Zrobilem wszystko wedlug wskazowek,i nie wiem czy jest lepiej
Po usunieciu wpisow,zaczely mi przychodzic powiadomienia o innym wirusie,i nie moge nawet wkleic linku do przekierowania,dlatego nie mam innego wyjscia…
ComboFix 08-04-04.1 - Olivia 2008-04-05 21:56:29.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1087 [GMT 1:00]
Running from: C:\Users\Olivia\Desktop\ComboFix.exe
Command switches used :: C:\Users\Olivia\Desktop\CFScript.txt
FILE ::
C:\ProgramData\mcirlkxa\wrwzkncr.exe
C:\ProgramData\rhknkssc\datkrmds.exe
C:\ProgramData\vclqlape\padsbuha.exe
C:\ProgramData\wwtrohia\hexqxojg.exe
C:\ProgramData\xfqjcmbg\fcdihgts.exe
C:\Users\Olivia\AppData\Local\Temp\khilypfj.dll
C:\Users\Olivia\AppData\Local\Temp\nchpwfor.dll
C:\Users\Olivia\AppData\Local\Temp\xxyayYqr.dll
.
TimedOut: Windir.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\mcirlkxa\wrwzkncr.exe
C:\ProgramData\rhknkssc\datkrmds.exe
C:\ProgramData\vclqlape\padsbuha.exe
C:\ProgramData\wwtrohia\hexqxojg.exe
C:\ProgramData\xfqjcmbg\fcdihgts.exe
C:\Users\Olivia\AppData\Roaming\macromedia\Flash Player#SharedObjects\ATVQV5CH\iforex.com
C:\Users\Olivia\AppData\Roaming\macromedia\Flash Player#SharedObjects\ATVQV5CH\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Users\Olivia\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#iforex.com
C:\Users\Olivia\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#iforex.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 20:57 68,848,672 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-04-05 20:56 --------- d-----w C:\ProgramData\xfqjcmbg
2008-04-05 20:56 --------- d-----w C:\ProgramData\wwtrohia
2008-04-05 20:56 --------- d-----w C:\ProgramData\vclqlape
2008-04-05 20:56 --------- d-----w C:\ProgramData\rhknkssc
2008-04-05 20:56 --------- d-----w C:\ProgramData\mcirlkxa
2008-04-05 20:47 --------- d-----w C:\Users\Olivia\AppData\Roaming\Skype
2008-04-05 20:34 --------- d-----w C:\Users\Olivia\AppData\Roaming\skypePM
2008-04-05 20:34 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-05 20:32 914,144 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-04-03 14:22 --------- d-----w C:\Program Files\a-squared Free
2008-04-03 11:56 --------- d-----w C:\ProgramData\wpptjcli
2008-04-03 05:38 --------- d-----w C:\Program Files\RegCure
2008-04-02 14:10 --------- d—a-w C:\ProgramData\TEMP
2008-04-02 12:43 --------- d-----w C:\ProgramData\rqbgbabk
2008-04-02 00:21 --------- d-----w C:\ProgramData\thsyvlvz
2008-04-01 22:17 691 ----a-w C:\Users\Olivia\AppData\Roaming\GetValue.vbs
2008-04-01 22:17 35 ----a-w C:\Users\Olivia\AppData\Roaming\SetValue.bat
2008-04-01 13:22 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-01 10:15 --------- d-----w C:\Program Files\Trend Micro
2008-03-31 20:12 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-31 19:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 17:31 --------- d-----w C:\Program Files\Google
2008-03-29 12:50 91,700 ----a-w C:\Windows\system32\drivers\klin.dat
2008-03-29 12:50 85,860 ----a-w C:\Windows\system32\drivers\klick.dat
2008-03-29 12:41 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-29 12:34 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-03-29 10:43 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-28 22:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 14:28 --------- d-----w C:\Program Files\CyberLink
2008-03-26 14:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-26 14:24 --------- d-----w C:\Program Files\Microsoft Small Business
2008-03-26 14:22 --------- d-----w C:\Program Files\Samsung
2008-03-26 07:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-25 11:25 --------- d-----w C:\Users\Olivia\AppData\Roaming\BitTorrent
2008-03-24 21:29 720,896 ----a-w C:\Windows\iun6002ev.exe
2008-03-24 13:28 724,992 ----a-w C:\Windows\iun6002.exe
2008-03-23 17:44 --------- d-----w C:\Users\Olivia\AppData\Roaming\Azureus
2008-03-21 08:31 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-20 13:36 --------- d-----w C:\Program Files\TryMedia
2008-03-19 21:45 --------- d-----w C:\Program Files\DivX
2008-03-17 16:18 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-12 10:53 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 10:15 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-12 10:15 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-01 17:28 --------- d-----w C:\Users\Olivia\AppData\Roaming\DivX
2008-02-28 18:34 --------- d-----w C:\Users\Olivia\AppData\Roaming\PCF-VLC
2008-02-28 15:18 --------- d-----w C:\Users\Olivia\AppData\Roaming\Participatory Culture Foundation
2008-02-28 15:17 --------- d-----w C:\ProgramData\Participatory Culture Foundation
2008-02-28 15:17 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-02-28 14:51 --------- d-----w C:\ProgramData\Azureus
2008-02-23 22:11 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-02-23 22:11 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-02-23 22:11 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-02-23 22:11 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-02-23 22:11 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-02-23 22:11 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-02-23 22:11 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-02-23 22:11 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-02-23 22:11 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-02-23 10:14 174 --sha-w C:\Program Files\desktop.ini
2008-02-23 10:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-23 10:10 --------- d-----w C:\Program Files\Windows Calendar
2008-02-23 01:22 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-02-23 01:22 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-02-23 01:22 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-02-23 01:18 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-23 01:16 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-02-23 01:15 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-23 01:15 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-23 01:15 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-23 01:15 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-23 01:14 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-02-23 01:14 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-02-23 01:14 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-02-23 01:14 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-02-23 01:14 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-02-23 01:14 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-02-23 01:14 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-02-23 01:14 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-02-23 01:14 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-02-23 01:13 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-23 01:13 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-23 01:13 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-23 01:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-23 01:13 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-23 01:13 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-23 01:13 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-23 01:13 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-23 01:12 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-02-23 01:12 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-02-23 01:12 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-02-23 01:12 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-02-23 01:12 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-02-23 01:12 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-02-23 01:12 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-02-23 01:12 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-02-23 01:12 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-02-23 01:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-23 01:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-02-23 02:06 1232896]
“WindowsWelcomeCenter”=“oobefldr.dll” [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-06 19:21 21898024]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-03-29 18:31 171448]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-07-17 04:15 1006264]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 04:35 90112]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-03-23 07:40 857648]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2007-01-08 14:26 68640]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2007-01-08 14:17 52256]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-06-13 05:11 4489216 C:\Windows\RtHDVCpl.exe]
“snpstd3”=“C:\Windows\vsnpstd3.exe” [2006-09-18 15:12 843776]
“SBI”=“C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO19F1R7\install_sbd_en[1].exe” []
“BearShare”=“C:\Program Files\BearShare\BearShare.exe” []
“AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” [2008-02-08 19:36 227856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“NoHotStart”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3acm”= l3codeca.acm
“MSVideo8”= VfWWDM32.dll
“VIDC.YV12”= yv12vfw.dll
“msacm.ac3acm”= ac3acm.acm
“msacm.lameacm”= lameACM.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{15FA9090-2D8A-4EBC-9EAC-8B06D83EB1EE}”= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
“{39EA7F28-68C6-4145-84C1-0522E01FCF74}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“TCP Query User{B99A84CD-764D-4725-B168-DAA1C59C21FD}C:\program files\bearshare\bearshare.exe”= UDP:C:\program files\bearshare\bearshare.exe:BearShare
“UDP Query User{BCD87153-40D5-4A9C-9FB6-6909F9A8BACC}C:\program files\bearshare\bearshare.exe”= TCP:C:\program files\bearshare\bearshare.exe:BearShare
“TCP Query User{1EAF2E01-0142-49D6-86A2-D61FE5D009C6}C:\program files\morpheus\morpheus.exe”= UDP:C:\program files\morpheus\morpheus.exe:Morpheus
“UDP Query User{8F54AAD1-2DC1-446F-A5C7-D6B487390A7F}C:\program files\morpheus\morpheus.exe”= TCP:C:\program files\morpheus\morpheus.exe:Morpheus
“{937908EC-3F8C-418A-A83C-701FFA85D503}”= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
“{8154087A-6E98-4FBB-94E4-FA77D174C8E1}”= TCP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
“{09956462-E879-4AA4-9AF3-96C465319EE6}”= UDP:C:\Program Files\DNA\btdna.exe:DNA
“{541192DE-A966-4950-A21D-5083C09C639F}”= TCP:C:\Program Files\DNA\btdna.exe:DNA
“{AF993FC2-8B5B-4AB4-AEE5-222D11DDE27E}”= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
“{41C540B0-D718-4D2D-9EBC-8477CBE3C9B9}”= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
“TCP Query User{E1162633-1DCC-420D-8592-E4754AEF9CE4}C:\program files\skype\phone\skype.exe”= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
“UDP Query User{6A82AF86-322E-4027-9A07-F1DBC42168E4}C:\program files\skype\phone\skype.exe”= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
“TCP Query User{93D686D0-897D-448A-944A-CFDA685FBBB4}C:\program files\utorrent\utorrent.exe”= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
“UDP Query User{49D9EBA6-8881-45E9-AD28-8AE84B731443}C:\program files\utorrent\utorrent.exe”= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
“TCP Query User{30A888B8-EB16-4DDC-B0FF-D6292DB0E76F}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe”= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe:Kaspersky Anti-Virus 7.0 Setup
“UDP Query User{4D1505C2-7085-44AD-817D-DC51DDE1E273}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe”= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe:Kaspersky Anti-Virus 7.0 Setup
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files\BitTorrent\bittorrent.exe”= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2007-04-26 02:15]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 12:05]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-07-17 03:58]
R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 21:44]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 10:03]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 15:21]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-03 02:14]
S2 SpyHunter3 Service;SpyHunter3 Service;“C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe” []
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 19:46]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 06:20]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 06:20]
S3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 08:30]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 15:21]
S3 SQLWriter;SQL Server VSS Writer;“C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe” [2006-04-14 02:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the ‘Scheduled Tasks’ folder
“2008-04-05 20:33:41 C:\Windows\Tasks\RegCure Program Check.job”
- C:\Program Files\RegCure\RegCure.exe
“2008-04-03 06:12:50 C:\Windows\Tasks\RegCure.job”
- C:\Program Files\RegCure\RegCure.exe
“2008-04-05 14:02:33 C:\Windows\Tasks\User_Feed_Synchronization-{62B1D168-4642-4F8B-82FA-6D69419799F4}.job”
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 21:59:51
Windows 6.0.6000 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SBI = C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO19F1R7\install_sbd_en[1].exe???
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-05 22:00:48
ComboFix-quarantined-files.txt 2008-04-05 21:00:43
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-04-03 20:06:03 — E O F —