini~1\daneap~1\creati~1\Skip draw comp.exe" [null data]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" [file not found]

 

Explorer Bars

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\

<<H>> "Tabs" = "C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar\tabwelcome.html" [null data]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

 

 

---------- (launch time: 2008-04-30 09:35:03)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 10 seconds.

---------- (total run time: 34 seconds)

HELP 8O Edytowane przez XaD_

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano

Dzięki oto logsy

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "combofix"
ComboFix 08-04-29.3 - Administrator 2008-04-30 20:06:48.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2555 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\walczace\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))

.

 

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes

2008-04-30 19:46 . 2008-04-30 19:46 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-27 11:32 . 2008-04-27 11:32 <DIR> d-------- C:\SOYO

2008-04-27 11:23 . 2008-04-27 11:27 37 --a------ C:\WINDOWS\CMAURACK.INI

2008-04-27 11:23 . 2008-04-27 11:26 36 --a------ C:\WINDOWS\CMMPLAY.INI

2008-04-27 11:20 . 2008-04-27 12:02 140 --a------ C:\WINDOWS\CMMIXER.INI

2008-04-27 11:20 . 2008-04-27 12:03 84 --a------ C:\WINDOWS\CMSurround.ini

2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\PCI Audio Applications

2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\C-Media

2008-04-27 11:12 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-04-27 11:12 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.dat

2008-04-27 11:12 . 2004-08-11 06:44 15,448 --------- C:\WINDOWS\cmaudio.ini

2008-04-27 11:12 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2008-04-27 11:12 . 2004-08-03 23:08 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys

2008-04-27 11:12 . 2008-04-27 11:15 411 --a------ C:\WINDOWS\CMISETUP.INI

2008-04-27 11:12 . 2008-04-27 11:23 40 --a------ C:\WINDOWS\CMCDPLAY.INI

2008-04-27 11:11 . 2004-08-11 06:44 1,228,800 --a------ C:\WINDOWS\mixer.exe

2008-04-27 11:11 . 2004-08-11 06:44 765,952 --a------ C:\WINDOWS\system\crlds3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\a3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 370,382 --a------ C:\WINDOWS\system32\drivers\cmaudio.sys

2008-04-27 11:11 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.exe

2008-04-27 11:11 . 2004-08-11 06:44 32,768 --a------ C:\WINDOWS\system32\cmnprop.dll

2008-04-27 10:13 . 2008-04-27 10:19 <DIR> d-------- C:\Program Files\Quicken

2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intuit

2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Intuit

2008-04-27 10:13 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll

2008-04-27 10:13 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll

2008-04-27 10:13 . 2008-04-27 10:19 31 --a------ C:\WINDOWS\QUICKEN.INI

2008-04-27 09:44 . 2008-04-27 09:44 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Uniblue

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Program Files\creative bias debug

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\creative bias debug

2008-04-27 09:20 . 2008-04-29 09:08 <DIR> d-------- C:\Program Files\WinZix

2008-04-25 11:37 . 2008-04-25 11:37 267 --a------ C:\WINDOWS\game.ini

2008-04-25 11:17 . 2008-04-25 11:17 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-04-22 21:31 . 2008-04-22 21:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-04-22 21:31 . 2008-04-22 21:31 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-04-22 21:31 . 2008-04-25 19:35 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-04-22 21:31 . 2008-04-25 19:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-04-22 21:31 . 2008-04-25 19:35 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-22 21:31 . 2008-04-25 11:38 22,328 --a------ C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys

2008-04-22 20:59 . 2008-04-22 21:12 <DIR> d-------- C:\Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED

2008-04-21 18:55 . 2008-04-21 18:55 <DIR> d-------- C:\Program Files\Haali

2008-04-21 18:47 . 2008-04-21 18:47 <DIR> d-------- C:\Program Files\ffdshow

2008-04-21 18:47 . 2008-01-01 01:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-04-21 18:47 . 2008-04-10 17:50 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-04-21 18:47 . 2008-04-10 17:50 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-04-21 18:47 . 2008-01-01 01:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-04-18 18:53 . 2006-04-18 14:53 3,548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys

2008-04-18 18:52 . 2008-04-18 18:52 <DIR> d-------- C:\Program Files\ABIT

2008-04-18 18:52 . 2006-08-29 14:51 3,252,224 --a------ C:\WINDOWS\system32\FlashMenu.exe

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d-------- C:\Program Files\AGEIA Technologies

2008-04-14 18:55 . 2008-04-30 20:07 15,298,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-04-14 18:55 . 2008-04-30 19:45 222,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-04-14 18:55 . 2008-04-30 20:07 188,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-04-14 18:55 . 2008-04-07 23:05 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-04-14 18:55 . 2008-04-07 23:05 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-04-14 18:55 . 2008-04-30 19:45 27,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-04-14 09:42 . 2008-04-14 09:42 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2008-04-14 09:42 . 2008-04-14 18:54 <DIR> d-------- C:\Program Files\Microsoft FrontPage Express

2008-04-14 09:42 . 2008-04-14 18:54 91 --a------ C:\WINDOWS\fpxpress.ini

2008-04-14 09:41 . 2008-04-14 09:42 <DIR> d-------- C:\Temp\ext50684

2008-04-13 22:57 . 2008-04-13 23:01 <DIR> d-------- C:\Program Files\SmartFPS.com

2008-04-11 22:20 . 2008-04-11 22:22 <DIR> d-------- C:\Program Files\wamp

2008-04-10 19:13 . 2008-04-10 19:13 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-10 19:13 . 2008-04-10 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

2008-04-09 21:59 . 2008-04-09 22:31 <DIR> d-------- C:\Program Files\nLite

2008-04-08 07:51 . 2008-04-23 19:45 <DIR> d-------- C:\movie

2008-04-07 21:10 . 2008-04-07 21:10 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-04-07 21:10 . 2008-04-07 21:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-04-07 21:10 . 2008-04-07 21:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-04-07 21:10 . 2008-04-14 15:00 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER

2008-04-07 21:10 . 2008-04-07 21:10 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE

2008-04-07 08:58 . 2008-04-07 08:58 <DIR> d-------- C:\WINDOWS\NU_DATA

2008-04-06 14:09 . 2008-04-06 14:09 <DIR> d--h----- C:\WINDOWS\PIF

2008-04-06 13:30 . 2008-02-11 14:42 48,480 --a------ C:\WINDOWS\system32\drivers\SIVX32.sys

2008-04-05 13:09 . 2008-04-05 13:09 <DIR> d-------- C:\Program Files\A4Tech

2008-04-03 21:50 . 2008-04-03 21:50 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-03 00:54 . 2008-04-13 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2008-03-30 20:42 . 2008-03-30 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Locktime

2008-03-30 11:53 . 2008-03-30 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Locktime

2008-03-29 22:38 . 2008-04-14 14:10 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FileZilla

2008-03-29 09:42 . 2008-03-29 09:42 <DIR> d-------- C:\Program Files\DivX

2008-03-28 13:19 . 2008-03-28 13:19 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-03-27 11:37 . 2008-03-27 11:37 <DIR> d-------- C:\Program Files\bPlayer2

2008-03-27 11:34 . 2008-03-27 11:34 <DIR> d-------- C:\Program Files\CDex_150

2008-03-26 18:33 . 2008-04-14 09:41 <DIR> d-------- C:\Temp

2008-03-25 22:51 . 2008-03-25 22:51 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-03-25 22:51 . 2008-04-28 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\skypePM

2008-03-25 22:51 . 2008-03-25 22:51 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-03-25 13:11 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-03-25 13:01 . 2008-03-25 13:12 <DIR> d-------- C:\WINDOWS\nview

2008-03-25 13:01 . 2008-03-25 13:04 140,158 --a------ C:\WINDOWS\system32\nvapps.xml

2008-03-25 13:01 . 2007-12-05 02:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-03-25 12:58 . 2008-03-25 12:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-03-25 12:58 . 2008-03-25 12:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-03-25 12:35 . 2008-03-25 12:35 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-03-25 12:35 . 2008-03-25 12:35 <DIR> d-------- C:\Program Files\NVIDIA Corporation

2008-03-24 23:33 . 2008-03-24 23:33 <DIR> d-------- C:\Program Files\FileZilla FTP Client

2008-03-24 22:36 . 2008-04-05 21:44 <DIR> d-------- C:\Program Files\MegauploadToolbar

2008-03-24 22:36 . 2008-04-29 21:30 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar

2008-03-24 20:43 . 2008-03-24 20:43 <DIR> d-------- C:\Program Files\Notepad++

2008-03-24 20:43 . 2008-03-24 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++

2008-03-24 14:33 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2008-03-24 14:33 . 2004-08-04 00:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys

2008-03-23 06:54 . 2008-04-28 08:59 <DIR> d-------- C:\Program Files\NAPI-PROJEKT

2008-03-22 11:40 . 2008-03-22 11:47 <DIR> d-------- C:\Program Files\uTorrent

2008-03-22 11:40 . 2008-04-30 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent

2008-03-22 11:21 . 2008-04-29 20:14 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-22 09:37 . 2008-03-22 09:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PrevxCSI

2008-03-22 09:06 . 2007-01-17 02:58 36,864 --a------ C:\WINDOWS\system32\Amhooker.dll

2008-03-22 09:06 . 2007-01-16 16:19 13,824 --a------ C:\WINDOWS\system32\drivers\Amusbprt.sys

2008-03-22 09:06 . 2007-01-16 16:26 13,824 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys

2008-03-22 09:06 . 2007-01-16 15:49 8,704 --a------ C:\WINDOWS\system32\drivers\Amfilter.sys

2008-03-21 20:24 . 2008-03-21 20:26 <DIR> d-------- C:\Program Files\BearShare

2008-03-21 20:24 . 2008-03-21 20:24 <DIR> d-------- C:\My Downloads

2008-03-21 17:47 . 2008-03-25 14:25 <DIR> d-------- C:\Program Files\ATITool

2008-03-21 15:51 . 2008-03-21 15:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-03-21 15:43 . 2000-06-18 15:03 106,544 --a------ C:\WINDOWS\system32\TWEAKUI.CPL

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 17:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-04-28 18:44 --------- d-----w C:\Program Files\Winamp

2008-04-27 09:13 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-04-27 09:13 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll

2008-04-27 08:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-14 16:55 --------- d-----w C:\Program Files\Kaspersky Lab

2008-03-26 17:50 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp

2008-03-20 20:33 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-20 18:31 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-20 07:24 --------- d-----w C:\Program Files\Opera

2008-03-20 06:42 --------- d-----w C:\Program Files\Realtek Sound Manager

2008-03-20 06:42 --------- d-----w C:\Program Files\Realtek AC97

2008-03-20 06:42 --------- d-----w C:\Program Files\AvRack

2008-03-20 06:21 --------- d-----w C:\Program Files\Usługi online

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll

.

<pre>------w		 6,571,664 2002-07-14 17:08:52  C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\recovery\Acronis Recovery Expert Deluxe (Partition Recovery)\Acronis Recovery Expert Deluxe  1.0.0.5 .exe</pre>

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-21 17:18 2119104]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-22 11:46 219952]

"BookFace"="C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe" [2008-04-27 09:20 430592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\audio debug boob locks]

--a------ 2008-04-30 19:51 842752 C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug\Proxy mode.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Echo Control]

--a------ 2001-12-05 16:47 147456 C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

--a------ 2004-08-11 06:44 1228800 C:\WINDOWS\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"E:\\fear\\FEARXP2.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Vegas2\\Binaries\\R6Vegas2_Game.exe"=

"E:\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe"=

"E:\\cod4\\iw3mp.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21:TCP"= 21:TCP:andrew

 

R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 15:24]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2006-04-18 14:53]

S3 RTCore32;RTCore32;D:\testing\rmclock_230_bin_upd1\RTCore32.sys [2005-05-25 11:39]

S3 SIVDRIVER;SIV Kernel Driver;C:\WINDOWS\system32\Drivers\SIVX32.sys [2008-02-11 14:42]

S3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 11:24]

S4 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []

S4 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe" wampmysqld []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61e4b9f8-0592-11dd-8d96-000e5cedb805}]

\Shell\AutoRun\command - J:\v.com

\Shell\explore\Command - J:\v.com

\Shell\open\Command - J:\v.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca6704ee-f64c-11dc-bd95-806d6172696f}]

\Shell\AutoRun\command - J:\Autorun.exe root.ini

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

Contents of the 'Scheduled Tasks' folder

"2008-04-30 18:00:00 C:\WINDOWS\Tasks\ADB7D5CC91C049F0.job"

- c:\docume~1\admini~1\daneap~1\creati~1\Skip draw comp.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 20:07:45

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-30 20:08:15

ComboFix-quarantined-files.txt 2008-04-30 18:08:13

ComboFix2.txt 2008-04-30 17:10:04

 

Pre-Run: 10,087,882,752 bajtów wolnych

Post-Run: 10,079,797,248 bajtów wolnych

 

257

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Sdfix"

 

SDFix: Version 1.177

Run by Administrator on 2008-04-30 at 19:47

 

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\DOCUME~1\ADMINI~1\Pulpit\INSTAL~1\walczace\sdfix\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 19:50:02

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:56,e5,6e,27,8f,64,c8,0a,cc,3b,5a,57,d4,b5,05,ee,bd,a4,ec,9e,b9,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,36,95,ff,46,5f,2f,70,76,62,f8,25,b7,e6,be,b9,ac,38,..

"khjeh"=hex:d3,ce,0f,39,2b,d6,3c,fa,a0,3b,a9,e6,9c,fe,6e,de,96,76,d8,4e,c0,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:2f,d4,cb,0b,ef,40,1a,eb,a9,fc,2f,82,ab,55,ad,d8,0d,22,61,6a,41,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:56,e5,6e,27,8f,64,c8,0a,cc,3b,5a,57,d4,b5,05,ee,bd,a4,ec,9e,b9,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,36,95,ff,46,5f,2f,70,76,62,f8,25,b7,e6,be,b9,ac,38,..

"khjeh"=hex:d3,ce,0f,39,2b,d6,3c,fa,a0,3b,a9,e6,9c,fe,6e,de,96,76,d8,4e,c0,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:2f,d4,cb,0b,ef,40,1a,eb,a9,fc,2f,82,ab,55,ad,d8,0d,22,61,6a,41,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"E:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="E:\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"

"E:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="E:\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"

"E:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="E:\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"E:\\fear\\FEARXP2.exe"="E:\\fear\\FEARXP2.exe:*:Enabled:FEARXP2"

"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"

"E:\\Vegas2\\Binaries\\R6Vegas2_Game.exe"="E:\\Vegas2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"

"E:\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe"="E:\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"

"E:\\cod4\\iw3mp.exe"="E:\\cod4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare "

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\ADMINI~1\Pulpit\INSTAL~1\walczace\sdfix\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 8 Apr 2008 599,552 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL0002.tmp"

Tue 8 Apr 2008 508,416 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL0004.tmp"

Tue 22 Apr 2008 599,552 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL0005.tmp"

Wed 2 Apr 2008 451,072 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL0685.tmp"

Thu 27 Mar 2008 149,504 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL1930.tmp"

Thu 24 Apr 2008 612,352 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL2371.tmp"

Mon 31 Mar 2008 447,488 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL2957.tmp"

Wed 23 Apr 2008 611,328 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL3055.tmp"

Wed 26 Mar 2008 150,016 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL3800.tmp"

Thu 24 Apr 2008 612,352 ...H. --- "C:\Documents and Settings\Administrator\Pulpit\~WRL3815.tmp"

Sat 29 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 24 Apr 2008 611,840 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0005.tmp"

Mon 24 Mar 2008 59,392 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0019.tmp"

Mon 24 Mar 2008 56,320 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0031.tmp"

Tue 25 Mar 2008 88,576 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0079.tmp"

Wed 2 Apr 2008 449,536 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0160.tmp"

Wed 2 Apr 2008 449,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0193.tmp"

Tue 25 Mar 2008 85,504 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0252.tmp"

Mon 24 Mar 2008 65,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0330.tmp"

Mon 24 Mar 2008 71,680 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0332.tmp"

Mon 24 Mar 2008 72,192 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0422.tmp"

Tue 22 Apr 2008 600,064 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0488.tmp"

Thu 27 Mar 2008 165,376 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0518.tmp"

Tue 1 Apr 2008 449,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0521.tmp"

Thu 27 Mar 2008 150,016 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0609.tmp"

Tue 25 Mar 2008 83,456 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0714.tmp"

Thu 27 Mar 2008 165,888 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0757.tmp"

Thu 24 Apr 2008 612,864 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL0764.tmp"

Tue 25 Mar 2008 82,432 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL1010.tmp"

Tue 25 Mar 2008 88,576 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL1069.tmp"

Wed 2 Apr 2008 449,536 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL1208.tmp"

Mon 24 Mar 2008 59,392 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL1241.tmp"

Mon 24 Mar 2008 81,920 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL1262.tmp"

Tue 1 Apr 2008 449,536 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL1444.tmp"

Mon 24 Mar 2008 59,392 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL1901.tmp"

Thu 24 Apr 2008 611,840 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL1906.tmp"

Tue 1 Apr 2008 449,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2132.tmp"

Tue 1 Apr 2008 449,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2202.tmp"

Tue 1 Apr 2008 449,536 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2355.tmp"

Tue 1 Apr 2008 449,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2427.tmp"

Tue 25 Mar 2008 88,064 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2450.tmp"

Mon 24 Mar 2008 64,000 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2456.tmp"

Tue 1 Apr 2008 449,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2569.tmp"

Mon 24 Mar 2008 64,000 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2586.tmp"

Tue 25 Mar 2008 82,432 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2696.tmp"

Mon 24 Mar 2008 56,832 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2805.tmp"

Mon 24 Mar 2008 61,440 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL2905.tmp"

Mon 24 Mar 2008 59,392 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3130.tmp"

Mon 24 Mar 2008 61,440 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3212.tmp"

Mon 24 Mar 2008 60,928 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3361.tmp"

Mon 24 Mar 2008 64,000 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3422.tmp"

Thu 24 Apr 2008 613,376 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3441.tmp"

Mon 24 Mar 2008 71,168 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3459.tmp"

Mon 24 Mar 2008 61,952 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3473.tmp"

Thu 24 Apr 2008 612,352 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3488.tmp"

Mon 24 Mar 2008 72,704 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3642.tmp"

Tue 1 Apr 2008 449,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3645.tmp"

Tue 25 Mar 2008 83,968 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3749.tmp"

Mon 24 Mar 2008 64,000 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3764.tmp"

Tue 1 Apr 2008 448,000 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3976.tmp"

Tue 1 Apr 2008 449,024 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL3992.tmp"

Tue 25 Mar 2008 83,456 ...H. --- "C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word\~WRL4008.tmp"

 

Finished!

 

a z Malwarebytes' Anti-Malware nie wiem gdzie znaleźć a po wykonaniu czyszczenia zamknołem 8O ale zanlazł jakieś syfy to usunołem

 

i co bedzie działać??

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano (edytowane)
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Anti-Malware"
Malwarebytes' Anti-Malware 1.11
Database version: 703

Scan type: Quick Scan
Objects scanned: 32172
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix"
ComboFix 08-04-29.3 - Administrator 2008-04-30 21:35:27.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2491 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\walczace\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-30 21:31 . 2008-04-30 21:31 <DIR> d-------- C:\_OTMoveIt
2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
2008-04-30 19:46 . 2008-04-30 19:46 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-27 11:32 . 2008-04-27 11:32 <DIR> d-------- C:\SOYO
2008-04-27 11:23 . 2008-04-27 11:27 37 --a------ C:\WINDOWS\CMAURACK.INI
2008-04-27 11:23 . 2008-04-27 11:26 36 --a------ C:\WINDOWS\CMMPLAY.INI
2008-04-27 11:20 . 2008-04-27 12:02 140 --a------ C:\WINDOWS\CMMIXER.INI
2008-04-27 11:20 . 2008-04-27 12:03 84 --a------ C:\WINDOWS\CMSurround.ini
2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\PCI Audio Applications
2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\C-Media
2008-04-27 11:12 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-27 11:12 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.dat
2008-04-27 11:12 . 2004-08-11 06:44 15,448 --------- C:\WINDOWS\cmaudio.ini
2008-04-27 11:12 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-04-27 11:12 . 2004-08-03 23:08 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2008-04-27 11:12 . 2008-04-27 11:15 411 --a------ C:\WINDOWS\CMISETUP.INI
2008-04-27 11:12 . 2008-04-27 11:23 40 --a------ C:\WINDOWS\CMCDPLAY.INI
2008-04-27 11:11 . 2004-08-11 06:44 1,228,800 --a------ C:\WINDOWS\mixer.exe
2008-04-27 11:11 . 2004-08-11 06:44 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll
2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2008-04-27 11:11 . 2004-08-11 06:44 370,382 --a------ C:\WINDOWS\system32\drivers\cmaudio.sys
2008-04-27 11:11 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.exe
2008-04-27 11:11 . 2004-08-11 06:44 32,768 --a------ C:\WINDOWS\system32\cmnprop.dll
2008-04-27 10:13 . 2008-04-27 10:19 <DIR> d-------- C:\Program Files\Quicken
2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intuit
2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Intuit
2008-04-27 10:13 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-04-27 10:13 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-04-27 10:13 . 2008-04-27 10:19 31 --a------ C:\WINDOWS\QUICKEN.INI
2008-04-27 09:44 . 2008-04-27 09:44 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Uniblue
2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Program Files\creative bias debug
2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug
2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\creative bias debug
2008-04-27 09:20 . 2008-04-29 09:08 <DIR> d-------- C:\Program Files\WinZix
2008-04-25 11:37 . 2008-04-25 11:37 267 --a------ C:\WINDOWS\game.ini
2008-04-25 11:17 . 2008-04-25 11:17 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-22 21:31 . 2008-04-22 21:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-22 21:31 . 2008-04-22 21:31 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-22 21:31 . 2008-04-25 19:35 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-22 21:31 . 2008-04-25 19:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-22 21:31 . 2008-04-25 19:35 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 21:31 . 2008-04-25 11:38 22,328 --a------ C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys
2008-04-22 20:59 . 2008-04-22 21:12 <DIR> d-------- C:\Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED
2008-04-21 18:55 . 2008-04-21 18:55 <DIR> d-------- C:\Program Files\Haali
2008-04-21 18:47 . 2008-04-21 18:47 <DIR> d-------- C:\Program Files\ffdshow
2008-04-21 18:47 . 2008-01-01 01:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-21 18:47 . 2008-04-10 17:50 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-21 18:47 . 2008-04-10 17:50 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-04-21 18:47 . 2008-01-01 01:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-18 18:53 . 2006-04-18 14:53 3,548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys
2008-04-18 18:52 . 2008-04-18 18:52 <DIR> d-------- C:\Program Files\ABIT
2008-04-18 18:52 . 2006-08-29 14:51 3,252,224 --a------ C:\WINDOWS\system32\FlashMenu.exe
2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-04-14 18:55 . 2008-04-30 21:36 15,353,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-14 18:55 . 2008-04-30 19:45 222,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-14 18:55 . 2008-04-30 21:36 191,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-14 18:55 . 2008-04-07 23:05 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-14 18:55 . 2008-04-07 23:05 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-14 18:55 . 2008-04-30 19:45 27,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-14 09:42 . 2008-04-14 09:42 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-14 09:42 . 2008-04-14 18:54 <DIR> d-------- C:\Program Files\Microsoft FrontPage Express
2008-04-14 09:42 . 2008-04-14 18:54 91 --a------ C:\WINDOWS\fpxpress.ini
2008-04-13 22:57 . 2008-04-13 23:01 <DIR> d-------- C:\Program Files\SmartFPS.com
2008-04-11 22:20 . 2008-04-11 22:22 <DIR> d-------- C:\Program Files\wamp
2008-04-10 19:13 . 2008-04-10 19:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-10 19:13 . 2008-04-10 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-09 21:59 . 2008-04-09 22:31 <DIR> d-------- C:\Program Files\nLite
2008-04-08 07:51 . 2008-04-23 19:45 <DIR> d-------- C:\movie
2008-04-07 21:10 . 2008-04-07 21:10 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-07 21:10 . 2008-04-07 21:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-07 21:10 . 2008-04-07 21:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-07 21:10 . 2008-04-14 15:00 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-04-07 21:10 . 2008-04-07 21:10 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-04-07 08:58 . 2008-04-07 08:58 <DIR> d-------- C:\WINDOWS\NU_DATA
2008-04-06 14:09 . 2008-04-06 14:09 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-06 13:30 . 2008-02-11 14:42 48,480 --a------ C:\WINDOWS\system32\drivers\SIVX32.sys
2008-04-05 13:09 . 2008-04-05 13:09 <DIR> d-------- C:\Program Files\A4Tech
2008-04-03 21:50 . 2008-04-03 21:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 00:54 . 2008-04-13 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-03-30 20:42 . 2008-03-30 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Locktime
2008-03-30 11:53 . 2008-03-30 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Locktime
2008-03-29 22:38 . 2008-04-14 14:10 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FileZilla
2008-03-29 09:42 . 2008-03-29 09:42 <DIR> d-------- C:\Program Files\DivX
2008-03-28 13:19 . 2008-03-28 13:19 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 11:37 . 2008-03-27 11:37 <DIR> d-------- C:\Program Files\bPlayer2
2008-03-27 11:34 . 2008-03-27 11:34 <DIR> d-------- C:\Program Files\CDex_150
2008-03-25 22:51 . 2008-03-25 22:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-25 22:51 . 2008-04-30 20:18 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2008-03-25 22:51 . 2008-03-25 22:51 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-25 13:11 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-03-25 13:01 . 2008-03-25 13:12 <DIR> d-------- C:\WINDOWS\nview
2008-03-25 13:01 . 2008-03-25 13:04 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-25 13:01 . 2007-12-05 02:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-25 12:58 . 2008-03-25 12:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-25 12:58 . 2008-03-25 12:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-25 12:35 . 2008-03-25 12:35 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-03-25 12:35 . 2008-03-25 12:35 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-03-24 23:33 . 2008-03-24 23:33 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-03-24 22:36 . 2008-04-05 21:44 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-03-24 22:36 . 2008-04-29 21:30 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar
2008-03-24 20:43 . 2008-03-24 20:43 <DIR> d-------- C:\Program Files\Notepad++
2008-03-24 20:43 . 2008-03-24 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++
2008-03-24 14:33 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-24 14:33 . 2004-08-04 00:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-03-23 06:54 . 2008-04-28 08:59 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-03-22 11:40 . 2008-03-22 11:47 <DIR> d-------- C:\Program Files\uTorrent
2008-03-22 11:40 . 2008-04-30 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-03-22 11:21 . 2008-04-29 20:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-22 09:37 . 2008-03-22 09:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PrevxCSI
2008-03-22 09:06 . 2007-01-17 02:58 36,864 --a------ C:\WINDOWS\system32\Amhooker.dll
2008-03-22 09:06 . 2007-01-16 16:19 13,824 --a------ C:\WINDOWS\system32\drivers\Amusbprt.sys
2008-03-22 09:06 . 2007-01-16 16:26 13,824 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys
2008-03-22 09:06 . 2007-01-16 15:49 8,704 --a------ C:\WINDOWS\system32\drivers\Amfilter.sys
2008-03-21 20:24 . 2008-03-21 20:24 <DIR> d-------- C:\My Downloads
2008-03-21 17:47 . 2008-03-25 14:25 <DIR> d-------- C:\Program Files\ATITool
2008-03-21 15:51 . 2008-03-21 15:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-21 15:43 . 2000-06-18 15:03 106,544 --a------ C:\WINDOWS\system32\TWEAKUI.CPL
2008-03-21 11:10 . 2008-04-23 08:05 <DIR> d-------- C:\Program Files\fraps
2008-03-21 11:10 . 2008-04-29 20:52 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 17:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-28 18:44 --------- d-----w C:\Program Files\Winamp
2008-04-27 09:13 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-04-27 09:13 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-04-27 08:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 16:55 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-26 17:50 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-03-20 20:33 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-20 18:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 07:24 --------- d-----w C:\Program Files\Opera
2008-03-20 06:42 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-03-20 06:42 --------- d-----w C:\Program Files\Realtek AC97
2008-03-20 06:42 --------- d-----w C:\Program Files\AvRack
2008-03-20 06:21 --------- d-----w C:\Program Files\Usługi online
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
<pre>------w		 6,571,664 2002-07-14 17:08:52  C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\recovery\Acronis Recovery Expert Deluxe (Partition Recovery)\Acronis Recovery Expert Deluxe  1.0.0.5 .exe</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-21 17:18 2119104]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-22 11:46 219952]
"BookFace"="C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe" [2008-04-27 09:20 430592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\audio debug boob locks]
--a------ 2008-04-30 21:00 842752 C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug\Proxy mode.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Echo Control]
--a------ 2001-12-05 16:47 147456 C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2004-08-11 06:44 1228800 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"E:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"E:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\fear\\FEARXP2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Vegas2\\Binaries\\R6Vegas2_Game.exe"=
"E:\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe"=
"E:\\cod4\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:andrew

R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 15:24]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2006-04-18 14:53]
S3 RTCore32;RTCore32;D:\testing\rmclock_230_bin_upd1\RTCore32.sys [2005-05-25 11:39]
S3 SIVDRIVER;SIV Kernel Driver;C:\WINDOWS\system32\Drivers\SIVX32.sys [2008-02-11 14:42]
S3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 11:24]
S4 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S4 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe" wampmysqld []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 19:00:00 C:\WINDOWS\Tasks\ADB7D5CC91C049F0.job"
- c:\docume~1\admini~1\daneap~1\creati~1\Skip draw comp.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 21:36:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-30 21:36:57
ComboFix-quarantined-files.txt 2008-04-30 19:36:55
ComboFix2.txt 2008-04-30 18:08:19
ComboFix3.txt 2008-04-30 17:10:04

Pre-Run: 10,068,254,720 bajtów wolnych
Post-Run: 10,060,517,376 bajtów wolnych

252

a jeżeli chodzi o OTMoveIt2 po kliknięciu move it nie było komunikatu tylko oznajmienie ze przesunięto.
qrde i znowu jakaś reklama wyskoczyla:( Edytowane przez iamthekacper

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Anti-Malware"
Malwarebytes' Anti-Malware 1.11
Database version: 703

Scan type: Full Scan (C:\|)
Objects scanned: 62655
Time elapsed: 11 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\NFS\NFS Carbon\pdtrain\pdtrain.exe (Backdoor.CIADoor) -> Quarantined and deleted successfully.

a combo usunołęm 8O
whats next??

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano (edytowane)
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "1"
GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-01 11:49:38
Windows 5.1.2600 Dodatek Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB737B9B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumeratevaluateueKey [0xB737BA60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB738B460]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A4D91F8

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.14 ----

Thread 4:484 897E2650
Thread 4:488 897E2650
Thread 4:492 897B2E70
Thread 4:496 897B2E70
Thread 4:500 897B2E70

---- EOF - GMER 1.0.14 ----


a nie weim w ogóle jak zrobić te logi i z czego
Rootkit > zaznaczone Pokaż wszystko > wskazane tylko Usługi > Szukaj > Kopiuj > CTRL+V
Rootkit > odznaczone Pokaż wszystko > wskazane wszystkie obiekty do skanu > Szukaj > Kopiuj > CTRL+V

to to mi nec ni tłumaczy 8O
jak wykonać te logi ??


i zauważyłem ze przy wyłączaniu kompa wyskakują mi ona FirstB~1.exe coś o nieprawidłowym zamknęciu i mignie w tle okno IEXPLORE i zniknie czy to ma coś wspólnego z timi reklamami co mi wysklakuja??

po zainstalowaniu Comodo co chwila wyskakuje mi okno:
Dołączona grafika Edytowane przez iamthekacper

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano (edytowane)

Usługi: http://wklej.org/id/fe6a21f0b0

 

Wszystko: http://wklej.org/id/4bdea1c512

 

A co do comodo to włąśnie to co sie dobija ten iexplorer to moze właśnie sa te reklamy?? boone siue wyświetlają w onie IE a kożystam z Opera

 

sorki ale nie weim dlaczego sie ie chcą showąc mimo iż biere opcje spoiler ;/

Edytowane przez XaD_

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano (edytowane)

świeże logi

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HiJack"
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:09:25, on 2008-05-02

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\Gadu-Gadu\gg.exe

D:\testing\rmclock_230_bin_upd1\RMClock.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [bookFace] C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe

O4 - HKCU\..\Run: [RMClock] D:\testing\rmclock_230_bin_upd1\RMClockLauncher.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 3042 bytes

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combo"
ComboFix 08-04-29.3 - Administrator 2008-05-02 22:06:50.12 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2410 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\walczace\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))

.

 

2008-05-02 21:30 . 2008-05-02 21:33 212 --a------ C:\delete.bat

2008-05-02 21:29 . 2008-05-02 21:29 <DIR> d-------- C:\deljob

2008-05-01 23:46 . 2008-04-14 22:50 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll

2008-05-01 23:46 . 2008-04-14 22:50 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll

2008-05-01 23:46 . 2008-04-14 21:52 89,600 --------- C:\WINDOWS\system32\msxml6r.dll

2008-05-01 23:46 . 2008-04-14 21:52 89,600 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-05-01 23:44 . 2007-06-26 11:30 572,557 -----c--- C:\WINDOWS\system32\dllcache\rtuner.wmv

2008-05-01 23:43 . 2008-04-14 22:47 103,424 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll

2008-05-01 23:42 . 2008-04-14 00:15 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys

2008-05-01 23:42 . 2008-04-14 22:50 10,752 --------- C:\WINDOWS\system32\smtpapi.dll

2008-05-01 23:42 . 2008-04-14 22:50 9,728 --------- C:\WINDOWS\system32\rwnh.dll

2008-05-01 23:42 . 2008-04-14 00:13 9,728 --------- C:\WINDOWS\system32\comsdupd.exe

2008-05-01 23:41 . 2008-04-14 22:50 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

2008-05-01 23:41 . 2008-04-14 22:50 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll

2008-05-01 23:41 . 2008-04-14 22:50 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll

2008-05-01 23:41 . 2008-04-14 22:50 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll

2008-05-01 23:41 . 2008-04-14 22:50 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll

2008-05-01 23:41 . 2008-04-14 22:49 136,192 --------- C:\WINDOWS\system32\aaclient.dll

2008-05-01 23:41 . 2008-04-14 22:50 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll

2008-05-01 23:41 . 2008-04-14 22:51 23,040 --------- C:\WINDOWS\system32\ativmvxx.ax

2008-05-01 23:41 . 2008-04-14 22:51 9,728 --------- C:\WINDOWS\system32\ativdaxx.ax

2008-05-01 23:40 . 2008-04-14 22:50 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll

2008-05-01 23:40 . 2008-04-14 22:50 233,472 --------- C:\WINDOWS\system32\azroles.dll

2008-05-01 23:40 . 2008-04-14 22:50 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-05-01 23:38 . 2008-04-14 22:50 184,832 --------- C:\WINDOWS\system32\eapp3hst.dll

2008-05-01 23:38 . 2008-04-14 22:50 181,248 --------- C:\WINDOWS\system32\eapphost.dll

2008-05-01 23:38 . 2008-04-14 22:50 126,976 --------- C:\WINDOWS\system32\eappcfg.dll

2008-05-01 23:38 . 2008-04-14 22:50 94,720 --------- C:\WINDOWS\system32\eappgnui.dll

2008-05-01 23:38 . 2008-04-14 22:50 59,392 --------- C:\WINDOWS\system32\eapqec.dll

2008-05-01 23:38 . 2008-04-14 22:50 40,960 --------- C:\WINDOWS\system32\eappprxy.dll

2008-05-01 23:38 . 2008-04-14 22:50 33,792 --------- C:\WINDOWS\system32\eapsvc.dll

2008-05-01 23:38 . 2008-04-14 22:50 31,232 --------- C:\WINDOWS\system32\eapolqec.dll

2008-05-01 23:37 . 2008-04-14 22:50 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll

2008-05-01 23:36 . 2008-04-14 22:39 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll

2008-05-01 23:36 . 2008-04-14 22:39 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll

2008-05-01 23:35 . 2008-04-14 22:50 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-05-01 23:35 . 2008-04-14 22:50 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll

2008-05-01 23:35 . 2008-04-14 22:50 61,440 --------- C:\WINDOWS\system32\kmsvc.dll

2008-05-01 23:35 . 2008-04-14 22:50 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll

2008-05-01 23:35 . 2008-04-14 22:39 6,144 --------- C:\WINDOWS\system32\kbdpash.dll

2008-05-01 23:35 . 2008-04-14 22:39 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll

2008-05-01 23:34 . 2008-04-14 22:50 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll

2008-05-01 23:34 . 2008-04-14 22:50 397,312 --------- C:\WINDOWS\system32\mmcex.dll

2008-05-01 23:34 . 2008-04-14 22:50 196,608 --------- C:\WINDOWS\system32\napmontr.dll

2008-05-01 23:34 . 2008-04-14 22:51 176,640 --------- C:\WINDOWS\system32\napstat.exe

2008-05-01 23:34 . 2008-04-14 22:50 155,136 --------- C:\WINDOWS\system32\mssha.dll

2008-05-01 23:34 . 2008-04-14 22:50 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll

2008-05-01 23:34 . 2008-04-14 21:50 80,896 --------- C:\WINDOWS\system32\msshavmsg.dll

2008-05-01 23:34 . 2008-04-14 22:51 33,792 --------- C:\WINDOWS\system32\mmcperf.exe

2008-05-01 23:34 . 2008-04-14 22:50 30,720 --------- C:\WINDOWS\system32\napipsec.dll

2008-05-01 23:33 . 2008-04-14 22:50 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll

2008-05-01 23:33 . 2008-04-14 22:50 293,376 --------- C:\WINDOWS\system32\qagentrt.dll

2008-05-01 23:33 . 2008-04-14 22:50 150,528 --------- C:\WINDOWS\system32\qagent.dll

2008-05-01 23:33 . 2008-04-14 22:50 144,896 --------- C:\WINDOWS\system32\onex.dll

2008-05-01 23:32 . 2008-04-14 22:50 397,056 --------- C:\WINDOWS\system32\s3gnb.dll

2008-05-01 23:32 . 2008-04-14 22:50 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll

2008-05-01 23:32 . 2008-04-14 22:50 286,792 --------- C:\WINDOWS\system32\slextspk.dll

2008-05-01 23:32 . 2008-04-14 22:50 188,508 --------- C:\WINDOWS\system32\slgen.dll

2008-05-01 23:32 . 2008-04-14 22:50 76,800 --------- C:\WINDOWS\system32\qutil.dll

2008-05-01 23:32 . 2008-04-14 22:50 73,832 --------- C:\WINDOWS\system32\slcoinst.dll

2008-05-01 23:32 . 2008-04-14 22:50 62,464 --------- C:\WINDOWS\system32\qcliprov.dll

2008-05-01 23:32 . 2008-04-14 22:50 61,952 --------- C:\WINDOWS\system32\rasqec.dll

2008-05-01 23:32 . 2008-04-14 22:51 32,768 --------- C:\WINDOWS\system32\setupn.exe

2008-05-01 23:31 . 2008-04-14 22:51 73,796 --------- C:\WINDOWS\system32\slserv.exe

2008-05-01 23:31 . 2008-04-14 22:50 53,248 --------- C:\WINDOWS\system32\tsgqec.dll

2008-05-01 23:31 . 2008-04-14 22:50 50,688 --------- C:\WINDOWS\system32\tspkg.dll

2008-05-01 23:31 . 2008-04-14 22:51 32,866 --------- C:\WINDOWS\system32\slrundll.exe

2008-05-01 23:30 . 2008-04-14 22:50 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll

2008-05-01 23:30 . 2008-04-14 22:50 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll

2008-05-01 23:30 . 2008-04-14 22:51 276,992 --------- C:\WINDOWS\system32\wmphoto.dll

2008-05-01 23:30 . 2008-04-14 22:50 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-05-01 23:30 . 2008-04-14 22:51 28,672 --------- C:\WINDOWS\system32\verclsid.exe

2008-05-01 23:28 . 2008-05-01 23:28 <DIR> d-------- C:\WINDOWS\system32\pl-pl

2008-05-01 23:28 . 2008-05-01 23:28 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-01 23:28 . 2008-04-14 22:51 32,866 --------- C:\WINDOWS\slrundll.exe

2008-05-01 23:27 . 2008-05-01 23:27 <DIR> d-------- C:\WINDOWS\system32\pl

2008-05-01 23:27 . 2008-05-01 23:27 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-01 21:03 . 2008-05-01 23:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-01 21:03 . 2008-04-14 22:51 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe

2008-05-01 21:03 . 2008-04-14 22:51 86,016 --a------ C:\WINDOWS\system32\eventtriggers.exe

2008-05-01 21:00 . 2007-08-10 20:53 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-01 21:00 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002719_.tmp

2008-05-01 14:09 . 2008-05-01 14:09 139,008 --a------ C:\WINDOWS\system32\guard32.dll

2008-05-01 14:09 . 2008-05-01 14:09 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys

2008-05-01 14:09 . 2008-05-01 14:09 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-05-01 12:13 . 2008-05-01 14:09 <DIR> d-------- C:\Program Files\COMODO

2008-05-01 11:40 . 2008-05-01 14:23 250 --a------ C:\WINDOWS\gmer.ini

2008-05-01 10:14 . 2008-05-02 07:17 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Hamachi

2008-05-01 10:13 . 2008-05-01 10:14 <DIR> d-------- C:\Program Files\Hamachi

2008-05-01 10:13 . 2008-05-01 10:13 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2008-05-01 08:32 . 2008-05-01 08:32 <DIR> d--hs---- C:\$RECYCLE.BIN

2008-04-30 23:14 . 2005-12-08 14:53 4,608 --------- C:\WINDOWS\system32\drivers\ABIT-IO.SYS

2008-04-30 22:05 . 2008-05-01 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\comodo

2008-04-30 22:05 . 2008-04-30 22:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Comodo

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes

2008-04-30 19:46 . 2008-04-30 19:46 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-27 11:32 . 2008-04-27 11:32 <DIR> d-------- C:\SOYO

2008-04-27 11:23 . 2008-04-27 11:27 37 --a------ C:\WINDOWS\CMAURACK.INI

2008-04-27 11:23 . 2008-04-27 11:26 36 --a------ C:\WINDOWS\CMMPLAY.INI

2008-04-27 11:20 . 2008-04-27 12:02 140 --a------ C:\WINDOWS\CMMIXER.INI

2008-04-27 11:20 . 2008-04-27 12:03 84 --a------ C:\WINDOWS\CMSurround.ini

2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\PCI Audio Applications

2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\C-Media

2008-04-27 11:12 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-04-27 11:12 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.dat

2008-04-27 11:12 . 2004-08-11 06:44 15,448 --------- C:\WINDOWS\cmaudio.ini

2008-04-27 11:12 . 2008-04-14 00:15 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2008-04-27 11:12 . 2008-04-27 11:15 411 --a------ C:\WINDOWS\CMISETUP.INI

2008-04-27 11:12 . 2008-04-27 11:23 40 --a------ C:\WINDOWS\CMCDPLAY.INI

2008-04-27 11:11 . 2004-08-11 06:44 1,228,800 --a------ C:\WINDOWS\mixer.exe

2008-04-27 11:11 . 2004-08-11 06:44 765,952 --a------ C:\WINDOWS\system\crlds3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\a3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 370,382 --a------ C:\WINDOWS\system32\drivers\cmaudio.sys

2008-04-27 11:11 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.exe

2008-04-27 11:11 . 2004-08-11 06:44 32,768 --a------ C:\WINDOWS\system32\cmnprop.dll

2008-04-27 10:13 . 2008-04-27 10:19 <DIR> d-------- C:\Program Files\Quicken

2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intuit

2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Intuit

2008-04-27 10:13 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll

2008-04-27 10:13 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll

2008-04-27 10:13 . 2008-04-27 10:19 31 --a------ C:\WINDOWS\QUICKEN.INI

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 20:06 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent

2008-05-02 19:54 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype

2008-05-02 19:23 --------- d-----w C:\Program Files\Winamp

2008-05-02 18:54 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\skypePM

2008-05-02 07:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-05-01 16:23 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-29 19:58 --------- d-----w C:\Program Files\Google

2008-04-29 19:30 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar

2008-04-29 18:52 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-04-28 06:59 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-04-27 09:13 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-04-27 09:13 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll

2008-04-25 17:56 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.ux.pl2

2008-04-23 19:40 --------- d-----w C:\Program Files\Gadu-Gadu

2008-04-23 06:05 --------- d-----w C:\Program Files\fraps

2008-04-22 19:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

2008-04-20 21:07 --------- d-----w C:\Program Files\AMD

2008-04-17 06:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:52 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 20:52 356,352 ----a-w C:\WINDOWS\system32\msscp.dll

2008-04-14 20:52 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 20:52 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll

2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 20:39 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 20:39 7,680 ----a-w C:\WINDOWS\system32\kbdsmsfi.dll

2008-04-14 20:39 7,168 ----a-w C:\WINDOWS\system32\kbdukx.dll

2008-04-14 20:39 7,168 ----a-w C:\WINDOWS\system32\kbdno1.dll

2008-04-14 20:39 7,168 ----a-w C:\WINDOWS\system32\kbdnec.dll

2008-04-14 20:39 7,168 ----a-w C:\WINDOWS\system32\kbdfi1.dll

2008-04-14 20:39 6,656 ----a-w C:\WINDOWS\system32\kbdinmal.dll

2008-04-14 20:39 6,144 ----a-w C:\WINDOWS\system32\kbdmlt48.dll

2008-04-14 20:39 6,144 ----a-w C:\WINDOWS\system32\kbdmlt47.dll

2008-04-14 20:39 6,144 ----a-w C:\WINDOWS\system32\kbdinben.dll

2008-04-14 20:39 6,144 ----a-w C:\WINDOWS\system32\kbdinbe1.dll

2008-04-14 20:39 5,632 ----a-w C:\WINDOWS\system32\kbdmaori.dll

2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 19:45 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 19:39 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll

2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-04-14 19:29 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-14 16:55 --------- d-----w C:\Program Files\Kaspersky Lab

2008-04-14 12:10 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\FileZilla

2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

.

<pre>----a-w		 6,571,664 2002-07-14 17:08:52  C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\recovery\Acronis Recovery Expert Deluxe (Partition Recovery)\Acronis Recovery Expert Deluxe  1.0.0.5 .exe</pre>

 

((((((((((((((((((((((((((((( snapshot@2008-05-02_22.04.45,53 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-02 20:03:40 17,857,312 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

+ 2008-05-02 20:07:56 17,873,440 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

- 2008-05-02 20:03:40 293,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

+ 2008-05-02 20:08:11 295,200 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-21 17:18 2119104]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-22 11:46 219952]

"BookFace"="C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe" [2008-04-27 09:20 430592]

"RMClock"="D:\testing\rmclock_230_bin_upd1\RMClockLauncher.exe" [2007-09-22 21:45 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-01 14:09 1572608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^hamachi.lnk]

path=C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\audio debug boob locks]

--a------ 2008-05-02 09:50 842752 C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug\Proxy mode.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Echo Control]

--a------ 2001-12-05 16:47 147456 C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

--a------ 2004-08-11 06:44 1228800 C:\WINDOWS\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]

--a------ 2008-05-01 14:09 1572608 C:\Program Files\COMODO\Firewall\cfp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 22:51 1695232 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Vegas2\\Binaries\\R6Vegas2_Game.exe"=

"E:\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe"=

"E:\\cod4\\iw3mp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21:TCP"= 21:TCP:andrew

 

R0 ABIT-IO;ABIT-IO;C:\WINDOWS\system32\Drivers\ABIT-IO.sys [2005-12-08 14:53]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-01 14:09]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-01 14:09]

R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 15:24]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

R3 RTCore32;RTCore32;D:\testing\rmclock_230_bin_upd1\RTCore32.sys [2005-05-25 11:39]

S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2006-04-18 14:53]

S3 SIVDRIVER;SIV Kernel Driver;C:\WINDOWS\system32\Drivers\SIVX32.sys [2008-02-11 14:42]

S3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 11:24]

S4 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []

S4 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe" wampmysqld []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53144c5f-181c-11dd-988c-000e5cedb805}]

\Shell\AutoRun\command - J:\v.com

\Shell\explore\Command - J:\v.com

\Shell\open\Command - J:\v.com

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-02 22:08:17

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\system32\guard32.dll

.

Completion time: 2008-05-02 22:08:57

ComboFix-quarantined-files.txt 2008-05-02 20:08:52

 

Pre-Run: 19,932,717,056 bajtów wolnych

Post-Run: 19,918,032,896 bajtów wolnych

 

357

Edytowane przez iamthekacper

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano

logi:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Smit"
SmitFraudFix v2.319

 

Scan done at 8:19:07,53, 2008-05-03

Run from D:\testing\walczace\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Motorola SURFboard SB5100 USB Cable Modem - Sterownik miniport Harmonogramu pakietów

DNS Server Search Order: 217.113.224.36

DNS Server Search Order: 217.113.224.35

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6166C759-42EB-4F18-8DA6-995DECCCD4F0}: DhcpNameServer=217.113.224.36 217.113.224.35

HKLM\SYSTEM\CS1\Services\Tcpip\..\{6166C759-42EB-4F18-8DA6-995DECCCD4F0}: DhcpNameServer=217.113.224.36 217.113.224.35

HKLM\SYSTEM\CS2\Services\Tcpip\..\{6166C759-42EB-4F18-8DA6-995DECCCD4F0}: DhcpNameServer=217.113.224.36 217.113.224.35

HKLM\SYSTEM\CS3\Services\Tcpip\..\{6166C759-42EB-4F18-8DA6-995DECCCD4F0}: DhcpNameServer=217.113.224.36 217.113.224.35

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=217.113.224.36 217.113.224.35

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=217.113.224.36 217.113.224.35

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HiJack"
A4 Tech PC Camera V

Ad-Aware 2007

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 8.1.2

AGEIA PhysX v7.05.17

AMD Dual-Core Optimizer

Archiwizator WinRAR

Assassin's Creed

ATITool Overclocking Utility

BearShare

bEncoder

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.2 Patch

Call of Duty® 4 - Modern Warfare 1.3 Patch

Call of Duty® 4 - Modern Warfare 1.4 Patch

CDex extraction audio

COMODO Firewall Pro

DivX Content Uploader

DivX Web Player

ffdshow [rev 1928] [2008-04-10]

FileZilla Client 3.0.5.2

FlashMenu

Fraps (remove only)

Gadu-Gadu 7.7

Google Toolbar for Internet Explorer

Haali Media Splitter

Hamachi 1.0.2.5

HD Tune 2.54

HijackThis 2.0.2

Image Editor

Kaspersky Anti-Virus 7.0

Kaspersky Anti-Virus 7.0

K-Lite Mega Codec Pack 1.15

Malwarebytes' Anti-Malware

Megaupload Toolbar

Microsoft .NET Framework 2.0

Microsoft DirectX Transform optional components

Microsoft FrontPage Express

Microsoft Office 2000 Premium

Microsoft Visual C++ 2005 Redistributable

NAPIPROJEKT 1.0.6.1

Nero - Burning Rom

Nero 7 Demo

nLite 1.4.5 beta 2

Notepad++

NVIDIA Drivers

OpenOffice.ux.pl 2.0.1

Opera 9.26

PCI Audio Applications

PCI Audio Driver

PowerDVD

PowerGG

PunkBuster Services

Realtek AC'97 Audio

Skype™ 3.6

Smart-X7 7.80

Streamripper Plugin 1.62.2 (Remove only)

SureThing CD Labeler 4 SE

Tom Clancy's Rainbow Six Vegas 2

WampServer 2.0

WD Diagnostics

Winamp

Windows XP Service Pack 3

WinZix version 2.3.0.0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano

Czść nzowu mam problem tymrazem taki ze jak zainstaluje jakiegoś anty to jak jest odpalony tno mi strony wchodzą po 5 a czsem 10 minut:( dlaczeg?? bez anty i na odpalonym u-torrent śmigają w miare dobrze(patrząc na to ze torrent zasysa) czym to0 może byś spowodowane??

Aktualnie mam Kaspersky anty virus 7.0.1.325 trial

Reaszta to:

3600+@2,5 Ghz

4x1gb ddr2 800 @820 4-4-4-12 2t

samsung 320 sata II - defragmentacje zrobiłem wczoraj

8O

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
iamthekacper Newbie

iamthekacper

Opublikowano
Opublikowano
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Hijack"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:38, on 2008-05-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
D:\testing\rmclock_230_bin_upd1\RMClock.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Realtek AC97\SoundMan.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfpconfg.exe" -z -o
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [RMClock] D:\testing\rmclock_230_bin_upd1\RMClockLauncher.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2731 bytes

oczywiście bez anty vira

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Tematy
×
×
  • Dodaj nową pozycję...