Asferro.dll

Makowiec · 24 Listopad 2007 12:59

Asferro.dll - taki plik zagniezdził mi sie w systemie. Jest wykrywany przez antywirusy jako trojan jednak nie dają rady go usunąć (Avast, TrojanRemover); brak efektu przy próbie ręcznego usunięcia pliku i wpisu w rejestrze; KillBox i RegAssasin komunikuja o braku dostępu i niemożności usunięcia pliku. Komp muli okrutnie, nie moge znalezc w necie żadnych informacji o tym jak się tego pozbyć.

Logi:

HijackThis:

Logfile of HijackThis v1.99.1 Scan saved at 20:48:03, on 2007-11-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\ups.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Documents and Settings\D\Moje dokumenty\Torrenty\uTorrent.exe C:\Program Files\eMule\emule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\D\Moje dokumenty\Instalki\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {F6063858-8581-482B-97D9-061F3E4D1AF7} - C:\WINNT\system32\asferro.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [uTorrent] “C:\Documents and Settings\D\Moje dokumenty\Torrenty\uTorrent.exe” O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINNT\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe

ComboFix:

ComboFix 07-11-19.3 - D 2007-11-23 22:12:43.1 - NTFSx86 Running from: C:\Documents and Settings\D\Moje dokumenty\Instalki\ComboFix\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\D\Dane aplikacji\SEMBLY~1 C:\Program Files\Common Files\sstem3~1 C:\Program Files\winpop C:\Program Files\wnsxs~1 C:\WINNT\system32\bitsprx.dll C:\WINNT\system32\Cfx32.lic C:\WINNT\system32\cfx32.ocx C:\WINNT\system32\fnts~1 C:\WINNT\system32\wnsinti.exe C:\WINNT\wr.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 -------\nm -------\runtime2 ((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))) . 2007-11-23 14:20 2007-11-23 14:19 2007-11-23 14:14 2007-11-23 14:08 2007-11-23 13:49 2007-11-23 12:58 2007-11-23 12:57 149,504 --a------ C:\WINNT\system32\MFCANS32.DLL 2007-11-23 12:56 2007-11-23 12:56 181,248 --a------ C:\WINNT\system32\PPUNINST.dll 2007-11-23 12:56 36,864 --a------ C:\WINNT\system32\PDUNINST.DLL 2007-11-18 16:55 91,648 --a------ C:\WINNT\system32\asferro.dll 2007-11-18 16:55 17,792 C:\WINNT\system32\drivers\nfdbuivg.dat 2007-11-18 16:55 5,248 C:\WINNT\system32\drivers\ioikcldm.dat 2007-11-14 04:40 2007-11-14 02:05 2007-11-14 02:04 162,304 --a------ C:\WINNT\system32\ztvunrar36.dll 2007-11-14 02:04 153,088 --a------ C:\WINNT\system32\UNRAR3.dll 2007-11-14 02:04 77,312 --a------ C:\WINNT\system32\ztvunace26.dll 2007-11-14 02:04 75,264 --a------ C:\WINNT\system32\unacev2.dll 2007-11-14 02:04 69,632 --a------ C:\WINNT\system32\ztvcabinet.dll 2007-11-14 02:03 2007-11-14 02:03 2007-11-14 02:03 2007-11-08 22:46 2007-11-08 22:45 2007-11-08 22:45 2007-11-08 22:44 2007-11-08 22:43 2007-11-08 22:43 2007-11-08 22:42 2007-11-08 22:42 2007-11-04 05:06 2007-10-30 00:22 60,496 --a------ C:\WINNT\system32\drivers\Teefer.sys 2007-10-30 00:22 21,075 --a------ C:\WINNT\system32\drivers\wpsdrvnt.sys 2007-10-30 00:22 14,568 --a------ C:\WINNT\system32\drivers\wg6n.sys 2007-10-30 00:22 14,568 --a------ C:\WINNT\system32\drivers\wg5n.sys 2007-10-30 00:22 14,568 --a------ C:\WINNT\system32\drivers\wg4n.sys 2007-10-30 00:22 14,568 --a------ C:\WINNT\system32\drivers\wg3n.sys 2007-10-30 00:21 2007-10-30 00:21 83,096 --a------ C:\WINNT\system32\SSSensor.dll 2007-10-30 00:20 2007-10-27 17:11 2007-10-27 17:08 2007-10-27 17:04 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-23 21:32 --------- d-----w C:\Documents and Settings\D\Dane aplikacji\uTorrent 2007-11-23 21:27 --------- d-----w C:\Program Files\eMule 2007-11-23 13:39 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-20 15:02 --------- d-----w C:\Program Files\Monkey’s Audio 2007-11-16 17:24 --------- d-----w C:\Program Files\Kalendarz XP 2007-11-09 17:27 --------- d-----w C:\Documents and Settings\D\Dane aplikacji\Skype 2007-10-27 23:01 --------- d-----w C:\Documents and Settings\D\Dane aplikacji\MegauploadToolbar 2007-10-13 04:26 --------- d-----w C:\Program Files\Veoh Networks 2007-10-10 00:14 --------- d-----w C:\Program Files\Alwil Software 2007-10-07 14:15 --------- d-----w C:\Program Files\Skype 2007-10-07 14:15 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-07 14:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-10-05 20:15 --------- d-----w C:\Program Files\NCH Swift Sound 2007-10-05 20:15 --------- d-----w C:\Documents and Settings\D\Dane aplikacji\NCH Swift Sound 2007-10-04 23:18 --------- d-----w C:\Program Files\MegauploadToolbar 2007-10-02 01:56 --------- d-----w C:\Program Files\Winamp 2007-09-29 17:44 --------- d-----w C:\Program Files\DivX . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{F6063858-8581-482B-97D9-061F3E4D1AF7}] 2004-08-11 01:45 91648 --a------ C:\WINNT\system32\asferro.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “uTorrent”=“C:\Documents and Settings\D\Moje dokumenty\Torrenty\uTorrent.exe” [2007-09-15 13:08] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SmcService”=“C:\PROGRA~1\Sygate\SPF\smc.exe” [2004-10-15 19:40] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINNT\system32\CTFMON.EXE” [2004-08-04 01:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nlsf”=“cmd.exe” [2004-08-04 01:44 C:\WINNT\system32\cmd.exe] “tscuninstall”=“C:\WINNT\system32\tscupgrd.exe” [2004-08-04 01:33] “SIAPRO7”=“C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe” [2005-07-20 13:05] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk backup=C:\WINNT\pss\Kalendarz XP.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com] rundll32.exe C:\WINNT\system32\aycjgtgn.dll,forkonce [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1] 2001-08-18 00:56 44032 --a------ C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINNT\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun] C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe -logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv] C:\WINNT\Temp\startdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost] C:\Program Files\Internet Explorer\Setup\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-05-14 23:22 35328 --a------ C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard] 2005-08-02 21:46 241664 --a------ C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “PSIMSVC”=2 (0x2) “PNMSRV”=2 (0x2) “pmshellsrv”=2 (0x2) “PAVSRV”=2 (0x2) “PavPrSrv”=2 (0x2) “PAVFNSVR”=2 (0x2) “MSIServer”=3 (0x3) “CryptSvc”=3 (0x3) “CiSvc”=3 (0x3) “Browser”=2 (0x2) “AudioSrv”=2 (0x2) “6to4”=2 (0x2) R0 bpfbwamh;bpfbwamh;C:\WINNT\system32\drivers\nfdbuivg.dat R0 d346bus;d346bus;C:\WINNT\system32\DRIVERS\d346bus.sys R0 d346prt;d346prt;C:\WINNT\system32\Drivers\d346prt.sys S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” . Contents of the ‘Scheduled Tasks’ folder “2007-05-23 14:20:47 C:\WINNT\Tasks\Program zamykania systemu zasilacza UPS.job” . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-23 22:32:04 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-11-23 22:35:45 - machine was rebooted . — E O F —

Gutek · 24 Listopad 2007 15:38

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym:

Pobierz program SDFix

Makowiec · 25 Listopad 2007 16:09

Syf usunięty.

Dzięki

SDFix: Version 1.115 Run by D on 2007-11-25 at 16:18 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINNT No streams found. C:\WINNT\system32 No streams found. C:\WINNT\system32\svchost.exe No streams found. C:\WINNT\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 16:32:35 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40] scanning hidden registry entries … [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}] “DisplayName”=“DAEMON Tools” [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Wed 4 Aug 2004 93,184 A.SH. — “C:\Program Files\Internet Explorer\IEXPLORE.EXE” Wed 4 Aug 2004 60,928 A.SH. — “C:\Program Files\Outlook Express\msimn.exe” Wed 22 Jun 2005 45,568 A.SHR — “C:\Program Files\Replay Converter\cygz.dll” Wed 4 Aug 2004 4,639 A.SH. — “C:\Program Files\Windows Media Player\mplayer2.exe” Wed 11 Aug 2004 73,728 A.SH. — “C:\Program Files\Windows Media Player\wmplayer.exe” Fri 3 Nov 2006 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Tue 13 Apr 2004 125,440 A…H. — “C:\Documents and Settings\D\Moje dokumenty\Artykuy\eRPeGi~WRL2503.tmp” Wed 24 Aug 2005 20,480 A…H. — “C:\Documents and Settings\D\Moje dokumenty\Moje obrazy\Avatary~WRL0002.tmp” Sat 16 Apr 2005 54,784 A…H. — “C:\Documents and Settings\D\Moje dokumenty\Moje obrazy\Avatary~WRL0004.tmp” Sun 8 May 2005 55,296 A…H. — “C:\Documents and Settings\D\Moje dokumenty\Moje obrazy\Avatary~WRL3171.tmp” Finished!

Gutek · 25 Listopad 2007 16:11

Daj nowy log jeszcze z Combo

Makowiec · 25 Listopad 2007 16:14

ComboFix 07-11-19.3 - D 2007-11-25 15:08:43.1 - NTFSx86 Running from: C:\Documents and Settings\D\Moje dokumenty\Instalki\ComboFix\ComboFix.exe Command switches used :: C:\Documents and Settings\D\Moje dokumenty\Instalki\ComboFix\CFScript.txt * Created a new restore point FILE C:\Program Files\Internet Explorer\Setup\svchost.exe C:\WINNT\system32\asferro.dll C:\WINNT\system32\aycjgtgn.dll C:\WINNT\system32\drivers\nfdbuivg.dat C:\WINNT\Temp\startdrv.exe . Unable to gain System Privileges Overlay aborted … Please run ComboFix once more ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\system32\asferro.dll C:\WINNT\system32\drivers\nfdbuivg.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_BPFBWAMH -------\bpfbwamh ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))) . 2007-11-24 15:12 82,061 --a------ C:\WINNT\system32\drivers\klick.dat 2007-11-24 15:12 81,549 --a------ C:\WINNT\system32\drivers\klin.dat 2007-11-24 15:11 2007-11-24 15:11 2007-11-24 15:11 3,627,040 --ahs---- C:\WINNT\system32\drivers\fidbox.dat 2007-11-24 15:11 49,628 --ahs---- C:\WINNT\system32\drivers\fidbox.idx 2007-11-24 15:11 17,952 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat 2007-11-24 15:11 2,708 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx 2007-11-24 14:27 2007-11-23 14:19 2007-11-23 13:49 2007-11-23 12:58 2007-11-23 12:57 149,504 --a------ C:\WINNT\system32\MFCANS32.DLL 2007-11-18 16:55 5,248 --a------ C:\WINNT\system32\drivers\ioikcldm.dat 2007-11-14 04:40 2007-11-14 02:05 2007-11-14 02:04 162,304 --a------ C:\WINNT\system32\ztvunrar36.dll 2007-11-14 02:04 153,088 --a------ C:\WINNT\system32\UNRAR3.dll 2007-11-14 02:04 77,312 --a------ C:\WINNT\system32\ztvunace26.dll 2007-11-14 02:04 75,264 --a------ C:\WINNT\system32\unacev2.dll 2007-11-14 02:04 69,632 --a------ C:\WINNT\system32\ztvcabinet.dll 2007-11-14 02:03 2007-11-14 02:03 2007-11-14 02:03 2007-11-08 22:46 2007-11-08 22:45 2007-11-08 22:45 2007-11-08 22:44 2007-11-08 22:43 2007-11-08 22:43 2007-11-08 22:42 2007-11-08 22:42 2007-11-04 05:06 2007-10-30 00:22 60,496 --a------ C:\WINNT\system32\drivers\Teefer.sys 2007-10-30 00:22 21,075 --a------ C:\WINNT\system32\drivers\wpsdrvnt.sys 2007-10-30 00:22 14,568 --a------ C:\WINNT\system32\drivers\wg6n.sys 2007-10-30 00:22 14,568 --a------ C:\WINNT\system32\drivers\wg5n.sys 2007-10-30 00:22 14,568 --a------ C:\WINNT\system32\drivers\wg4n.sys 2007-10-30 00:22 14,568 --a------ C:\WINNT\system32\drivers\wg3n.sys 2007-10-30 00:21 2007-10-30 00:21 83,096 --a------ C:\WINNT\system32\SSSensor.dll 2007-10-30 00:20 2007-10-27 17:11 2007-10-27 17:08 2007-10-27 17:04 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 14:34 --------- d-----w C:\Program Files\eMule 2007-11-25 14:34 --------- d-----w C:\Documents and Settings\D\Dane aplikacji\uTorrent 2007-11-24 23:24 --------- d-----w C:\Program Files\Winamp 2007-11-24 07:29 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-20 15:02 --------- d-----w C:\Program Files\Monkey’s Audio 2007-11-16 17:24 --------- d-----w C:\Program Files\Kalendarz XP 2007-11-09 17:27 --------- d-----w C:\Documents and Settings\D\Dane aplikacji\Skype 2007-10-27 23:01 --------- d-----w C:\Documents and Settings\D\Dane aplikacji\MegauploadToolbar 2007-10-13 04:26 --------- d-----w C:\Program Files\Veoh Networks 2007-10-10 00:14 --------- d-----w C:\Program Files\Alwil Software 2007-10-07 14:15 --------- d-----w C:\Program Files\Skype 2007-10-07 14:15 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-07 14:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-10-05 20:15 --------- d-----w C:\Program Files\NCH Swift Sound 2007-10-05 20:15 --------- d-----w C:\Documents and Settings\D\Dane aplikacji\NCH Swift Sound 2007-10-04 23:18 --------- d-----w C:\Program Files\MegauploadToolbar 2007-09-29 17:44 --------- d-----w C:\Program Files\DivX . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “uTorrent”=“C:\Documents and Settings\D\Moje dokumenty\Torrenty\uTorrent.exe” [2007-09-15 13:08] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SmcService”=“C:\PROGRA~1\Sygate\SPF\smc.exe” [2004-10-15 19:40] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” [2007-06-28 12:51] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINNT\system32\CTFMON.EXE” [2004-08-04 01:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nlsf”=“cmd.exe” [2004-08-04 01:44 C:\WINNT\system32\cmd.exe] “tscuninstall”=“C:\WINNT\system32\tscupgrd.exe” [2004-08-04 01:33] C:\WINNT\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINNT\system32\klogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk backup=C:\WINNT\pss\Kalendarz XP.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1] 2001-08-18 00:56 44032 --a------ C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINNT\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun] C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe -logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost] C:\Program Files\Internet Explorer\Setup\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-10-10 06:28 36352 --a------ C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard] 2005-08-02 21:46 241664 --a------ C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “PSIMSVC”=2 (0x2) “PNMSRV”=2 (0x2) “pmshellsrv”=2 (0x2) “PAVSRV”=2 (0x2) “PavPrSrv”=2 (0x2) “PAVFNSVR”=2 (0x2) “MSIServer”=3 (0x3) “CryptSvc”=3 (0x3) “CiSvc”=3 (0x3) “Browser”=2 (0x2) “AudioSrv”=2 (0x2) “6to4”=2 (0x2) R0 d346bus;d346bus;C:\WINNT\system32\DRIVERS\d346bus.sys R0 d346prt;d346prt;C:\WINNT\system32\Drivers\d346prt.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” S3 Tenable Nessus;Tenable Nessus;“C:\Program Files\Tenable\Nessus\nessusd.exe” . Contents of the ‘Scheduled Tasks’ folder “2007-05-23 14:20:47 C:\WINNT\Tasks\Program zamykania systemu zasilacza UPS.job” . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 15:33:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-11-25 15:39:44 - machine was rebooted C:\ComboFix2.txt … 2007-11-23 22:35 . — E O F —

Gutek · 25 Listopad 2007 21:46

Powinno być Ok