Wsctf i EXPLORER.EXE


(Buy Me) #1

Witajcie!

Mam wielki problem. Otóż na moim komputerze pojawiła się infekcja z którą nie radzą sobie Kasperky, Acravir i inne programy antywirusowe, po prostu jej nie wykrywają. Problem polega na tym, że jak chcę otworzyć jakiś dysk poprzez prawoklik (praczy przycisk myszy) to zamiast Otwórz mam open(o). Dodatkowo za każdym jednym uruchomieniem komputera na pulpicie pojawiają mi się Moje Dokumenty. Próbowałem wywalić ten syf z rejestru i nadal jest. Proszę o pomoc.

Logi z Hijacka

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:07:29, on 2008-07-01

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe

C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe

C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe

C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe

C:\Program Files\ArcaBit\Common\TaskScheduler.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe

O4 - HKLM..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup

O4 - HKLM..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://arcaonline.arcabit.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab

O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe

O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe

O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe

O23 - Service: ArcaBit.TaskScheduler - ArcaBit - C:\Program Files\ArcaBit\Common\TaskScheduler.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 5939 bytes

Log z Combofixa:

ComboFix 08-06-20.4 - Levuss 2008-07-01 13:02:26.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.714 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))

.

2008-06-30 18:44 . 2008-06-30 18:44

2008-06-30 18:37 . 2008-06-30 21:56

2008-06-30 18:29 . 2008-06-30 18:29

2008-06-30 18:28 . 2008-06-30 22:22

2008-06-30 18:27 . 2008-06-30 18:27

2008-06-25 18:36 . 2008-06-25 18:36

2008-06-24 13:02 . 2008-06-24 13:24

2008-06-24 13:02 . 2008-06-24 13:02

2008-06-23 13:55 . 2008-07-01 12:22

2008-06-23 13:54 . 2008-06-23 13:54

2008-06-14 15:12 . 2008-06-14 15:12 35,440 --a------ C:\WINDOWS\system32\sschk.trb

2008-06-14 14:08 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:03 . 2008-06-14 14:03

2008-06-14 13:59 . 2008-06-14 13:59

2008-06-14 13:36 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-14 13:30 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 13:27 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-14 13:15 . 2008-06-14 13:15

2008-06-14 11:31 . 2008-06-14 11:31

2008-06-14 11:30 . 2008-06-14 15:12 585,296 --a------ C:\WINDOWS\system32\trupd.trb

2008-06-14 11:26 . 2008-06-02 21:22 2,486,848 --a------ C:\WINDOWS\system32\rmt.trb

2008-06-14 11:26 . 2008-05-25 18:06 983,616 --a------ C:\WINDOWS\system32\Rmvtrjan.trb

2008-06-14 11:26 . 2008-06-14 15:12 878,672 --a------ C:\WINDOWS\system32\Trjscan.trb

2008-06-14 11:25 . 2008-06-30 23:01

2008-06-14 11:25 . 2008-06-14 11:25

2008-06-14 11:25 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-06-14 11:25 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-06-14 10:58 . 2008-06-14 11:31

2008-06-14 10:58 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL

2008-06-14 10:58 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL

2008-06-11 14:08 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-06-11 14:08 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2008-06-11 14:07 . 2008-06-11 14:07

2008-06-11 14:06 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-30 16:28 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit

2008-06-27 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-25 07:35 --------- d-----w C:\Program Files\English Translator 3

2008-06-23 11:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 13:18 --------- d-----w C:\Program Files\ArcaMicroScan

2008-06-01 20:52 --------- d-----w C:\Program Files\VAG-COM

2008-05-29 14:06 --------- d-----w C:\Program Files\Spyware Doctor

2008-05-26 10:00 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-25 09:31 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\PC Tools

2008-05-21 09:25 --------- d-----w C:\Program Files\Panda Security

2008-05-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-05-11 12:58 17,608 ----a-w C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-05-11 08:05 --------- d-----w C:\Program Files\Trend Micro

2008-05-10 16:21 --------- d-----w C:\Program Files\C-Media 6501 Sound

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-02 13:49 --------- d-----w C:\Program Files\BitComet

2008-04-21 11:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-04-21 06:44 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 17:22 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-04-14 17:22 356,352 ----a-w C:\WINDOWS\system32\msscp.dll

2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 17:22 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll

2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll

2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 16:02 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

"AvMenu"="C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe" [2008-06-30 22:01 514568]

"ArcaCheck"="C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe" [2008-06-30 22:01 637448]

"ABRegmon"="C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe" [2007-10-23 11:41 348160]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C6501Sound]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"D:\TacticalOps\System\TacticalOps.exe"=

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"=

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"=

"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"=

"C:\Program Files\Ares\Ares.exe"=

"C:\Program Files\BitComet\BitComet.exe"=

"C:\WINDOWS\system32\dpvsetup.exe"=

"D:\Pes6\PES6.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\WINDOWS\system32\mmc.exe"=

"D:\PES 2008\PES2008.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10932:TCP"= 10932:TCP:BitComet 10932 TCP

"10932:UDP"= 10932:UDP:BitComet 10932 UDP

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]

R1 ABTDI;ABTDI;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2008-06-30 22:01]

R2 ABFileMon;ArcaBit FileMonitor;"C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe" [2008-06-30 22:01]

R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;"C:\Program Files\ArcaBit\Common\TaskScheduler.exe" [2007-10-25 05:20]

R2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe [2008-06-30 22:01]

R3 ABFLT;ArcaBit File Monitor Driver;C:\PROGRA~1\ArcaBit\ArcaVir\ABFLT.sys [2008-06-30 22:01]

R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;"C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe" [2008-06-30 22:22]

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;"C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe" [2008-06-30 22:22]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-01 13:03:27

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-01 13:04:04

ComboFix-quarantined-files.txt 2008-07-01 11:03:58

Pre-Run: 1,769,222,144 bajtów wolnych

Post-Run: 1,797,799,936 bajtów wolnych

204 --- E O F --- 2008-06-25 16:36:32


(Gutek) #2

Użyj Perlovga Removal Tool oraz daj skan http://www.kaspersky.pl/virusscanner.html

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052


(Porchekarera) #3

Po ***** masz bitcometa a potem same wirusy


(Buy Me) #4

Tak się składa, że BC mam już spooory czas i przez niego nie miałem żadnego virusa! !!


(Gutek) #5

Perlovga Removal Tool coś znalazł? Gdzie raport ze skanu?


(Buy Me) #6

Wyskakuje mi taki błąd:

f80b8067ca4a002cm.jpg


(Gutek) #7

To przeskanuj jeszcze http://www.bitdefenderthailand.com/down ... ica-en.exe


(Buy Me) #8

Program nic nie wykazał.


(Gutek) #9

To Ok


(Buy Me) #10

Niestety problem nadal występuje.


(Leon$) #11

Pobierz System Repair Engineer

http://www.cybertrash.pl/images/tata/System Repair/System Repair Engineer.html

przeskanuj daj log nie zaznaczaj do skanu Host file

:slight_smile:


(Buy Me) #12
2008-07-05,19:35:28


System Repair Engineer 2.6.11.992

Smallfrogs (http://www.KZTechs.com)


Windows XP Home Edition Dodatek Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed


Follow item(s) have been selected:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Running Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    Process Privileges Scan



Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<; > [N/A]
<; "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray> []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<; "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice> [(Verified)"ESET, spol. s r.o."]
<; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<; > [N/A]
<; "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<; > [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Component Publisher]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  [Microsoft Corporation]


==================================

Startup Folders

N/A


==================================

Services

[Lavasoft Ad-Aware Service / aawservice][Running/Auto Start]

  <"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe">

[Zarządzanie aplikacjami / AppMgmt][Stopped/Manual Start]
%SystemRoot%\System32\appmgmts.dll>

[Ares Chatroom server / AresChatServer][Stopped/Manual Start]


[ArcaBit Update Service / AVUpdate][Stopped/Auto Start]
<(File is missing)>

[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]

  <"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe">

[Eset Service / ekrn][Running/Auto Start]

  <"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe">

[MSSQL$SONY_MEDIAMGR / MSSQL$SONY_MEDIAMGR][Stopped/Manual Start]


[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]


[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]


[PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]


[PC Tools Security Service / sdCoreService][Stopped/Manual Start]


[ServiceLayer / ServiceLayer][Stopped/Manual Start]

  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe">

[SQLAgent$SONY_MEDIAMGR / SQLAgent$SONY_MEDIAMGR][Stopped/Manual Start]



==================================

Drivers

[AliIde / AliIde][Running/Boot Start]

  <\SystemRoot\system32\DRIVERS\aliide.sys>

[Sterownik procesora AMD / AmdK8][Running/System Start]


[C-Media CM6501 Like Sound Interface / cm102u32][Running/Manual Start]


[eamon / eamon][Running/Auto Start]


[easdrv / easdrv][Running/System Start]


[epfwtdir / epfwtdir][Running/System Start]


[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]


[USB Serial Converter Driver / FTDIBUS][Stopped/Manual Start]


[USB Serial Port Driver / FTSER2K][Stopped/Manual Start]


[gmer / gmer][Stopped/Manual Start]


[File Security Driver / IKFileSec][Running/Boot Start]

  <\SystemRoot\system32\drivers\ikfilesec.sys>

[System Filter Driver / IKSysFlt][Running/System Start]


[System Security Driver / IKSysSec][Running/System Start]


[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]


[Nokia USB Generic / nmwcdc][Stopped/Manual Start]


[Nokia USB Port / nmwcdcj][Stopped/Manual Start]


[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]


[nv / nv][Running/Manual Start]


[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]


[Secdrv / Secdrv][Stopped/Manual Start]


[ULi M526X Ethernet NT Driver / ULI5261XP][Running/Manual Start]


[ULi AGP Bus Filter Driver / uliagpkx][Running/Boot Start]

  <\SystemRoot\system32\DRIVERS\agpkx.sys>


==================================

Browser Add-ons

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[BitComet Helper]

  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} 

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Java Plug-in 1.6.0_05]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} 

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} 

[CKAVWebScan Object]

  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} 

[ActiveScan 2.0 Installer Class]

  {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} 

[MainControl Class]

  {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} 

[System Requirements Lab Class]

  {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} 

[MksSkanerOnline Class]

  {68282C51-9459-467B-95BF-3C0E89627E55} 

[Java Plug-in 1.6.0_05]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} 

[ActiveScan Installer Class]

  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} 

[Java Plug-in 1.6.0_05]

  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} 

[Java Plug-in 1.6.0_05]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Windows Genuine Advantage Validation Tool]

  {17492023-C23A-453E-A040-C7C580BBF700} 

[BitComet Helper]

  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} 

[MainControl Class]

  {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} 

[Microsoft Terminal Services Client Control (redist)]

  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A>

[Microsoft Terminal Services Client Control (redist)]

  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A>

[WUWebControl Class]

  {6414512B-B978-451D-A0D8-FCFDF33E833C} 

[System Requirements Lab Class]

  {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} 

[Microsoft Terminal Services Client Control (redist)]

  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>

[Microsoft Terminal Services Client Control (redist)]

  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>

[SSVHelper Class]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 

[Microsoft Terminal Services Client Control (redist)]

  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A>

[SearchAssistantOC]

  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[&D&ownload &with BitComet]


[&D&ownload all video with BitComet]


[&D&ownload all with BitComet]


[E&ksport do programu Microsoft Excel]



==================================

Running Processes

[PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

    [C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Lavasoft, 7,1,0,12]

    [C] [Lavasoft, 7,1,0,12]

    [C] [PKWARE, Inc., 8.4.1045.0]

[PID][C] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Adobe Systems Incorporated, 7.0.0.2004121400]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Adobe Systems, Inc., 7.0.0.0]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

    [C] [CANON INC., 1.80.2.50]

    [C] [CANON INC., 1.80.2.50]

[PID][C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

    [C] [ESET, 3.0.667]

[PID][C] [NVIDIA Corporation, 6.14.11.6921]

    [C] [NVIDIA Corporation, 6.14.11.6921]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

[PID][C] [Mozilla Corporation, 1.8.1.15: 2008062306]

    [C] [Netscape Communications Corporation, 4.0]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Netscape Communications Corporation, 4.6.8]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [Mozilla Foundation, 3.11.4 Basic ECC]

    [C] [Mozilla Foundation, 3.11.9.0 Basic ECC]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [N/A,]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Mozilla Foundation, 3.11.4 Basic ECC]

    [C] [Mozilla Foundation, 1.65]

    [C] [Mozilla Foundation, 1.8.1.15: 2008062306]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]

[PID][C] [Gadu-Gadu S.A., 7,6,0,2165]

    [C] [N/A,]

    [C] [sms-express.com, 1, 0, 0, 0]

    [C] [N/A,]

    [C] [N/A,]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]

    [C] [Gadu-Gadu S.A., 7,6,0,2162]

    [C] [, 2, 0, 0, 2]

    [C] [Gadu-Gadu S.A., 7,6,0,2146]

    [C] [n0ne, 1, 0, 0, 2]

    [C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C] [Adobe Systems, Inc., 9,0,115,0]

[PID][C] [Smallfrogs Studio, 2.6.11.992]

[PID][C] [Smallfrogs Studio, 2.6.11.992]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Smallfrogs Studio, 2, 1, 0, 15]

    [C] [Smallfrogs Studio, 1, 0, 0, 5]


==================================

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE OK. ["%1" %*]

.COM OK. ["%1" %*]

.PIF OK. ["%1" %*]

.REG OK. [regedit.exe "%1"]

.BAT OK. ["%1" %*]

.SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1]

.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK OK. [{00021401-0000-0000-C000-000000000046}]


==================================

Winsock Provider

N/A


==================================

Autorun.Inf

N/A


==================================

HOSTS File

N/A


==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 956, C:\PROGRAM FILES\GADU-GADU\GG.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2704, C:\DOCUMENTS AND SETTINGS\LEVUSS\PULPIT\SRENG2\SRENGLDR.EXE]


==================================

API HOOK

N/A


==================================

Hidden Process

N/A


==================================

(Leon$) #13

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz Combofix http://www.searchengines.pl/index.php?s ... ntry395642

przeskanuj daj log

:slight_smile:


(Buy Me) #14

Oto log

ComboFix 08-07-01.5 - Levuss 2008-07-10 20:16:45.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.737 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))

.

2008-07-06 12:34 . 2008-07-06 12:34

2008-07-02 21:27 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

2008-07-02 21:27 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-07-02 21:26 . 2008-07-02 21:26

2008-07-02 21:26 . 2008-07-02 21:26

2008-07-02 17:12 . 2008-07-02 17:12

2008-07-02 12:13 . 2008-07-02 12:13

2008-07-02 12:13 . 2008-07-02 12:13

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-07-02 12:11 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll

2008-07-02 12:11 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll

2008-07-02 12:10 . 2008-07-02 12:10

2008-07-02 12:10 . 2008-07-02 12:10

2008-07-02 12:09 . 2008-07-02 12:09

2008-07-01 13:22 . 2008-07-01 13:22

2008-07-01 13:22 . 2008-07-01 13:23

2008-07-01 13:20 . 2008-07-01 13:20

2008-06-30 18:44 . 2008-06-30 18:44

2008-06-30 18:37 . 2008-06-30 21:56

2008-06-30 18:29 . 2008-06-30 18:29

2008-06-30 18:28 . 2008-07-01 13:14

2008-06-30 18:27 . 2008-07-01 13:22

2008-06-24 13:02 . 2008-06-24 13:24

2008-06-23 13:55 . 2008-07-09 17:24

2008-06-23 13:54 . 2008-06-23 13:54

2008-06-20 19:48 . 2008-06-20 19:48 246,784 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 19:48 . 2008-06-20 19:48 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 15:12 . 2008-06-14 15:12 35,440 --a------ C:\WINDOWS\system32\sschk.trb

2008-06-14 14:08 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:03 . 2008-06-14 14:03

2008-06-14 13:59 . 2008-06-14 13:59

2008-06-14 13:36 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-14 13:30 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 13:27 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-14 13:15 . 2008-06-14 13:15

2008-06-14 11:31 . 2008-07-09 17:07

2008-06-14 11:30 . 2008-06-14 15:12 585,296 --a------ C:\WINDOWS\system32\trupd.trb

2008-06-14 11:26 . 2008-06-02 21:22 2,486,848 --a------ C:\WINDOWS\system32\rmt.trb

2008-06-14 11:26 . 2008-05-25 18:06 983,616 --a------ C:\WINDOWS\system32\Rmvtrjan.trb

2008-06-14 11:26 . 2008-06-14 15:12 878,672 --a------ C:\WINDOWS\system32\Trjscan.trb

2008-06-14 11:25 . 2008-06-30 23:01

2008-06-14 11:25 . 2008-06-14 11:25

2008-06-14 11:25 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-06-14 11:25 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-06-14 10:58 . 2008-06-14 11:31

2008-06-14 10:58 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL

2008-06-14 10:58 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL

2008-06-11 14:08 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-06-11 14:07 . 2008-06-11 14:07

2008-06-11 14:06 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys

2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-04 10:50 --------- d-----w C:\Program Files\MoorHunt

2008-07-01 11:14 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit

2008-06-27 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-25 07:35 --------- d-----w C:\Program Files\English Translator 3

2008-06-23 11:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 13:18 --------- d-----w C:\Program Files\ArcaMicroScan

2008-06-01 20:52 --------- d-----w C:\Program Files\VAG-COM

2008-05-26 10:00 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-21 09:25 --------- d-----w C:\Program Files\Panda Security

2008-05-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-11 12:58 17,608 ----a-w C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-05-11 08:05 --------- d-----w C:\Program Files\Trend Micro

2008-05-10 16:21 --------- d-----w C:\Program Files\C-Media 6501 Sound

2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 11:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-04-21 06:44 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 17:22 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-04-14 17:22 356,352 ----a-w C:\WINDOWS\system32\msscp.dll

2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 17:22 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll

2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll

2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 16:02 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((( snapshot_2008-07-02_21.07.32,92 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-07-02 18:59:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-07-10 18:14:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-07-02 19:27:07 10,134 ----a-r C:\WINDOWS\Installer{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\callmsi.exe

  • 2008-07-02 19:27:07 136,448 ----a-r C:\WINDOWS\Installer{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\egui.exe

  • 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe

  • 2008-05-09 10:56:45 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll

  • 2008-05-09 10:56:45 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll

  • 2008-05-09 10:56:45 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll

  • 2008-05-09 10:56:45 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

  • 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe

  • 2008-05-09 10:56:45 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll

  • 2008-04-14 17:20:26 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll

  • 2008-06-20 17:48:53 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll

  • 2008-04-14 17:20:34 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

  • 2008-05-09 10:56:45 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

  • 2008-05-29 14:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

  • 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe

  • 2008-07-02 19:04:14 70,106 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2008-07-10 18:18:43 70,106 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2008-07-02 19:04:14 87,290 ----a-w C:\WINDOWS\system32\perfc015.dat

  • 2008-07-10 18:18:43 87,290 ----a-w C:\WINDOWS\system32\perfc015.dat

  • 2008-07-02 19:04:14 418,590 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2008-07-10 18:18:43 418,590 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2008-07-02 19:04:14 475,404 ----a-w C:\WINDOWS\system32\perfh015.dat

  • 2008-07-10 18:18:43 475,404 ----a-w C:\WINDOWS\system32\perfh015.dat

  • 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll

  • 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 19:21 171520]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

--a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-07-06 12:34 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"D:\TacticalOps\System\TacticalOps.exe"=

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"=

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"=

"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"=

"C:\Program Files\Ares\Ares.exe"=

"C:\Program Files\BitComet\BitComet.exe"=

"C:\WINDOWS\system32\dpvsetup.exe"=

"D:\Pes6\PES6.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\WINDOWS\system32\mmc.exe"=

"D:\PES 2008\PES2008.exe"=

"D:\Cs 1.6\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10932:TCP"= 10932:TCP:BitComet 10932 TCP

"10932:UDP"= 10932:UDP:BitComet 10932 UDP

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

S2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe []

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1d31e894-0654-11dd-a985-00138fb95f4a}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2aa723aa-f7e7-11dc-a916-00138fb95f4a}]

\Shell\AutoRun\command - H:\EXPLORER.EXE

\Shell\explore\Command - H:\EXPLORER.EXE

\Shell\open\Command - H:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b03e22a0-fe53-11dc-a949-00138fb95f4a}]

\Shell\AutoRun\command - H:\EXPLORER.EXE

\Shell\explore\Command - H:\EXPLORER.EXE

\Shell\open\Command - H:\EXPLORER.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-10 20:19:03

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-10 20:20:20

ComboFix-quarantined-files.txt 2008-07-10 18:20:07

ComboFix2.txt 2008-07-02 19:07:53

ComboFix3.txt 2008-07-01 11:04:05

Pre-Run: 988,479,488 bajtów wolnych

Post-Run: 1,034,235,904 bajtów wolnych

275 --- E O F --- 2008-07-09 05:21:22


(Leon$) #15

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(Buy Me) #16

ComboFix 08-07-01.5 - Levuss 2008-07-11 7:32:01.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.704 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Levuss\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\EXPLORER.EXE

C:\WINDOWS\system32\EXPLORER.EXE

C:\WINDOWS\system32\wsctf.exe

H:\EXPLORER.EXE

.

((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))

.

2008-07-10 22:35 . 2008-07-10 22:35

2008-07-06 12:34 . 2008-07-06 12:34

2008-07-02 21:27 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

2008-07-02 21:27 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-07-02 21:26 . 2008-07-02 21:26

2008-07-02 21:26 . 2008-07-02 21:26

2008-07-02 17:12 . 2008-07-02 17:12

2008-07-02 12:13 . 2008-07-02 12:13

2008-07-02 12:13 . 2008-07-02 12:13

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 2008-07-02 12:11

2008-07-02 12:11 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-07-02 12:11 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll

2008-07-02 12:11 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll

2008-07-02 12:10 . 2008-07-02 12:10

2008-07-02 12:10 . 2008-07-02 12:10

2008-07-02 12:09 . 2008-07-02 12:09

2008-07-01 13:22 . 2008-07-01 13:22

2008-07-01 13:22 . 2008-07-01 13:23

2008-07-01 13:20 . 2008-07-01 13:20

2008-06-30 18:44 . 2008-06-30 18:44

2008-06-30 18:37 . 2008-06-30 21:56

2008-06-30 18:29 . 2008-06-30 18:29

2008-06-30 18:28 . 2008-07-01 13:14

2008-06-30 18:27 . 2008-07-01 13:22

2008-06-24 13:02 . 2008-06-24 13:24

2008-06-23 13:55 . 2008-07-09 17:24

2008-06-23 13:54 . 2008-06-23 13:54

2008-06-20 19:48 . 2008-06-20 19:48 246,784 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 19:48 . 2008-06-20 19:48 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 15:12 . 2008-06-14 15:12 35,440 --a------ C:\WINDOWS\system32\sschk.trb

2008-06-14 14:08 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:04 . 2008-06-14 14:04

2008-06-14 14:03 . 2008-06-14 14:03

2008-06-14 13:59 . 2008-06-14 13:59

2008-06-14 13:36 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-14 13:30 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 13:27 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-14 13:15 . 2008-06-14 13:15

2008-06-14 11:31 . 2008-07-09 17:07

2008-06-14 11:30 . 2008-06-14 15:12 585,296 --a------ C:\WINDOWS\system32\trupd.trb

2008-06-14 11:26 . 2008-06-02 21:22 2,486,848 --a------ C:\WINDOWS\system32\rmt.trb

2008-06-14 11:26 . 2008-05-25 18:06 983,616 --a------ C:\WINDOWS\system32\Rmvtrjan.trb

2008-06-14 11:26 . 2008-06-14 15:12 878,672 --a------ C:\WINDOWS\system32\Trjscan.trb

2008-06-14 11:25 . 2008-06-30 23:01

2008-06-14 11:25 . 2008-06-14 11:25

2008-06-14 11:25 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-06-14 11:25 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-06-14 10:58 . 2008-06-14 11:31

2008-06-14 10:58 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL

2008-06-14 10:58 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL

2008-06-11 14:08 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-06-11 14:07 . 2008-06-11 14:07

2008-06-11 14:06 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-10 20:32 --------- d-----w C:\Program Files\Azureus

2008-07-04 10:50 --------- d-----w C:\Program Files\MoorHunt

2008-07-01 11:14 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit

2008-06-27 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-25 07:35 --------- d-----w C:\Program Files\English Translator 3

2008-06-23 11:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys

2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2008-06-10 13:18 --------- d-----w C:\Program Files\ArcaMicroScan

2008-06-01 20:52 --------- d-----w C:\Program Files\VAG-COM

2008-05-26 10:00 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-21 09:25 --------- d-----w C:\Program Files\Panda Security

2008-05-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-11 12:58 17,608 ----a-w C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-05-11 08:05 --------- d-----w C:\Program Files\Trend Micro

2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 11:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-04-21 06:44 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 17:22 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-04-14 17:22 356,352 ----a-w C:\WINDOWS\system32\msscp.dll

2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 17:22 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll

2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll

2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 16:02 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((( snapshot_2008-07-02_21.07.32,92 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-07-02 18:59:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-07-11 05:13:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-07-02 19:27:07 10,134 ----a-r C:\WINDOWS\Installer{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\callmsi.exe

  • 2008-07-02 19:27:07 136,448 ----a-r C:\WINDOWS\Installer{EC9E8EAA-2F25-4265-A77B-DA3AE3FF8EC3}\egui.exe

  • 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe

  • 2008-05-09 10:56:45 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll

  • 2008-05-09 10:56:45 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll

  • 2008-05-09 10:56:45 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll

  • 2008-05-09 10:56:45 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

  • 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe

  • 2008-05-09 10:56:45 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll

  • 2008-04-14 17:20:26 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll

  • 2008-06-20 17:48:53 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll

  • 2008-04-14 17:20:34 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

  • 2008-05-09 10:56:45 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

  • 2008-05-29 14:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

  • 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe

  • 2008-07-02 19:04:14 70,106 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2008-07-11 05:17:53 70,106 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2008-07-02 19:04:14 87,290 ----a-w C:\WINDOWS\system32\perfc015.dat

  • 2008-07-11 05:17:53 87,290 ----a-w C:\WINDOWS\system32\perfc015.dat

  • 2008-07-02 19:04:14 418,590 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2008-07-11 05:17:53 418,590 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2008-07-02 19:04:14 475,404 ----a-w C:\WINDOWS\system32\perfh015.dat

  • 2008-07-11 05:17:53 475,404 ----a-w C:\WINDOWS\system32\perfh015.dat

  • 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll

  • 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\^NTUSER.DAT]

path=\NTUSER.DAT

backup=C:\WINDOWS\pss\NTUSER.DATCommon Startup

[HKLM\~\startupfolder\^ntuser.dat.LOG]

path=\ntuser.dat.LOG

backup=C:\WINDOWS\pss\ntuser.dat.LOGCommon Startup

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

backup=C:\WINDOWS\pss\ntuser.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

--a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-07-06 12:34 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"D:\TacticalOps\System\TacticalOps.exe"=

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"=

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"=

"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"=

"C:\Program Files\Ares\Ares.exe"=

"C:\Program Files\BitComet\BitComet.exe"=

"C:\WINDOWS\system32\dpvsetup.exe"=

"D:\Pes6\PES6.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\WINDOWS\system32\mmc.exe"=

"D:\PES 2008\PES2008.exe"=

"D:\Cs 1.6\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10932:TCP"= 10932:TCP:BitComet 10932 TCP

"10932:UDP"= 10932:UDP:BitComet 10932 UDP

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

S2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe []

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-11 07:33:44

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-11 7:34:50

ComboFix-quarantined-files.txt 2008-07-11 05:34:43

ComboFix2.txt 2008-07-10 18:20:20

ComboFix3.txt 2008-07-02 19:07:53

ComboFix4.txt 2008-07-01 11:04:05

Pre-Run: 1,312,092,160 bajtów wolnych

Post-Run: 1,302,298,624 bajtów wolnych

281 --- E O F --- 2008-07-09 05:21:22


(Leon$) #17

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile:


(Buy Me) #18

Mam wyłączyć przywracanie i przeskanować kompa? czy wyłączyć i od razu włączyć i dopiero przeskanować kompa?


(Spandau) #19

Najlepiej wyłącz przeskanuj kompa a potem włącz!

:slight_smile:


(Buy Me) #20

1.

KASPERSKY ONLINE SCANNER REPORT

2.

12 lipiec 2008 11:32:24

3.

System operacyjny: Microsoft Windows XP Home Edition, Dodatek Service Pack 3 (Build 2600)

4.

Kaspersky Online Scanner wersja: 5.0.98.0

5.

Ostatnia aktualizacja Kaspersky Anti-Virus12/07/2008

6.

Liczba wpisów w bazie danych Kaspersky Anti-Virus944071

7.

Ustawienia skanowania

8.

Skanowanie przy użyciu następujących baz danych rozszerzone

9.

Skanuj archiwa tak

10.

Skanuj pocztowe bazy danych tak

11.

Obszar skanowania Mój komputer

12.

A:\

13.

C:\

14.

D:\

15.

E:\

16.

F:\

17.

G:\

18.

Statystyki skanowania

19.

Liczba skanowanych obiektów 143808

20.

Liczba wykrytych wirusów 2

21.

Liczba zainfekowanych obiektów 7

22.

Liczba podejrzanych obiektów 0

23.

Czas trwania skanowania 01:54:30

24.

25.

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie

26.

C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked pominięty

27.

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked pominięty

28.

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked pominięty

29.

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked pominięty

30.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty

31.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty

32.

C:\Documents and Settings\Levuss\Cookies\index.dat Object is locked pominięty

33.

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\cert8.db Object is locked pominięty

34.

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\formhistory.dat Object is locked pominięty

35.

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\history.dat Object is locked pominięty

36.

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\key3.db Object is locked pominięty

37.

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\parent.lock Object is locked pominięty

38.

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\search.sqlite Object is locked pominięty

39.

C:\Documents and Settings\Levuss\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\urlclassifier2.sqlite Object is locked pominięty

40.

C:\Documents and Settings\Levuss\NTUSER.DAT Object is locked pominięty

41.

C:\Documents and Settings\Levuss\ntuser.dat.LOG Object is locked pominięty

42.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

43.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

44.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\Cache_CACHE_001_ Object is locked pominięty

45.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\Cache_CACHE_002_ Object is locked pominięty

46.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\Cache_CACHE_003_ Object is locked pominięty

47.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\caya0gyd.default\Cache_CACHE_MAP_ Object is locked pominięty

48.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

49.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Historia\History.IE5\MSHist012008071220080713\index.dat Object is locked pominięty

50.

C:\Documents and Settings\Levuss\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

51.

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty

52.

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

53.

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

54.

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

55.

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

56.

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

57.

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

58.

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

59.

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

60.

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

61.

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

62.

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

63.

C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

64.

C:\WINDOWS\SchedLgU.Txt Object is locked pominięty

65.

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

66.

C:\WINDOWS\Sti_Trace.log Object is locked pominięty

67.

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

68.

C:\WINDOWS\system32\config\default Object is locked pominięty

69.

C:\WINDOWS\system32\config\default.LOG Object is locked pominięty

70.

C:\WINDOWS\system32\config\SAM Object is locked pominięty

71.

C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

72.

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

73.

C:\WINDOWS\system32\config\SECURITY Object is locked pominięty

74.

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

75.

C:\WINDOWS\system32\config\software Object is locked pominięty

76.

C:\WINDOWS\system32\config\software.LOG Object is locked pominięty

77.

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

78.

C:\WINDOWS\system32\config\system Object is locked pominięty

79.

C:\WINDOWS\system32\config\system.LOG Object is locked pominięty

80.

C:\WINDOWS\system32\h323log.txt Object is locked pominięty

81.

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

82.

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

83.

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

84.

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

85.

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

86.

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

87.

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

88.

C:\WINDOWS\wiadebug.log Object is locked pominięty

89.

C:\WINDOWS\wiaservc.log Object is locked pominięty

90.

C:\WINDOWS\WindowsUpdate.log Object is locked pominięty

91.

D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked pominięty

92.

D:\Gadu-Gadu\J_a_c_A\ARCHIWUM\rozmowy.html Object is locked pominięty

93.

D:\Gadu-Gadu\Levy\ARCHIWUM\rozmowy.html Object is locked pominięty

94.

D:\RECYCLER\S-1-5-21-790525478-115176313-725345543-1004\De1.inf Object is locked pominięty

95.

D:\RECYCLER\S-1-5-21-790525478-115176313-725345543-1004\De2.inf Object is locked pominięty

96.

D:\RECYCLER\S-1-5-21-790525478-115176313-725345543-1004\De3.inf Object is locked pominięty

97.

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

98.

E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked pominięty

99.

E:\Programy\gg\Gadu-Gadu\J_a_c_A\ARCHIWUM\rozmowy.html Object is locked pominięty

100.

E:\Programy\gg\Gadu-Gadu\Levy\ARCHIWUM\rozmowy.html Object is locked pominięty

101.

E:\Programy\gg\Gadu-Gadu_cache\banner.htm Object is locked pominięty

102.

E:\Programy\gg\Gadu-Gadu_cache\sbanner.htm Object is locked pominięty

103.

E:\Programy\gg\Gadu-Gadu-save\J_a_c_A\ARCHIWUM\rozmowy.html Object is locked pominięty

104.

E:\Programy\gg\Gadu-Gadu-save\Levy\ARCHIWUM\rozmowy.html Object is locked pominięty

105.

E:\Programy\gg\gg sejwy\users\J_a_c_A\ARCHIWUM\rozmowy.html Object is locked pominięty

106.

E:\Programy\gg\gg sejwy\users\Levy\ARCHIWUM\rozmowy.html Object is locked pominięty

107.

E:\Programy\gg\gg sejwy\users_cache\banner.htm Object is locked pominięty

108.

E:\Programy\gg\gg sejwy\users_cache\mbanner.htm Zainfekowanych: Virus.VBS.Small.g pominięty

109.

E:\Programy\gg\gg sejwy\users_cache\sbanner.htm Object is locked pominięty

110.

E:\Programy\gg\gg sejwy\users_cache_tddccda.htm Zainfekowanych: Virus.VBS.Small.g pominięty

111.

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

112.

G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked pominięty

113.

G:\Programy\gg\gg sejwy\users_cache\mbanner.htm Zainfekowanych: Virus.VBS.Small.g pominięty

114.

G:\Programy\gg\gg sejwy\users_cache_tddccda.htm Zainfekowanych: Virus.VBS.Small.g pominięty

115.

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

116.

G:\z pulpitu\Diesel-porady itp\VAG instalki\Programy_VAG.rar/Programy VAG/VAG-COM 504.1+ crack/Vag-com/XStarter v1.72/Xstarter Setup.exe/file41 Zainfekowanych: not-a-virus:Monitor.Win32.Hooker.j pominięty

117.

G:\z pulpitu\Diesel-porady itp\VAG instalki\Programy_VAG.rar/Programy VAG/VAG-COM 504.1+ crack/Vag-com/XStarter v1.72/Xstarter Setup.exe Zainfekowanych: not-a-virus:Monitor.Win32.Hooker.j pominięty

118.

G:\z pulpitu\Diesel-porady itp\VAG instalki\Programy_VAG.rar RAR: zainfekowany - 2 pominięty

119.

Proces skanowania został zakończony.