Proszę o pomoc w zwalczeniu.przed chwilą stawiałem system i mam to z powrotem.“Witki mi opadły”.jestem tu nowy więc proszę o wyrozumiałość.wklejam log z Combo fixa.jestem zielony w tych sprawach mam nadzieje że to to…

ComboFix 08-05-15.3 - SPILER 2008-05-16 20:35:53.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1496 [GMT 2:00]

Running from: C:\Documents and Settings\SPILER\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\SPILER\Pulpit\CFScript.txt.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

H:\v.com

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\History\search

C:\WINDOWS\system32\amvo.exe

.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))

.

2008-05-16 20:22 . 2008-05-16 19:58 225,280 --a------ C:\Program Files\Uninstall My Global Search Bar.dll

2008-05-16 20:14 . 2008-05-16 20:14

2008-05-16 20:14 . 2008-05-16 20:14

2008-05-16 19:58 . 2008-05-16 19:58

2008-05-16 19:58 . 2008-05-16 19:58

2008-05-16 19:54 . 2008-05-16 19:57

2008-05-16 19:51 . 2008-05-16 19:51

2008-05-16 19:51 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-05-16 19:50 . 2008-05-16 19:50

2008-05-16 19:35 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys

2008-05-16 19:35 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys

2008-05-16 19:34 . 2008-05-16 19:34

2008-05-16 19:34 . 2008-05-16 19:34

2008-05-16 19:34 . 2008-05-16 19:34

2008-05-16 19:34 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys

2008-05-16 19:34 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys

2008-05-16 19:22 . 2008-05-16 19:22

2008-05-16 19:22 . 2008-05-16 19:22

2008-05-16 19:18 . 2008-05-16 19:22

2008-05-16 19:18 . 2008-05-16 19:33

2008-05-16 19:17 . 2008-05-16 19:17

2008-05-16 19:16 . 2008-05-16 19:16

2008-05-16 19:16 . 2008-05-16 19:16

2008-05-16 19:16 . 2008-05-16 19:16 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG

2008-05-16 19:13 . 2008-05-16 19:13

2008-05-16 19:11 . 2008-05-16 20:17

2008-05-16 19:11 . 2008-05-16 19:11

2008-05-16 19:11 . 2008-05-16 19:13

2008-05-16 19:09 . 2008-05-16 19:09 1,160 --a------ C:\WINDOWS\mozver.dat

2008-05-16 19:08 . 2008-05-16 19:08 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-16 19:07 . 2008-05-16 19:07

2008-05-16 19:07 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-05-16 19:07 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-05-16 19:07 . 2008-05-16 19:07 262,884 --a------ C:\WINDOWS\IPUI_DivXG400.exe

2008-05-16 19:07 . 2008-05-16 19:07 245,760 --a------ C:\WINDOWS\system32\DivXG400.ax

2008-05-16 19:07 . 2008-05-16 19:07 21,869 --a------ C:\WINDOWS\system32\divxg400.htm

2008-05-16 19:07 . 2007-01-09 18:46 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-05-16 19:07 . 2008-05-16 19:07 665 --a------ C:\WINDOWS\unins000.dat

2008-05-16 19:07 . 2006-12-10 23:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-05-16 19:01 . 2008-05-16 19:01

2008-05-16 19:01 . 2008-05-16 19:01

2008-05-16 19:01 . 2008-05-16 23:34 2,596 --a------ C:\WINDOWS\system32\config.hsp

2008-05-16 18:59 . 2008-05-16 18:59

2008-05-16 18:59 . 2008-05-16 18:59

2008-05-16 18:52 . 2008-05-16 18:52 13,646 --a------ C:\WINDOWS\system32\wpa.bak

2008-05-16 18:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-05-16 18:48 . 2004-08-03 23:08 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-05-16 18:48 . 2004-08-04 00:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-05-16 18:48 . 2004-08-04 00:44 21,504 --a–c— C:\WINDOWS\system32\dllcache\hidserv.dll

2008-05-16 18:48 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-16 18:48 . 2004-08-04 00:38 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-05-16 18:48 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-05-16 18:48 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys

2008-05-16 18:48 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-16 18:48 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys

2008-05-16 18:01 . 2008-05-16 18:01

2008-05-16 17:58 . 2008-05-16 17:58

2008-05-16 17:54 . 2008-05-16 17:55

2008-05-16 17:54 . 2005-10-13 06:15 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa

2008-05-16 17:54 . 2005-11-10 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-16 17:54 . 2005-11-11 08:33 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll

2008-05-16 17:54 . 2005-11-09 00:48 112,456 -ra------ C:\WINDOWS\system32\atiicdxx.dat

2008-05-16 17:54 . 2005-06-08 22:45 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp

2008-05-16 17:54 . 2005-11-11 08:54 25,056 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp

2008-05-16 17:54 . 2005-08-24 20:25 6,020 -ra------ C:\WINDOWS\system32\atifglpf.xml

2008-05-16 17:54 . 2005-10-13 06:15 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp

2008-05-16 17:47 . 2008-05-16 17:47

2008-05-16 17:47 . 2008-05-16 17:47

2008-05-16 17:47 . 2008-05-16 17:47

2008-05-16 17:47 . 2008-05-16 17:47 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-05-16 17:47 . 2008-05-16 17:47 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-05-16 17:47 . 2007-05-31 09:19 96,896 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys

2008-05-16 17:46 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-05-16 17:46 . 2004-08-03 23:15 82,944 --a–c— C:\WINDOWS\system32\dllcache\wdmaud.sys

2008-05-16 17:46 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-05-16 17:46 . 2004-08-03 23:07 52,864 --a–c— C:\WINDOWS\system32\dllcache\dmusic.sys

2008-05-16 17:46 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe

2008-05-16 17:46 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-05-16 17:46 . 2004-08-03 23:07 6,400 --a–c— C:\WINDOWS\system32\dllcache\splitter.sys

2008-05-16 17:45 . 2008-05-16 17:47

2008-05-16 17:45 . 2008-05-16 19:01

2008-05-16 17:45 . 2008-05-16 17:45

2008-05-16 17:45 . 2008-05-16 17:54

2008-05-16 17:44 . 2008-05-16 17:44

2008-05-16 17:44 . 2006-06-18 23:51 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys

2008-05-16 17:44 . 2008-05-16 17:47 16,512 --a------ C:\WINDOWS\gdrv.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 21:34 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-16 21:33 --------- d-----w C:\Program Files\Usługi online

2008-05-16 17:07 72,748 ----a-w C:\WINDOWS\unins000.exe

2008-05-16 15:45 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-06 05:51 104,213 --sh–r C:\xlu8a8sy.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-03-13 16:48 1443072]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-16 19:11:39 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

–a------ 2007-05-04 02:32 961024 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

–a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

–a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

–a------ 2006-11-13 15:57 1289000 C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-08-20 09:38 16384512 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

“C:\Program Files\Ares\Ares.exe”=

“C:\Program Files\BearShare\BearShare.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-16 17:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7dba62b3-239d-11dd-9054-806d6172696f}]

\Shell\AutoRun\command - D:\xlu8a8sy.exe

\Shell\explore\Command - D:\xlu8a8sy.exe

\Shell\open\Command - D:\xlu8a8sy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7dba62b4-239d-11dd-9054-806d6172696f}]

\Shell\AutoRun\command - E:\xlu8a8sy.exe

\Shell\explore\Command - E:\xlu8a8sy.exe

\Shell\open\Command - E:\xlu8a8sy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7dba62b6-239d-11dd-9054-806d6172696f}]

\Shell\AutoRun\command - C:\xlu8a8sy.exe

\Shell\explore\Command - C:\xlu8a8sy.exe

\Shell\open\Command - C:\xlu8a8sy.exe

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 20:37:20

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-16 20:37:35

ComboFix-quarantined-files.txt 2008-05-16 18:37:33

Pre-Run: 104,223,875,072 bajtów wolnych

Post-Run: 104,237,973,504 bajtów wolnych

203

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml lub format

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

zrobione jak było przykazane i:

ComboFix 08-05-15.3 - SPILER 2008-05-16 21:12:14.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1450 [GMT 2:00]

Running from: C:\Documents and Settings\SPILER\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\SPILER\Pulpit\CFScript.txt.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\xlu8a8sy.exe

D:\xlu8a8sy.exe

E:\xlu8a8sy.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\xlu8a8sy.exe

D:\xlu8a8sy.exe

E:\xlu8a8sy.exe

.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))

.

2008-05-16 20:22 . 2008-05-16 19:58 225,280 --a------ C:\Program Files\Uninstall My Global Search Bar.dll

2008-05-16 20:14 . 2008-05-16 20:14

2008-05-16 20:14 . 2008-05-16 20:14

2008-05-16 19:58 . 2008-05-16 19:58

2008-05-16 19:58 . 2008-05-16 19:58

2008-05-16 19:54 . 2008-05-16 19:57

2008-05-16 19:51 . 2008-05-16 19:51

2008-05-16 19:51 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-05-16 19:50 . 2008-05-16 19:50

2008-05-16 19:35 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys

2008-05-16 19:35 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys

2008-05-16 19:34 . 2008-05-16 19:34

2008-05-16 19:34 . 2008-05-16 19:34

2008-05-16 19:34 . 2008-05-16 19:34

2008-05-16 19:34 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys

2008-05-16 19:34 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys

2008-05-16 19:22 . 2008-05-16 19:22

2008-05-16 19:22 . 2008-05-16 19:22

2008-05-16 19:18 . 2008-05-16 19:22

2008-05-16 19:18 . 2008-05-16 19:33

2008-05-16 19:17 . 2008-05-16 19:17

2008-05-16 19:16 . 2008-05-16 19:16

2008-05-16 19:16 . 2008-05-16 19:16

2008-05-16 19:16 . 2008-05-16 19:16 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG

2008-05-16 19:13 . 2008-05-16 19:13

2008-05-16 19:11 . 2008-05-16 20:17

2008-05-16 19:11 . 2008-05-16 19:11

2008-05-16 19:11 . 2008-05-16 19:13

2008-05-16 19:09 . 2008-05-16 19:09 1,160 --a------ C:\WINDOWS\mozver.dat

2008-05-16 19:08 . 2008-05-16 19:08 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-16 19:07 . 2008-05-16 19:07

2008-05-16 19:07 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-05-16 19:07 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-05-16 19:07 . 2008-05-16 19:07 262,884 --a------ C:\WINDOWS\IPUI_DivXG400.exe

2008-05-16 19:07 . 2008-05-16 19:07 245,760 --a------ C:\WINDOWS\system32\DivXG400.ax

2008-05-16 19:07 . 2008-05-16 19:07 21,869 --a------ C:\WINDOWS\system32\divxg400.htm

2008-05-16 19:07 . 2007-01-09 18:46 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-05-16 19:07 . 2008-05-16 19:07 665 --a------ C:\WINDOWS\unins000.dat

2008-05-16 19:07 . 2006-12-10 23:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-05-16 19:01 . 2008-05-16 19:01

2008-05-16 19:01 . 2008-05-16 19:01

2008-05-16 19:01 . 2008-05-16 23:34 2,596 --a------ C:\WINDOWS\system32\config.hsp

2008-05-16 18:59 . 2008-05-16 18:59

2008-05-16 18:59 . 2008-05-16 18:59

2008-05-16 18:52 . 2008-05-16 18:52 13,646 --a------ C:\WINDOWS\system32\wpa.bak

2008-05-16 18:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-05-16 18:48 . 2004-08-03 23:08 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-05-16 18:48 . 2004-08-04 00:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-05-16 18:48 . 2004-08-04 00:44 21,504 --a–c— C:\WINDOWS\system32\dllcache\hidserv.dll

2008-05-16 18:48 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-16 18:48 . 2004-08-04 00:38 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-05-16 18:48 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-05-16 18:48 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys

2008-05-16 18:48 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-16 18:48 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys

2008-05-16 18:01 . 2008-05-16 18:01

2008-05-16 17:58 . 2008-05-16 17:58

2008-05-16 17:54 . 2008-05-16 17:55

2008-05-16 17:54 . 2005-10-13 06:15 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa

2008-05-16 17:54 . 2005-11-10 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-16 17:54 . 2005-11-11 08:33 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll

2008-05-16 17:54 . 2005-11-09 00:48 112,456 -ra------ C:\WINDOWS\system32\atiicdxx.dat

2008-05-16 17:54 . 2005-06-08 22:45 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp

2008-05-16 17:54 . 2005-11-11 08:54 25,056 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp

2008-05-16 17:54 . 2005-08-24 20:25 6,020 -ra------ C:\WINDOWS\system32\atifglpf.xml

2008-05-16 17:54 . 2005-10-13 06:15 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp

2008-05-16 17:47 . 2008-05-16 17:47

2008-05-16 17:47 . 2008-05-16 17:47

2008-05-16 17:47 . 2008-05-16 17:47

2008-05-16 17:47 . 2008-05-16 17:47 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-05-16 17:47 . 2008-05-16 17:47 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-05-16 17:47 . 2007-05-31 09:19 96,896 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys

2008-05-16 17:46 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-05-16 17:46 . 2004-08-03 23:15 82,944 --a–c— C:\WINDOWS\system32\dllcache\wdmaud.sys

2008-05-16 17:46 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-05-16 17:46 . 2004-08-03 23:07 52,864 --a–c— C:\WINDOWS\system32\dllcache\dmusic.sys

2008-05-16 17:46 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe

2008-05-16 17:46 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-05-16 17:46 . 2004-08-03 23:07 6,400 --a–c— C:\WINDOWS\system32\dllcache\splitter.sys

2008-05-16 17:45 . 2008-05-16 17:47

2008-05-16 17:45 . 2008-05-16 19:01

2008-05-16 17:45 . 2008-05-16 17:45

2008-05-16 17:45 . 2008-05-16 17:54

2008-05-16 17:44 . 2008-05-16 17:44

2008-05-16 17:44 . 2006-06-18 23:51 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys

2008-05-16 17:44 . 2008-05-16 17:47 16,512 --a------ C:\WINDOWS\gdrv.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 21:34 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-16 21:33 --------- d-----w C:\Program Files\Usługi online

2008-05-16 17:07 72,748 ----a-w C:\WINDOWS\unins000.exe

2008-05-16 15:45 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-03-13 16:48 1443072]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-16 19:11:39 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

–a------ 2007-05-04 02:32 961024 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

–a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

–a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

–a------ 2006-11-13 15:57 1289000 C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-08-20 09:38 16384512 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

“C:\Program Files\Ares\Ares.exe”=

“C:\Program Files\BearShare\BearShare.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-16 17:47]

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 21:13:14

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-16 21:13:27

ComboFix-quarantined-files.txt 2008-05-16 19:13:26

ComboFix2.txt 2008-05-16 18:56:55

ComboFix3.txt 2008-05-16 18:37:36

Pre-Run: 104,222,486,528 bajtów wolnych

Post-Run: 104,219,062,272 bajtów wolnych

190

coś mam wykonać dalej?

Log wygląda na czysty

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

idzie to jak krew z nosa jak tylko skończy dam znać.prosze o cierpliwość ![-o<

W dniu 16.05.2008 , o godzinie 23:17 został dopisany post przez spilermatrix

niestety za każdym razem jak zapodaje kasperskiego to po jakimś czasie sie wyłącza i musze go startować od nowa.przeskanowałem c i nic nie wykazało.tak samo dysk d i e natomiast całości nie chce…może 400gbto dla niego za dużo.w kompie wszystko narazie ok zaczeły sie pokazywać pliki ukryte i autostart partycji też.jeśli konieczny ten skan z kaspra to prosze napisać bede walczył,jeśli nie to może inna metoda sprawdzenia.

ps. jestem pod wielkim wrażeniem.dzięki nawet jak to jeszcze nie koniec =D =D =D

Przeskanuj komputer programem Dr. Web Cure It, usuń wirusy

dzięki za pomoc komp czysty…pozdro i wielki szacun :o