Mam poważne problemy z wirusami krtórych żaden antyvirus nie może usunąć.
Wysyłam logi z hijackthis i proszę o sprawdzenie i pomoc w usunięciu ich. Zgóry dziekuje.
Logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:42, on 2008-05-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\head2.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\WINDOWS\winlogon.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [uninstall Information] C:\WINDOWS\system32CmdLineExt.exe
O4 - HKLM…\Run: [FIFA Soccer] C:\WINDOWS\system32\head2.exe
O4 - HKLM…\Run: [runwinlogon] C:\WINDOWS\winlogon.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU…\Run: [steam] “e:\games\hl1\steam.exe” -silent
O4 - HKCU…\Run: [EA Core] “C:\Program Files\Electronic Arts\EA Link\Core.exe” -silent
O4 - HKCU…\Run: [Veoh] “C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” /VeohHide
O4 - HKCU…\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU…\Run: [libor] C:\WINDOWS\libor.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’)
O4 - HKUS\S-1-5-20…\Run: [fci] C:\WINDOWS\system32\fci.exe (User ‘?’)
O4 - HKUS\S-1-5-21-796845957-1220945662-725345543-1003…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User ‘?’)
O4 - HKUS\S-1-5-21-796845957-1220945662-725345543-1003…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 (User ‘?’)
O4 - HKUS\S-1-5-21-796845957-1220945662-725345543-1003…\Run: [steam] “e:\games\hl1\steam.exe” -silent (User ‘?’)
O4 - HKUS\S-1-5-21-796845957-1220945662-725345543-1003…\Run: [EA Core] “C:\Program Files\Electronic Arts\EA Link\Core.exe” -silent (User ‘?’)
O4 - HKUS\S-1-5-21-796845957-1220945662-725345543-1003…\Run: [Veoh] “C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” /VeohHide (User ‘?’)
O4 - HKUS\S-1-5-21-796845957-1220945662-725345543-1003…\Run: [] (User ‘?’)
O4 - HKUS\S-1-5-21-796845957-1220945662-725345543-1003…\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User ‘?’)
O4 - HKUS\S-1-5-21-796845957-1220945662-725345543-1003…\Run: [libor] C:\WINDOWS\libor.exe (User ‘?’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - S-1-5-21-796845957-1220945662-725345543-1003 Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe (User ‘?’)
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar … launch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://kamery.darlowo.org/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ???
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ImapiService - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: LightScribeService - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LPTRDC server (LPTRDCsrv) - Unknown owner - C:\WINDOWS\ctfmon.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: sfrem01 - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: StarWindService - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: UserAccess7 - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
–
End of file - 10580 bytes
W dniu 04.05.2008 , o godzinie 14:44 został dopisany post przez darlem
drugi log z combofix
ComboFix 08-05-01.3 - 1 2008-05-04 14:35:04.1 - FAT32 x86
Running from: E:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\bio2.exe
C:\WINDOWS\system32\CcEvtSvc.exe
C:\WINDOWS\system32\csrssw.dll
c:\windows\system32\Drivers\Rwu81.sys
C:\WINDOWS\system32\head2.exe
C:\WINDOWS\system32\lost.exe.exe
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\winlogon.exe
C:\WINDOWS\system32\WinData.cab . . . . failed to delete
C:\WINDOWS\system32\wsnpoem\video.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CCEVTSVC
-------\Legacy_FCI
-------\Legacy_LPTRDCSRV
-------\Legacy_PROTECT
-------\Legacy_RWU81
-------\Legacy_ZZZDRV_LICH
-------\Legacy_ZZZSVC_LICH
-------\Service_CcEvtSvc
-------\Service_FCI
-------\Service_LPTRDCsrv
-------\Service_protect
-------\Service_Rwu81
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
2008-05-04 14:39 . 2008-05-04 14:39 69,632 --a------ C:\WINDOWS\system32\csrssw.dll
2008-05-04 14:39 . 2008-05-04 14:20 35,840 --a------ C:\WINDOWS\NVBenchMarks.exe
2008-05-04 14:26 . 2008-05-04 14:26
2008-05-04 13:03 . 2008-05-04 13:04 44,548 --a------ C:\WINDOWS\gogora.config
2008-05-04 12:17 . 2008-05-04 13:50 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-04-30 06:27 . 2008-04-30 06:27
2008-04-30 06:24 . 2008-04-30 06:24
2008-04-30 06:05 . 2008-04-30 06:05
2008-04-29 17:57 . 2008-04-29 17:57
2008-04-29 17:56 . 2008-04-29 17:56
2008-04-29 17:56 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-29 17:56 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-29 17:56 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-29 17:56 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-29 17:56 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-04-28 09:45 . 2008-04-28 09:45
2008-04-27 20:48 . 2008-04-28 08:48 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-27 20:48 . 2008-04-27 20:48 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-27 16:26 . 2008-04-27 16:26
2008-04-27 16:26 . 2008-04-27 16:26
2008-04-27 10:52 . 2008-04-27 10:52 5,114 --a------ C:\WINDOWS\system32\dumprep.rar
2008-04-26 18:13 . 14,976 C:\WINDOWS\system32\drivers\Kgw50.sys
2008-04-26 18:13 . 0 C:\WINDOWS\system32\WinData.cab
2008-04-26 18:09 . 2008-04-26 18:09
2008-04-26 18:08 . 2008-04-26 18:08
2008-04-26 18:06 . 2008-04-26 18:06
2008-04-25 16:24 . 2008-04-25 16:24 0 --a------ C:\1EC.tmp
2008-04-25 16:24 . 2008-04-25 16:24 0 --a------ C:\1EB.tmp
2008-04-25 16:24 . 2008-04-25 16:24 0 --a------ C:\1EA.tmp
2008-04-25 16:24 . 2008-04-25 16:24 0 --a------ C:\1E9.tmp
2008-04-25 16:24 . 2008-04-25 16:24 0 --a------ C:\1E8.tmp
2008-04-25 16:24 . 2008-04-25 16:24 0 --a------ C:\1E7.tmp
2008-04-25 16:24 . 2008-04-25 16:24 0 --a------ C:\1E6.tmp
2008-04-25 16:24 . 2008-04-25 16:24 0 --a------ C:\1E5.tmp
2008-04-25 16:19 . 2008-04-25 16:19 0 --a------ C:\1CC.tmp
2008-04-25 16:18 . 2008-04-25 16:18 0 --a------ C:\1BC.tmp
2008-04-25 16:14 . 2008-04-25 16:14 0 --a------ C:\1AC.tmp
2008-04-25 16:13 . 2008-04-25 16:13 0 --a------ C:\19C.tmp
2008-04-25 16:12 . 2008-04-25 16:12 0 --a------ C:\18C.tmp
2008-04-25 16:11 . 2008-04-25 16:11 0 --a------ C:\17C.tmp
2008-04-25 16:09 . 2008-04-25 16:09 0 --a------ C:\16C.tmp
2008-04-25 16:07 . 2008-04-25 16:07 0 --a------ C:\15C.tmp
2008-04-25 16:01 . 2008-04-25 16:01 0 --a------ C:\14C.tmp
2008-04-25 16:00 . 2008-04-25 16:01 0 --a------ C:\148.tmp
2008-04-25 15:58 . 2008-04-25 15:58 29 --a------ C:\WINDOWS\system32\erqgopat.tmp
2008-04-25 15:58 . 2008-04-25 15:58 0 --a------ C:\144.tmp
2008-04-22 08:34 . 2008-04-22 08:34
2008-04-21 19:10 . 2008-04-21 19:10
2008-04-20 12:16 . 2008-04-27 17:51 273 --a------ C:\WINDOWS\game.ini
2008-04-19 14:44 . 2008-04-19 14:44 14,886,912 --a------ C:\focmapeditor.msi
2008-04-19 14:29 . 2008-04-19 14:29 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-04-19 11:05 . 2008-04-19 11:05 9,351,679 --a------ C:\Zbot.zip
2008-04-19 10:50 . 2008-04-19 10:50 1,095,819 --a------ C:\Manual.pdf
2008-04-19 10:49 . 2008-04-19 10:49 5,809,224 --a------ C:\CDRoller750_en.exe
2008-04-19 10:44 . 2008-04-19 10:44 3,492 --a------ C:\CD_Roller_7 0_[ENG]_ _crack[Torrenty[1][1].org].torrent
2008-04-18 19:08 . 2008-04-18 19:08
2008-04-18 19:08 . 2008-04-18 19:08 134,892 --a------ C:\310oe_a.rar
2008-04-18 19:07 . 2008-04-18 19:07
2008-04-18 19:07 . 2008-04-18 19:07 136,563 --a------ C:\340_oea.rar
2008-04-18 19:06 . 2008-04-18 19:06
2008-04-18 19:06 . 2008-04-18 19:06 76,997 --a------ C:\303_10oe_mix.rar
2008-04-18 19:02 . 2008-04-18 19:02
2008-04-18 19:01 . 2008-04-18 19:01 199,447 --a------ C:\390m33_2.rar
2008-04-17 19:22 . 2008-04-17 19:22
2008-04-17 16:36 . 2008-04-17 16:36
2008-04-17 15:09 . 2001-07-04 04:12 1,649,399 --------- C:\WINDOWS\TRAINE~1.CAB
2008-04-17 15:09 . 2008-04-17 16:36 249,856 --------- C:\WINDOWS\Setup1.exe
2008-04-17 15:09 . 2008-04-17 16:36 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-04-17 15:09 . 2008-04-17 15:09 1,607 --a------ C:\WINDOWS\ST6UNST.000
2008-04-13 19:07 . 2008-04-13 19:07
2008-04-13 19:06 . 2008-04-13 19:06
2008-04-13 07:41 . 2008-04-13 07:41
2008-04-10 18:58 . 2008-04-10 18:58
2008-04-09 20:30 . 2008-04-09 20:30
2008-04-08 08:54 . 2008-04-08 08:54
2008-04-07 19:08 . 2008-04-07 19:08
2008-04-07 19:07 . 2008-04-07 19:07
2008-04-06 09:41 . 2008-04-06 09:41
2008-04-05 16:14 . 2008-04-05 16:14
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 12:20 35,840 ----a-w C:\WINDOWS\system32CmdLineExt.exe
2008-05-04 11:02 28,160 ----a-w C:\WINDOWS\system32\fci.exe
2008-05-04 11:02 129,024 ----a-w C:\WINDOWS\libor.exe
2008-04-30 04:27 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-04-28 16:36 5,678 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-04-28 06:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-25 14:22 14,336 ----a-w C:\WINDOWS\system32\ups.exe
2008-04-25 14:22 14,336 ----a-w C:\WINDOWS\system32\tlntsvr.exe
2008-04-25 14:20 14,336 ----a-w C:\WINDOWS\system32\smlogsvc.exe
2008-04-25 14:14 14,336 ----a-w C:\WINDOWS\system32\sessmgr.exe
2008-04-25 14:14 14,336 ----a-w C:\WINDOWS\system32\scardsvr.exe
2008-04-25 14:14 14,336 ----a-w C:\WINDOWS\system32\rsvp.exe
2008-04-25 14:10 14,336 ----a-w C:\WINDOWS\system32\netdde.exe
2008-04-25 14:09 14,336 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
2008-04-25 14:00 14,336 ----a-w C:\WINDOWS\system32\cisvc.exe.tmp
2008-04-10 11:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-01 11:56 --------- d-----w C:\Program Files\THQ
2008-03-29 16:10 --------- d-----w C:\Program Files\Common Files\Thraex Software
2008-03-22 16:05 3 ----a-r C:\WINDOWS\system32\drivers\Tcplp.sys
2008-03-22 14:35 8,576 ----a-w C:\WINDOWS\system32\drivers\ydbmlgryxoxo.sys
2008-03-22 13:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-03-21 10:19 --------- d-----w C:\Documents and Settings\1\Dane aplikacji\IGN_DLM
2008-03-17 17:10 --------- d-----w C:\Program Files\GTA3Mods
2008-03-17 16:07 --------- d-----w C:\Program Files\Sniker
2008-03-16 08:55 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-16 08:54 --------- d-----w C:\Program Files\RALINK
2008-03-11 18:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
2008-03-11 18:05 --------- d-----w C:\Documents and Settings\1\Dane aplikacji\PlayFirst
2008-03-08 13:09 --------- d-----w C:\Documents and Settings\1\Dane aplikacji\Sierra
2008-03-06 12:33 --------- d-----w C:\Program Files\Veoh Networks
2008-02-16 07:43 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-02 16:53 22,328 ----a-w C:\Documents and Settings\1\Dane aplikacji\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Sample Shell Icon Overlay Identifier]
@={EA3775F2-28BE-11D3-9C8D-00105A24ED29}
[HKEY_CLASSES_ROOT\CLSID{EA3775F2-28BE-11D3-9C8D-00105A24ED29}]
C:\Documents and Settings\1\Ustawienia lokalne\Temp\IcnOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-06-07 13:12 68856]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-03-16 19:25 25268264]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-04 00:29 165784]
“Steam”=“e:\games\hl1\steam.exe” [2008-03-28 10:13 1271032]
“EA Core”=“C:\Program Files\Electronic Arts\EA Link\Core.exe” [2007-07-19 08:02 2887680]
“Veoh”=“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” [2008-04-01 18:35 3587120]
“AdobeUpdater”=“C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2007-03-01 10:37 2321600]
“libor”=“C:\WINDOWS\libor.exe” [2008-05-04 13:02 129024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 16:40 155648]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2006-03-17 10:03 61440]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 00:44 110592 C:\WINDOWS\system32\bthprops.cpl]
“SoundMan”=“SOUNDMAN.EXE” [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
“Adobe Reader Speed Launcher”=“F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06 40048]
“AGEIA PhysX SysTray”=“C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe” [2007-07-23 09:05 345640]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-12-05 01:41 8523776]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-12-05 01:41 81920]
“Uninstall Information”=“C:\WINDOWS\system32CmdLineExt.exe” [2008-05-04 14:20 35840]
“FIFA Soccer”=“C:\WINDOWS\system32\head2.exe” []
“Usługi online”=“C:\WINDOWS\NVBenchMarks.exe” [2008-05-04 14:20 35840]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
C:\Documents and Settings\1\Menu Start\Programy\Autostart\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [2007-07-26 13:19:18 931840]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-03-16 10:55:50 614400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.3iv2”= 3ivxVfWCodec.dll
“msacm.divxa32”= divxa32.acm
“VIDC.HFYU”= huffyuv.dll
“VIDC.i263”= i263_32.drv
“msacm.imc”= imc32.acm
“VIDC.VP31”= vp31vfw.dll
“vidc.asv2”= asusasv2.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kgw50.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\WINDOWS\System32\dpnsvr.exe”=
“C:\Program Files\Azureus\Azureus.exe”=
“C:\WINDOWS\System32\dplaysvr.exe”=
“C:\WINDOWS\System32\CTFMON.EXE”=
“E:\Games\hl1\team fortress classic\hl.exe”=
“E:\Games\hl1\half-life blue shift\hl.exe”=
“E:\Games\hl1\opposing force\hl.exe”=
“E:\Games\hl1\half-life\hl.exe”=
“F:\download\samp-server-0.2.1-win32\samp-server.exe”=
“C:\Program Files\Valve\hl.exe”=
“C:\Program Files\Internet Explorer\iexplore.exe”=
“E:\Games\hl1\SteamApps\fabian992\half-life 2 deathmatch\hl2.exe”=
“C:\WINDOWS\System32\PnkBstrA.exe”=
“C:\WINDOWS\System32\PnkBstrB.exe”=
“F:\eaw\GameData\sweaw.exe”=
“F:\eawfoc\swfoc.exe”=
“E:\Games\assassins creed\AssassinsCreed_Dx9.exe”=
“E:\Games\assassins creed\AssassinsCreed_Dx10.exe”=
“E:\Games\assassins creed\AssassinsCreed_Launcher.exe”=
“C:\WINDOWS\system32\regsvr32.exe”=
“C:\WINDOWS\explorer.exe”= C:\WINDOWS\Explorer.EXE
“C:\WINDOWS\system32\mmc.exe”=
“C:\WINDOWS\libor.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“6667:TCP”= 6667:TCP:chat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b5fcc8f8-718c-11dc-a02c-001617ec6911}]
\Shell\AutoRun\command - explorer.exe /n,/e,\
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 14:39:08
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-04 14:41:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 12:41:04
Pre-Run: 700,571,648 bajtów wolnych
Post-Run: 3,462,889,472 bajt˘w wolnych
281