Witam ja rówież mam podobny problem co krzysinek z plikiem wml.exe. Z tym że nie mogę uruchomić programu HiJackThis. Wyskakuje mi informacja ze prgram nie jest aplikacja systemu 32 czy coś takiego. Proszę o pomoc
Uruchomiłem Combofix oto log:
ComboFix 08-04-24.1 - Mika 2008-05-05 18:18:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.264 [GMT 2:00]
Running from: D:\zip\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.
2008-05-04 12:56 . 2008-05-04 12:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-05-04 12:56 . 2008-05-04 12:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-04 12:56 . 2008-05-04 12:57 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-05-04 12:55 . 2008-05-04 12:55
2008-05-04 12:48 . 2008-05-04 17:56
2008-05-04 12:48 . 2008-05-04 12:47 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-04 12:48 . 2008-05-04 12:47 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-05-04 12:48 . 2008-05-04 12:47 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-04 12:37 . 2008-05-04 12:37
2008-05-01 04:41 . 2008-05-01 04:41
2008-05-01 04:20 . 2008-05-01 04:20
2008-05-01 04:19 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-05-01 04:16 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-05-01 04:12 . 2003-03-19 07:19 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2008-05-01 04:12 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-01 04:08 . 2002-12-11 18:09 217,600 --a–c— C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-05-01 04:08 . 2002-12-11 17:34 9,728 --a–c— C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-05-01 03:04 . 2006-04-13 19:00 126,976 -ra------ C:\WINDOWS\system32\V0220Vfw.dll
2008-05-01 03:04 . 2005-07-12 20:17 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe
2008-05-01 03:04 . 2006-06-28 19:01 32,768 -ra------ C:\WINDOWS\V0220Mon.exe
2008-05-01 03:04 . 2006-04-13 19:00 20,480 -ra------ C:\WINDOWS\V0220Cfg.exe
2008-05-01 03:04 . 2006-06-08 10:00 6,272 -ra------ C:\WINDOWS\system32\drivers\V0220Vfx.sys
2008-05-01 03:04 . 2006-05-06 05:04 6,132 -ra------ C:\WINDOWS\VF0220.uns
2008-05-01 02:50 . 2008-05-05 16:32
2008-05-01 02:50 . 2008-05-01 02:50 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-01 02:47 . 2008-05-05 16:38
2008-05-01 02:46 . 2008-05-01 02:47
2008-05-01 02:46 . 2008-05-01 02:46
2008-05-01 02:46 . 2008-05-01 02:47
2008-04-30 23:21 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-30 23:21 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-30 23:21 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-30 23:21 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-04-30 23:21 . 2004-08-03 14:04 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-04-30 23:21 . 2004-08-03 14:03 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-04-30 23:21 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-30 23:14 . 2002-05-23 09:34 310,272 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-22 17:52 . 2008-04-22 17:52
2008-04-20 20:05 . 2008-04-20 20:05
2008-04-20 20:05 . 2008-05-01 03:21
2008-04-20 20:05 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-20 20:05 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-20 20:05 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-20 20:05 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-20 13:48 . 2008-04-20 14:13
2008-04-20 10:54 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-04-20 10:49 . 2008-04-20 17:51 1,540,809 —hs---- C:\WINDOWS\system32\lffgxeig.ini
2008-04-20 10:43 . 2008-04-20 10:43 106,496 --a------ C:\WINDOWS\system32\krwhktkt.exe
2008-04-19 11:24 . 2008-04-19 11:24
2008-04-19 10:19 . 2008-04-19 10:18 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-19 10:19 . 2008-04-19 10:19 2,540 --a------ C:\WINDOWS\unins000.dat
2008-04-19 10:16 . 2008-04-19 10:30
2008-04-19 10:16 . 2008-04-19 10:20
2008-04-19 09:40 . 2008-05-04 17:08
2008-04-19 09:39 . 2008-04-19 09:39 10,752 --a------ C:\Documents and Settings\Mika\65886.exe
2008-04-19 09:39 . 2008-04-19 09:39 10,752 --a------ C:\Documents and Settings\Mika\53103.exe
2008-04-13 19:16 . 2008-04-18 20:31
2008-04-06 10:45 . 2008-04-19 09:53
2008-04-05 13:18 . 2001-10-26 17:29 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-05 13:18 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-05 13:18 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-05 13:11 . 2008-04-06 09:50
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 12:09 --------- d-----w C:\Program Files\Operacja Pustynny Grom
2008-05-01 02:18 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-05-01 02:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-30 22:16 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2008-04-26 13:53 --------- d-----w C:\Documents and Settings\Mika\Dane aplikacji\GanymedeNet
2008-03-28 17:52 --------- d-----w C:\Program Files\Java
2008-03-05 15:22 --------- d-----w C:\Program Files\IrfanView
2007-12-20 19:51 8 --sh–r C:\WINDOWS\system32\F7DB1628C6.sys
2007-12-20 19:51 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{F653EA3B-76C8-4C6F-8C1A-31DFFC056A8B}]
C:\WINDOWS\System32\ddccbyaX.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3D91099B-562D-49EC-BDBD-78C5DE9CAED9}”= “C:\DOCUME~1\Mika\USTAWI~1\Temp\ac8zt2\qtvglped.dll” []
[HKEY_CLASSES_ROOT\clsid{3d91099b-562d-49ec-bdbd-78c5de9caed9}]
[HKEY_CLASSES_ROOT\qtvglped.1]
[HKEY_CLASSES_ROOT\TypeLib{5A457828-B0A0-44DF-B5DE-373DFDD87ACC}]
[HKEY_CLASSES_ROOT\qtvglped]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29 13312]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 08:14 1077277]
“Gadu-Gadu”=“E:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]
“vcmcjkmg”=“C:\WINDOWS\system32\qfujyfej.exe” []
“yptuuypd”=“C:\WINDOWS\system32\krwhktkt.exe” [2008-04-20 10:43 106496]
“bnudvien”=“C:\WINDOWS\system32\vctenexw.exe” []
“njlarnvc”=“C:\WINDOWS\system32\dwjwhifw.exe” []
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-04-23 17:54 22175528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WinampAgent”=“e:\Program Files\Winamp\winampa.exe” [2003-12-13 02:50 33792]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“V0220Mon.exe”=“C:\WINDOWS\V0220Mon.exe” [2006-06-28 19:01 32768]
“AVFX Engine”=“d:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-06-09 01:11 24576]
“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-05-04 12:47 949376]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 19:29 13312]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-20 22:55:05 113664]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
“YF65J4R49V”= C:\WINDOWS\wininst.exe
“eu0SenVPtK”= C:\Documents and Settings\All Users\Dane aplikacji\mnkjgjsx\wzmlmnan.exe
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“pmsoarbf”= {55AB04F6-7B69-415E-829F-FC9A1528B731} - C:\WINDOWS\pmsoarbf.dll []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqOHwTn]
urqOHwTn.dll
R0 sojubus;sojubus;C:\WINDOWS\System32\DRIVERS\sojubus.sys [2003-10-05 11:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\System32\DRIVERS\sojuscsi.sys [2003-09-28 11:57]
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
S3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\System32\DRIVERS\V0220Dev.sys [2006-06-29 07:58]
S3 V0220Vfx;V0220VFX;C:\WINDOWS\System32\DRIVERS\V0220Vfx.sys [2006-06-08 10:00]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 18:20:36
Windows 5.1.2600 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-05 18:22:50
ComboFix-quarantined-files.txt 2008-05-05 16:21:52
Pre-Run: 807,432,192 bajtów wolnych
Post-Run: 805,253,120 bajtów wolnych
148