Wsctf i EXPLORER.EXE

Dla specjalistów Bezpieczeństwo
#1

Witajcie!

Mam wielki problem. Otóż na moim komputerze pojawiła się infekcja z którą nie radzą sobie Kasperky, Acravir i inne programy antywirusowe, po prostu jej nie wykrywają. Problem polega na tym, że jak chcę otworzyć jakiś dysk poprzez prawoklik (praczy przycisk myszy) to zamiast Otwórz mam open(o). Dodatkowo za każdym jednym uruchomieniem komputera na pulpicie pojawiają mi się Moje Dokumenty. Próbowałem wywalić ten syf z rejestru i nadal jest. Proszę o pomoc.

Logi z Hijacka

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:07:29, on 2008-07-01

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe

C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe

C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe

C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe

C:\Program Files\ArcaBit\Common\TaskScheduler.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe

O4 - HKLM…\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup

O4 - HKLM…\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://arcaonline.arcabit.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow … eqlab2.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab

O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe

O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe

O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe

O23 - Service: ArcaBit.TaskScheduler - ArcaBit - C:\Program Files\ArcaBit\Common\TaskScheduler.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

End of file - 5939 bytes

Log z Combofixa:

ComboFix 08-06-20.4 - Levuss 2008-07-01 13:02:26.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.714 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))

.

2008-06-30 18:44 . 2008-06-30 18:44

2008-06-30 18:37 . 2008-06-30 21:56

2008-06-30 18:29 . 2008-06-30 18:29

2008-06-30 18:28 . 2008-06-30 22:22

2008-06-30 18:27 . 2008-06-30 18:27

2008-06-25 18:36 . 2008-06-25 18:36

2008-06-24 13:02 . 2008-06-24 13:24

2008-06-24 13:02 . 2008-06-24 13:02

2008-06-23 13:55 . 2008-07-01 12:22

2008-06-23 13:54 . 2008-06-23 13:54

2008-06-14 15:12 . 2008-06-14 15:12 35,440 --a------ C:\WINDOWS\system32\sschk.trb

2008-06-14 14:08 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:03 . 2008-06-14 14:03

2008-06-14 13:59 . 2008-06-14 13:59

2008-06-14 13:36 . 2008-05-08 16:02 203,136 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-14 13:30 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 13:27 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-14 13:15 . 2008-06-14 13:15

2008-06-14 11:31 . 2008-06-14 11:31

2008-06-14 11:30 . 2008-06-14 15:12 585,296 --a------ C:\WINDOWS\system32\trupd.trb

2008-06-14 11:26 . 2008-06-02 21:22 2,486,848 --a------ C:\WINDOWS\system32\rmt.trb

2008-06-14 11:26 . 2008-05-25 18:06 983,616 --a------ C:\WINDOWS\system32\Rmvtrjan.trb

2008-06-14 11:26 . 2008-06-14 15:12 878,672 --a------ C:\WINDOWS\system32\Trjscan.trb

2008-06-14 11:25 . 2008-06-30 23:01

2008-06-14 11:25 . 2008-06-14 11:25

2008-06-14 11:25 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-06-14 11:25 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-06-14 10:58 . 2008-06-14 11:31

2008-06-14 10:58 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL

2008-06-14 10:58 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL

2008-06-11 14:08 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-06-11 14:08 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2008-06-11 14:07 . 2008-06-11 14:07

2008-06-11 14:06 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-30 16:28 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit

2008-06-27 19:30 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-06-25 07:35 --------- d-----w C:\Program Files\English Translator 3

2008-06-23 11:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 13:18 --------- d-----w C:\Program Files\ArcaMicroScan

2008-06-01 20:52 --------- d-----w C:\Program Files\VAG-COM

2008-05-29 14:06 --------- d-----w C:\Program Files\Spyware Doctor

2008-05-26 10:00 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-25 09:31 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\PC Tools

2008-05-21 09:25 --------- d-----w C:\Program Files\Panda Security

2008-05-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-05-11 12:58 17,608 ----a-w C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-05-11 08:05 --------- d-----w C:\Program Files\Trend Micro

2008-05-10 16:21 --------- d-----w C:\Program Files\C-Media 6501 Sound

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-02 13:49 --------- d-----w C:\Program Files\BitComet

2008-04-21 11:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-04-21 06:44 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 17:22 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-04-14 17:22 356,352 ----a-w C:\WINDOWS\system32\msscp.dll

2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 17:22 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll

2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll

2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 16:02 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-12-05 02:41 8523776]

“AvMenu”=“C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe” [2008-06-30 22:01 514568]

“ArcaCheck”=“C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe” [2008-06-30 22:01 637448]

“ABRegmon”=“C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe” [2007-10-23 11:41 348160]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 19:21 15360]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i263_32.drv

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C6501Sound]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

–a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“D:\TacticalOps\System\TacticalOps.exe”=

“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=

“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=

“C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe”=

“C:\Program Files\Ares\Ares.exe”=

“C:\Program Files\BitComet\BitComet.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“D:\Pes6\PES6.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\WINDOWS\system32\mmc.exe”=

“D:\PES 2008\PES2008.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“10932:TCP”= 10932:TCP:BitComet 10932 TCP

“10932:UDP”= 10932:UDP:BitComet 10932 UDP

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]

R1 ABTDI;ABTDI;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2008-06-30 22:01]

R2 ABFileMon;ArcaBit FileMonitor;“C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe” [2008-06-30 22:01]

R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;“C:\Program Files\ArcaBit\Common\TaskScheduler.exe” [2007-10-25 05:20]

R2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe [2008-06-30 22:01]

R3 ABFLT;ArcaBit File Monitor Driver;C:\PROGRA~1\ArcaBit\ArcaVir\ABFLT.sys [2008-06-30 22:01]

R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;“C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe” [2008-06-30 22:22]

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;“C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe” [2008-06-30 22:22]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-01 13:03:27

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-01 13:04:04

ComboFix-quarantined-files.txt 2008-07-01 11:03:58

Pre-Run: 1,769,222,144 bajtów wolnych

Post-Run: 1,797,799,936 bajtów wolnych

204 — E O F — 2008-06-25 16:36:32

#2

Użyj Perlovga Removal Tool oraz daj skan http://www.kaspersky.pl/virusscanner.html

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

#3

Po ***** masz bitcometa a potem same wirusy

#4

Tak się składa, że BC mam już spooory czas i przez niego nie miałem żadnego virusa! !!

#5

Perlovga Removal Tool coś znalazł? Gdzie raport ze skanu?

#6

Wyskakuje mi taki błąd:

f80b8067ca4a002cm.jpg

#7

To przeskanuj jeszcze http://www.bitdefenderthailand.com/down … ica-en.exe

#8

Program nic nie wykazał.

#9

To Ok

#10

Niestety problem nadal występuje.

#11

Pobierz System Repair Engineer

http://www.cybertrash.pl/images/tata/System Repair/System Repair Engineer.html

przeskanuj daj log nie zaznaczaj do skanu Host file

:slight_smile:

#12 
2008-07-05,19:35:28


System Repair Engineer 2.6.11.992

Smallfrogs (http://www.KZTechs.com)


Windows XP Home Edition Dodatek Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed


Follow item(s) have been selected:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Running Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    Process Privileges Scan



Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<; > [N/A]
<; "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray> []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<; "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice> [(Verified)"ESET, spol. s r.o."]
<; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<; > [N/A]
<; "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<; > [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Component Publisher]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  [Microsoft Corporation]


==================================

Startup Folders

N/A


==================================

Services

[Lavasoft Ad-Aware Service / aawservice][Running/Auto Start]

  <"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe">

[Zarządzanie aplikacjami / AppMgmt][Stopped/Manual Start]
%SystemRoot%\System32\appmgmts.dll>

[Ares Chatroom server / AresChatServer][Stopped/Manual Start]


[ArcaBit Update Service / AVUpdate][Stopped/Auto Start]
<(File is missing)>

[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]

  <"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe">

[Eset Service / ekrn][Running/Auto Start]

  <"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe">

[MSSQL$SONY_MEDIAMGR / MSSQL$SONY_MEDIAMGR][Stopped/Manual Start]


[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]


[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]


[PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]


[PC Tools Security Service / sdCoreService][Stopped/Manual Start]


[ServiceLayer / ServiceLayer][Stopped/Manual Start]

  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe">

[SQLAgent$SONY_MEDIAMGR / SQLAgent$SONY_MEDIAMGR][Stopped/Manual Start]



==================================

Drivers

[AliIde / AliIde][Running/Boot Start]

  <\SystemRoot\system32\DRIVERS\aliide.sys>

[Sterownik procesora AMD / AmdK8][Running/System Start]


[C-Media CM6501 Like Sound Interface / cm102u32][Running/Manual Start]


[eamon / eamon][Running/Auto Start]


[easdrv / easdrv][Running/System Start]


[epfwtdir / epfwtdir][Running/System Start]


[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]


[USB Serial Converter Driver / FTDIBUS][Stopped/Manual Start]


[USB Serial Port Driver / FTSER2K][Stopped/Manual Start]


[gmer / gmer][Stopped/Manual Start]


[File Security Driver / IKFileSec][Running/Boot Start]

  <\SystemRoot\system32\drivers\ikfilesec.sys>

[System Filter Driver / IKSysFlt][Running/System Start]


[System Security Driver / IKSysSec][Running/System Start]


[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]


[Nokia USB Generic / nmwcdc][Stopped/Manual Start]


[Nokia USB Port / nmwcdcj][Stopped/Manual Start]


[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]


[nv / nv][Running/Manual Start]


[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]


[Secdrv / Secdrv][Stopped/Manual Start]


[ULi M526X Ethernet NT Driver / ULI5261XP][Running/Manual Start]


[ULi AGP Bus Filter Driver / uliagpkx][Running/Boot Start]

  <\SystemRoot\system32\DRIVERS\agpkx.sys>


==================================

Browser Add-ons

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[BitComet Helper]

  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} 

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Java Plug-in 1.6.0_05]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} 

[CKAVWebScan Object]

  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} 

[ActiveScan 2.0 Installer Class]

  {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} 

[MainControl Class]

  {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} 

[System Requirements Lab Class]

  {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} 

[MksSkanerOnline Class]

  {68282C51-9459-467B-95BF-3C0E89627E55} 

[Java Plug-in 1.6.0_05]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} 

[ActiveScan Installer Class]

  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} 

[Java Plug-in 1.6.0_05]

  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} 

[Java Plug-in 1.6.0_05]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Windows Genuine Advantage Validation Tool]

  {17492023-C23A-453E-A040-C7C580BBF700} 

[BitComet Helper]

  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} 

[MainControl Class]

  {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} 

[Microsoft Terminal Services Client Control (redist)]

  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A>

[Microsoft Terminal Services Client Control (redist)]

  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A>

[WUWebControl Class]

  {6414512B-B978-451D-A0D8-FCFDF33E833C} 

[System Requirements Lab Class]

  {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} 

[Microsoft Terminal Services Client Control (redist)]

  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>

[Microsoft Terminal Services Client Control (redist)]

  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Microsoft Terminal Services Client Control (redist)]

  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A>

[SearchAssistantOC]

  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[&D&ownload &with BitComet]


[&D&ownload all video with BitComet]


[&D&ownload all with BitComet]


[E&ksport do programu Microsoft Excel]



==================================

Running Processes

[PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

    [C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Lavasoft, 7,1,0,12]

    [C] [Lavasoft, 7,1,0,12]

    [C] [PKWARE, Inc., 8.4.1045.0]

[PID][C] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Adobe Systems Incorporated, 7.0.0.2004121400]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Adobe Systems, Inc., 7.0.0.0]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

    [C] [CANON INC., 1.80.2.50]

    [C] [CANON INC., 1.80.2.50]

[PID][C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

[PID][C] [NVIDIA Corporation, 6.14.11.6921]

    [C] [NVIDIA Corporation, 6.14.11.6921]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

[PID][C] [Mozilla Corporation, 1.8.1.15: 2008062306]

    [C] [Netscape Communications Corporation, 4.0]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [Mozilla Foundation, 3.11.4 Basic ECC]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [N/A,]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Mozilla Foundation, 3.11.4 Basic ECC]

    [C] [Mozilla Foundation, 1.65]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]

[PID][C] [Gadu-Gadu S.A., 7,6,0,2165]

    [C] [N/A,]

    [C] [sms-express.com, 1, 0, 0, 0]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]

    [C] [Gadu-Gadu S.A., 7,6,0,2162]

    [C] [, 2, 0, 0, 2]

    [C] [Gadu-Gadu S.A., 7,6,0,2146]

    [C] [n0ne, 1, 0, 0, 2]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Adobe Systems, Inc., 9,0,115,0]

[PID][C] [Smallfrogs Studio, 2.6.11.992]

[PID][C] [Smallfrogs Studio, 2.6.11.992]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Smallfrogs Studio, 2, 1, 0, 15]

    [C] [Smallfrogs Studio, 1, 0, 0, 5]


==================================

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE OK. ["%1" %*]

.COM OK. ["%1" %*]

.PIF OK. ["%1" %*]

.REG OK. [regedit.exe "%1"]

.BAT OK. ["%1" %*]

.SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1]

.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK OK. [{00021401-0000-0000-C000-000000000046}]


==================================

Winsock Provider

N/A


==================================

Autorun.Inf

N/A


==================================

HOSTS File

N/A


==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 956, C:\PROGRAM FILES\GADU-GADU\GG.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2704, C:\DOCUMENTS AND SETTINGS\LEVUSS\PULPIT\SRENG2\SRENGLDR.EXE]


==================================

API HOOK

N/A


==================================

Hidden Process

N/A


==================================
#13

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642

przeskanuj daj log

:slight_smile:

#14

Oto log

ComboFix 08-07-01.5 - Levuss 2008-07-10 20:16:45.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.737 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))

.

2008-07-06 12:34 . 2008-07-06 12:34

2008-07-02 21:27 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

2008-07-02 21:27 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-07-02 21:26 . 2008-07-02 21:26

2008-07-02 21:26 . 2008-07-02 21:26

2008-07-02 17:12 . 2008-07-02 17:12

2008-07-02 12:13 . 2008-07-02 12:13

2008-07-02 12:13 . 2008-07-02 12:13

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-07-02 12:11 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll

2008-07-02 12:11 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll

2008-07-02 12:10 . 2008-07-02 12:10

2008-07-02 12:10 . 2008-07-02 12:10

2008-07-02 12:09 . 2008-07-02 12:09

2008-07-01 13:22 . 2008-07-01 13:22

2008-07-01 13:22 . 2008-07-01 13:23

2008-07-01 13:20 . 2008-07-01 13:20

2008-06-30 18:44 . 2008-06-30 18:44

2008-06-30 18:37 . 2008-06-30 21:56

2008-06-30 18:29 . 2008-06-30 18:29

2008-06-30 18:28 . 2008-07-01 13:14

2008-06-30 18:27 . 2008-07-01 13:22

2008-06-24 13:02 . 2008-06-24 13:24

2008-06-23 13:55 . 2008-07-09 17:24

2008-06-23 13:54 . 2008-06-23 13:54

2008-06-20 19:48 . 2008-06-20 19:48 246,784 -----c— C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 19:48 . 2008-06-20 19:48 147,968 -----c— C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c— C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c— C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c— C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 15:12 . 2008-06-14 15:12 35,440 --a------ C:\WINDOWS\system32\sschk.trb

2008-06-14 14:08 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:03 . 2008-06-14 14:03

2008-06-14 13:59 . 2008-06-14 13:59

2008-06-14 13:36 . 2008-05-08 16:02 203,136 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-14 13:30 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 13:27 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-14 13:15 . 2008-06-14 13:15

2008-06-14 11:31 . 2008-07-09 17:07

2008-06-14 11:30 . 2008-06-14 15:12 585,296 --a------ C:\WINDOWS\system32\trupd.trb

2008-06-14 11:26 . 2008-06-02 21:22 2,486,848 --a------ C:\WINDOWS\system32\rmt.trb

2008-06-14 11:26 . 2008-05-25 18:06 983,616 --a------ C:\WINDOWS\system32\Rmvtrjan.trb

2008-06-14 11:26 . 2008-06-14 15:12 878,672 --a------ C:\WINDOWS\system32\Trjscan.trb

2008-06-14 11:25 . 2008-06-30 23:01

2008-06-14 11:25 . 2008-06-14 11:25

2008-06-14 11:25 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-06-14 11:25 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-06-14 10:58 . 2008-06-14 11:31

2008-06-14 10:58 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL

2008-06-14 10:58 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL

2008-06-11 14:08 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-06-11 14:07 . 2008-06-11 14:07

2008-06-11 14:06 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys

2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-04 10:50 --------- d-----w C:\Program Files\MoorHunt

2008-07-01 11:14 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit

2008-06-27 19:30 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-06-25 07:35 --------- d-----w C:\Program Files\English Translator 3

2008-06-23 11:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 13:18 --------- d-----w C:\Program Files\ArcaMicroScan

2008-06-01 20:52 --------- d-----w C:\Program Files\VAG-COM

2008-05-26 10:00 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-21 09:25 --------- d-----w C:\Program Files\Panda Security

2008-05-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-11 12:58 17,608 ----a-w C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-05-11 08:05 --------- d-----w C:\Program Files\Trend Micro

2008-05-10 16:21 --------- d-----w C:\Program Files\C-Media 6501 Sound

2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 11:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-04-21 06:44 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 17:22 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-04-14 17:22 356,352 ----a-w C:\WINDOWS\system32\msscp.dll

2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 17:22 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll

2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll

2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 16:02 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((( snapshot_2008-07-02_21.07.32,92 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-07-02 18:59:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-07-10 18:14:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-07-02 19:27:07 10,134 ----a-r C:\WINDOWS\Installer{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\callmsi.exe

  • 2008-07-02 19:27:07 136,448 ----a-r C:\WINDOWS\Installer{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\egui.exe

  • 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe

  • 2008-05-09 10:56:45 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll

  • 2008-05-09 10:56:45 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll

  • 2008-05-09 10:56:45 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll

  • 2008-05-09 10:56:45 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

  • 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe

  • 2008-05-09 10:56:45 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll

  • 2008-04-14 17:20:26 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
  • 2008-06-20 17:48:53 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
  • 2008-04-14 17:20:34 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
  • 2008-05-09 10:56:45 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
  • 2008-05-29 14:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
  • 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
  • 2008-07-02 19:04:14 70,106 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-07-10 18:18:43 70,106 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-07-02 19:04:14 87,290 ----a-w C:\WINDOWS\system32\perfc015.dat
  • 2008-07-10 18:18:43 87,290 ----a-w C:\WINDOWS\system32\perfc015.dat
  • 2008-07-02 19:04:14 418,590 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-07-10 18:18:43 418,590 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-07-02 19:04:14 475,404 ----a-w C:\WINDOWS\system32\perfh015.dat
  • 2008-07-10 18:18:43 475,404 ----a-w C:\WINDOWS\system32\perfh015.dat
  • 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll
  • 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSConfig”=“C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE” [2008-04-14 19:21 171520]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 19:21 15360]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i263_32.drv

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

–a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

–a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a------ 2008-07-06 12:34 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“D:\TacticalOps\System\TacticalOps.exe”=

“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=

“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=

“C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe”=

“C:\Program Files\Ares\Ares.exe”=

“C:\Program Files\BitComet\BitComet.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“D:\Pes6\PES6.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\WINDOWS\system32\mmc.exe”=

“D:\PES 2008\PES2008.exe”=

“D:\Cs 1.6\hl.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“10932:TCP”= 10932:TCP:BitComet 10932 TCP

“10932:UDP”= 10932:UDP:BitComet 10932 UDP

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

S2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe []

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1d31e894-0654-11dd-a985-00138fb95f4a}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2aa723aa-f7e7-11dc-a916-00138fb95f4a}]

\Shell\AutoRun\command - H:\EXPLORER.EXE

\Shell\explore\Command - H:\EXPLORER.EXE

\Shell\open\Command - H:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b03e22a0-fe53-11dc-a949-00138fb95f4a}]

\Shell\AutoRun\command - H:\EXPLORER.EXE

\Shell\explore\Command - H:\EXPLORER.EXE

\Shell\open\Command - H:\EXPLORER.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-10 20:19:03

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-10 20:20:20

ComboFix-quarantined-files.txt 2008-07-10 18:20:07

ComboFix2.txt 2008-07-02 19:07:53

ComboFix3.txt 2008-07-01 11:04:05

Pre-Run: 988,479,488 bajtów wolnych

Post-Run: 1,034,235,904 bajtów wolnych

275 — E O F — 2008-07-09 05:21:22

#15

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:

#16

ComboFix 08-07-01.5 - Levuss 2008-07-11 7:32:01.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.704 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Levuss\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\EXPLORER.EXE

C:\WINDOWS\system32\EXPLORER.EXE

C:\WINDOWS\system32\wsctf.exe

H:\EXPLORER.EXE

.

((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))

.

2008-07-10 22:35 . 2008-07-10 22:35

2008-07-06 12:34 . 2008-07-06 12:34

2008-07-02 21:27 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

2008-07-02 21:27 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-07-02 21:26 . 2008-07-02 21:26

2008-07-02 21:26 . 2008-07-02 21:26

2008-07-02 17:12 . 2008-07-02 17:12

2008-07-02 12:13 . 2008-07-02 12:13

2008-07-02 12:13 . 2008-07-02 12:13

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-07-02 12:11 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll

2008-07-02 12:11 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll

2008-07-02 12:10 . 2008-07-02 12:10

2008-07-02 12:10 . 2008-07-02 12:10

2008-07-02 12:09 . 2008-07-02 12:09

2008-07-01 13:22 . 2008-07-01 13:22

2008-07-01 13:22 . 2008-07-01 13:23

2008-07-01 13:20 . 2008-07-01 13:20

2008-06-30 18:44 . 2008-06-30 18:44

2008-06-30 18:37 . 2008-06-30 21:56

2008-06-30 18:29 . 2008-06-30 18:29

2008-06-30 18:28 . 2008-07-01 13:14

2008-06-30 18:27 . 2008-07-01 13:22

2008-06-24 13:02 . 2008-06-24 13:24

2008-06-23 13:55 . 2008-07-09 17:24

2008-06-23 13:54 . 2008-06-23 13:54

2008-06-20 19:48 . 2008-06-20 19:48 246,784 -----c— C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 19:48 . 2008-06-20 19:48 147,968 -----c— C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c— C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c— C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c— C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 15:12 . 2008-06-14 15:12 35,440 --a------ C:\WINDOWS\system32\sschk.trb

2008-06-14 14:08 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:03 . 2008-06-14 14:03

2008-06-14 13:59 . 2008-06-14 13:59

2008-06-14 13:36 . 2008-05-08 16:02 203,136 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-14 13:30 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 13:27 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-14 13:15 . 2008-06-14 13:15

2008-06-14 11:31 . 2008-07-09 17:07

2008-06-14 11:30 . 2008-06-14 15:12 585,296 --a------ C:\WINDOWS\system32\trupd.trb

2008-06-14 11:26 . 2008-06-02 21:22 2,486,848 --a------ C:\WINDOWS\system32\rmt.trb

2008-06-14 11:26 . 2008-05-25 18:06 983,616 --a------ C:\WINDOWS\system32\Rmvtrjan.trb

2008-06-14 11:26 . 2008-06-14 15:12 878,672 --a------ C:\WINDOWS\system32\Trjscan.trb

2008-06-14 11:25 . 2008-06-30 23:01

2008-06-14 11:25 . 2008-06-14 11:25

2008-06-14 11:25 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-06-14 11:25 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-06-14 10:58 . 2008-06-14 11:31

2008-06-14 10:58 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL

2008-06-14 10:58 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL

2008-06-11 14:08 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-06-11 14:07 . 2008-06-11 14:07

2008-06-11 14:06 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-10 20:32 --------- d-----w C:\Program Files\Azureus

2008-07-04 10:50 --------- d-----w C:\Program Files\MoorHunt

2008-07-01 11:14 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit

2008-06-27 19:30 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-06-25 07:35 --------- d-----w C:\Program Files\English Translator 3

2008-06-23 11:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys

2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2008-06-10 13:18 --------- d-----w C:\Program Files\ArcaMicroScan

2008-06-01 20:52 --------- d-----w C:\Program Files\VAG-COM

2008-05-26 10:00 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-21 09:25 --------- d-----w C:\Program Files\Panda Security

2008-05-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-11 12:58 17,608 ----a-w C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-05-11 08:05 --------- d-----w C:\Program Files\Trend Micro

2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 11:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-04-21 06:44 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 17:22 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-04-14 17:22 356,352 ----a-w C:\WINDOWS\system32\msscp.dll

2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 17:22 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll

2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll

2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 16:02 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((( snapshot_2008-07-02_21.07.32,92 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-07-02 18:59:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-07-11 05:13:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-07-02 19:27:07 10,134 ----a-r C:\WINDOWS\Installer{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\callmsi.exe

  • 2008-07-02 19:27:07 136,448 ----a-r C:\WINDOWS\Installer{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\egui.exe

  • 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe

  • 2008-05-09 10:56:45 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll

  • 2008-05-09 10:56:45 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll

  • 2008-05-09 10:56:45 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll

  • 2008-05-09 10:56:45 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

  • 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe

  • 2008-05-09 10:56:45 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll

  • 2008-04-14 17:20:26 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
  • 2008-06-20 17:48:53 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
  • 2008-04-14 17:20:34 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
  • 2008-05-09 10:56:45 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
  • 2008-05-29 14:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
  • 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
  • 2008-07-02 19:04:14 70,106 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-07-11 05:17:53 70,106 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-07-02 19:04:14 87,290 ----a-w C:\WINDOWS\system32\perfc015.dat
  • 2008-07-11 05:17:53 87,290 ----a-w C:\WINDOWS\system32\perfc015.dat
  • 2008-07-02 19:04:14 418,590 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-07-11 05:17:53 418,590 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-07-02 19:04:14 475,404 ----a-w C:\WINDOWS\system32\perfh015.dat
  • 2008-07-11 05:17:53 475,404 ----a-w C:\WINDOWS\system32\perfh015.dat
  • 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll
  • 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-12-05 02:41 8523776]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 19:21 15360]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i263_32.drv

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM~\startupfolder^NTUSER.DAT]

path=\NTUSER.DAT

backup=C:\WINDOWS\pss\NTUSER.DATCommon Startup

[HKLM~\startupfolder^ntuser.dat.LOG]

path=\ntuser.dat.LOG

backup=C:\WINDOWS\pss\ntuser.dat.LOGCommon Startup

[HKLM~\startupfolder^ntuser.ini]

path=\ntuser.ini

backup=C:\WINDOWS\pss\ntuser.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

–a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

–a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a------ 2008-07-06 12:34 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“D:\TacticalOps\System\TacticalOps.exe”=

“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=

“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=

“C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe”=

“C:\Program Files\Ares\Ares.exe”=

“C:\Program Files\BitComet\BitComet.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“D:\Pes6\PES6.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\WINDOWS\system32\mmc.exe”=

“D:\PES 2008\PES2008.exe”=

“D:\Cs 1.6\hl.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“10932:TCP”= 10932:TCP:BitComet 10932 TCP

“10932:UDP”= 10932:UDP:BitComet 10932 UDP

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

S2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe []

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-11 07:33:44

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-11 7:34:50

ComboFix-quarantined-files.txt 2008-07-11 05:34:43

ComboFix2.txt 2008-07-10 18:20:20

ComboFix3.txt 2008-07-02 19:07:53

ComboFix4.txt 2008-07-01 11:04:05

Pre-Run: 1,312,092,160 bajtów wolnych

Post-Run: 1,302,298,624 bajtów wolnych

281 — E O F — 2008-07-09 05:21:22

#17

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile:

#18

Mam wyłączyć przywracanie i przeskanować kompa? czy wyłączyć i od razu włączyć i dopiero przeskanować kompa?

#19

Najlepiej wyłącz przeskanuj kompa a potem włącz!

:slight_smile:

#20

KASPERSKY ONLINE SCANNER REPORT

12 lipiec 2008 11:32:24

System operacyjny: Microsoft Windows XP Home Edition, Dodatek Service Pack 3 (Build 2600)

Kaspersky Online Scanner wersja: 5.0.98.0

Ostatnia aktualizacja Kaspersky Anti-Virus12/07/2008

Liczba wpisów w bazie danych Kaspersky Anti-Virus944071

Ustawienia skanowania

Skanowanie przy użyciu następujących baz danych rozszerzone

Skanuj archiwa tak

Skanuj pocztowe bazy danych tak

Obszar skanowania Mój komputer

A:\

C:\

D:\

E:\

F:\

G:\

Statystyki skanowania

Liczba skanowanych obiektów 143808

Liczba wykrytych wirusów 2

Liczba zainfekowanych obiektów 7

Liczba podejrzanych obiektów 0

Czas trwania skanowania 01:54:30

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie

C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty

C:\Documents and Settings\Levuss\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\cert8.db Object is locked pominięty

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\formhistory.dat Object is locked pominięty

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\history.dat Object is locked pominięty

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\key3.db Object is locked pominięty

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\parent.lock Object is locked pominięty

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\search.sqlite Object is locked pominięty

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\urlclassifier2.sqlite Object is locked pominięty

C:\Documents and Settings\Levuss\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\Levuss\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\Cache_CACHE_001_ Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\Cache_CACHE_002_ Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\Cache_CACHE_003_ Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\Cache_CACHE_MAP_ Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Historia\History.IE5\MSHist012008071220080713\index.dat Object is locked pominięty

C:\Documents and Settings\Levuss\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

C:\WINDOWS\SchedLgU.Txt Object is locked pominięty

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

C:\WINDOWS\Sti_Trace.log Object is locked pominięty

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\default Object is locked pominięty

C:\WINDOWS\system32\config\default.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SAM Object is locked pominięty

C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

C:\WINDOWS\system32\config\software Object is locked pominięty

C:\WINDOWS\system32\config\software.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\system Object is locked pominięty

C:\WINDOWS\system32\config\system.LOG Object is locked pominięty

C:\WINDOWS\system32\h323log.txt Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

C:\WINDOWS\wiadebug.log Object is locked pominięty

C:\WINDOWS\wiaservc.log Object is locked pominięty

C:\WINDOWS\WindowsUpdate.log Object is locked pominięty

D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked pominięty

D:\Gadu-Gadu\J_a_c_A\ARCHIWUM\rozmowy.html Object is locked pominięty

D:\Gadu-Gadu\Levy\ARCHIWUM\rozmowy.html Object is locked pominięty

D:\RECYCLER\S-1-5-21-790525478-115176313-725345543-1004\De1.inf Object is locked pominięty

D:\RECYCLER\S-1-5-21-790525478-115176313-725345543-1004\De2.inf Object is locked pominięty

D:\RECYCLER\S-1-5-21-790525478-115176313-725345543-1004\De3.inf Object is locked pominięty

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked pominięty

E:\Programy\gg\Gadu-Gadu\J_a_c_A\ARCHIWUM\rozmowy.html Object is locked pominięty

E:\Programy\gg\Gadu-Gadu\Levy\ARCHIWUM\rozmowy.html Object is locked pominięty

E:\Programy\gg\Gadu-Gadu_cache\banner.htm Object is locked pominięty

E:\Programy\gg\Gadu-Gadu_cache\sbanner.htm Object is locked pominięty

E:\Programy\gg\Gadu-Gadu-save\J_a_c_A\ARCHIWUM\rozmowy.html Object is locked pominięty

E:\Programy\gg\Gadu-Gadu-save\Levy\ARCHIWUM\rozmowy.html Object is locked pominięty

E:\Programy\gg\gg sejwy\users\J_a_c_A\ARCHIWUM\rozmowy.html Object is locked pominięty

E:\Programy\gg\gg sejwy\users\Levy\ARCHIWUM\rozmowy.html Object is locked pominięty

E:\Programy\gg\gg sejwy\users_cache\banner.htm Object is locked pominięty

E:\Programy\gg\gg sejwy\users_cache\mbanner.htm Zainfekowanych: Virus.VBS.Small.g pominięty

E:\Programy\gg\gg sejwy\users_cache\sbanner.htm Object is locked pominięty

E:\Programy\gg\gg sejwy\users_cache_tddccda.htm Zainfekowanych: Virus.VBS.Small.g pominięty

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked pominięty

G:\Programy\gg\gg sejwy\users_cache\mbanner.htm Zainfekowanych: Virus.VBS.Small.g pominięty

G:\Programy\gg\gg sejwy\users_cache_tddccda.htm Zainfekowanych: Virus.VBS.Small.g pominięty

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

G:\z pulpitu\Diesel-porady itp\VAG instalki\Programy_VAG.rar/Programy VAG/VAG-COM 504.1+ crack/Vag-com/XStarter v1.72/Xstarter Setup.exe/file41 Zainfekowanych: not-a-virus:Monitor.Win32.Hooker.j pominięty

G:\z pulpitu\Diesel-porady itp\VAG instalki\Programy_VAG.rar/Programy VAG/VAG-COM 504.1+ crack/Vag-com/XStarter v1.72/Xstarter Setup.exe Zainfekowanych: not-a-virus:Monitor.Win32.Hooker.j pominięty

G:\z pulpitu\Diesel-porady itp\VAG instalki\Programy_VAG.rar RAR: zainfekowany - 2 pominięty

Proces skanowania został zakończony.