Log do oceny

Dla specjalistów Bezpieczeństwo
#1

Coś mi się wydaje, że na moim sprzęcie siedzi jakieś dziadostwo.

ComboFix 08-09-05.14 - Levuss 2008-09-10 12:56:11.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.730 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))

.

2008-09-02 00:09 . 2008-09-02 00:15

2008-09-01 17:15 . 2008-09-01 17:15

2008-09-01 17:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-29 14:48 . 2008-08-29 14:48

2008-08-29 14:48 . 2008-08-29 14:48

2008-08-29 14:48 . 2008-08-29 21:47

2008-08-29 14:48 . 2008-08-29 14:48

2008-08-29 14:48 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-08-29 14:48 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-08-29 14:48 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-08-29 14:48 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-08-29 14:48 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-08-29 11:35 . 2008-09-02 22:12

2008-08-29 11:34 . 2008-08-29 11:35 89,828 --a------ C:\WINDOWS\system32\ckvo.exe.vir

2008-08-29 11:21 . 2008-08-29 11:21

2008-08-29 08:40 . 2008-08-29 09:09

2008-08-28 17:36 . 2008-08-28 17:36

2008-08-28 13:44 . 2008-08-28 13:44

2008-08-28 13:41 . 2008-08-28 13:41

2008-08-28 09:06 . 2008-08-28 09:06

2008-08-28 09:06 . 2008-08-28 09:06

2008-08-28 09:06 . 2008-08-28 09:14

2008-08-28 09:05 . 2008-08-28 09:05

2008-08-28 09:05 . 2008-08-28 09:05

2008-08-27 17:33 . 2008-03-13 13:50 202,048 --a------ C:\WINDOWS\system32\ftd2xx.dll

2008-08-27 17:33 . 2008-03-13 13:49 185,664 --a------ C:\WINDOWS\system32\FTLang.dll

2008-08-27 17:33 . 2008-03-13 13:49 120,128 --a------ C:\WINDOWS\system32\ftbusui.dll

2008-08-27 17:33 . 2008-03-13 13:50 72,000 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys

2008-08-27 17:33 . 2008-03-13 13:51 57,536 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys

2008-08-27 17:33 . 2008-03-13 13:52 51,528 --a------ C:\WINDOWS\system32\ftserui2.dll

2008-08-26 23:11 . 2008-08-26 23:11

2008-08-26 23:05 . 2008-08-26 23:05

2008-08-26 23:05 . 2008-08-26 23:05

2008-08-26 23:05 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll

2008-08-26 23:05 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll

2008-08-26 23:04 . 2008-08-26 23:04

2008-08-26 23:04 . 2008-08-26 23:04

2008-08-26 23:04 . 2008-08-26 23:04

2008-08-26 12:33 . 2008-08-26 12:33

2008-08-25 14:53 . 2008-08-25 14:55

2008-08-25 14:48 . 2008-08-25 14:52

2008-08-25 14:29 . 2008-08-27 20:30

2008-08-22 10:29 . 2008-08-22 10:29

2008-08-21 21:55 . 2008-08-21 21:55

2008-08-21 21:55 . 2008-08-21 21:55

2008-08-21 21:55 . 2006-09-01 16:14 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-08-21 21:55 . 2006-09-01 16:14 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-08-19 17:03 . 2008-08-19 17:03

2008-08-19 17:03 . 2008-08-19 17:03

2008-08-18 23:26 . 2008-08-18 23:26

2008-08-17 22:10 . 2008-08-17 22:12

2008-08-17 22:10 . 2008-08-17 22:10

2008-08-17 13:13 . 2008-08-17 13:13

2008-08-17 13:13 . 2002-12-26 15:57 86,016 --a------ C:\WINDOWS\system32\FCVAP.dll

2008-08-17 13:13 . 2002-12-26 15:57 65,536 --a------ C:\WINDOWS\system32\EZFRD.dll

2008-08-17 13:13 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-17 13:13 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-16 15:38 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe

2008-08-16 10:40 . 2008-08-16 10:40

2008-08-16 10:39 . 2008-08-16 10:40

2008-08-15 17:07 . 2008-08-15 17:07 20 --a------ C:\WINDOWS\naglos.INI

2008-08-15 16:54 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-08-15 16:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-08-15 16:54 . 2004-08-03 22:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-08-15 16:54 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-08-15 10:04 . 2008-08-15 10:04

2008-08-15 10:02 . 2008-08-15 10:02

2008-08-15 10:02 . 2008-08-15 10:02

2008-08-15 10:02 . 2008-08-15 10:02

2008-08-15 10:02 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-08-15 09:59 . 2008-08-15 09:59

2008-08-15 09:59 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-14 22:24 . 2008-08-15 10:07

2008-08-14 18:48 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-14 17:17 . 2008-08-14 17:17

2008-08-14 17:12 . 2008-08-14 17:12

2008-08-14 13:15 . 2008-09-01 19:43

2008-08-14 13:12 . 2008-08-22 10:24

2008-08-14 13:12 . 2008-08-14 13:12

2008-08-14 13:12 . 2008-08-14 13:12

2008-08-14 13:12 . 2008-08-14 13:13

2008-08-14 13:11 . 2008-08-14 13:11

2008-08-14 12:10 . 2008-08-05 18:47 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-14 07:27 . 2008-08-14 07:27

2008-08-14 07:26 . 2008-08-16 15:40

2008-08-14 07:24 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-13 23:10 . 2008-08-13 23:10

2008-08-13 23:10 . 2006-12-15 12:04 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl

2008-08-13 23:09 . 2008-08-13 23:09

2008-08-13 23:09 . 2008-08-13 23:10

2008-08-13 22:41 . 2008-08-14 07:24

2008-08-13 22:41 . 2008-08-13 22:41

2008-08-13 22:36 . 2008-08-13 22:36 427 --a------ C:\WINDOWS\ODBC.INI

2008-08-13 22:35 . 2008-08-26 12:33 1,294 --a------ C:\WINDOWS\mozver.dat

2008-08-13 22:34 . 2008-08-13 22:35

2008-08-13 22:31 . 2004-04-23 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6e.DLL

2008-08-13 22:31 . 2004-03-11 18:06 86,016 -ra------ C:\WINDOWS\system32\CNMCP6e.exe

2008-08-13 22:31 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-13 22:31 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-13 22:31 . 2004-04-23 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL

2008-08-13 22:30 . 2008-08-13 22:30

2008-08-13 22:30 . 2008-08-13 22:30

2008-08-13 22:30 . 2008-08-13 22:30

2008-08-10 10:03 . 2008-08-10 10:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-10 10:03 . 2008-08-10 10:03 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-17 10:51 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-08-15 11:01 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll

2008-08-15 11:01 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll

2008-08-15 11:01 892,928 ----a-w C:\WINDOWS\system32\iconv.dll

2008-08-15 11:01 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-08-15 11:01 45,056 ----a-w C:\WINDOWS\system32\ogg.dll

2008-08-15 11:01 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv

2008-08-15 11:01 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll

2008-08-15 11:01 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll

2008-08-15 11:01 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll

2008-08-15 11:01 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll

2008-08-09 16:46 --------- d-----w C:\Program Files\VAG-COM

2008-08-09 07:38 --------- d-----w C:\Program Files\ESET

2008-08-09 07:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET

2008-08-08 04:31 --------- d-----w C:\Program Files\BitComet

2008-08-04 21:50 --------- d-----w C:\Program Files\nLite

2008-08-04 15:43 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ImgBurn

2008-08-04 15:41 --------- d-----w C:\Program Files\ImgBurn

2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-07-21 23:14 9,728 ----a-w C:\WINDOWS\system32\RtNicProp32.dll

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-05-16 13529088]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i263_32.drv

“VIDC.YV12”= yv12vfw.dll

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

-ra------ 2007-08-09 16:48 528384 C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

–a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2008-05-16 15:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

–a------ 2008-05-16 15:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

–a------ 2008-05-16 15:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“17136:TCP”= 17136:TCP:BitComet 17136 TCP

“17136:UDP”= 17136:UDP:BitComet 17136 UDP

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 3584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cd5f3c51-7433-11dd-8e76-00001cd52422}]

\Shell\AutoRun\command - H:\c9hehpa.bat

\Shell\explore\Command - H:\c9hehpa.bat

\Shell\open\Command - H:\c9hehpa.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d2e3a6d0-fe4f-11d5-8e19-00001cd52422}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\revp7400.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - wp.pl

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-10 12:58:13

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-10 12:59:23

ComboFix-quarantined-files.txt 2008-09-10 10:59:19

ComboFix2.txt 2008-09-02 20:27:03

Pre-Run: 2,506,051,584 bajtów wolnych

Post-Run: 2,757,017,600 bajtów wolnych

219

#2

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

lub format

wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.

#3

Może mi ktoś powiedzieć jak uruchomić Perlovga Removal Tool bo u mnie wywala błędy.

#4

Jeszcze masz drugi program :wink:

Pokaz log z usuwania z combofix

#5

log z usuwania:

ComboFix 08-09-05.14 - Levuss 2008-09-10 16:24:33.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.723 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Levuss\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\ckvo.exe.vir

.

((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))

.

2008-09-10 16:15 . 2008-09-10 16:15 66,048 --a------ C:\mbr.exe

2008-09-10 16:13 . 2008-09-10 16:14

2008-09-10 14:13 . 2008-09-10 15:43

2008-09-10 14:12 . 2008-09-10 14:12 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2008-09-02 00:09 . 2008-09-02 00:15

2008-09-01 17:15 . 2008-09-01 17:15

2008-09-01 17:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-29 14:48 . 2008-08-29 14:48

2008-08-29 14:48 . 2008-08-29 14:48

2008-08-29 14:48 . 2008-08-29 21:47

2008-08-29 14:48 . 2008-08-29 14:48

2008-08-29 14:48 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-08-29 14:48 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-08-29 14:48 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-08-29 14:48 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-08-29 14:48 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-08-29 11:35 . 2008-09-02 22:12

2008-08-29 11:21 . 2008-08-29 11:21

2008-08-29 08:40 . 2008-08-29 09:09

2008-08-28 17:36 . 2008-08-28 17:36

2008-08-28 13:44 . 2008-08-28 13:44

2008-08-28 13:41 . 2008-08-28 13:41

2008-08-28 09:06 . 2008-08-28 09:06

2008-08-28 09:06 . 2008-08-28 09:06

2008-08-28 09:06 . 2008-08-28 09:14

2008-08-28 09:05 . 2008-08-28 09:05

2008-08-28 09:05 . 2008-08-28 09:05

2008-08-27 17:33 . 2008-03-13 13:50 202,048 --a------ C:\WINDOWS\system32\ftd2xx.dll

2008-08-27 17:33 . 2008-03-13 13:49 185,664 --a------ C:\WINDOWS\system32\FTLang.dll

2008-08-27 17:33 . 2008-03-13 13:49 120,128 --a------ C:\WINDOWS\system32\ftbusui.dll

2008-08-27 17:33 . 2008-03-13 13:50 72,000 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys

2008-08-27 17:33 . 2008-03-13 13:51 57,536 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys

2008-08-27 17:33 . 2008-03-13 13:52 51,528 --a------ C:\WINDOWS\system32\ftserui2.dll

2008-08-26 23:11 . 2008-08-26 23:11

2008-08-26 23:05 . 2008-08-26 23:05

2008-08-26 23:05 . 2008-08-26 23:05

2008-08-26 23:05 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll

2008-08-26 23:05 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll

2008-08-26 23:04 . 2008-08-26 23:04

2008-08-26 23:04 . 2008-08-26 23:04

2008-08-26 23:04 . 2008-08-26 23:04

2008-08-26 12:33 . 2008-08-26 12:33

2008-08-25 14:53 . 2008-08-25 14:55

2008-08-25 14:48 . 2008-08-25 14:52

2008-08-25 14:29 . 2008-08-27 20:30

2008-08-22 10:29 . 2008-08-22 10:29

2008-08-21 21:55 . 2008-08-21 21:55

2008-08-21 21:55 . 2008-08-21 21:55

2008-08-21 21:55 . 2006-09-01 16:14 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-08-21 21:55 . 2006-09-01 16:14 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-08-19 17:03 . 2008-08-19 17:03

2008-08-19 17:03 . 2008-08-19 17:03

2008-08-18 23:26 . 2008-08-18 23:26

2008-08-17 22:10 . 2008-08-17 22:12

2008-08-17 22:10 . 2008-08-17 22:10

2008-08-17 13:13 . 2008-08-17 13:13

2008-08-17 13:13 . 2002-12-26 15:57 86,016 --a------ C:\WINDOWS\system32\FCVAP.dll

2008-08-17 13:13 . 2002-12-26 15:57 65,536 --a------ C:\WINDOWS\system32\EZFRD.dll

2008-08-17 13:13 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-17 13:13 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-16 15:38 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe

2008-08-16 10:40 . 2008-08-16 10:40

2008-08-16 10:39 . 2008-08-16 10:40

2008-08-15 17:07 . 2008-08-15 17:07 20 --a------ C:\WINDOWS\naglos.INI

2008-08-15 16:54 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-08-15 16:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-08-15 16:54 . 2004-08-03 22:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-08-15 16:54 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-08-15 10:04 . 2008-08-15 10:04

2008-08-15 10:02 . 2008-08-15 10:02

2008-08-15 10:02 . 2008-08-15 10:02

2008-08-15 10:02 . 2008-08-15 10:02

2008-08-15 10:02 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-08-15 09:59 . 2008-08-15 09:59

2008-08-15 09:59 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-14 22:24 . 2008-08-15 10:07

2008-08-14 18:48 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-14 17:17 . 2008-08-14 17:17

2008-08-14 17:12 . 2008-08-14 17:12

2008-08-14 13:15 . 2008-09-01 19:43

2008-08-14 13:12 . 2008-08-22 10:24

2008-08-14 13:12 . 2008-08-14 13:12

2008-08-14 13:12 . 2008-08-14 13:12

2008-08-14 13:12 . 2008-08-14 13:13

2008-08-14 13:11 . 2008-08-14 13:11

2008-08-14 12:10 . 2008-08-05 18:47 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-14 07:27 . 2008-08-14 07:27

2008-08-14 07:26 . 2008-08-16 15:40

2008-08-14 07:24 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-13 23:10 . 2008-08-13 23:10

2008-08-13 23:10 . 2006-12-15 12:04 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl

2008-08-13 23:09 . 2008-08-13 23:09

2008-08-13 23:09 . 2008-08-13 23:10

2008-08-13 22:41 . 2008-08-14 07:24

2008-08-13 22:41 . 2008-08-13 22:41

2008-08-13 22:36 . 2008-08-13 22:36 427 --a------ C:\WINDOWS\ODBC.INI

2008-08-13 22:35 . 2008-08-26 12:33 1,294 --a------ C:\WINDOWS\mozver.dat

2008-08-13 22:34 . 2008-08-13 22:35

2008-08-13 22:31 . 2004-04-23 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6e.DLL

2008-08-13 22:31 . 2004-03-11 18:06 86,016 -ra------ C:\WINDOWS\system32\CNMCP6e.exe

2008-08-13 22:31 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-13 22:31 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-13 22:31 . 2004-04-23 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL

2008-08-13 22:30 . 2008-08-13 22:30

2008-08-13 22:30 . 2008-08-13 22:30

2008-08-13 22:30 . 2008-08-13 22:30

2008-08-10 10:03 . 2008-08-10 10:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-10 10:03 . 2008-08-10 10:03 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-17 10:51 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-08-15 11:01 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll

2008-08-15 11:01 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll

2008-08-15 11:01 892,928 ----a-w C:\WINDOWS\system32\iconv.dll

2008-08-15 11:01 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-08-15 11:01 45,056 ----a-w C:\WINDOWS\system32\ogg.dll

2008-08-15 11:01 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv

2008-08-15 11:01 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll

2008-08-15 11:01 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll

2008-08-15 11:01 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll

2008-08-15 11:01 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll

2008-08-09 16:46 --------- d-----w C:\Program Files\VAG-COM

2008-08-09 07:38 --------- d-----w C:\Program Files\ESET

2008-08-09 07:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET

2008-08-08 04:31 --------- d-----w C:\Program Files\BitComet

2008-08-04 21:50 --------- d-----w C:\Program Files\nLite

2008-08-04 15:43 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ImgBurn

2008-08-04 15:41 --------- d-----w C:\Program Files\ImgBurn

2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-07-21 23:14 9,728 ----a-w C:\WINDOWS\system32\RtNicProp32.dll

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

.

((((((((((((((((((((((((((((( snapshot@2008-09-10_12.59.00.69 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-09-10 14:14:38 45,056 ----a-r C:\WINDOWS\Installer{127431FE-24E7-4B38-9BD9-E7D010C90C12}\NewShortcut1.exe

  • 2008-09-10 14:14:38 45,056 ----a-r C:\WINDOWS\Installer{127431FE-24E7-4B38-9BD9-E7D010C90C12}\NewShortcut1_1.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-05-16 13529088]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i263_32.drv

“VIDC.YV12”= yv12vfw.dll

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

-ra------ 2007-08-09 16:48 528384 C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

–a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2008-05-16 15:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

–a------ 2008-05-16 15:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

–a------ 2008-05-16 15:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“17136:TCP”= 17136:TCP:BitComet 17136 TCP

“17136:UDP”= 17136:UDP:BitComet 17136 UDP

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 3584]

*Newly Created Service* - MBR

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-10 16:26:23

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-10 16:27:42

ComboFix-quarantined-files.txt 2008-09-10 14:27:25

ComboFix2.txt 2008-09-10 10:59:24

ComboFix3.txt 2008-09-02 20:27:03

Pre-Run: 1,989,689,344 bajtów wolnych

Post-Run: 1,982,009,344 bajtów wolnych

220

#6

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

#7

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052