Win32:tratbho

salamandra · 2 Luty 2008 19:26

C:\WINDOWS\system32\ssqpq.dll

C:\WINDOWS\system32\urqnmkj.dll

C:\Program Files\Temporary

C:\WINDOWS\system32\abcbfffefb3_r.dll

C:\WINDOWS\system32\bn.dll

C:\WINDOWS\system32\qpqss.ini

C:\WINDOWS\system32\qpqss.ini2

C:\WINDOWS\system32\ssqpq.dll

C:\WINDOWS\system32\urqnmkj.dll

.

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))

.

2008-02-01 20:21 . 2008-02-01 20:22

2008-02-01 08:18 . 2008-02-02 19:44 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-31 21:53 . 2008-01-31 21:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-01-31 21:51 . 2008-01-31 21:51

2008-01-31 21:51 . 2008-01-31 22:01

2008-01-31 21:42 . 2008-01-31 21:42

2008-01-27 10:34 . 2008-01-27 10:40

2008-01-26 12:47 . 2008-01-26 12:47

2008-01-26 12:46 . 2008-02-01 20:20

2008-01-25 16:39 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-01-25 16:38 . 2004-09-15 16:22 2,146,304 --------- C:\WINDOWS\UNNeroVision.exe

2008-01-25 16:38 . 2005-01-20 18:45 132,494 --------- C:\WINDOWS\UNNeroVision.cfg

2008-01-25 16:38 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-01-25 16:37 . 2008-01-25 16:38

2008-01-25 16:37 . 2008-01-25 16:37

2008-01-25 16:37 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-01-25 16:37 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-01-25 16:37 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-01-25 16:37 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2008-01-25 16:37 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-01-25 16:37 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-01-25 16:37 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2008-01-24 18:53 . 2008-02-01 21:12

2008-01-24 18:53 . 2008-01-24 18:53 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-01-24 18:51 . 2008-01-24 18:51

2008-01-24 18:51 . 2008-02-01 21:12

2008-01-24 17:20 . 2008-01-24 17:20

2008-01-23 21:04 . 2008-01-27 09:38

2008-01-20 16:04 . 2008-01-20 16:04 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-01-20 10:37 . 2006-05-08 22:04 430,080 -ra------ C:\WINDOWS\system32\hp4370co.dll

2008-01-20 10:37 . 2004-08-04 06:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-01-20 10:36 . 2008-01-20 10:36

2008-01-20 10:34 . 2008-01-20 10:34

2008-01-20 10:30 . 2008-01-20 10:38 104,586 --a------ C:\WINDOWS\hpgins15.dat

2008-01-20 10:30 . 2006-05-18 19:09 282 --------- C:\WINDOWS\hpgmdl15.dat

2008-01-20 10:21 . 2008-01-20 10:21

2008-01-20 10:20 . 2008-01-20 10:20

2008-01-20 10:20 . 2008-01-20 10:35

2008-01-20 10:19 . 2006-06-03 21:29 48,640 --a------ C:\WINDOWS\system32\hpzll4pi.dll

2008-01-20 10:17 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-01-20 10:17 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-01-20 10:17 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-01-20 10:17 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-01-20 10:17 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-01-20 10:17 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-01-20 10:17 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-01-20 10:17 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-01-20 10:17 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-20 10:16 . 2008-01-20 10:16

2008-01-20 10:14 . 2008-01-20 10:22 126,807 --a------ C:\WINDOWS\HPHins12.dat

2008-01-20 10:14 . 2006-06-13 00:15 14,916 --------- C:\WINDOWS\hphmdl12.dat

2008-01-17 17:31 . 2008-01-17 17:31

2008-01-17 17:30 . 2008-01-17 17:30

2008-01-17 17:29 . 2008-01-17 17:29 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-01-17 17:29 . 2008-01-17 17:29 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-01-17 17:29 . 2008-01-17 17:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-01-17 17:29 . 2008-01-17 17:29 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-17 17:29 . 2008-01-17 17:29 22,328 --a------ C:\Documents and Settings\aaa\Dane aplikacji\PnkBstrK.sys

2008-01-13 08:40 . 2008-01-13 08:40

2008-01-12 14:09 . 2008-01-12 14:09

2008-01-12 14:07 . 2008-01-12 14:07

2008-01-12 14:06 . 2008-01-12 14:06

2008-01-12 12:25 . 2006-11-30 15:14 90,800 -ra------ C:\WINDOWS\system32\drivers\se45unic.sys

2008-01-12 12:25 . 2006-11-30 15:14 88,624 -ra------ C:\WINDOWS\system32\drivers\se45mgmt.sys

2008-01-12 12:25 . 2006-11-30 15:14 86,432 -ra------ C:\WINDOWS\system32\drivers\se45obex.sys

2008-01-12 12:25 . 2006-11-30 15:14 18,704 -ra------ C:\WINDOWS\system32\drivers\se45nd5.sys

2008-01-12 12:25 . 2006-11-30 15:14 4,128 -ra------ C:\WINDOWS\system32\drivers\se45cr.sys

2008-01-12 12:24 . 2008-01-12 12:24

2008-01-12 12:24 . 2006-11-30 15:14 97,088 -ra------ C:\WINDOWS\system32\drivers\se45mdm.sys

2008-01-12 12:24 . 2006-11-30 15:13 61,536 -ra------ C:\WINDOWS\system32\drivers\se45bus.sys

2008-01-12 12:24 . 2006-11-30 15:14 9,360 -ra------ C:\WINDOWS\system32\drivers\se45mdfl.sys

2008-01-12 12:24 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cmnt.sys

2008-01-12 12:24 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cm.sys

2008-01-12 12:24 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45whnt.sys

2008-01-12 12:24 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45wh.sys

2008-01-12 12:22 . 2008-01-12 12:22

2008-01-12 09:36 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-01-12 09:36 . 2008-01-12 09:36 421 --a------ C:\WINDOWS\ODBC.INI

2008-01-12 07:35 . 2008-01-15 11:22

2008-01-11 20:27 . 2008-01-11 20:27 31 --a------ C:\WINDOWS\wininit.ini

2008-01-11 19:21 . 2008-01-11 19:28

2008-01-11 08:10 . 2008-01-11 08:11

2008-01-11 07:51 . 2008-01-11 07:51 3,097,088 --a------ C:\WINDOWS\system32\libavcodec.dll

2008-01-11 07:51 . 2008-01-11 07:51 2,449,408 --a------ C:\WINDOWS\system32\ffdshow.ax

2008-01-11 07:51 . 2008-01-11 07:51 319,488 --a------ C:\WINDOWS\system32\CoreAAC.ax

2008-01-11 07:50 . 2008-01-11 07:50 188,416 --a------ C:\WINDOWS\system32\ff_theora.dll

2008-01-11 07:49 . 2008-01-11 07:49 530,944 --a------ C:\WINDOWS\system32\splitter.ax

2008-01-11 07:49 . 2008-01-11 07:49 123,392 --a------ C:\WINDOWS\system32\ogm.dll

2008-01-11 07:48 . 2008-01-11 07:48

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-31 21:00 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-01-12 11:21 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-01-09 13:26 --------- d-----w C:\Program Files\Realtek

2008-01-09 06:37 --------- d-----w C:\Program Files\Attansic

2008-01-09 06:35 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-01-09 06:28 --------- d-----w C:\Program Files\Intel

2008-01-09 06:19 --------- d-----w C:\Program Files\microsoft frontpage

2008-01-09 06:16 --------- d-----w C:\Program Files\Usługi online

2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 08:44 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-10-25 10:17 8527872]

“nwiz”=“nwiz.exe” [2007-10-25 10:17 1626112 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-10-25 10:17 81920]

“RTHDCPL”=“RTHDCPL.EXE” [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]

“avast!”=“E:\Programy\Avast\ashDisp.exe” [2007-12-04 14:00 79224]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 08:44 15360]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Photosmart Premier - Szybkie uruchomienie.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnk

backup=C:\WINDOWS\pss\HP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

–a------ 2007-12-22 08:23 221568 E:\Programy\Alcohol\alcohol 120%\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

E:\Programy\Azerus\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]

–a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]

C:\Program Files\Dot1XCfg\Dot1XCfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2007-11-14 11:54 2131392 E:\Programy\Gadu\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]

–a------ 2007-06-28 20:44 2816512 E:\Programy\Kalkulator\HEXelon MAX 6\hexelon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

–a------ 2006-02-19 02:41 49152 E:\Programy\Drukarka\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

–a------ 2007-02-07 16:21 54832 E:\Programy\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

–a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-02-07 16:24 71216 E:\Programy\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

–a------ 2007-08-31 16:46 1460560 E:\Programy\Spyboot\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2007-12-20 16:16 37376 E:\Programy\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDLL (tqurity.exe)]

C:\WINDOWS\System32\tqurity.exe

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Programy\PowerDVD\000.fcl [2006-11-02 16:51]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 07:12]

S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-02 20:19:20

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

E:\Programy\Adaware\aawservice.exe

E:\Programy\Avast\aswUpdSv.exe

E:\Programy\Avast\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

E:\Programy\Alcohol\alcohol 120\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\RUNDLL32.EXE

E:\Programy\Avast\ashMaiSv.exe

E:\Programy\Avast\ashWebSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Completion time: 2008-02-02 20:20:23 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-02 19:20:14

.

2008-01-28 13:29:47 — E O F —

Gutek · 2 Luty 2008 22:15

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

W Combo nic nie widzę

Pobierz program SDFix

salamandra · 3 Luty 2008 09:05

Witam

Programem SDFix nie udało mi się nic zrobić ,cały czas pokazywał że czegoś nie ma .

Zrobiłem log Hijack this.

Proszę o sprawdzenie .

http://wklej.org/id/0dbc9a5726

Gutek · 4 Luty 2008 15:17

Daj nowy log z combo