Niestety
Oto log:
ComboFix 09-02-21.01 - Administrator 2009-02-22 15:45:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.147 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
FILE ::
c:\windows\System32\catsrvutv.dll
c:\windows\system32\tmber8.DLL
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmber8.DLL
c:\windows\System32\catsrvutv.dll . . . . nie udało się usunąć
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-22 do 2009-02-22 )))))))))))))))))))))))))))))))
.
2009-02-22 14:20 . 2009-02-22 14:21
2009-02-22 14:02 . 2009-02-22 14:02
2009-02-22 13:59 . 2009-02-22 13:59
2009-02-22 13:41 . 2009-02-22 13:42
2009-02-22 13:41 . 2009-02-22 13:41
2009-02-22 13:41 . 2009-02-22 13:41
2009-02-22 13:41 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-02-22 13:41 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-02-22 13:41 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-02-22 13:41 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-02-22 13:41 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-02-21 19:49 . 2009-02-21 20:57
2009-02-20 22:59 . 2009-02-21 20:57
2009-02-20 22:59 . 2005-03-29 08:34 246,784 --a------ c:\windows\system32\sqlite3.dll
2009-02-20 22:58 . 2009-02-20 22:58
2009-02-20 19:30 . 2009-02-22 10:48
2009-02-20 19:19 . 2009-02-20 19:19 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-20 19:19 . 2009-02-20 19:19 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-02-20 19:19 . 2009-02-20 19:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-20 19:18 . 2009-02-22 13:53
2009-02-20 19:18 . 2009-02-20 19:18
2009-02-20 19:18 . 2009-02-22 13:50
2009-02-20 19:18 . 2009-02-20 19:18 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-20 18:06 . 2009-02-20 18:43 35,883 --a------ c:\windows\system32\10004.sks
2009-02-20 18:06 . 2009-02-20 18:43 25,692 --a------ c:\windows\system32\10003.sks
2009-02-20 18:06 . 2009-02-20 18:43 801 --a------ c:\windows\system32\10001.sks
2009-02-20 18:06 . 2009-02-20 18:43 184 --a------ c:\windows\system32\10002.sks
2009-02-20 18:05 . 2009-02-20 19:05
2009-02-20 18:05 . 2009-02-20 18:38 2,380 --a------ c:\windows\system32\BlockedCookies
2009-02-20 18:05 . 2009-02-20 18:42 1,527 --a------ c:\windows\system32\sk_bho.ini
2009-02-20 17:02 . 2009-02-20 17:02
2009-02-17 18:09 . 2009-02-17 18:09
2009-02-17 18:00 . 2009-02-17 18:00
2009-02-15 21:49 . 2009-02-15 21:49
2009-02-15 21:46 . 2009-02-15 22:10
2009-02-11 17:33 . 2009-02-11 17:33 632 --a------ c:\windows\CoD.INI
2009-02-09 18:28 . 2009-02-09 18:28
2009-02-09 18:28 . 2009-02-09 18:28
2009-02-07 18:05 . 2009-02-07 18:05
2009-02-03 16:06 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-03 16:06 . 2004-08-03 23:08 31,616 --a–c— c:\windows\system32\dllcache\usbccgp.sys
2009-02-03 16:06 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-03 16:06 . 2004-08-04 00:44 21,504 --a–c— c:\windows\system32\dllcache\hidserv.dll
2009-02-03 16:06 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-02-03 16:06 . 2004-08-04 00:38 14,848 --a–c— c:\windows\system32\dllcache\kbdhid.sys
2009-02-03 16:05 . 2009-02-03 16:05
2009-02-01 01:26 . 2009-02-01 01:26
2009-01-26 12:25 . 2009-01-26 12:24 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-24 23:35 . 2009-01-24 23:35
2009-01-24 23:32 . 2009-01-24 23:32
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 14:47 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\uTorrent
2009-02-22 13:13 --------- d-----w c:\program files\Steam
2009-02-22 13:12 --------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-20 22:10 --------- d-----w c:\program files\GoD
2009-02-19 00:05 --------- d-----w c:\program files\Tibia Multi IP Changer
2009-02-15 20:50 --------- d–h--w c:\program files\InstallShield Installation Information
2009-02-15 20:48 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-12 20:52 --------- d-----w c:\program files\TuneUp Utilities 2007
2009-02-11 18:01 --------- d-----w c:\program files\MagicISO
2009-02-11 18:01 --------- d-----w c:\program files\eMule
2009-02-10 11:19 --------- d-----w c:\program files\Speeditup Free
2009-02-07 23:48 --------- d-----w c:\program files\netcut
2009-02-07 16:36 --------- d-----w c:\program files\uTorrent
2009-01-30 20:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-30 00:40 --------- d-----w c:\program files\Gadu-Gadu
2009-01-28 14:37 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Hamachi
2009-01-26 11:24 --------- d-----w c:\program files\Java
2009-01-25 19:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KSP
2009-01-25 14:06 --------- d-----w c:\program files\eSkiMoS R2
2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll
2008-11-28 22:22 37,888 ----a-w c:\windows\system32\rar.exe
2008-11-26 15:22 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-09-20 11:40 246 ----a-w c:\documents and settings\Administrator\Dane aplikacji\shedl.bat
2008-09-20 11:39 1,695,744 ----a-w c:\documents and settings\Administrator\Dane aplikacji\NTuser.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-22_14.39.00,69 )))))))))))))))))))))))))))))))))))))))))
.
-
2009-02-22 14:49:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_25c.dat
-
2009-02-22 14:49:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d0.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{2029E2AA-EA38-41FD-849E-F1AD05F94187}]
2002-09-20 19:03 98816 --a------ c:\windows\System32\catsrvutv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-06-01 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AudioDeck”=“c:\program files\VIAudioi\SBADeck\ADeck.exe” [2004-07-13 7937024]
“DAEMON Tools”=“c:\program files\DAEMON Tools\daemon.exe” [2005-12-10 133016]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-26 136600]
“ATIPTA”=“c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-08-05 344064]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 155648]
“No-IP Client 1.42”=“c:\program files\No-IP Client\noipclient.exe” [2006-05-13 571392]
“WheelMouse”=“c:\program files\A4Tech\Mouse\Amoumain.exe” [2008-03-06 241664]
“AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe” [2009-02-20 1601304]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-04 15360]
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
Anti netcut 2.lnk - d:\internet\Anti netcut 2.bat [2009-02-08 39]
Anti netcut.lnk - d:\internet\Anti netcut.bat [2009-02-08 39]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
PLANET WL-U356A Utility.lnk - c:\program files\PLANET WL-U356A\PLANET\WlanUtil.exe [2008-10-24 483328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-20 19:19 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\Program Files\FlashGet\FlashGet.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“c:\Program Files\AVG\AVG8\avgam.exe”=
“c:\Program Files\AVG\AVG8\avgemc.exe”=
“c:\Program Files\AVG\AVG8\avgupd.exe”=
“c:\Program Files\AVG\AVG8\avgnsx.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“7171:TCP”= 7171:TCP:Tibia
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-20 12552]
R0 gaplcmhx;gaplcmhx;c:\windows\system32\drivers\gaplcmhx.sys [2001-08-17 23424]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-20 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-20 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-20 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]
R3 ZD1211BU(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);c:\windows\system32\drivers\ZD1211BU.sys [2008-10-24 402432]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-09-08 20608]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu ‘Zaplanowane zadania’
2009-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.searchgateway.net/search.php … ID%3A11q=%s
IE: Download All by FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm
IE: Download by FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm
IE: Pobierz wszystko przez FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm
IE: Pobrane przez FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm
IE: Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
Trusted Zone: mks.com.pl\www
TCP: {6393F45C-AE20-4E39-A7F4-9C5F41537909} = 192.168.10.100,194.204.152.34,194.204.159.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 15:49:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\Ati2evxx.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-22 15:52:15 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-02-22 14:52:11
ComboFix2.txt 2009-02-22 13:40:18
Przed: 54 446 166 016 bajtów wolnych
Po: 54,430,990,336 bajtów wolnych
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
214
– Dodane 22.02.2009 (N) 15:57 –
Dziwne bo wirusa mi już nie widzi, ale plik został.
– Dodane 22.02.2009 (N) 16:50 –
Dzięki wszystkim za pomoc