x-kom hosting

[Rozwiązany] Proszę o sprawdzenie logów

skibenz
utworzono
utworzono

HijackThis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:47:27, on 2008-05-25Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeD:\Programy\Winamp\winampa.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Eset\nod32kui.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeD:\Programy\Gadu-Gadu\gg.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\D-Link AirPlus\AirPlus.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: (no name) - {20E9C64D-F33C-4976-BAF8-4791A65BAA2F} - C:\WINDOWS\system32\vtUlJcaX.dllO4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: D-Link AirPlus.lnk = ?O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: byxofgdb - byXOfgdb.dll (file missing)O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Amsosd - Eset  - (no file)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe--End of file - 4270 bytes

ComboFix

ComboFix 08-05-24.1 - Administrator 2008-05-25 17:41:31.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1477 [GMT 2:00]Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\autorun.infC:\copy.exeC:\Program Files\HelperC:\WINDOWS\autorun.infC:\WINDOWS\BM3324d557.xmlC:\WINDOWS\pskt.iniC:\WINDOWS\svchost.exeC:\WINDOWS\system32\btwhyoon.dllC:\WINDOWS\system32\dwiuibbu.iniC:\WINDOWS\system32\ftqbykdo.dllC:\WINDOWS\system32\gcbcyurr.dllC:\WINDOWS\system32\gsbgqpwwfw.sysC:\WINDOWS\system32\jkejlafm.iniC:\WINDOWS\system32\jtsxboqu.iniC:\WINDOWS\system32\kanjshds.iniC:\WINDOWS\system32\lhbyhngt.iniC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\norsiilc.iniC:\WINDOWS\system32\ppoldfxc.iniC:\WINDOWS\system32\rggiojtx.iniC:\WINDOWS\system32\rruycbcg.iniC:\WINDOWS\system32\sxvvbxnh.dllC:\WINDOWS\system32\XacJlUtv.iniC:\WINDOWS\system32\XacJlUtv.ini2C:\WINDOWS\system32\xtnwxqlo.dllC:\WINDOWS\xcopy.exeD:\Autorun.infD:\copy.exeG:\copy.exe.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_gsbgqpwwfw(((((((((((((((((((((((((   Files Created from 2008-04-25 to 2008-05-25  ))))))))))))))))))))))))))))))).2008-05-25 16:26 . 2008-05-25 16:27	<DIR>	d--------	C:\Program Files\IrfanView2008-05-25 15:49 . 2008-05-25 15:48	512,096	--a------	C:\WINDOWS\system32\drivers\amon.sys2008-05-25 15:49 . 2008-05-25 15:48	298,104	--a------	C:\WINDOWS\system32\imon.dll2008-05-25 15:49 . 2008-05-25 15:48	15,424	--a------	C:\WINDOWS\system32\drivers\nod32drv.sys2008-05-25 15:48 . 2008-05-25 16:41	<DIR>	d--------	C:\Program Files\ESET2008-05-25 15:38 . 2008-05-25 15:38	2,624	--a------	C:\WINDOWS\system32\uxnsrbqi.exe2008-05-24 15:07 . 2008-05-24 15:07	<DIR>	d--------	C:\Program Files\Trend Micro2008-05-24 14:53 . 2008-05-24 14:53	2,624	--a------	C:\WINDOWS\system32\tlibvuvt.exe2008-05-23 14:47 . 2008-05-23 14:47	<DIR>	d--------	C:\Program Files\Opera2008-05-23 14:16 . 2008-05-23 14:16	2,624	--a------	C:\WINDOWS\system32\hlcxihbh.exe2008-05-21 23:33 . 2008-05-21 23:33	<DIR>	d--------	C:\Program Files\Real Alternative2008-05-21 23:33 . 2008-05-21 23:33	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic2008-05-21 23:29 . 2008-05-21 23:29	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\GRETECH2008-05-21 23:29 . 2008-05-21 23:29	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\GRETECH2008-05-21 23:25 . 2008-05-21 23:25	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DivX2008-05-21 23:24 . 2008-05-21 23:24	<DIR>	d--------	C:\Program Files\Codec2008-05-21 22:51 . 2008-05-21 22:51	<DIR>	d--------	C:\Program Files\GRETECH2008-05-21 22:40 . 2008-05-21 22:40	2,624	--a------	C:\WINDOWS\system32\lvgokhkr.exe2008-05-20 22:47 . 2008-05-20 22:47	2,624	--a------	C:\WINDOWS\system32\kwkvfyri.exe2008-05-20 22:41 . 2008-05-20 22:41	99,904	--a------	C:\WINDOWS\system32\ocvaoyej.dll2008-05-20 15:44 . 2008-05-20 15:44	62,895	--a------	C:\FT_Splash.img2008-05-20 15:38 . 2008-05-20 15:38	<DIR>	d--------	C:\Program Files\Common Files\France Telecom2008-05-19 22:43 . 2008-05-19 22:43	2,624	--a------	C:\WINDOWS\system32\dbppmwmm.exe2008-05-18 21:04 . 2008-05-18 21:04	2,112	--a------	C:\WINDOWS\system32\gnxlkrne.exe2008-05-18 20:58 . 2008-05-18 20:58	98,880	--a------	C:\WINDOWS\system32\mojyxkuv.dll2008-05-18 20:54 . 2008-05-18 20:54	3,648	--a------	C:\WINDOWS\system32\bvaurnmx.dll2008-05-16 18:19 . 2008-05-16 18:19	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft2008-05-16 18:17 . 2008-05-16 18:17	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft2008-05-16 18:01 . 2008-05-16 18:01	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield2008-05-14 16:12 . 2008-05-14 16:12	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-05-14 15:38 . 2008-05-14 15:38	<DIR>	d--------	C:\Program Files\Common Files\Blizzard Entertainment2008-05-13 20:34 . 2008-05-13 20:34	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared2008-05-13 20:34 . 2008-05-13 20:34	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Macrovision2008-05-13 15:13 . 2008-05-13 15:13	0	--a------	C:\WINDOWS\ativpsrm.bin2008-05-12 22:08 . 2008-05-12 22:08	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet2008-05-12 21:55 . 2008-05-12 21:55	<DIR>	d--------	C:\Program Files\Bonjour2008-05-12 21:50 . 2008-05-12 21:50	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared2008-05-12 21:10 . 2008-05-12 21:10	<DIR>	d--------	C:\ATI2008-05-12 20:59 . 2008-05-12 20:59	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav2008-05-12 20:59 . 2008-05-12 20:59	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav2008-05-12 20:55 . 2005-05-03 04:43	69,632	-r-------	C:\WINDOWS\Alcmtr.exe2008-05-12 20:45 . 2008-05-12 20:45	<DIR>	d--------	C:\WINDOWS\system32\Lang2008-05-12 20:39 . 2001-07-05 18:19	164	---------	C:\WINDOWS\avrack.ini2008-05-12 20:28 . 2008-05-12 20:28	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start2008-05-12 20:10 . 2008-05-12 20:10	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-05-12 20:09 . 2004-11-18 10:42	22,752	--a------	C:\WINDOWS\system32\spupdsvc.exe2008-05-12 20:09 . 2004-07-17 11:40	19,528	--a------	C:\WINDOWS\[u]0[/u]02302_.tmp2008-05-12 20:08 . 2008-05-12 20:11	<DIR>	d--------	C:\WINDOWS\EHome2008-05-12 20:05 . 2008-05-13 20:34	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-05-11 22:11 . 2008-05-11 22:11	<DIR>	d--------	C:\Program Files\Realtek AC972008-05-11 21:45 . 2008-05-11 21:45	1,231	--a------	C:\WINDOWS\mozver.dat2008-05-11 20:47 . 2008-05-11 20:47	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\HP2008-05-11 20:45 . 2008-05-11 20:45	<DIR>	d--------	C:\Program Files\Common Files\Sonic Shared2008-05-11 20:45 . 2008-05-11 20:45	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Sonic2008-05-11 20:44 . 2008-05-11 20:45	<DIR>	d--------	C:\Program Files\Common Files\HP2008-05-11 20:43 . 2008-05-11 20:43	<DIR>	d--------	C:\Program Files\Common Files\Hewlett-Packard2008-05-11 20:42 . 2006-01-04 11:12	77,824	-ra------	C:\WINDOWS\system32\HPZIDS01.dll2008-05-11 20:42 . 2006-04-13 02:04	49,664	-ra------	C:\WINDOWS\system32\drivers\HPZid412.sys2008-05-11 20:42 . 2006-04-10 14:03	38,400	--a------	C:\WINDOWS\system32\hpz3l054.dll2008-05-11 20:42 . 2006-04-13 02:04	16,496	-ra------	C:\WINDOWS\system32\drivers\HPZipr12.sys2008-05-11 20:42 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys2008-05-11 20:41 . 1998-10-29 16:45	306,688	--a------	C:\WINDOWS\IsUninst.exe2008-05-11 20:41 . 2006-03-03 21:03	282,680	--a------	C:\WINDOWS\system32\HPZidr12.dll2008-05-11 20:41 . 2006-03-03 21:02	204,800	--a------	C:\WINDOWS\system32\HPZipr12.dll2008-05-11 20:41 . 2006-03-03 21:02	94,208	--a------	C:\WINDOWS\system32\HPZipt12.dll2008-05-11 20:41 . 2006-03-03 21:03	69,632	--a------	C:\WINDOWS\system32\HPZipm12.exe2008-05-11 20:41 . 2006-03-03 21:03	65,536	--a------	C:\WINDOWS\system32\HPZinw12.exe2008-05-11 20:41 . 2006-03-03 21:02	57,344	--a------	C:\WINDOWS\system32\HPZisn12.dll2008-05-11 20:39 . 2008-05-11 20:39	<DIR>	d--------	C:\Program Files\HP2008-05-11 20:39 . 2004-08-03 23:01	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys2008-05-11 20:38 . 2008-05-11 20:50	120,003	--a------	C:\WINDOWS\hpoins11.dat2008-05-11 20:38 . 2004-08-03 23:08	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-05-11 18:58 . 2008-05-11 18:58	<DIR>	d--------	C:\Documents and Settings\Administrator\Gadu-Gadu2008-05-11 18:58 . 2008-05-11 18:58	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu2008-05-11 18:54 . 2008-05-12 20:47	169	--a------	C:\WINDOWS\RtlRack.ini2008-05-11 18:40 . 2008-05-11 18:40	<DIR>	d--------	C:\Program Files\Realtek Sound Manager2008-05-11 18:40 . 2008-05-12 20:40	<DIR>	d--------	C:\Program Files\AvRack2008-05-11 18:40 . 2004-11-17 10:11	9,319,936	---------	C:\WINDOWS\system32\RTLCPL.exe2008-05-11 18:40 . 2008-01-24 16:36	4,127,488	-ra------	C:\WINDOWS\system32\drivers\alcxwdm.sys2008-05-11 18:40 . 2004-11-05 10:29	208,896	---------	C:\WINDOWS\alcupd.exe2008-05-11 18:40 . 2002-02-05 07:54	141,016	---------	C:\WINDOWS\system32\alsndmgr.wav2008-05-11 18:40 . 2004-09-01 14:04	139,264	---------	C:\WINDOWS\alcrmv.exe2008-05-11 18:33 . 2004-08-04 00:44	77,312	--a------	C:\WINDOWS\system32\usbui.dll2008-05-11 18:33 . 2004-08-04 00:35	58,624	--a------	C:\WINDOWS\system32\drivers\redbook.sys2008-05-11 18:33 . 2001-08-17 22:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys2008-05-11 18:33 . 2001-08-17 22:59	3,072	--a------	C:\WINDOWS\system32\drivers\audstub.sys2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Ustawienia lokalne2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--------	C:\Documents and Settings\Default User\Ulubione2008-05-11 18:32 . 2008-05-11 17:37	<DIR>	d--h-----	C:\Documents and Settings\Default User\Szablony2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--------	C:\Documents and Settings\Default User\Pulpit2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--------	C:\Documents and Settings\Default User\Moje dokumenty2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	dr-------	C:\Documents and Settings\Default User\Menu Start2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--------	C:\Documents and Settings\All Users\Ulubione2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--h-----	C:\Documents and Settings\All Users\Szablony2008-05-11 18:32 . 2008-05-25 16:13	<DIR>	d--------	C:\Documents and Settings\All Users\Pulpit2008-05-11 18:32 . 2008-05-12 20:11	<DIR>	dr-------	C:\Documents and Settings\All Users\Menu Start2008-05-11 18:32 . 2008-05-12 21:56	<DIR>	dr-------	C:\Documents and Settings\All Users\Dokumenty2008-05-11 18:31 . 2008-05-12 20:55	<DIR>	d--------	C:\WINDOWS\system32\RTCOM2008-05-11 18:31 . 2008-05-12 20:55	<DIR>	d--------	C:\Program Files\Realtek2008-05-11 18:31 . 2008-05-11 18:32	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Dane aplikacji2008-05-11 18:31 . 2008-05-16 18:17	<DIR>	dr-h-----	C:\Documents and Settings\All Users\Dane aplikacji2008-05-11 18:30 . 2008-05-11 18:30	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE2008-05-11 18:30 . 2008-05-11 18:30	<DIR>	d--------	C:\Program Files\DIFX2008-05-11 18:30 . 2006-06-18 23:51	43,520	--a------	C:\WINDOWS\system32\drivers\AmdK8.sys2008-05-11 18:26 . 2008-05-11 18:26	0	--a------	C:\WINDOWS\nsreg.dat2008-05-11 18:25 . 2008-05-11 18:25	<DIR>	d--------	C:\Program Files\Winamp2008-05-11 18:21 . 2008-05-11 18:21	<DIR>	d---s----	C:\Documents and Settings\Administrator\UserData2008-05-11 18:05 . 2008-05-11 18:05	<DIR>	d--------	C:\Program Files\D-Link AirPlus2008-05-11 18:02 . 2008-05-11 18:02	<DIR>	d--------	C:\Program Files\Common Files\ATI Technologies.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-19 14:24	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-05-11 16:29	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-05-11 15:59	---------	d-----w	C:\Program Files\ATI Technologies2008-05-11 15:40	---------	d-----w	C:\Program Files\microsoft frontpage2008-05-11 15:37	---------	d-----w	C:\Program Files\Usługi online2008-03-29 06:21	2,873,856	----a-w	C:\WINDOWS\system32\drivers\ati2mtag.sys2008-03-29 03:18	49,152	----a-w	C:\WINDOWS\system32\drivers\ati2erec.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20E9C64D-F33C-4976-BAF8-4791A65BAA2F}]2006-01-01 23:27	275968	--a------	C:\WINDOWS\system32\vtUlJcaX.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="D:\Programy\Winamp\winampa.exe" [2007-05-15 00:22 35328]"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 05:49 16269312 C:\WINDOWS\RTHDCPL.exe]"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]"nwiz"="nwiz.exe" [2006-10-31 08:35 1622016 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-25 15:48 949376][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-13 20:34:30 113664]D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2008-05-11 18:05:13 262144][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxofgdb]byXOfgdb.dll 2006-01-01 23:22 37376 C:\WINDOWS\system32\byXOfgdb.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.ac3filter"= ac3filter.acm"msacm.divxa32"= msaud32_divx.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Photosmart Premier - Szybkie uruchomienie.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnkbackup=C:\WINDOWS\pss\HP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Programy\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-25 17:45:01Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\English.bin 21914 bytesC:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\SimChin.bin 16408 bytesscan completed successfullyhidden files: 2**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]"ImagePath"="\??\D:\Programy\Lavalys\EVEREST Home Edition\kerneld.wnt".--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\lsass.exe-> C:\Program Files\Eset\pr_imon.dll.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\system32\ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exe.**************************************************************************.Completion time: 2008-05-25 17:46:44 - machine was rebootedComboFix-quarantined-files.txt  2008-05-25 15:46:27Pre-Run: 10,532,675,584 bajtów wolnychPost-Run: 11,228,823,552 bajt˘w wolnych244

SilentRunners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"WinampAgent" = "D:\Programy\Winamp\winampa.exe" [null data]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20E9C64D-F33C-4976-BAF8-4791A65BAA2F}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\vtUlJcaX.dll" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"  -> {HKLM...CLSID} = "Haali Column Provider"				   \InProcServer32\(Default) = "C:\Program Files\Codec\Haali\mmfinfo.dll" [null data]"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"  -> {HKLM...CLSID} = "Haali Matroska Shell Property Page"				   \InProcServer32\(Default) = "C:\Program Files\Codec\Haali\mmfinfo.dll" [null data]"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor"  -> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"				   \InProcServer32\(Default) = "C:\Program Files\Codec\Haali\mmfinfo.dll" [null data]"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]<<!>> byxofgdb\DLLName = "byXOfgdb.dll" [file not found]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0561ec90-ce54-4f0c-9c55-e226110a740c}\(Default) = "Haali Column Provider"  -> {HKLM...CLSID} = "Haali Column Provider"				   \InProcServer32\(Default) = "C:\Program Files\Codec\Haali\mmfinfo.dll" [null data]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BridgeCS3ImportMediaOnArrival\"Provider" = "Adobe Bridge CS3""InvokeProgID" = "Adobe.adobebridge""InvokeVerb" = "launch"HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "D:\Programy\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]gomplaydvdonarrival\"Provider" = "GOM Player""InvokeProgID" = "GomPlayer.DVD""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""D:\Programy\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]gomplaymediaonarrival\"Provider" = "GOM Player""InvokeProgID" = "GomPlayer.MediaFile""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""D:\Programy\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\droptarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = "D:\Programy\GRETECH\GOMPLA~1\GOM.exe" ["Gretech Corp."]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "D:\Programy\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]Startup items in "Administrator" & "All Users" startup folders:---------------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]"D-Link AirPlus" -> shortcut to: "C:\Program Files\D-Link AirPlus\AirPlus.exe" ["D-Link"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 21%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]PCL hpz3l054\Driver = "hpz3l054.dll" ["Hewlett-Packard Company"]---------- (launch time: 2008-05-25 17:47:42)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 26 seconds, including 7 seconds for message boxes)

Mateusz J.
komentarz
komentarz

Do notatnika wklej:

File::C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\English.binC:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\SimChin.binC:\WINDOWS\system32\uxnsrbqi.exeC:\WINDOWS\system32\tlibvuvt.exeC:\WINDOWS\system32\hlcxihbh.exeC:\WINDOWS\system32\lvgokhkr.exeC:\WINDOWS\system32\kwkvfyri.exeC:\WINDOWS\system32\ocvaoyej.dllC:\WINDOWS\system32\dbppmwmm.exeC:\WINDOWS\system32\gnxlkrne.exeC:\WINDOWS\system32\mojyxkuv.dllC:\WINDOWS\system32\bvaurnmx.dllC:\WINDOWS\system32\vtUlJcaX.dllC:\WINDOWS\system32\byXOfgdb.dllRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20E9C64D-F33C-4976-BAF8-4791A65BAA2F}][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxofgdb]

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

O2 - BHO: (no name) - {20E9C64D-F33C-4976-BAF8-4791A65BAA2F} - C:\WINDOWS\system32\vtUlJcaX.dllO20 - Winlogon Notify: byxofgdb - byXOfgdb.dll (file missing)O23 - Service: Amsosd - Eset - (no file)

Fix w Hjt

skibenz
komentarz
komentarz

Nowy log

ComboFix 08-05-24.1 - Administrator 2008-05-25 18:12:57.2 - NTFSx86 MINIMALMicrosoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1723 [GMT 2:00]Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\English.binC:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\SimChin.binC:\WINDOWS\system32\bvaurnmx.dllC:\WINDOWS\system32\byXOfgdb.dllC:\WINDOWS\system32\dbppmwmm.exeC:\WINDOWS\system32\gnxlkrne.exeC:\WINDOWS\system32\hlcxihbh.exeC:\WINDOWS\system32\kwkvfyri.exeC:\WINDOWS\system32\lvgokhkr.exeC:\WINDOWS\system32\mojyxkuv.dllC:\WINDOWS\system32\ocvaoyej.dllC:\WINDOWS\system32\tlibvuvt.exeC:\WINDOWS\system32\uxnsrbqi.exeC:\WINDOWS\system32\vtUlJcaX.dll.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\host.exeC:\WINDOWS\system32\bvaurnmx.dllC:\WINDOWS\system32\dbppmwmm.exeC:\WINDOWS\system32\gnxlkrne.exeC:\WINDOWS\system32\hlcxihbh.exeC:\WINDOWS\system32\kwkvfyri.exeC:\WINDOWS\system32\lvgokhkr.exeC:\WINDOWS\system32\mojyxkuv.dllC:\WINDOWS\system32\ocvaoyej.dllC:\WINDOWS\system32\rvdkktaf.dllC:\WINDOWS\system32\tlibvuvt.exeC:\WINDOWS\system32\uxnsrbqi.exeD:\host.exe.(((((((((((((((((((((((((   Files Created from 2008-04-25 to 2008-05-25  ))))))))))))))))))))))))))))))).2008-05-25 16:26 . 2008-05-25 16:27	<DIR>	d--------	C:\Program Files\IrfanView2008-05-25 15:49 . 2008-05-25 15:48	512,096	--a------	C:\WINDOWS\system32\drivers\amon.sys2008-05-25 15:49 . 2008-05-25 15:48	298,104	--a------	C:\WINDOWS\system32\imon.dll2008-05-25 15:49 . 2008-05-25 15:48	15,424	--a------	C:\WINDOWS\system32\drivers\nod32drv.sys2008-05-25 15:48 . 2008-05-25 16:41	<DIR>	d--------	C:\Program Files\ESET2008-05-24 15:07 . 2008-05-24 15:07	<DIR>	d--------	C:\Program Files\Trend Micro2008-05-23 14:47 . 2008-05-23 14:47	<DIR>	d--------	C:\Program Files\Opera2008-05-21 23:33 . 2008-05-21 23:33	<DIR>	d--------	C:\Program Files\Real Alternative2008-05-21 23:33 . 2008-05-21 23:33	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic2008-05-21 23:29 . 2008-05-21 23:29	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\GRETECH2008-05-21 23:29 . 2008-05-21 23:29	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\GRETECH2008-05-21 23:25 . 2008-05-21 23:25	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DivX2008-05-21 23:24 . 2008-05-21 23:24	<DIR>	d--------	C:\Program Files\Codec2008-05-21 22:51 . 2008-05-21 22:51	<DIR>	d--------	C:\Program Files\GRETECH2008-05-20 15:44 . 2008-05-20 15:44	62,895	--a------	C:\FT_Splash.img2008-05-20 15:38 . 2008-05-20 15:38	<DIR>	d--------	C:\Program Files\Common Files\France Telecom2008-05-16 18:19 . 2008-05-16 18:19	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft2008-05-16 18:17 . 2008-05-16 18:17	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft2008-05-16 18:01 . 2008-05-16 18:01	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield2008-05-14 16:12 . 2008-05-14 16:12	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-05-14 15:38 . 2008-05-14 15:38	<DIR>	d--------	C:\Program Files\Common Files\Blizzard Entertainment2008-05-13 20:34 . 2008-05-13 20:34	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared2008-05-13 20:34 . 2008-05-13 20:34	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Macrovision2008-05-13 15:13 . 2008-05-13 15:13	0	--a------	C:\WINDOWS\ativpsrm.bin2008-05-12 22:08 . 2008-05-12 22:08	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet2008-05-12 21:55 . 2008-05-12 21:55	<DIR>	d--------	C:\Program Files\Bonjour2008-05-12 21:50 . 2008-05-12 21:50	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared2008-05-12 21:10 . 2008-05-12 21:10	<DIR>	d--------	C:\ATI2008-05-12 20:59 . 2008-05-12 20:59	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav2008-05-12 20:59 . 2008-05-12 20:59	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav2008-05-12 20:55 . 2005-05-03 04:43	69,632	-r-------	C:\WINDOWS\Alcmtr.exe2008-05-12 20:45 . 2008-05-12 20:45	<DIR>	d--------	C:\WINDOWS\system32\Lang2008-05-12 20:39 . 2001-07-05 18:19	164	---------	C:\WINDOWS\avrack.ini2008-05-12 20:28 . 2008-05-12 20:28	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start2008-05-12 20:10 . 2008-05-12 20:10	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-05-12 20:09 . 2004-11-18 10:42	22,752	--a------	C:\WINDOWS\system32\spupdsvc.exe2008-05-12 20:09 . 2004-07-17 11:40	19,528	--a------	C:\WINDOWS\[u]0[/u]02302_.tmp2008-05-12 20:08 . 2008-05-12 20:11	<DIR>	d--------	C:\WINDOWS\EHome2008-05-12 20:05 . 2008-05-13 20:34	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-05-11 22:11 . 2008-05-11 22:11	<DIR>	d--------	C:\Program Files\Realtek AC972008-05-11 21:45 . 2008-05-11 21:45	1,231	--a------	C:\WINDOWS\mozver.dat2008-05-11 20:47 . 2008-05-11 20:47	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\HP2008-05-11 20:45 . 2008-05-11 20:45	<DIR>	d--------	C:\Program Files\Common Files\Sonic Shared2008-05-11 20:45 . 2008-05-11 20:45	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Sonic2008-05-11 20:44 . 2008-05-11 20:45	<DIR>	d--------	C:\Program Files\Common Files\HP2008-05-11 20:43 . 2008-05-11 20:43	<DIR>	d--------	C:\Program Files\Common Files\Hewlett-Packard2008-05-11 20:42 . 2006-01-04 11:12	77,824	-ra------	C:\WINDOWS\system32\HPZIDS01.dll2008-05-11 20:42 . 2006-04-13 02:04	49,664	-ra------	C:\WINDOWS\system32\drivers\HPZid412.sys2008-05-11 20:42 . 2006-04-10 14:03	38,400	--a------	C:\WINDOWS\system32\hpz3l054.dll2008-05-11 20:42 . 2006-04-13 02:04	16,496	-ra------	C:\WINDOWS\system32\drivers\HPZipr12.sys2008-05-11 20:42 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys2008-05-11 20:41 . 1998-10-29 16:45	306,688	--a------	C:\WINDOWS\IsUninst.exe2008-05-11 20:41 . 2006-03-03 21:03	282,680	--a------	C:\WINDOWS\system32\HPZidr12.dll2008-05-11 20:41 . 2006-03-03 21:02	204,800	--a------	C:\WINDOWS\system32\HPZipr12.dll2008-05-11 20:41 . 2006-03-03 21:02	94,208	--a------	C:\WINDOWS\system32\HPZipt12.dll2008-05-11 20:41 . 2006-03-03 21:03	69,632	--a------	C:\WINDOWS\system32\HPZipm12.exe2008-05-11 20:41 . 2006-03-03 21:03	65,536	--a------	C:\WINDOWS\system32\HPZinw12.exe2008-05-11 20:41 . 2006-03-03 21:02	57,344	--a------	C:\WINDOWS\system32\HPZisn12.dll2008-05-11 20:39 . 2008-05-11 20:39	<DIR>	d--------	C:\Program Files\HP2008-05-11 20:39 . 2004-08-03 23:01	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys2008-05-11 20:38 . 2008-05-11 20:50	120,003	--a------	C:\WINDOWS\hpoins11.dat2008-05-11 20:38 . 2004-08-03 23:08	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-05-11 18:58 . 2008-05-11 18:58	<DIR>	d--------	C:\Documents and Settings\Administrator\Gadu-Gadu2008-05-11 18:58 . 2008-05-11 18:58	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu2008-05-11 18:54 . 2008-05-12 20:47	169	--a------	C:\WINDOWS\RtlRack.ini2008-05-11 18:40 . 2008-05-11 18:40	<DIR>	d--------	C:\Program Files\Realtek Sound Manager2008-05-11 18:40 . 2008-05-12 20:40	<DIR>	d--------	C:\Program Files\AvRack2008-05-11 18:40 . 2004-11-17 10:11	9,319,936	---------	C:\WINDOWS\system32\RTLCPL.exe2008-05-11 18:40 . 2008-01-24 16:36	4,127,488	-ra------	C:\WINDOWS\system32\drivers\alcxwdm.sys2008-05-11 18:40 . 2004-11-05 10:29	208,896	---------	C:\WINDOWS\alcupd.exe2008-05-11 18:40 . 2002-02-05 07:54	141,016	---------	C:\WINDOWS\system32\alsndmgr.wav2008-05-11 18:40 . 2004-09-01 14:04	139,264	---------	C:\WINDOWS\alcrmv.exe2008-05-11 18:33 . 2004-08-04 00:44	77,312	--a------	C:\WINDOWS\system32\usbui.dll2008-05-11 18:33 . 2004-08-04 00:35	58,624	--a------	C:\WINDOWS\system32\drivers\redbook.sys2008-05-11 18:33 . 2001-08-17 22:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys2008-05-11 18:33 . 2001-08-17 22:59	3,072	--a------	C:\WINDOWS\system32\drivers\audstub.sys2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Ustawienia lokalne2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--------	C:\Documents and Settings\Default User\Ulubione2008-05-11 18:32 . 2008-05-11 17:37	<DIR>	d--h-----	C:\Documents and Settings\Default User\Szablony2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--------	C:\Documents and Settings\Default User\Pulpit2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--------	C:\Documents and Settings\Default User\Moje dokumenty2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	dr-------	C:\Documents and Settings\Default User\Menu Start2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--------	C:\Documents and Settings\All Users\Ulubione2008-05-11 18:32 . 2008-05-11 18:32	<DIR>	d--h-----	C:\Documents and Settings\All Users\Szablony2008-05-11 18:32 . 2008-05-25 16:13	<DIR>	d--------	C:\Documents and Settings\All Users\Pulpit2008-05-11 18:32 . 2008-05-12 20:11	<DIR>	dr-------	C:\Documents and Settings\All Users\Menu Start2008-05-11 18:32 . 2008-05-12 21:56	<DIR>	dr-------	C:\Documents and Settings\All Users\Dokumenty2008-05-11 18:31 . 2008-05-12 20:55	<DIR>	d--------	C:\WINDOWS\system32\RTCOM2008-05-11 18:31 . 2008-05-12 20:55	<DIR>	d--------	C:\Program Files\Realtek2008-05-11 18:31 . 2008-05-11 18:32	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Dane aplikacji2008-05-11 18:31 . 2008-05-16 18:17	<DIR>	dr-h-----	C:\Documents and Settings\All Users\Dane aplikacji2008-05-11 18:30 . 2008-05-11 18:30	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE2008-05-11 18:30 . 2008-05-11 18:30	<DIR>	d--------	C:\Program Files\DIFX2008-05-11 18:30 . 2006-06-18 23:51	43,520	--a------	C:\WINDOWS\system32\drivers\AmdK8.sys2008-05-11 18:26 . 2008-05-11 18:26	0	--a------	C:\WINDOWS\nsreg.dat2008-05-11 18:25 . 2008-05-11 18:25	<DIR>	d--------	C:\Program Files\Winamp2008-05-11 18:21 . 2008-05-11 18:21	<DIR>	d---s----	C:\Documents and Settings\Administrator\UserData2008-05-11 18:05 . 2008-05-11 18:05	<DIR>	d--------	C:\Program Files\D-Link AirPlus2008-05-11 18:02 . 2008-05-11 18:02	<DIR>	d--------	C:\Program Files\Common Files\ATI Technologies.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-25 13:51	16,768	----a-w	C:\WINDOWS\system32\tcpip_patcher.sys2008-05-19 14:24	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-05-11 16:29	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-05-11 15:59	---------	d-----w	C:\Program Files\ATI Technologies2008-05-11 15:40	558,142	----a-w	C:\WINDOWS\java\Packages\UETJNJZ9.ZIP2008-05-11 15:40	155,995	----a-w	C:\WINDOWS\java\Packages\4O9ZJZ1B.ZIP2008-05-11 15:40	---------	d-----w	C:\Program Files\microsoft frontpage2008-05-11 15:37	---------	d-----w	C:\Program Files\Usługi online2008-04-27 08:35	180,224	----a-w	C:\WINDOWS\system32\xvidvfw.dll2008-04-27 08:33	765,952	----a-w	C:\WINDOWS\system32\xvidcore.dll2008-03-29 06:21	2,873,856	----a-w	C:\WINDOWS\system32\drivers\ati2mtag.sys2008-03-29 05:19	9,801,728	----a-w	C:\WINDOWS\system32\atioglx2.dll2008-03-29 04:40	167,936	----a-w	C:\WINDOWS\system32\atiok3x2.dll2008-03-29 04:05	372,736	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll2008-03-29 04:04	299,008	----a-w	C:\WINDOWS\system32\ati2dvag.dll2008-03-29 03:56	172,032	----a-w	C:\WINDOWS\system32\atipdlxx.dll2008-03-29 03:56	126,976	----a-w	C:\WINDOWS\system32\Oemdspif.dll2008-03-29 03:55	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll2008-03-29 03:55	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe2008-03-29 03:55	126,976	----a-w	C:\WINDOWS\system32\ati2evxx.dll2008-03-29 03:54	536,576	----a-w	C:\WINDOWS\system32\ati2evxx.exe2008-03-29 03:52	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL2008-03-29 03:43	3,176,480	----a-w	C:\WINDOWS\system32\ati3duag.dll2008-03-29 03:39	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll2008-03-29 03:36	1,765,120	----a-w	C:\WINDOWS\system32\ativvaxx.dll2008-03-29 03:24	46,080	----a-w	C:\WINDOWS\system32\amdpcom32.dll2008-03-29 03:23	5,439,488	----a-w	C:\WINDOWS\system32\atioglxx.dll2008-03-29 03:21	393,216	----a-w	C:\WINDOWS\system32\atikvmag.dll2008-03-29 03:19	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll2008-03-29 03:18	49,152	----a-w	C:\WINDOWS\system32\drivers\ati2erec.dll2008-03-29 03:12	520,192	----a-w	C:\WINDOWS\system32\ati2cqag.dll2008-03-28 19:05	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe2008-03-21 19:30	524,288	----a-w	C:\WINDOWS\system32\divxsm.exe2008-03-21 19:30	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll2008-03-21 19:28	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll2008-03-21 19:28	682,496	----a-w	C:\WINDOWS\system32\divx.dll.(((((((((((((((((((((((((((((   snapshot@2008-05-25_17.46.19.07   ))))))))))))))))))))))))))))))))))))))))).- 2008-05-25 15:44:30	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-05-25 16:12:19	2,048	--s-a-w	C:\WINDOWS\bootstat.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="D:\Programy\Winamp\winampa.exe" [2007-05-15 00:22 35328]"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 05:49 16269312 C:\WINDOWS\RTHDCPL.exe]"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]"nwiz"="nwiz.exe" [2006-10-31 08:35 1622016 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-25 15:48 949376][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-13 20:34:30 113664]D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2008-05-11 18:05:13 262144][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.ac3filter"= ac3filter.acm"msacm.divxa32"= msaud32_divx.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Photosmart Premier - Szybkie uruchomienie.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnkbackup=C:\WINDOWS\pss\HP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Programy\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]*Newly Created Service* - CATCHME.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-25 18:14:02Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]"ImagePath"="\??\D:\Programy\Lavalys\EVEREST Home Edition\kerneld.wnt".Completion time: 2008-05-25 18:14:29ComboFix-quarantined-files.txt  2008-05-25 16:14:23ComboFix2.txt  2008-05-25 15:46:45Pre-Run: 11,235,815,424 bajtów wolnychPost-Run: 11,223,752,704 bajtów wolnych240
Mateusz J.
komentarz
komentarz

Log wygląda na ok :)

Dalej jakiś problem?

skibenz
komentarz
komentarz

Dzięki bardzo, narazie jest wszyściutko ok :)

+

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.