Uparty wirus

Dla specjalistów Bezpieczeństwo
#1

od wczoraj mam problem z kompem

w htj znalazlem syf ale nie idzie go fixnac ani usunac z trybu awaryjnego

log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:57:40, on 2008-11-04

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeA

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: linijka z adresem: 216.107.250.194 nprotect.lineage2.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\xxyabyaW.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll

O20 - Winlogon Notify: xxyabyaW - C:\WINDOWS\SYSTEM32\xxyabyaW.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe

End of file - 4671 bytes

moge takze zrobic skana combofixem i dac loga

jasli ktos moze pomoc to bardzo prosze i z gory dziekuje

#2 
O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\xxyabyaW.dll

O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll			

O20 - Winlogon Notify: xxyabyaW - C:\WINDOWS\SYSTEM32\xxyabyaW.dll

usuń wpisy HJT

Daj log z ComboFix

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

#3

nie idzie tego fixnac w htj wprobowalem juz usowan a to spowrotem wskakuje

#4

Daj log z Combo

#5

log z combofixa usunal cos ale nie wiem czy wszystko

ComboFix 08-11-03.06 - My 2008-11-04 19:56:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1616 [GMT 1:00]

Uruchomiony z: c:\documents and settings\My\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\My\Ustawienia lokalne\Temporary Internet Files\fbk.sts

c:\windows\system32\28463

c:\windows\system32\28463\AKV.exe

c:\windows\system32\a.exe

c:\windows\system32\drivers\4f974b23.sys

c:\windows\system32\drivers\6eb4718e.sys

c:\windows\system32\drivers\c68fa778.sys

c:\windows\system32\drivers\cad7a344.sys

c:\windows\system32\drivers\f5bd2eb2.sys

c:\windows\system32\drivers\fc916c90.sys

c:\windows\system32\drivers\fdaff326.sys

c:\windows\system32\iiffFwxu.dll

c:\windows\system32\jkkLbbYP.dll

c:\windows\system32\msvcrtd.exe

c:\windows\system32\rs32net.exe

c:\windows\system32\xxyabyaW.dll

D:\install.exe

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_msupdate

-------\Service_msupdate

-------\Service_restore

((((((((((((((((((((((((( Pliki utworzone od 2008-10-04 do 2008-11-04 )))))))))))))))))))))))))))))))

.

2008-11-04 19:55 . 2008-11-04 19:55 705 --a------ C:\admwxe.exe

2008-11-04 19:54 . 2008-11-04 19:54 161,796 --a------ C:\ufoakx.exe

2008-11-04 19:54 . 2008-11-04 19:54 26,112 --a------ C:\cqhtqpq.exe

2008-11-04 19:19 . 2008-11-04 20:01 5,760 --a------ c:\windows\system32\drivers\restore.sys

2008-11-04 18:41 . 2008-11-04 19:54 77,950 --a------ C:\yxygu.exe

2008-11-04 18:41 . 2008-11-04 19:54 2 --a------ C:-259368906

2008-11-04 18:05 . 2008-11-04 18:05

2008-11-04 18:05 . 2008-11-04 18:05 135,424 --a------ c:\windows\system32\drivers\ethounku.sys

2008-11-04 18:05 . 2008-11-04 20:01 32,768 --a------ c:\windows\system32\drivers\ati3taxx.sys

2008-11-04 18:05 . 2008-11-04 18:05 3,584 --a------ c:\windows\bsdkuisz.exe

2008-11-03 21:30 . 2008-11-03 22:26

2008-11-03 13:03 . 2008-11-03 13:03

2008-11-03 08:12 . 2008-11-03 08:12

2008-11-03 08:12 . 2004-07-29 08:00 196,608 --a------ c:\windows\system32\muangsys.dll

2008-11-03 08:12 . 2004-07-29 08:00 69,632 --a------ c:\windows\system32\muadisp.dll

2008-11-02 23:31 . 2008-11-02 23:31

2008-11-02 23:31 . 2008-11-02 23:31

2008-11-02 23:30 . 2007-04-18 01:13 494,557 --a------ c:\windows\system32\dxgi.dll

2008-11-02 23:30 . 2007-12-22 20:30 34,854 --a------ c:\windows\system32\directx10logo.bmp

2008-11-02 23:30 . 2007-04-18 01:13 25,037 --a------ c:\windows\system32\Nucleus.dll

2008-11-02 23:29 . 2007-04-18 01:20 566,624 --a------ c:\windows\system32\d3d10.dll

2008-11-02 23:29 . 2007-04-19 01:59 519,912 --a------ c:\windows\system32\d3dx10d_33.dll

2008-11-02 23:29 . 2007-04-19 01:59 519,912 --a------ c:\windows\system32\d3dx10d.dll

2008-11-02 23:29 . 2006-11-29 13:06 440,080 --a------ c:\windows\system32\d3dx10.dll

2008-11-02 13:13 . 2008-11-02 13:13 262,144 --a------ c:\windows\system32\wrap_oal.dll

2008-11-02 13:13 . 2008-11-02 13:13 86,016 --a------ c:\windows\system32\OpenAL32.dll

2008-11-02 13:13 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys

2008-11-02 13:13 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd

2008-11-02 13:13 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys

2008-11-02 13:13 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys

2008-11-01 22:56 . 2008-11-01 22:56

2008-11-01 22:50 . 2008-11-01 22:50

2008-11-01 22:50 . 2008-11-01 22:50

2008-11-01 22:43 . 2008-11-01 22:43

2008-11-01 21:03 . 2007-03-16 10:19 5,174 -ra------ c:\windows\system32\nppt9x.vxd

2008-11-01 21:03 . 2007-03-16 10:19 4,682 -ra------ c:\windows\system32\npptNT2.sys

2008-11-01 20:49 . 2008-11-01 20:49

2008-11-01 16:33 . 2008-11-01 16:33

2008-10-29 19:52 . 2008-10-31 13:40

2008-10-29 19:51 . 2008-10-29 19:51

2008-10-28 17:26 . 2008-10-28 17:26

2008-10-28 17:26 . 2008-10-28 17:25 410,976 --a------ c:\windows\system32\deploytk.dll

2008-10-28 17:26 . 2008-10-28 17:25 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-10-28 17:25 . 2008-10-28 17:25

2008-10-24 07:34 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-17 21:41 . 2008-10-28 19:24

2008-10-16 08:21 . 2008-10-16 08:21

2008-10-15 20:46 . 2008-08-14 14:26 2,190,464 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 20:46 . 2008-08-14 14:26 2,146,816 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 20:46 . 2008-08-14 14:26 2,067,328 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 20:46 . 2008-08-14 14:26 2,025,472 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-15 20:46 . 2008-09-15 16:27 1,846,656 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-15 20:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

2008-10-12 17:32 . 2008-10-12 17:32

2008-10-12 17:30 . 2008-10-12 17:30

2008-10-12 17:30 . 2003-10-13 10:56 1,302,528 --------- c:\windows\UNNeroVision.exe

2008-10-12 17:30 . 2001-07-09 10:50 155,648 -ra------ c:\windows\system32\NeroCheck.exe

2008-10-12 17:30 . 2004-01-09 10:28 90,057 --------- c:\windows\UNNeroVision.cfg

2008-10-12 17:29 . 2008-10-12 17:30

2008-10-12 17:29 . 2008-10-12 17:31

2008-10-12 17:29 . 2001-07-06 13:41 569,344 -ra------ c:\windows\system32\imagr5.dll

2008-10-12 17:29 . 2001-07-06 11:44 544,768 -ra------ c:\windows\system32\imagx5.dll

2008-10-12 17:29 . 2001-07-06 17:24 283,920 -ra------ c:\windows\system32\ImagXpr5.dll

2008-10-12 17:29 . 2001-06-26 07:15 38,912 -ra------ c:\windows\system32\picn20.dll

2008-10-12 17:12 . 2008-10-12 17:12

2008-10-12 11:53 . 2008-10-12 11:53

2008-10-12 11:53 . 2008-06-20 13:33 32,256 --a------ c:\windows\system32\alading.dll

2008-10-08 07:13 . 2008-10-20 17:14

2008-10-08 07:03 . 2008-10-08 07:03

2008-10-08 07:03 . 2004-04-30 08:37 160,640 --a------ c:\windows\system32\drivers\a347bus.sys

2008-10-08 07:03 . 2004-04-30 08:33 5,248 --a------ c:\windows\system32\drivers\a347scsi.sys

2008-10-07 17:44 . 2008-10-07 17:44

2008-10-06 18:16 . 2008-10-06 18:17

2008-10-05 10:54 . 2008-10-05 10:54

2008-10-05 10:54 . 2008-10-05 10:54 2,084 --a------ c:\windows\system32\ealregsnapshot1.reg

2008-10-05 10:02 . 2008-10-05 10:03 17 --a------ c:\windows\popcinfo.dat

2008-10-05 09:59 . 2008-10-19 19:22

2008-10-05 09:51 . 2008-10-05 09:51

2008-10-05 09:51 . 2008-10-05 09:51

2008-10-05 09:51 . 2008-10-05 09:51

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-04 19:01 848,416 --sha-w c:\windows\system32\drivers\fidbox2.dat

2008-11-04 19:00 85,808 --sha-w c:\windows\system32\drivers\fidbox2.idx

2008-11-04 19:00 246,104 --sha-w c:\windows\system32\drivers\fidbox.idx

2008-11-04 19:00 17,622,560 --sha-w c:\windows\system32\drivers\fidbox.dat

2008-11-02 12:12 --------- d–h--w c:\program files\InstallShield Installation Information

2008-10-28 17:12 --------- d-----w c:\program files\Winamp Toolbar

2008-10-27 20:02 --------- d-----w c:\documents and settings\My\Dane aplikacji\Tibia

2008-10-22 20:45 --------- d-----w c:\program files\Opera

2008-10-17 22:21 --------- d-----w c:\program files\Tibia Auto

2008-10-17 21:33 --------- d-----w c:\program files\Tibia

2008-10-04 19:30 --------- d-----w c:\program files\BitComet

2008-10-03 17:26 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

2008-10-03 09:14 --------- d-----w c:\program files\POL

2008-10-02 21:28 --------- d-----w c:\program files\Python

2008-10-02 21:20 --------- d-----w c:\program files\Tcl

2008-10-02 06:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI

2008-10-02 06:55 --------- d-----w c:\program files\ATI Technologies

2008-10-02 05:57 --------- d-----w c:\program files\GLSetup

2008-10-01 13:43 --------- d-----w c:\program files\TeddyBears

2008-10-01 13:37 --------- d–h--r c:\documents and settings\My\Dane aplikacji\CrystalSpace

2008-10-01 13:37 --------- d–h--r c:\documents and settings\My\Dane aplikacji\Chromeflower

2008-10-01 13:37 --------- d-----w c:\program files\ICE-land

2008-09-30 16:30 --------- d-----w c:\program files\Radeon Omega Drivers

2008-09-30 16:30 --------- d-----w c:\program files\MultiRes

2008-09-30 15:59 --------- d-----w c:\program files\Ray Adams

2008-09-30 15:55 --------- d-----w c:\program files\Common Files\ATI Technologies

2008-09-30 15:52 --------- d-----w c:\program files\3dhq Tools

2008-09-30 13:54 --------- d-----w c:\program files\Trend Micro

2008-09-30 09:18 --------- d-----w c:\documents and settings\My\Dane aplikacji\ATI

2008-09-29 18:09 --------- d-----w c:\program files\ASUS

2008-09-26 07:22 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2008-09-26 07:20 --------- d-----w c:\program files\Microsoft Visual Studio 8

2008-09-26 07:20 --------- d-----w c:\program files\Common Files\Merge Modules

2008-09-23 13:55 --------- d-----w c:\program files\GameFace Messenger

2008-09-23 06:25 --------- d-----w c:\documents and settings\My\Dane aplikacji\SPORE

2008-09-22 19:44 --------- d-----w c:\program files\MoorHunt

2008-09-22 17:00 737,280 ----a-w c:\windows\iun6002.exe

2008-09-22 16:39 --------- d-----w c:\program files\Managed DirectX (0901)

2008-09-22 16:37 --------- d-----w c:\documents and settings\My\Dane aplikacji\atitray

2008-09-22 16:32 472,576 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe

2008-09-22 15:40 --------- d-----w c:\program files\Gadu-Gadu

2008-09-22 15:02 495,458 ----a-w c:\windows\system32\opengl95.exe

2008-09-22 15:02 495,458 ----a-w c:\windows\opengl95.exe

2008-09-22 14:58 --------- d-----w c:\program files\Microsoft Visual Studio 9.0

2008-09-22 14:43 --------- d-----w c:\program files\Microsoft Synchronization Services

2008-09-22 14:43 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2008-09-22 14:43 --------- d-----w c:\program files\Microsoft SQL Server

2008-09-22 14:40 --------- d-----w c:\program files\Microsoft.NET

2008-09-22 14:39 --------- d-----w c:\program files\Microsoft SDKs

2008-09-22 14:38 --------- d-----w c:\program files\Reference Assemblies

2008-09-22 14:38 --------- d-----w c:\program files\MSBuild

2008-09-22 13:00 --------- d-----w c:\program files\My Company Name

2008-09-22 12:26 --------- d-----w c:\program files\NVIDIA Corporation

2008-09-22 12:21 --------- d-----w c:\program files\Winbond Electronics Corp

2008-09-22 12:14 --------- d-----w c:\program files\AMD

2008-09-22 06:25 --------- d-----w c:\program files\Common Files\InstallShield

2008-09-22 06:24 --------- d-----w c:\program files\DAEMON Tools Toolbar

2008-09-22 06:24 --------- d-----w c:\program files\DAEMON Tools Lite

2008-09-22 06:22 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-09-22 06:22 --------- d-----w c:\documents and settings\My\Dane aplikacji\DAEMON Tools

2008-09-21 20:16 --------- d-----w c:\program files\Common Files\Adobe

2008-09-21 17:15 --------- d-----w c:\program files\Common Files\INCA Shared

2008-09-21 16:47 --------- d-----w c:\documents and settings\My\Dane aplikacji\Gadu-Gadu

2008-09-21 16:34 --------- d-----w c:\program files\MarBit

2008-09-21 16:31 60,416 ----a-w c:\windows\ALCFDRTM.EXE

2008-09-21 16:26 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\OrbNetworks

2008-09-21 16:25 --------- d-----w c:\program files\Winamp Remote

2008-09-21 16:25 --------- d-----w c:\program files\Winamp

2008-09-21 16:25 --------- d-----w c:\program files\Kaspersky Lab

2008-09-21 16:25 --------- d-----w c:\documents and settings\My\Dane aplikacji\Winamp

2008-09-21 16:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar

2008-09-21 16:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2008-09-21 16:24 --------- d-----w c:\program files\Realtek AC97

2008-09-21 16:22 --------- d-----w c:\program files\Google

2008-09-21 16:01 --------- d-----w c:\program files\Usługi online

2008-09-21 15:56 --------- d-----w c:\program files\Windows Media Connect 2

2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys

2008-09-03 03:32 4,912,113 ----a-w c:\windows\system32\jcodec.dll

2008-09-03 03:32 18,181 ----a-w c:\windows\system32\jcodecsh.dll

2008-08-27 09:27 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-26 08:27 826,368 ------w c:\windows\system32\dllcache\wininet.dll

2008-08-26 08:27 671,232 ------w c:\windows\system32\dllcache\mstime.dll

2008-08-26 08:27 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll

2008-08-26 08:27 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll

2008-08-26 08:27 233,472 ------w c:\windows\system32\dllcache\webcheck.dll

2008-08-26 08:27 193,024 ------w c:\windows\system32\dllcache\msrating.dll

2008-08-26 08:27 105,984 ------w c:\windows\system32\dllcache\url.dll

2008-08-26 08:27 102,912 ------w c:\windows\system32\dllcache\occache.dll

2008-08-26 08:27 1,159,680 ------w c:\windows\system32\dllcache\urlmon.dll

2008-08-25 08:42 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-21 02:19 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll

2008-08-21 02:18 314,880 ----a-w c:\windows\system32\ati2dvag.dll

2008-08-21 02:08 184,320 ----a-w c:\windows\system32\atipdlxx.dll

2008-08-21 02:08 143,360 ----a-w c:\windows\system32\Oemdspif.dll

2008-08-21 02:07 43,520 ----a-w c:\windows\system32\ati2edxx.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“kav”=“c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” [2006-03-24 139367]

“SoundMan”=“SOUNDMAN.EXE” [2005-06-14 c:\windows\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.asv2”= asusasv2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3taxx.sys]

@=“Driver”

[HKLM~\startupfolder\C:^Documents and Settings^My^Menu Start^Programy^Autostart^Alaplaya Launcher.lnk]

path=c:\documents and settings\My\Menu Start\Programy\Autostart\Alaplaya Launcher.lnk

backup=c:\windows\pss\Alaplaya Launcher.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^My^Menu Start^Programy^Autostart^lsass.exe]

path=c:\documents and settings\My\Menu Start\Programy\Autostart\lsass.exe

backup=c:\windows\pss\lsass.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2008-04-14 21:51 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

–a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2008-03-20 11:04 2127296 c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]

–a------ 2008-01-13 21:31 525312 c:\program files\HTV\HTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

–a------ 2006-03-24 19:09 139367 c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

-ra------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

–a------ 2008-04-01 02:54 507904 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]

–a------ 2008-10-28 17:25 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“WMPNetworkSvc”=3 (0x3)

“msupdate”=2 (0x2)

“idsvc”=3 (0x3)

“IDriverT”=3 (0x3)

“gusvc”=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Winamp Remote\bin\Orb.exe”=

“c:\Program Files\Winamp Remote\bin\OrbTray.exe”=

“c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=

“c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”=

“e:\GrY\Steam\SteamApps\wolffik\counter-strike\hl.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\BitComet\BitComet.exe”=

“c:\q3test-1.08\quake3.exe”=

“c:\Program Files\Opera\opera.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“7249:TCP”= 7249:TCP:BitComet 7249 TCP

“7249:UDP”= 7249:UDP:BitComet 7249 UDP

R0 ati3taxx;ati3taxx;c:\windows\system32\Drivers\ati3taxx.sys [2008-11-04 32768]

R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-28 152984]

S1 4f974b23;4f974b23;c:\windows\system32\drivers\4f974b23.sys []

S1 6eb4718e;6eb4718e;c:\windows\system32\drivers\6eb4718e.sys []

S1 cad7a344;cad7a344;c:\windows\system32\drivers\cad7a344.sys []

S1 ethounku;ethounku;c:\windows\system32\drivers\ethounku.sys [2008-11-04 135424]

S1 f5bd2eb2;f5bd2eb2;c:\windows\system32\drivers\f5bd2eb2.sys []

S1 fc916c90;fc916c90;c:\windows\system32\drivers\fc916c90.sys []

S1 fdaff326;fdaff326;c:\windows\system32\drivers\fdaff326.sys []

S3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys []

S3 dump_wmimmc;dump_wmimmc;e:\gry\Lineage 2\system\GameGuard\dump_wmimmc.sys []

S3 npkycryp;npkycryp;e:\gry\Lineage II\system\npkycryp.sys []

S3 PCI_Ctrl;PCI_Ctrl;c:\windows\system32\drivers\PCI_Ctrl.sys []

S3 restore;restore;c:\windows\system32\drivers\restore.sys [2008-11-04 5760]

S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{91eac7b5-8804-11dd-a504-806d6172696f}]

\Shell\AutoRun\command - F:\ASUSACPI.exe

.

        • USUNIĘTO PUSTE WPISY - - - -

BHO-{C31C05B4-0A01-4DC2-8E5E-0315459F508E} - c:\windows\system32\xxyabyaW.dll

ShellExecuteHooks-{C31C05B4-0A01-4DC2-8E5E-0315459F508E} - c:\windows\system32\xxyabyaW.dll

MSConfigStartUp-ASUS SmartDoctor - c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe

MSConfigStartUp-GameFace Messenger - c:\program files\GameFace Messenger\GameFace.exe

MSConfigStartUp-POL Agent - c:\program files\POL\POL.exe

MSConfigStartUp-AtiPTA - atiptaxx.exe

.

------- Skan uzupełniający -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/

O8 -: Download with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

O8 -: Download all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

O8 -: Download all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-04 20:01:59

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2008-11-04 20:08:02 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-11-04 19:07:19

Przed: 1 360 232 448 bajtów wolnych

Po: 2,230,386,688 bajtów wolnych

336 — E O F — 2008-10-24 12:17:36

kaspersky wykrywa mi jeszcze ze zainfekowany jest tez plik

wykryto: Koń trojański Rootkit.Win32.Agent.der Plik: c:\windows\system32\drivers\restore.sys

wykryto: Koń trojański Rootkit.Win32.Protector.bd Plik: C:\WINDOWS\system32\drivers\ati3taxx.sys

jesli jest cos w logu to prosze o napisanie co i jak mam usunac

#6

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Wklej do Notatnika:

File::

C:\admwxe.exe

C:\ufoakx.exe

C:\cqhtqpq.exe

c:\windows\system32\drivers\restore.sys

C:\yxygu.exe

c:\windows\system32\drivers\ethounku.sys

c:\windows\system32\drivers\ati3taxx.sys

c:\windows\bsdkuisz.exe


Driver::

ati3taxx

4f974b23

6eb4718e

cad7a344

ethounku

f5bd2eb2

fc916c90

fdaff326

atidgllk

dump_wmimmc

npkycryp

PCI_Ctrl 

Video3D


Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3taxx.sys]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Proszę pobrać i użyć Malwarebytes’ Anti-Malware

Wciskamy Skanuj , wybieramy dyski do skanowania i Rozpoczynamy skanowanie , na końcu wciskamy Usuń zaznaczone jak będą i Ok  :wink:

#7

ComboFix 08-11-03.06 - My 2008-11-04 20:49:59.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1561 [GMT 1:00]

Uruchomiony z: e:\programy\combofix\ComboFix.exe

Użyto następujących komend :: e:\programy\combofix\CFScript.txt

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

FILE ::

C:\admwxe.exe

C:\cqhtqpq.exe

C:\ufoakx.exe

c:\windows\bsdkuisz.exe

c:\windows\system32\drivers\ati3taxx.sys

c:\windows\system32\drivers\ethounku.sys

c:\windows\system32\drivers\restore.sys

C:\yxygu.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\admwxe.exe

C:\cqhtqpq.exe

C:\ufoakx.exe

c:\windows\bsdkuisz.exe

c:\windows\system32\drivers\ati3taxx.sys

c:\windows\system32\drivers\ethounku.sys

C:\yxygu.exe

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ati3taxx

-------\Legacy_ATIDGLLK

-------\Legacy_DUMP_WMIMMC

-------\Legacy_PCI_CTRL

-------\Service_4f974b23

-------\Service_6eb4718e

-------\Service_ati3taxx

-------\Service_atidgllk

-------\Service_cad7a344

-------\Service_dump_wmimmc

-------\Service_ethounku

-------\Service_f5bd2eb2

-------\Service_fc916c90

-------\Service_fdaff326

-------\Service_npkycryp

-------\Service_PCI_Ctrl

-------\Service_restore

-------\Service_Video3D

((((((((((((((((((((((((( Pliki utworzone od 2008-10-04 do 2008-11-04 )))))))))))))))))))))))))))))))

.

2008-11-04 20:25 . 2008-11-04 20:25

2008-11-04 20:25 . 2008-11-04 20:25

2008-11-04 20:25 . 2008-11-04 20:56 238,368 --ahs---- c:\windows\system32\drivers\fidbox.dat

2008-11-04 20:25 . 2008-11-04 20:54 5,072 --ahs---- c:\windows\system32\drivers\fidbox.idx

2008-11-04 20:25 . 2008-11-04 20:55 2,080 --ahs---- c:\windows\system32\drivers\fidbox2.dat

2008-11-04 20:25 . 2008-11-04 20:54 1,244 --ahs---- c:\windows\system32\drivers\fidbox2.idx

2008-11-04 18:41 . 2008-11-04 19:54 2 --a------ C:-259368906

2008-11-04 18:05 . 2008-11-04 18:05

2008-11-03 21:30 . 2008-11-03 22:26

2008-11-03 13:03 . 2008-11-03 13:03

2008-11-03 08:12 . 2008-11-03 08:12

2008-11-03 08:12 . 2004-07-29 08:00 196,608 --a------ c:\windows\system32\muangsys.dll

2008-11-03 08:12 . 2004-07-29 08:00 69,632 --a------ c:\windows\system32\muadisp.dll

2008-11-02 23:31 . 2008-11-02 23:31

2008-11-02 23:31 . 2008-11-02 23:31

2008-11-02 23:30 . 2007-04-18 01:13 494,557 --a------ c:\windows\system32\dxgi.dll

2008-11-02 23:30 . 2007-12-22 20:30 34,854 --a------ c:\windows\system32\directx10logo.bmp

2008-11-02 23:30 . 2007-04-18 01:13 25,037 --a------ c:\windows\system32\Nucleus.dll

2008-11-02 23:29 . 2007-04-18 01:20 566,624 --a------ c:\windows\system32\d3d10.dll

2008-11-02 23:29 . 2007-04-19 01:59 519,912 --a------ c:\windows\system32\d3dx10d_33.dll

2008-11-02 23:29 . 2007-04-19 01:59 519,912 --a------ c:\windows\system32\d3dx10d.dll

2008-11-02 23:29 . 2006-11-29 13:06 440,080 --a------ c:\windows\system32\d3dx10.dll

2008-11-02 13:13 . 2008-11-02 13:13 262,144 --a------ c:\windows\system32\wrap_oal.dll

2008-11-02 13:13 . 2008-11-02 13:13 86,016 --a------ c:\windows\system32\OpenAL32.dll

2008-11-02 13:13 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys

2008-11-02 13:13 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd

2008-11-02 13:13 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys

2008-11-02 13:13 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys

2008-11-01 22:56 . 2008-11-01 22:56

2008-11-01 22:50 . 2008-11-01 22:50

2008-11-01 22:50 . 2008-11-01 22:50

2008-11-01 22:43 . 2008-11-01 22:43

2008-11-01 21:03 . 2007-03-16 10:19 5,174 -ra------ c:\windows\system32\nppt9x.vxd

2008-11-01 21:03 . 2007-03-16 10:19 4,682 -ra------ c:\windows\system32\npptNT2.sys

2008-11-01 20:49 . 2008-11-01 20:49

2008-11-01 16:33 . 2008-11-01 16:33

2008-10-29 19:52 . 2008-10-31 13:40

2008-10-29 19:51 . 2008-10-29 19:51

2008-10-28 17:26 . 2008-10-28 17:26

2008-10-28 17:26 . 2008-10-28 17:25 410,976 --a------ c:\windows\system32\deploytk.dll

2008-10-28 17:26 . 2008-10-28 17:25 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-10-28 17:25 . 2008-10-28 17:25

2008-10-24 07:34 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-17 21:41 . 2008-10-28 19:24

2008-10-16 08:21 . 2008-10-16 08:21

2008-10-15 20:46 . 2008-08-14 14:26 2,190,464 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 20:46 . 2008-08-14 14:26 2,146,816 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 20:46 . 2008-08-14 14:26 2,067,328 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 20:46 . 2008-08-14 14:26 2,025,472 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-15 20:46 . 2008-09-15 16:27 1,846,656 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-15 20:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

2008-10-12 17:32 . 2008-10-12 17:32

2008-10-12 17:30 . 2008-10-12 17:30

2008-10-12 17:30 . 2003-10-13 10:56 1,302,528 --------- c:\windows\UNNeroVision.exe

2008-10-12 17:30 . 2001-07-09 10:50 155,648 -ra------ c:\windows\system32\NeroCheck.exe

2008-10-12 17:30 . 2004-01-09 10:28 90,057 --------- c:\windows\UNNeroVision.cfg

2008-10-12 17:29 . 2008-10-12 17:30

2008-10-12 17:29 . 2008-10-12 17:31

2008-10-12 17:29 . 2001-07-06 13:41 569,344 -ra------ c:\windows\system32\imagr5.dll

2008-10-12 17:29 . 2001-07-06 11:44 544,768 -ra------ c:\windows\system32\imagx5.dll

2008-10-12 17:29 . 2001-07-06 17:24 283,920 -ra------ c:\windows\system32\ImagXpr5.dll

2008-10-12 17:29 . 2001-06-26 07:15 38,912 -ra------ c:\windows\system32\picn20.dll

2008-10-12 17:12 . 2008-10-12 17:12

2008-10-12 11:53 . 2008-10-12 11:53

2008-10-12 11:53 . 2008-06-20 13:33 32,256 --a------ c:\windows\system32\alading.dll

2008-10-08 07:13 . 2008-10-20 17:14

2008-10-08 07:03 . 2008-10-08 07:03

2008-10-08 07:03 . 2004-04-30 08:37 160,640 --a------ c:\windows\system32\drivers\a347bus.sys

2008-10-08 07:03 . 2004-04-30 08:33 5,248 --a------ c:\windows\system32\drivers\a347scsi.sys

2008-10-07 17:44 . 2008-10-07 17:44

2008-10-06 18:16 . 2008-10-06 18:17

2008-10-05 10:54 . 2008-10-05 10:54

2008-10-05 10:54 . 2008-10-05 10:54 2,084 --a------ c:\windows\system32\ealregsnapshot1.reg

2008-10-05 10:02 . 2008-10-05 10:03 17 --a------ c:\windows\popcinfo.dat

2008-10-05 09:59 . 2008-10-19 19:22

2008-10-05 09:51 . 2008-10-05 09:51

2008-10-05 09:51 . 2008-10-05 09:51

2008-10-05 09:51 . 2008-10-05 09:51

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-02 12:12 --------- d–h--w c:\program files\InstallShield Installation Information

2008-10-28 17:12 --------- d-----w c:\program files\Winamp Toolbar

2008-10-27 20:02 --------- d-----w c:\documents and settings\My\Dane aplikacji\Tibia

2008-10-22 20:45 --------- d-----w c:\program files\Opera

2008-10-17 22:21 --------- d-----w c:\program files\Tibia Auto

2008-10-17 21:33 --------- d-----w c:\program files\Tibia

2008-10-04 19:30 --------- d-----w c:\program files\BitComet

2008-10-03 17:26 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

2008-10-03 09:14 --------- d-----w c:\program files\POL

2008-10-02 21:28 --------- d-----w c:\program files\Python

2008-10-02 21:20 --------- d-----w c:\program files\Tcl

2008-10-02 06:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI

2008-10-02 06:55 --------- d-----w c:\program files\ATI Technologies

2008-10-02 05:57 --------- d-----w c:\program files\GLSetup

2008-10-01 13:43 --------- d-----w c:\program files\TeddyBears

2008-10-01 13:37 --------- d–h--r c:\documents and settings\My\Dane aplikacji\CrystalSpace

2008-10-01 13:37 --------- d–h--r c:\documents and settings\My\Dane aplikacji\Chromeflower

2008-10-01 13:37 --------- d-----w c:\program files\ICE-land

2008-09-30 16:30 --------- d-----w c:\program files\Radeon Omega Drivers

2008-09-30 16:30 --------- d-----w c:\program files\MultiRes

2008-09-30 15:59 --------- d-----w c:\program files\Ray Adams

2008-09-30 15:55 --------- d-----w c:\program files\Common Files\ATI Technologies

2008-09-30 15:52 --------- d-----w c:\program files\3dhq Tools

2008-09-30 13:54 --------- d-----w c:\program files\Trend Micro

2008-09-30 09:18 --------- d-----w c:\documents and settings\My\Dane aplikacji\ATI

2008-09-29 18:09 --------- d-----w c:\program files\ASUS

2008-09-26 07:22 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2008-09-26 07:20 --------- d-----w c:\program files\Microsoft Visual Studio 8

2008-09-26 07:20 --------- d-----w c:\program files\Common Files\Merge Modules

2008-09-23 13:55 --------- d-----w c:\program files\GameFace Messenger

2008-09-23 06:25 --------- d-----w c:\documents and settings\My\Dane aplikacji\SPORE

2008-09-22 19:44 --------- d-----w c:\program files\MoorHunt

2008-09-22 17:00 737,280 ----a-w c:\windows\iun6002.exe

2008-09-22 16:39 --------- d-----w c:\program files\Managed DirectX (0901)

2008-09-22 16:37 --------- d-----w c:\documents and settings\My\Dane aplikacji\atitray

2008-09-22 16:32 472,576 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe

2008-09-22 15:40 --------- d-----w c:\program files\Gadu-Gadu

2008-09-22 15:02 495,458 ----a-w c:\windows\system32\opengl95.exe

2008-09-22 15:02 495,458 ----a-w c:\windows\opengl95.exe

2008-09-22 14:58 --------- d-----w c:\program files\Microsoft Visual Studio 9.0

2008-09-22 14:43 --------- d-----w c:\program files\Microsoft Synchronization Services

2008-09-22 14:43 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2008-09-22 14:43 --------- d-----w c:\program files\Microsoft SQL Server

2008-09-22 14:40 --------- d-----w c:\program files\Microsoft.NET

2008-09-22 14:39 --------- d-----w c:\program files\Microsoft SDKs

2008-09-22 14:38 --------- d-----w c:\program files\Reference Assemblies

2008-09-22 14:38 --------- d-----w c:\program files\MSBuild

2008-09-22 13:00 --------- d-----w c:\program files\My Company Name

2008-09-22 12:26 --------- d-----w c:\program files\NVIDIA Corporation

2008-09-22 12:21 --------- d-----w c:\program files\Winbond Electronics Corp

2008-09-22 12:14 --------- d-----w c:\program files\AMD

2008-09-22 06:25 --------- d-----w c:\program files\Common Files\InstallShield

2008-09-22 06:24 --------- d-----w c:\program files\DAEMON Tools Toolbar

2008-09-22 06:24 --------- d-----w c:\program files\DAEMON Tools Lite

2008-09-22 06:22 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-09-22 06:22 --------- d-----w c:\documents and settings\My\Dane aplikacji\DAEMON Tools

2008-09-21 20:16 --------- d-----w c:\program files\Common Files\Adobe

2008-09-21 17:15 --------- d-----w c:\program files\Common Files\INCA Shared

2008-09-21 16:47 --------- d-----w c:\documents and settings\My\Dane aplikacji\Gadu-Gadu

2008-09-21 16:34 --------- d-----w c:\program files\MarBit

2008-09-21 16:31 60,416 ----a-w c:\windows\ALCFDRTM.EXE

2008-09-21 16:26 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\OrbNetworks

2008-09-21 16:25 --------- d-----w c:\program files\Winamp Remote

2008-09-21 16:25 --------- d-----w c:\program files\Winamp

2008-09-21 16:25 --------- d-----w c:\documents and settings\My\Dane aplikacji\Winamp

2008-09-21 16:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar

2008-09-21 16:24 --------- d-----w c:\program files\Realtek AC97

2008-09-21 16:22 --------- d-----w c:\program files\Google

2008-09-21 16:01 --------- d-----w c:\program files\Usługi online

2008-09-21 15:56 --------- d-----w c:\program files\Windows Media Connect 2

2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys

2008-09-03 03:32 4,912,113 ----a-w c:\windows\system32\jcodec.dll

2008-09-03 03:32 18,181 ----a-w c:\windows\system32\jcodecsh.dll

2008-08-27 09:27 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-26 08:27 826,368 ------w c:\windows\system32\dllcache\wininet.dll

2008-08-26 08:27 671,232 ------w c:\windows\system32\dllcache\mstime.dll

2008-08-26 08:27 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll

2008-08-26 08:27 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll

2008-08-26 08:27 233,472 ------w c:\windows\system32\dllcache\webcheck.dll

2008-08-26 08:27 193,024 ------w c:\windows\system32\dllcache\msrating.dll

2008-08-26 08:27 105,984 ------w c:\windows\system32\dllcache\url.dll

2008-08-26 08:27 102,912 ------w c:\windows\system32\dllcache\occache.dll

2008-08-26 08:27 1,159,680 ------w c:\windows\system32\dllcache\urlmon.dll

2008-08-25 08:42 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-21 02:19 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll

2008-08-21 02:18 314,880 ----a-w c:\windows\system32\ati2dvag.dll

2008-08-21 02:08 184,320 ----a-w c:\windows\system32\atipdlxx.dll

2008-08-21 02:08 143,360 ----a-w c:\windows\system32\Oemdspif.dll

2008-08-21 02:07 43,520 ----a-w c:\windows\system32\ati2edxx.dll

2008-08-21 02:07 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe

2008-08-21 02:07 143,360 ----a-w c:\windows\system32\ati2evxx.dll

2008-08-21 02:05 573,440 ----a-w c:\windows\system32\ati2evxx.exe

2008-08-21 02:04 53,248 ----a-w c:\windows\system32\ATIDDC.DLL

2008-08-21 02:01 10,084,352 ----a-w c:\windows\system32\atioglxx.dll

2008-08-21 01:55 4,094,560 ----a-w c:\windows\system32\ati3duag.dll

.

((((((((((((((((((((((((((((( snapshot@2008-11-04_20.06.31.50 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-09-21 16:39:47 87,855 ----a-w c:\windows\system32\drivers\klick.sys
  • 2006-03-21 10:46:52 44,555 ----a-w c:\windows\system32\drivers\klick.sys
  • 2006-03-23 15:09:50 161,040 ----a-w c:\windows\system32\drivers\klif.sys
  • 2008-11-04 19:25:16 161,040 ----a-w c:\windows\system32\drivers\klif.sys
  • 2008-09-21 16:39:47 96,976 ----a-w c:\windows\system32\drivers\klin.sys

  • 2006-04-24 15:22:44 45,352 ----a-w c:\windows\system32\drivers\klin.sys

  • 2008-11-04 19:55:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4bc.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“kav”=“c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” [2006-03-24 139367]

“SoundMan”=“SOUNDMAN.EXE” [2005-06-14 c:\windows\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.asv2”= asusasv2.dll

[HKLM~\startupfolder\C:^Documents and Settings^My^Menu Start^Programy^Autostart^Alaplaya Launcher.lnk]

path=c:\documents and settings\My\Menu Start\Programy\Autostart\Alaplaya Launcher.lnk

backup=c:\windows\pss\Alaplaya Launcher.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^My^Menu Start^Programy^Autostart^lsass.exe]

path=c:\documents and settings\My\Menu Start\Programy\Autostart\lsass.exe

backup=c:\windows\pss\lsass.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2008-04-14 21:51 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

–a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2008-03-20 11:04 2127296 c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]

–a------ 2008-01-13 21:31 525312 c:\program files\HTV\HTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

–a------ 2006-03-24 19:09 139367 c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

-ra------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

–a------ 2008-04-01 02:54 507904 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]

–a------ 2008-10-28 17:25 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“WMPNetworkSvc”=3 (0x3)

“msupdate”=2 (0x2)

“idsvc”=3 (0x3)

“IDriverT”=3 (0x3)

“gusvc”=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Winamp Remote\bin\Orb.exe”=

“c:\Program Files\Winamp Remote\bin\OrbTray.exe”=

“c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=

“c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”=

“e:\GrY\Steam\SteamApps\wolffik\counter-strike\hl.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\q3test-1.08\quake3.exe”=

“c:\Program Files\Opera\opera.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“7249:TCP”= 7249:TCP:BitComet 7249 TCP

“7249:UDP”= 7249:UDP:BitComet 7249 UDP

R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-28 152984]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{91eac7b5-8804-11dd-a504-806d6172696f}]

\Shell\AutoRun\command - F:\ASUSACPI.exe

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-04 20:55:46

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2008-11-04 21:00:54 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-11-04 20:00:45

ComboFix2.txt 2008-11-04 19:08:03

Przed: 1 289 920 512 bajtów wolnych

Po: 2,189,438,976 bajtów wolnych

327 — E O F — 2008-10-24 12:17:36

log po usunieciu

#8

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Proszę pobrać i użyć Malwarebytes’ Anti-Malware

Wciskamy Skanuj , wybieramy dyski do skanowania i Rozpoczynamy skanowanie , na końcu wciskamy Usuń zaznaczone jak będą i Ok  :wink:

#9

wielkie dzięki wszystko dziale jak powinno