Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\twifewou
*******************
Script file located at: \??\C:\WINDOWS\system32\pcjlnnlj.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\fidbox.dat deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox2.dat deleted successfully.
Error: C:\WINDOWS\zts2.exe is a folder, not a file!
Deletion of file C:\WINDOWS\zts2.exe failed!
Could not process line:
C:\WINDOWS\zts2.exe
Status: 0xc00000ba
Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!
Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba
Error: C:\WINDOWS\system32\systems.txt is a folder, not a file!
Deletion of file C:\WINDOWS\system32\systems.txt failed!
Could not process line:
C:\WINDOWS\system32\systems.txt
Status: 0xc00000ba
Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!
Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba
Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!
Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba
Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!
Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba
Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!
Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba
Error: C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP is a folder, not a file!
Deletion of file C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP failed!
Could not process line:
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
Status: 0xc00000ba
File C:\WINDOWS\R.COM deleted successfully.
File C:\WINDOWS\system32\T.COM deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
ComboFix 07-11-08.1 - Administrator 2007-11-14 20:46:26.6 - NTFSx86 MINIMAL
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.
2007-11-14 20:43 126,976 --a------ C:\zip.exe
2007-11-14 20:43 60,416 --a------ C:\WINDOWS\system32\drivers\tlijldtp.sys
2007-11-14 20:43 1,080 --a------ C:\mialfxbs.bat
2007-11-14 16:11 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\The Bat!
2007-11-14 16:10 <DIR> d-------- C:\Program Files\The Bat!
2007-11-14 15:29 1,539,258 --a------ C:\ComboFix.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-11 18:50 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-11 18:34 <DIR> d-------- C:\Program Files\Attack on Pearl Harbor
2007-11-11 18:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-11 16:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-11 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-11 16:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-11 16:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-11 14:40 <DIR> d-------- C:\Program Files\Crawler
2007-11-11 14:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Simply Super Software
2007-11-11 11:28 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\system32\txp
2007-11-11 11:02 <DIR> d-------- C:\WINDOWS\Driver
2007-11-11 01:37 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Sierra Entertainment
2007-11-11 00:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\WebCompiler3
2007-11-11 00:26 <DIR> dr-h----- C:\Documents and Settings\Aleš\Data aplikací\SecuROM
2007-11-10 21:50 <DIR> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2007-11-09 01:31 <DIR> d-------- C:\Fraps
2007-11-09 01:27 <DIR> d-------- C:\WINDOWS\Pix_temp
2007-11-09 01:27 <DIR> d-------- C:\Program Files\Transcoder
2007-11-09 01:10 <DIR> d-------- C:\Program Files\VD
2007-11-09 01:08 <DIR> d-------- C:\Program Files\MediaCell Video Converter
2007-11-09 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-11-08 20:07 <DIR> d-------- C:\Program Files\MK4
2007-11-08 12:47 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\U3
2007-11-08 08:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-08 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-11-07 23:29 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Media Player Classic
2007-11-06 22:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-11-06 14:43 <DIR> d-------- C:\Documents and Settings\All Users\documents
2007-11-06 14:12 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 13:58 <DIR> d-------- C:\Program Files\THQ
2007-11-06 13:36 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-11-06 13:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\MegauploadToolbar
2007-11-06 09:21 <DIR> d-------- C:\Program Files\Flagship Studios
2007-11-06 01:34 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BitSpirit
2007-11-06 01:33 <DIR> d-------- C:\Program Files\BitSpirit
2007-11-05 16:36 <DIR> d-------- C:\Program Files\Webteh
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer Pro
2007-11-05 16:36 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\BSplayer
2007-11-01 10:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-31 23:20 <DIR> d-------- C:\WINDOWS\solcache
2007-10-31 23:10 <DIR> d-------- C:\Diablo
2007-10-31 17:26 <DIR> d-------- C:\Program Files\Hamachi
2007-10-31 17:26 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\Hamachi
2007-10-31 17:26 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-31 17:05 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\ICQ
2007-10-31 17:04 <DIR> d-------- C:\Program Files\ICQ6
2007-10-31 17:04 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\InstallShield
2007-10-30 22:31 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2007-10-26 15:37 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-25 20:23 <DIR> d-------- C:\WINDOWS\system\KEEPER
2007-10-25 20:23 <DIR> d-------- C:\Program Files\Bullfrog
2007-10-25 20:23 284,160 --a------ C:\WINDOWS\unin0407.exe
2007-10-24 22:21 <DIR> d-------- C:\Documents and Settings\Aleš\Data aplikací\CyberLink
2007-10-24 22:18 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-10-24 22:15 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2007-10-24 22:15 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2007-10-24 22:15 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-10-24 22:15 89,088 --------- C:\WINDOWS\system32\atl71.dll
2007-10-24 22:15 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-24 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-24 22:13 <DIR> d-------- C:\Program Files\CyberLink
2007-10-24 22:09 <DIR> d-------- C:\Program Files\ASUS
2007-10-24 08:52 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-24 08:51 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-24 08:50 <DIR> d-------- C:\Program Files\MSBuild
2007-10-24 08:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-24 08:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-24 08:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-24 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-10-24 07:47 <DIR> d-------- C:\Program Files\GamePark
2007-10-23 22:44 <DIR> d-------- C:\UT2004
2007-10-23 17:07 <DIR> d-------- C:\Program Files\DreamCom
2007-10-23 12:02 <DIR> d-------- C:\Program Files\ATMA V
2007-10-18 19:25 <DIR> d-------- C:\Program Files\DIFX
2007-10-18 19:24 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-18 19:24 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-18 19:24 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-18 19:24 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-10-18 19:23 <DIR> d-------- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
2007-10-18 15:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-18 13:38 <DIR> d-------- C:\SIERRA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 19:44 26,816 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-14 19:44 1,388 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-14 13:50 --------- d-----w C:\Program Files\Diablo II
2007-11-11 21:26 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-11 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 20:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-09 00:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-16 22:28 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-16 20:55 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-10-16 20:55 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\TuneUp Software
2007-10-16 20:48 --------- d-----w C:\Program Files\Ray Adams
2007-10-16 20:48 --------- d-----w C:\Documents and Settings\Aleš\Data aplikací\atitray
2007-10-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-10-16 20:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-02 15:45 4,109,376 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-13 07:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-11 11:02 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((( snapshot_2007-11-11_22.27.26,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-19 21:50:59 8,457,728 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-09-27 20:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:50:59 8,457,728 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:57:21 8,458,752 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-21 10:53:19 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:35:08 118,784 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 17:09]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"RemoteControl"="C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 13:09]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 17:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]
"tuxvljrj"="C:\mialfxbs.bat" [2007-11-14 20:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 16:28:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-14 20:47:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-14 20:48:37
.
--- E O F ---
Su tam veci ktore som dal deletnut a avenger ich podeletoval . Mohol by si prosim urobit este jeden log z combofixu a ten tu dat ? Tento je but divny , alebo sa Ti mnozia blbe subory ako huby po dazdi .
Nevim, kde je chyba, tak jsem si proskenovala kompa MWAVem. Coz je dalsi vec, ten se po hodine zasek a vypnul (dvakrat sem to opakovala a vzdy to udelal v ten samy moment).