Przestraszona wirusem czarnobylem prosze o sprawdzenie loga

Ktoś powiedział mi ostatnio zebym uważała na czarnobyl szczególnie w kwietniu wycztalam ze tworzy on wpis HKCU\software\JENNIFERLOPEZ_NAKED\ i HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion \Run. nie ma u mnie nic takiego ale na wszelki wypadek prosze o sprawdzenie loga

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:00:07, on 2008-04-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\V0250Mon.exe

D:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

D:\Program Files\Logitech\MediaLife\MediaLifeService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\Tlen.pl\tlen.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [RemoteControl] “d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”

O4 - HKLM…\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe

O4 - HKLM…\Run: [AVFX Engine] d:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM…\Run: [PCMService] “d:\Program Files\Logitech\MediaLife\MediaLifeService.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [LDM] d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU…\Run: [spybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 6377295312

O17 - HKLM\System\CCS\Services\Tcpip…{F0CF9D9B-C317-4EAD-A1BF-C50F8E372597}: NameServer = 194.204.159.1,194.204.157.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Pokaż log z Combofix

jak u ciebie niema tego wpisu i nic się z twoim kompem niedzieje to poco takie tamaty.

P.S log jest czysty

omboFix 08-04-08.10 - Fefka86 2008-04-09 18:12:27.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.308 [GMT 2:00]

Running from: C:\Documents and Settings\Fefka86\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32_000002_.tmp.dll

C:\WINDOWS\system32_000003_.tmp.dll

C:\WINDOWS\system32_000004_.tmp.dll

C:\WINDOWS\system32_000005_.tmp.dll

C:\WINDOWS\system32_000006_.tmp.dll

C:\WINDOWS\system32_000007_.tmp.dll

C:\WINDOWS\system32_000008_.tmp.dll

C:\WINDOWS\system32_000009_.tmp.dll

C:\WINDOWS\system32_000010_.tmp.dll

C:\WINDOWS\system32_000011_.tmp.dll

C:\WINDOWS\system32_000012_.tmp.dll

C:\WINDOWS\system32_000013_.tmp.dll

C:\WINDOWS\system32_000014_.tmp.dll

C:\WINDOWS\system32\AutoRun.inf

.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))

.

2008-04-09 17:15 . 2008-04-09 17:15

2008-04-07 18:08 . 2008-04-07 18:23

2008-04-07 17:47 . 2008-04-07 18:19

2008-04-06 22:25 . 2008-04-06 22:25

2008-04-06 22:07 . 2008-04-07 18:07

2008-04-06 22:07 . 2008-04-06 22:07 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-04-06 10:04 . 2008-04-06 10:04 348,160 --a------ C:\WINDOWS\system32\CoreVorbis.ax

2008-04-04 11:27 . 2008-04-04 11:28 98,927 --a------ C:\WINDOWS\hpqins16.dat

2008-03-16 18:11 . 2008-04-01 11:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-16 18:11 . 2008-03-16 18:11 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-14 14:01 . 2008-03-14 14:01

2008-03-14 12:59 . 2008-03-14 14:01

2008-03-14 12:59 . 2008-03-14 12:59

2008-03-14 12:52 . 2008-03-14 12:52

2008-03-14 12:52 . 2008-03-14 12:52 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 16:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-09 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-08 20:02 --------- d-----w C:\Documents and Settings\Fefka86\Application Data\Skype

2008-04-08 17:35 --------- d-----w C:\Documents and Settings\Fefka86\Application Data\OpenOffice.ux.pl2

2008-04-08 14:27 --------- d-----w C:\Documents and Settings\Fefka86\Application Data\skypePM

2008-04-06 20:23 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-06 08:06 405,504 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-04-06 08:06 3,138,560 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-04-06 08:06 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll

2008-04-06 08:05 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

2008-04-06 08:05 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll

2008-04-06 08:05 54,784 ----a-w C:\WINDOWS\system32\ff_liba52.dll

2008-04-06 08:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-04-06 08:05 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll

2008-04-06 08:05 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll

2008-04-06 08:05 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll

2008-04-06 08:05 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll

2008-04-06 08:05 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll

2008-04-06 08:05 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll

2008-04-06 08:05 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll

2008-04-06 08:05 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll

2008-04-04 09:27 --------- d-----w C:\Program Files\HP

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 11:59 --------- d-----w C:\Documents and Settings\Fefka86\Application Data\Autodesk

2008-03-14 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk

2008-03-01 16:36 3,591,680 ----a-w C:\WINDOWS\system32\SET206.tmp

2008-02-25 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search Destroy

2008-02-25 10:48 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-23 10:01 --------- d-----w C:\Program Files\Real Alternative

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET1F8.tmp

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SET1EF.tmp

2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SET1F1.tmp

2007-12-02 18:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-10-03 01:43 2,402,550 ----a-w C:\WINDOWS\inf\SET429.tmp

2004-08-10 19:00 1,431,144 ----a-w C:\WINDOWS\inf\SET49C.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 21:00 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“LDM”=“d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe” [2008-01-02 16:05 20480]

“SpybotSD TeaTimer”=“d:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-08-05 14:56 64512]

“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-03-23 13:17 94208]

“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 13:13 77824]

“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 13:17 118784]

“RTHDCPL”=“RTHDCPL.EXE” [2006-09-06 12:44 16262656 C:\WINDOWS\RTHDCPL.exe]

“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2008-03-07 23:01 53096]

“RemoteControl”=“d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-04-15 17:13 45056]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 22:34 49152]

“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 12:22 517768]

“V0250Mon.exe”=“C:\WINDOWS\V0250Mon.exe” [2006-06-07 19:00 32768]

“AVFX Engine”=“d:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-06-09 02:11 24576]

“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2004-09-15 11:12 37888 C:\WINDOWS\KHALMNPR.Exe]

“PCMService”=“d:\Program Files\Logitech\MediaLife\MediaLifeService.exe” [2004-09-09 21:58 73728]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-10 21:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-02 16:05:28 450560]

Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-02 16:04:20 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

“C:\Program Files\Winamp Remote\bin\Orb.exe”=

“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=

“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“22717:TCP”= 22717:TCP:BitComet 22717 TCP

“22717:UDP”= 22717:UDP:BitComet 22717 UDP

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 16:00]

R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 17:01]

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” [2006-08-03 18:40]

S3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 05:25]

S3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 10:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{436e195b-ce46-11dc-a021-0019d20bc5e4}]

\Shell\AutoRun\command - G:\d.com

\Shell\explore\Command - G:\d.com

\Shell\open\Command - G:\d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{52b64f18-e175-11dc-a046-b881201a75d5}]

\Shell\AutoRun\command - xpbkh.com

\Shell\explore\Command - xpbkh.com

\Shell\open\Command - xpbkh.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b5e52963-e477-11dc-a050-0019d20bc5e4}]

\Shell\Auto\command - activexdebugger32.exe f

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f

\Shell\explore\Command - activexdebugger32.exe f

\Shell\open\Command - activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bdb76968-ef5a-11dc-a067-0019d20bc5e4}]

\Shell\AutoRun\command - F:\b.com

\Shell\explore\Command - F:\b.com

\Shell\open\Command - F:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{dd4d3c38-d1a6-11dc-a029-0019d20bc5e4}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - COMHOST

.

Contents of the ‘Scheduled Tasks’ folder

“2008-04-04 20:03:30 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Fefka86.job”

  • D:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-09 18:14:43

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-09 18:16:19

ComboFix-quarantined-files.txt 2008-04-09 16:15:29

Pre-Run: 39,868,022,784 bytes free

Post-Run: 39,846,944,768 bytes free

.

2008-04-09 15:37:33 — E O F —

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

usuń ręcznie folder C: \Qoobox.

przeskanuj tym http://www.kaspersky.pl/virusscanner.html pokaż raport

włącz przywracanie systemu

:slight_smile:

ComboFix 08-04-08.10 - Fefka86 2008-04-09 18:55:51.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.355 [GMT 2:00]

Running from: C:\Documents and Settings\Fefka86\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Fefka86\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\inf\SET429.tmp

C:\WINDOWS\inf\SET49C.tmp

C:\WINDOWS\system32\SET1EF.tmp

C:\WINDOWS\system32\SET1F1.tmp

C:\WINDOWS\system32\SET1F8.tmp

.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))

.

2008-04-09 17:15 . 2008-04-09 17:15

2008-04-07 18:08 . 2008-04-07 18:23

2008-04-07 17:47 . 2008-04-07 18:19

2008-04-06 22:25 . 2008-04-06 22:25

2008-04-06 22:07 . 2008-04-07 18:07

2008-04-06 22:07 . 2008-04-06 22:07 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-04-06 10:04 . 2008-04-06 10:04 348,160 --a------ C:\WINDOWS\system32\CoreVorbis.ax

2008-04-04 11:27 . 2008-04-04 11:28 98,927 --a------ C:\WINDOWS\hpqins16.dat

2008-03-16 18:11 . 2008-04-01 11:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-16 18:11 . 2008-03-16 18:11 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-14 14:01 . 2008-03-14 14:01

2008-03-14 12:59 . 2008-03-14 14:01

2008-03-14 12:59 . 2008-03-14 12:59

2008-03-14 12:52 . 2008-03-14 12:52

2008-03-14 12:52 . 2008-03-14 12:52 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 16:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-09 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-08 20:02 --------- d-----w C:\Documents and Settings\Fefka86\Application Data\Skype

2008-04-08 17:35 --------- d-----w C:\Documents and Settings\Fefka86\Application Data\OpenOffice.ux.pl2

2008-04-08 14:27 --------- d-----w C:\Documents and Settings\Fefka86\Application Data\skypePM

2008-04-06 20:23 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-06 08:06 405,504 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-04-06 08:06 3,138,560 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-04-06 08:06 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll

2008-04-06 08:05 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

2008-04-06 08:05 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll

2008-04-06 08:05 54,784 ----a-w C:\WINDOWS\system32\ff_liba52.dll

2008-04-06 08:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-04-06 08:05 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll

2008-04-06 08:05 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll

2008-04-06 08:05 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll

2008-04-06 08:05 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll

2008-04-06 08:05 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll

2008-04-06 08:05 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll

2008-04-06 08:05 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll

2008-04-06 08:05 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll

2008-04-04 09:27 --------- d-----w C:\Program Files\HP

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 11:59 --------- d-----w C:\Documents and Settings\Fefka86\Application Data\Autodesk

2008-03-14 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk

2008-03-01 16:36 3,591,680 ----a-w C:\WINDOWS\system32\SET206.tmp

2008-02-25 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search Destroy

2008-02-25 10:48 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-23 10:01 --------- d-----w C:\Program Files\Real Alternative

2007-12-02 18:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 21:00 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“LDM”=“d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe” [2008-01-02 16:05 20480]

“SpybotSD TeaTimer”=“d:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-08-05 14:56 64512]

“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-03-23 13:17 94208]

“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 13:13 77824]

“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 13:17 118784]

“RTHDCPL”=“RTHDCPL.EXE” [2006-09-06 12:44 16262656 C:\WINDOWS\RTHDCPL.exe]

“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2008-03-07 23:01 53096]

“RemoteControl”=“d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-04-15 17:13 45056]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 22:34 49152]

“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 12:22 517768]

“V0250Mon.exe”=“C:\WINDOWS\V0250Mon.exe” [2006-06-07 19:00 32768]

“AVFX Engine”=“d:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-06-09 02:11 24576]

“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2004-09-15 11:12 37888 C:\WINDOWS\KHALMNPR.Exe]

“PCMService”=“d:\Program Files\Logitech\MediaLife\MediaLifeService.exe” [2004-09-09 21:58 73728]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-10 21:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-02 16:05:28 450560]

Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-02 16:04:20 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

“C:\Program Files\Winamp Remote\bin\Orb.exe”=

“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=

“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“22717:TCP”= 22717:TCP:BitComet 22717 TCP

“22717:UDP”= 22717:UDP:BitComet 22717 UDP

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 16:00]

R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 17:01]

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” [2006-08-03 18:40]

S3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 05:25]

S3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 10:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST

.

Contents of the ‘Scheduled Tasks’ folder

“2008-04-04 20:03:30 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Fefka86.job”

  • D:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-09 18:56:58

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-09 18:58:01

ComboFix-quarantined-files.txt 2008-04-09 16:57:15

ComboFix2.txt 2008-04-09 16:46:00

ComboFix3.txt 2008-04-09 16:16:20

Pre-Run: 43,198,971,904 bytes free

Post-Run: 43,186,606,080 bytes free

.

2008-04-09 15:37:33 — E O F —

Niestety nie moge przeskanowac systemu kasperskym

dla czego?

z loga wynika że wszystko OK

:slight_smile:

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350