CentrumXP Forum Tematyka portalu CentrumXP.pl Windows XP Mam skorumpowany komp pomocy mordunku kradziejowaty system zasobow

Mam skorumpowany komp pomocy mordunku kradziejowaty system zasobow

Jest to moj pierwszy post wiec bez ouforji i brawury

 po scanowaniu antu wirusem komp w trybie normalnej pracy wlacza sie do polpitu windwos  pochodzi pol minuty mone i zwis "blad strony kodowej "  nie typowy blue scren 2 sprawa po uzywaniu kompa na tej samej instalce tydzien nagle  podczas wlaczania pyta o podanie konta (login i haslo  niewiadomo z kad pytanko czy da sie to jakos przywrucic do wlaczenia jak po instalce kilku uzytkownikow bez zadnych chasel   i jeszcze jednen problem  link do norto gohs 10 pl full pl poszukuje najlepsze wydaje mi sie na zagadnienia naglych arytmi windowsa i czystego stabilnego systemu

 

Komp ma potecjial  ma kilka miechow a cuda sie dzieja  zamieszczam logi z  HijackThis   Silent Runners  i  Combofix    i pytanie czemu mam po kilka np svchostow odpalonych co mozna i jak wywalic z samej pamieci   co robi services i svchost jak to .........

i po za tym  moje pytanie poszujeje proga ktory przeskanuje wyczysci upozadkuje rejestr XP   z czego jeszcze odchudzic mozna jeszcze XP lub podkrecic


a wiec pokolei           HijackThis  :


Logfile of HijackThis v1.99.1
Scan saved at 21:34:50, on 2006-12-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\Explorer.EXE
E:\dysk C\C\C dysk\10 25\Gadu-Gadu\gg.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
E:\dysk C\totalcmd\TOTALCMD.EXE
E:\dysk C\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\nazedzia\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\dysk C\C\C dysk\10 25\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BlockAds] "AdBlocker.exe"
O4 - HKCU\..\Run: [ball draw] C:\DOCUME~1\Jeden\DANEAP~1\BONEBI~1\Error Mpeg Amok.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: NetLimiter (nlsvc) - Unknown owner - -"C:\Program Files\NetLimiter 2 Pro\nlsvc.exe (file missing)

nastepny log z Silent Runners :

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""E:\dysk C\C\C dysk\10 25\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]
"BlockAds" = ""AdBlocker.exe"" [file not found]
"ball draw" = "C:\DOCUME~1\Jeden\DANEAP~1\BONEBI~1\Error Mpeg Amok.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"isamonitor.exe" = "-C:\Program Files\Video ActiveX Object\isamonitor.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\001\ {++}
"bfurunonceex" = "||C:\fixwareout\SUB\BFU.exe C:\fixwareout\SUB\XP-2K2.bfu" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\002\ {++}
"bfurunonceex" = "||C:\fixwareout\SUB\BFU.exe C:\fixwareout\SUB\XP-2K2.bfu" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                   \InProcServer32\(Default) = "-C:\Program Files\iTunes\iTunesMiniPlayer.dll" [file not found]
"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
  -> {HKLM...CLSID} = "JetFlExt"
                   \InProcServer32\(Default) = "-C:\Program Files\JetAudio\JetFlExt.dll" [file not found]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                   \InProcServer32\(Default) = "-C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                   \InProcServer32\(Default) = "-C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "-C:\Program Files\7-Zip\7-zip.dll" [file not found]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
  -> {HKLM...CLSID} = "Panda Antivirus"
                   \InProcServer32\(Default) = "-C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL" [file not found]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
  -> {HKLM...CLSID} = "SimpleShlExt Class"
                   \InProcServer32\(Default) = "-C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> avldr\DLLName = "avldr.dll" ["Panda Software"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "-C:\Program Files\7-Zip\7-zip.dll" [file not found]
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
  -> {HKLM...CLSID} = "Panda Antivirus"
                   \InProcServer32\(Default) = "-C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL" [file not found]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "-C:\Program Files\7-Zip\7-zip.dll" [file not found]
jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
  -> {HKLM...CLSID} = "JetFlExt"
                   \InProcServer32\(Default) = "-C:\Program Files\JetAudio\JetFlExt.dll" [file not found]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
  -> {HKLM...CLSID} = "JetFlExt"
                   \InProcServer32\(Default) = "-C:\Program Files\JetAudio\JetFlExt.dll" [file not found]
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
  -> {HKLM...CLSID} = "Panda Antivirus"
                   \InProcServer32\(Default) = "-C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL" [file not found]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"AF754A9E905EFAC2" -> launches: "c:\docume~1\jeden\daneap~1\bonebi~1\filebodyclose.exe" [null data]
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Panda Software\Panda Antivirus 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 24
%SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
  -> {HKLM...CLSID} = "Megaupload Toolbar"
                   \InProcServer32\(Default) = "-C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

NetLimiter, nlsvc, "-"C:\Program Files\NetLimiter 2 Pro\nlsvc.exe"" [file not found]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 25 seconds, including 8 seconds for message boxes)


ostni log  z  Combofix  :


Jeden - 06-12-28 21:32:41,03    Dodatek Service Pack 2
ComboFix 06.11.27 - Running from: "C:\nazedzia"

(((((((((((((((((((((((((((((((   Files Created from 2006-11-28 to 2006-12-28  ))))))))))))))))))))))))))))))))))
 
 
2006-12-28   21:28   <DIR>   d--------   C:\nazedzia
2006-12-28   20:48   <DIR>   d--------   C:\fixwareout
2006-12-28   19:45   737,280   --a------   C:\WINDOWS\iun6002.exe
2006-12-28   19:45   <DIR>   d--------   C:\Program Files\Tweak-XP Pro 4
2006-12-28   19:03   <DIR>   d--------   C:\Program Files\RegCleaner
2006-12-28   13:18   <DIR>   d--------   C:\WINDOWS\LastGood
2006-12-28   00:44   <DIR>   d--------   C:\Program Files\UberSoldier
2006-12-27   16:30   <DIR>   d--------   C:\Program Files\DreamCatcher
2006-12-26   22:55   <DIR>   d--------   C:\Program Files\Alcohol Soft
2006-12-26   17:02   <DIR>   d--hs----   C:\Config.Msi
2006-12-26   16:59   <DIR>   d--------   C:\ATI
2006-12-25   15:43   <DIR>   d--------   C:\Pliki FD
2006-12-24   12:48   <DIR>   d--------   C:\4 xxx
2006-12-23   23:59   <DIR>   d--------   C:\Program Files\Matroska Pack
2006-12-23   23:34   <DIR>   d--------   C:\Program Files\VirtualDubMod
2006-12-23   14:58   <DIR>   d--------   C:\Program Files\DOSBox-0.63
2006-12-23   00:56   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2006-12-23   00:56   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2006-12-23   00:56   <DIR>   d--------   C:\WINDOWS\system32\PreInstall
2006-12-23   00:27   <DIR>   d--------   C:\5 mooor
2006-12-22   22:46   <DIR>   d--------   C:\WINDOWS\system32\SoftwareDistribution
2006-12-22   11:45   <DIR>   d--------   C:\Program Files\netcut
2006-12-22   11:30   <DIR>   d--------   C:\9 HijackThis
2006-12-21   18:35   <DIR>   d--------   C:\Program Files\MKS
2006-12-21   16:03   5,632   --a------   C:\WINDOWS\system32\pfdnnt.exe
2006-12-21   15:33   46,592   --a------   C:\WINDOWS\system32\zlbw.dll
2006-12-21   15:33   38,912   --a------   C:\WINDOWS\system32\aspi2176512.exe
2006-12-21   15:32   6,239   --a------   C:\WINDOWS\system32\F0jmnJ4.exe
2006-12-21   15:31   6,239   --a------   C:\WINDOWS\system32\se.exe
2006-12-21   15:31   18,015   --a------   C:\WINDOWS\system32\w.exe
2006-12-21   15:31   18,015   ---h-----   C:\WINDOWS\system32\syspools.exe
2006-12-21   15:31   128,607   --a------   C:\WINDOWS\system32\ss.exe
2006-12-21   15:28   54,367   --a------   C:\WINDOWS\system32\google.png.exe
2006-12-21   15:28   3,584   --a------   C:\WINDOWS\system32\msasvc.exe
2006-12-21   15:27   <DIR>   d--------   C:\WINDOWS\trace
2006-12-21   15:27   <DIR>   d--------   C:\WINDOWS\gui
2006-12-21   15:26   30,208   --a------   C:\WINDOWS\system32\rpcc.dll
2006-12-21   15:24   8,338   --a------   C:\WINDOWS\system32\vxg6ame4.exe
2006-12-21   15:19   6,239   --a------   C:\WINDOWS\system32\vxg4am1et2.exe
2006-12-21   15:13   3,264   --a------   C:\WINDOWS\system32\vxga5me3.exe
2006-12-21   15:13   29,279   --a------   C:\WINDOWS\system32\vxga4m1et4.exe
2006-12-21   15:11   16,896   --a------   C:\WINDOWS\system32\vxga4me1.exe
2006-12-21   15:03   12,288   --a------   C:\WINDOWS\system32\kernels88.exe
2006-12-20   23:55   <DIR>   d--------   C:\Program Files\NetLimiter 2 Pro
2006-12-20   23:25   7,168   --a------   C:\WINDOWS\system32\drivers\winlogon.exe
2006-12-20   23:16   <DIR>   d--------   C:\Program Files\bone bits peak
2006-12-20   23:10   <DIR>   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\Locktime
2006-12-20   23:10   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Locktime
2006-12-20   22:17   <DIR>   d--------   C:\Program Files\megui
2006-12-18   23:37   <DIR>   d--------   C:\fd
2006-12-18   19:13   <DIR>   d--------   C:\Program Files\Wolfenstein - Enemy Territory
2006-12-18   16:12   <DIR>   d--------   C:\Program Files\Ashampoo
2006-12-18   16:08   <DIR>   d--------   C:\PCWK - kopie program˘w
2006-12-17   13:41   <DIR>   d--------   C:\Program Files\DU Meter
2006-12-17   13:36   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies
2006-12-17   11:41   45,056   --a------   C:\WINDOWS\system32\avldr.dll
2006-12-17   11:41   <DIR>   d--------   C:\WINDOWS\system32\PAV
2006-12-17   11:38   <DIR>   d--------   C:\Program Files\Panda Software
2006-12-16   16:59   <DIR>   d--------   C:\Program Files\Heart Of Darkness
2006-12-16   16:47   <DIR>   d--------   C:\Program Files\Ultra RM Converter
2006-12-16   16:46   <DIR>   d--------   C:\Program Files\7-Zip
2006-12-16   12:21   <DIR>   d--------   C:\FastDow
2006-12-16   11:34   <DIR>   d--------   C:\Program Files\XviD
2006-12-16   11:33   765,952   --a------   C:\WINDOWS\system32\xvidcore.dll
2006-12-16   11:33   626,688   --a------   C:\WINDOWS\system32\vp7vfw.dll
2006-12-16   11:33   446,464   --a------   C:\WINDOWS\system32\vp31vfw.dll
2006-12-16   11:33   438,272   --a------   C:\WINDOWS\system32\vp6vfw.dll
2006-12-16   11:33   421,888   --a------   C:\WINDOWS\system32\OpenQuicktimeLib.dll
2006-12-16   11:33   413,760   --a------   C:\WINDOWS\system32\mpg4c32.dll
2006-12-16   11:33   180,224   --a------   C:\WINDOWS\system32\xvidvfw.dll
2006-12-12   14:47   958   --a------   C:\WINDOWS\int02v3.exe
2006-12-11   19:43   <DIR>   d--------   C:\project64
2006-12-11   19:19   <DIR>   d--------   C:\nemu64
2006-12-11   19:00   <DIR>   d--------   C:\k
2006-12-10   23:11   <DIR>   d--------   C:\Program Files\FilmShrink
2006-12-10   16:06   <DIR>   d--------   C:\Program Files\Peer2Mail
2006-12-10   13:26   <DIR>   d--------   C:\Program Files\BitSpirit
2006-12-10   12:34   303,104   --a------   C:\WINDOWS\system32\rmparser.dll
2006-12-10   12:34   1,003,520   --a------   C:\WINDOWS\system32\ltmm_n.dll
2006-12-10   12:33   <DIR>   d--------   C:\Program Files\Mpgdvd
2006-12-10   10:13   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2006-12-10   09:31   <DIR>   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\Lavasoft
2006-12-09   20:19   <DIR>   d--------   C:\kode
2006-12-09   10:08   <DIR>   d--------   C:\Program Files\MoorHuntam0260
2006-12-06   19:21   <DIR>   d--------   C:\8
2006-12-02   17:33   <DIR>   d--------   C:\WINDOWS\system32\languages
2006-12-02   17:33   <DIR>   d--------   C:\WINDOWS\system32\dict
2006-12-02   17:33   <DIR>   d--------   C:\WINDOWS\system32\custom matrices
2006-12-02   17:31   <DIR>   d--------   C:\Program Files\IDAlll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-12-28 13:55   --------   d--------   C:\Program Files\BitComet
2006-12-28 13:55   --------   d--------   C:\Program Files\Azureus
2006-12-26 22:51   639224   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2006-12-26 17:02   --------   d--------   C:\Program Files\ATI Technologies
2006-12-26 16:39   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\foobar2000
2006-12-25 17:36   --------   d--------   C:\Program Files\Apple Software Update
2006-12-24 17:42   --------   d--------   C:\Program Files\Internet Explorer
2006-12-24 17:39   --------   d--------   C:\Program Files\Opera
2006-12-24 11:43   --------   d--------   C:\Program Files\Outlook Express
2006-12-24 11:43   --------   d--------   C:\Program Files\Common Files\System
2006-12-23 23:56   --------   d--------   C:\Program Files\DivX
2006-12-23 22:49   --------   d--------   C:\Program Files\Easy RealMedia Tools
2006-12-23 18:16   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\eSkiMoS R2
2006-12-22 16:43   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\uTorrent
2006-12-22 11:05   34308   --a------   C:\WINDOWS\system32\BASSMOD.dll
2006-12-20 23:23   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\bone bits peak
2006-12-20 19:00   --------   d--------   C:\Program Files\Real Alternative
2006-12-17 11:53   --------   d--------   C:\Program Files\DAEMON Tools
2006-12-17 11:41   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2006-12-16 11:34   --------   d--------   C:\Program Files\K-Lite Codec Pack
2006-12-10 14:35   --------   d--------   C:\Program Files\Spyware Doctor
2006-12-09 10:07   --------   d--------   C:\Program Files\MoorHuntam0240
2006-12-02 16:49   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\Internet Download Accelerator
2006-11-27 15:26   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\Vso
2006-11-26 14:34   --------   d--------   C:\Program Files\MoorHunta
2006-11-26 14:34   --------   d--------   C:\Program Files\MoorHunt2332
2006-11-26 14:23   --------   d--------   C:\Program Files\Cartall
2006-11-26 10:57   81920   --a------   C:\Documents and Settings\Jeden\Dane aplikacji\ezpinst.exe
2006-11-26 10:57   7176   --a------   C:\Documents and Settings\Jeden\Dane aplikacji\pcouffin.cat
2006-11-26 10:57   47360   --a------   C:\WINDOWS\system32\drivers\pcouffin.sys
2006-11-26 10:57   47360   --a------   C:\Documents and Settings\Jeden\Dane aplikacji\pcouffin.sys
2006-11-26 10:57   34   --a------   C:\Documents and Settings\Jeden\Dane aplikacji\pcouffin.log
2006-11-26 10:57   1144   --a------   C:\Documents and Settings\Jeden\Dane aplikacji\pcouffin.inf
2006-11-26 10:57   --------   d--------   C:\Program Files\vso
2006-11-25 18:22   --------   d--------   C:\Program Files\uTorrent
2006-11-25 10:46   --------   d--------   C:\Program Files\Smart Projects
2006-11-25 01:12   81920   --a------   C:\WINDOWS\system32\Packet.dll
2006-11-25 01:12   61440   --a------   C:\WINDOWS\system32\WanPacket.dll
2006-11-25 01:12   53299   --a------   C:\WINDOWS\system32\pthreadVC.dll
2006-11-25 01:12   32512   --a------   C:\WINDOWS\system32\drivers\npf.sys
2006-11-25 01:12   233472   --a------   C:\WINDOWS\system32\wpcap.dll
2006-11-24 23:26   --------   d--------   C:\Program Files\WinSweep
2006-11-24 16:34   --------   d--------   C:\Program Files\CDex_170b2
2006-11-24 15:56   --------   d--------   C:\Program Files\Jam XM
2006-11-22 20:50   --------   d--------   C:\Program Files\Common Files
2006-11-22 20:16   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\PC Tools
2006-11-22 10:52   520192   ---------   C:\WINDOWS\system32\ati2sgag.exe
2006-11-22 04:25   2829824   --a------   C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-22 04:25   261120   --a------   C:\WINDOWS\system32\ati2dvag.dll
2006-11-22 04:20   118784   --a------   C:\WINDOWS\system32\atipdlxx.dll
2006-11-22 04:20   106496   --a------   C:\WINDOWS\system32\Oemdspif.dll
2006-11-22 04:19   90112   --a------   C:\WINDOWS\system32\ati2evxx.dll
2006-11-22 04:19   42496   --a------   C:\WINDOWS\system32\ati2edxx.dll
2006-11-22 04:19   26112   --a------   C:\WINDOWS\system32\Ati2mdxx.exe
2006-11-22 04:18   430080   --a------   C:\WINDOWS\system32\ati2evxx.exe
2006-11-22 04:17   53248   --a------   C:\WINDOWS\system32\ATIDDC.DLL
2006-11-22 04:12   2526688   --a------   C:\WINDOWS\system32\ati3duag.dll
2006-11-22 04:11   5279744   --a------   C:\WINDOWS\system32\atioglxx.dll
2006-11-22 04:08   1090016   --a------   C:\WINDOWS\system32\ativvaxx.dll
2006-11-22 03:57   217088   --a------   C:\WINDOWS\system32\atikvmag.dll
2006-11-22 03:56   17408   --a------   C:\WINDOWS\system32\atitvo32.dll
2006-11-22 03:51   294912   --a------   C:\WINDOWS\system32\ati2cqag.dll
2006-11-22 03:50   6684672   --a------   C:\WINDOWS\system32\atioglx1.dll
2006-11-22 03:49   307200   --a------   C:\WINDOWS\system32\atiiiexx.dll
2006-11-22 03:21   303104   --a------   C:\WINDOWS\system32\ATIDEMGR.dll
2006-11-21 22:14   --------   d--------   C:\Program Files\Media Player Classic
2006-11-21 20:03   --------   d--------   C:\Program Files\winLAME
2006-11-21 19:25   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\MegauploadToolbar
2006-11-21 17:04   --------   d--------   C:\Program Files\MegauploadToolbar
2006-11-19 15:41   --------   d--------   C:\Program Files\RM Converter
2006-11-19 15:15   --------   d--------   C:\Program Files\WinAVIVideoConverter
2006-11-19 13:41   --------   d--------   C:\Program Files\FreeRIP2
2006-11-16 19:12   --------   d--------   C:\Program Files\DIKO
2006-11-16 18:53   --------   d--------   C:\Documents and Settings\Jeden\Dane aplikacji\Ahead
2006-11-16 18:50   --------   d--------   C:\Program Files\MoorHuntam0231
2006-11-13 20:36   --------   d--------   C:\Program Files\Teleport Pro
2006-11-13 18:41   --------   d--------   C:\Program Files\foobar2000
2006-11-11 10:32   --------   d--------   C:\Program Files\MyVideoDaily2
2006-11-11 10:16   --------   d--------   C:\Program Files\Exact Audio Copy
2006-11-08 08:41   581632   --a------   C:\WINDOWS\system32\lame.exe
2006-11-08 08:41   520192   --a------   C:\WINDOWS\system32\lame_enc.dll
2006-11-08 06:07   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-11-05 11:03   --------   d--------   C:\Program Files\Electronic Arts
2006-11-05 10:14   98304   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2006-11-04 11:36   --------   d--------   C:\Program Files\GoD
2006-11-01 12:01   --------   d--------   C:\Program Files\MoorHuntam0220
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Gadu-Gadu"="\"E:\\dysk C\\C\\C dysk\\10 25\\Gadu-Gadu\\gg.exe\" /tray"
"BlockAds"="\"AdBlocker.exe\""
"ball draw"="C:\\DOCUME~1\\Jeden\\DANEAP~1\\BONEBI~1\\Error Mpeg Amok.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WhenUSearch"="\"C:\\Program Files\\WhenUSearch\\Search.exe\""
"WhenUSearchWHSE"="\"C:\\Program Files\\WhenUSearch\\whse.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\001]
"bfurunonceex"="||C:\\fixwareout\\SUB\\BFU.exe C:\\fixwareout\\SUB\\XP-2K2.bfu"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\002]
"bfurunonceex"="||C:\\fixwareout\\SUB\\BFU.exe C:\\fixwareout\\SUB\\XP-2K2.bfu"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:004c4b40

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="-C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ball draw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Error Mpeg Amok"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Jeden\\DANEAP~1\\BONEBI~1\\Error Mpeg Amok.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKS_MENU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mks_menu"
"hkey"="HKLM"
"command"="C:\\Program Files\\MKS\\Bin\\mks_menu.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"D:\\dysk c\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=dword:00000003
"SSScsiSV"=dword:00000003
"SPTISRV"=dword:00000003
"PACSPTISVR"=dword:00000003
"MSCSPTISRV"=dword:00000003
"IDriverT"=dword:00000003
"SDhelper"=dword:00000002
"PSIMSVC"=dword:00000002
"PAVSRV"=dword:00000002
"MsaSvc"=dword:00000002
"ICF"=dword:00000002
"MksVirMonSvc"=dword:00000002
"StarWindService"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AF754A9E905EFAC2.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-28 21:33:13.34
C:\ComboFix.txt ... 06-12-28 21:33
C:\ComboFix2.txt ... 06-12-28 19:18

 

 

 

 

Poczytaj sobie o pisaniu postów, jak dojdziesz do wniosków, to napisz któremuś z moderatorów na PW, a może temat odblokuje. Anathema

Odpowiedzi: 0

zelasko
Dodano:
30.12.2006 01:08:10
Komentarzy:
0
Strona 0 / 0