Zamula kompa


(Paziek) #1

wstawiam loga z hijacka jesli cos nie tak to dajcie instrukcje co robic bo chyba cos siedzi w kompie

W dniu 18.05.2008 , o godzinie 19:47 został dopisany post przez ocelotttt

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:42:43, on 2008-05-18

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\dllcache\mravsc32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\NinKey.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\WINDOWS\System32\aglddd23.exe

C:\WINDOWS\System32\mdm.exe

C:\WINDOWS\Dit.exe

C:\WINDOWS\System32\ezanxiijvfselh.exe

C:\WINDOWS\DitExp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM..\Run: [adiras] adiras.exe

O4 - HKLM..\Run: [Microsoft Winedows Updateing] NinKey.exe

O4 - HKLM..\Run: [Winddows Service Agent] aglddd23.exe

O4 - HKLM..\Run: [Windows Workstation USB] ezanxiijvfselh.exe

O4 - HKLM..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe

O4 - HKLM..\Run: [Dit] Dit.exe

O4 - HKLM..\Run: [mmsass] mmdmm.exe

O4 - HKLM..\RunServices: [Microsoft Winedows Updateing] NinKey.exe

O4 - HKLM..\RunServices: [Winddows Service Agent] aglddd23.exe

O4 - HKLM..\RunServices: [Windows Workstation USB] ezanxiijvfselh.exe

O4 - HKLM..\RunServices: [mmsass] mmdmm.exe

O4 - HKLM..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [Microsoft Winedows Updateing] NinKey.exe

O4 - HKCU..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe

O4 - HKCU..\Run: [Winddows Service Agent] aglddd23.exe

O4 - HKCU..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-73586283-1343024091-854245398-1003..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-73586283-1343024091-854245398-1003..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe (User '?')

O4 - HKUS\S-1-5-21-73586283-1343024091-854245398-1003..\Run: [Winddows Service Agent] aglddd23.exe (User '?')

O4 - HKUS\S-1-5-21-73586283-1343024091-854245398-1003..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User '?')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User '?')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS.DEFAULT..\RunOnce: [Microsoft Winedows Updateing] NinKey.exe (User 'Default user')

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0954245467

O17 - HKLM\System\CCS\Services\Tcpip..{9EBC2502-ABB4-4BED-8E5A-4E3FB57C14D2}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6036 bytes


(huber2t) #2

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\System32\mdm.exe

C:\WINDOWS\system32\dllcache\mravsc32.exe

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.


(Paziek) #3

nie moge znalesc tych plikow w system32


(Leon$) #4

Ty nie masz ich szukać tylko otworzyć notatnik wkleić co pokazał hubert nazwać CFScript.txt i przenieść i upuścić na Combofixa

:slight_smile:


(Paziek) #5

ComboFix 08-05-15.3 - Emilia 2008-05-18 20:10:13.1 - NTFSx86

Running from: C:\Documents and Settings\Emilia\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Emilia\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\0003841F

C:\Program Files\myglobalsearch\bar\Cache\00038999.bin

C:\Program Files\myglobalsearch\bar\Cache\00039E73.bin

C:\Program Files\myglobalsearch\bar\Cache\0003A1DA.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\WINDOWS\system32\9.exe

C:\WINDOWS\system32\a.exe

C:\WINDOWS\system32\drivers\OLD9.tmp

C:\WINDOWS\system32\mmdmm.exe

C:\WINDOWS\system32\NinKey.exe

C:\WINDOWS\system32\setup.ini

.

((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))

.

2008-05-18 19:42 . 2008-05-18 19:42

2008-05-18 19:22 . 2008-05-18 19:22

2008-05-18 19:18 . 2008-05-18 19:18

2008-05-18 19:17 . 2008-05-18 19:17

2008-05-18 19:17 . 2008-05-18 19:17

2008-05-18 19:15 . 2008-05-18 19:26

2008-05-18 10:45 . 2008-05-18 10:45 76,383 --a------ C:\WINDOWS\system32\msv.exe

2008-05-16 20:45 . 2008-05-16 20:48 41,216 --a------ C:\WINDOWS\system32\hqghumea.dll

2008-05-16 18:23 . 2008-05-16 18:23 70,320 --a------ C:\WINDOWS\system32\lfo.exe

2008-05-16 18:23 . 2008-05-16 18:23 70,298 --a------ C:\WINDOWS\system32\ivnt.exe

2008-05-16 18:14 . 2008-05-18 19:39 60 --a------ C:\WINDOWS\system32\i

2008-05-16 18:10 . 2008-05-16 18:10

2008-05-16 17:58 . 2003-02-25 14:30 45,056 --a------ C:\WINDOWS\system32\vusetup.dll

2008-05-16 17:58 . 2003-05-24 09:06 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys

2008-05-16 17:58 . 2002-10-24 10:07 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys

2008-05-16 17:52 . 2002-05-16 13:41 94,208 --------- C:\WINDOWS\Dit.DLL

2008-05-16 17:52 . 2002-07-12 10:29 69,632 --a------ C:\WINDOWS\Dit.exe

2008-05-16 17:52 . 2002-07-12 10:29 65,536 --a------ C:\WINDOWS\DitExp.exe

2008-05-16 17:52 . 2002-06-21 09:55 208 --------- C:\WINDOWS\Dit.INI

2008-05-16 17:52 . 2002-06-05 15:21 94 --------- C:\WINDOWS\ICCLR.INF

2008-05-16 17:50 . 2003-04-30 11:22 28,928 -ra------ C:\WINDOWS\system32\drivers\usbehci.sys

2008-05-16 17:47 . 2008-05-16 17:47

2008-05-16 17:47 . 2003-03-05 13:17 107,247 --------- C:\WINDOWS\system32\drivers\ALiEHCI.SYS

2008-05-16 17:47 . 2001-11-13 21:24 35,587 --------- C:\WINDOWS\system32\rmusb20.EXE

2008-05-16 17:47 . 2003-01-11 17:20 28,672 --------- C:\WINDOWS\system32\Unusb20.exe

2008-05-16 17:47 . 2003-02-27 15:27 17,829 --------- C:\WINDOWS\system32\drivers\ALiHUB.SYS

2008-05-16 17:47 . 2003-02-27 15:26 12,622 --------- C:\WINDOWS\system32\drivers\ALiGP.SYS

2008-05-16 17:47 . 2000-01-07 15:20 12,288 --------- C:\WINDOWS\system32\PCIVP.SYS

2008-05-16 17:47 . 2003-02-27 15:27 5,331 --------- C:\WINDOWS\system32\drivers\ALiRTHUB.SYS

2008-05-16 17:47 . 2003-02-27 10:50 635 --a------ C:\WINDOWS\system32\setup.iss

2008-05-16 15:02 . 2008-05-16 15:02

2008-05-16 08:23 . 2008-05-18 19:04 61 --a------ C:\WINDOWS\system32\o

2008-05-16 08:21 . 2008-05-16 08:21 50,110 ---hs---- C:\WINDOWS\system32\mdm.exe

2008-05-15 20:40 . 2008-05-15 20:40 163,840 --a------ C:\WINDOWS\system32\MysWorkstation.exe

2008-05-15 13:33 . 2008-05-15 13:34 526,336 -r-hs---- C:\WINDOWS\system32\aglddd23.exe

2008-05-14 20:05 . 2008-05-17 19:46

2008-05-14 20:05 . 2008-05-14 20:05

2008-05-14 20:01 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-05-14 20:01 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-05-14 20:00 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-14 20:00 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-05-14 19:42 . 2008-05-14 19:42 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG

2008-05-14 19:35 . 2008-05-14 19:35 1,160 --a------ C:\WINDOWS\mozver.dat

2008-05-14 19:22 . 2008-05-14 19:22 444,928 -r-hsc--- C:\WINDOWS\system32\dllcache\mravsc32.exe

2008-05-14 19:16 . 2008-05-14 19:16

2008-05-14 19:16 . 2008-05-14 19:16

2008-05-14 19:10 . 2008-05-14 19:10 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-14 19:06 . 2008-05-14 19:06

2008-05-14 19:05 . 2008-05-14 19:06

2008-05-14 19:01 . 2008-05-14 19:01

2008-05-14 18:57 . 2003-09-05 06:58 70,624 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys

2008-05-14 18:57 . 2003-04-30 11:24 67,568 -ra------ C:\WINDOWS\system32\drivers\usbhub20.sys

2008-05-14 18:57 . 2003-09-05 06:58 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys

2008-05-14 18:57 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll

2008-05-14 18:57 . 2003-09-05 06:58 5,607 --a------ C:\WINDOWS\system32\stci.dll

2008-05-14 18:57 . 2003-09-05 06:58 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys

2008-05-14 18:57 . 2003-09-05 06:58 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys

2008-05-14 18:56 . 2008-05-14 18:56

2008-05-14 18:56 . 2008-05-14 18:56

2008-05-14 18:56 . 2008-05-16 17:52

2008-05-14 18:56 . 2002-11-01 20:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl

2008-05-14 18:56 . 2002-11-01 20:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll

2008-05-14 18:54 . 2008-05-14 18:54

2008-05-14 18:54 . 2008-05-14 19:41

2008-05-14 18:50 . 2003-02-21 13:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-05-14 18:50 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl

2008-05-14 18:49 . 2008-05-14 18:50

2008-05-14 18:48 . 2008-05-14 18:48

2008-05-14 18:47 . 2008-05-14 18:47

2008-05-14 18:47 . 2008-05-14 18:47

2008-05-14 18:47 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-05-14 18:47 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-05-14 18:47 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-05-14 18:47 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2008-05-14 18:47 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-05-14 18:47 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-05-14 18:47 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-05-14 18:43 . 2008-05-14 18:45

2008-05-14 18:43 . 2008-05-14 18:47

2008-05-14 18:33 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-05-14 00:02 . 2008-05-13 22:13 261 --a------ C:\WINDOWS\system32\$winnt$.inf

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-14 18:05 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg

2008-05-13 20:33 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-13 20:11 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-13 20:10 --------- d-----w C:\Program Files\Usługi online

2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe

2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll

2001-10-26 17:29 163,840 --sh--r C:\WINDOWS\system32\ezanxiijvfselh.exe

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-05-26 05:18 49152]

"Microsoft Winedows Updateing"="NinKey.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-26 05:18 4640768]

"nwiz"="nwiz.exe" [2003-05-26 05:18 323584 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2003-01-10 05:39 46592 C:\WINDOWS\SOUNDMAN.EXE]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]

"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]

"adiras"="adiras.exe" []

"Dit"="Dit.exe" [2002-07-12 10:29 69632 C:\WINDOWS\Dit.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 19:29 13312]

"Microsoft Winedows Updateing"="NinKey.exe" []

"Winddows Service Agent"="aglddd23.exe" [2008-05-15 13:34 526336 C:\WINDOWS\system32\aglddd23.exe]

"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-05-16 08:21 50110]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-14 20:05:33 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

"vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

"vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll

"vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll

"vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll

"vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll

"msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm

"vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll

"vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll

"vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll

"msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm

"msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm

"msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm

"vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

"vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

"vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

"vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

"vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm

"vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll

"vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll

"vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll

"vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll

"vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll

"vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

"vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

"vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

"vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

"vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll

"vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

"vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

"vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll

"vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll

"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

"vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll

"vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

"vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

"msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm

"vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL

"vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL

"vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL

"msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM

"vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll

"vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

"vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

"vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

"vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

"vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

"vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

"vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll

"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll

"msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm

"vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

"vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

"vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll

"vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll

"vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll

"vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll

"vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv

"vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv31"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv32"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

"vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv41"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

"vidc.iv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll

"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll

"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

"vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

"vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

"msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM

"vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL

"vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

"vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

"vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

"vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

"vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

"vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

"msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm

"msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm

"msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm

"msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm

"msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm

"vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv

"vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

"vidc.i420"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

"vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll

"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

"vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

"vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

"vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll

"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

"vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll

"vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll

"msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm

"vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

"vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

"vidc.vp60"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

"vidc.vp61"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

"vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

"vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

"vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll

"vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll

"vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll

"vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

"vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

"vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

"vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

"vidc.pim1"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll

"msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm

"vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll

"vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll

"msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm

"vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

"vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

"vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll

"vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

"vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

"vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll

"msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm

"vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2001-08-02 07:14 1077277 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

*Newly Created Service* - CATCHME

*Newly Created Service* - SRESCAN

*Newly Created Service* - VSMON

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 20:11:07

Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flys.q8pilots.net]

"ImagePath"="\"C:\WINDOWS\System32\NinKey.exe\" -netsvcs"

.

Completion time: 2008-05-18 20:11:29

ComboFix-quarantined-files.txt 2008-05-18 18:11:27

Pre-Run: 49,358,241,792 bajtów wolnych

Post-Run: 49,477,689,344 bajtów wolnych

330

W dniu 18.05.2008 , o godzinie 20:24 został dopisany post przez ocelotttt

prosze log czekam na odp


(Leon$) #6

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(Gutek) #7

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350