bogumill23 utworzono 28 marca 2009 utworzono 28 marca 2009 bardzo prosze o sprawdzenie loga z combofixa z góry dziękuje ComboFix 09-03-26.03 - User 2009-03-27 22:38:01.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.511.299 [GMT 1:00]Uruchomiony z: d:\nowy folder\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\User\reader_s.exec:\windows\Install.txtc:\windows\system32\200935911.dllc:\windows\system32\3.tmpc:\windows\system32\4.tmpc:\windows\system32\6.tmpc:\windows\system32\7.tmpc:\windows\system32\9.tmpc:\windows\system32\A.tmpc:\windows\system32\c++.exec:\windows\system32\comsa32.sysc:\windows\system32\drivers\protect.sysc:\windows\system32\dxonool32.sysc:\windows\system32\Install.txtc:\windows\system32\ndetect.exec:\windows\system32\reader_s.exec:\windows\system32\sopidkc.exec:\windows\system32\tpszxyd.sysc:\windows\system32\u162129646.dllc:\windows\system32\w.exec:\windows\system32\windres.exe . . . jest zainfekowany!! . . . jest zainfekowany!! . . . jest zainfekowany!!.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_AFISICX-------\Legacy_DEFAULTLIB-------\Legacy_PROTECT-------\Legacy_SOFTYINFORWOW1-------\Legacy_SOPIDKC-------\Service_afisicx-------\Service_defaultlib-------\Service_protect-------\Service_restore-------\Service_softyinforwow1-------\Service_sopidkc((((((((((((((((((((((((( Pliki utworzone od 2009-02-27 do 2009-03-27 ))))))))))))))))))))))))))))))).2009-03-27 22:41 . 2009-03-27 22:41 <DIR> d-------- c:\windows\system32\xircom2009-03-27 22:41 . 2009-03-27 22:41 <DIR> d-------- c:\windows\system32\oobe2009-03-27 22:41 . 2009-03-27 22:41 <DIR> d-------- c:\windows\srchasst2009-03-27 22:41 . 2009-03-27 22:41 <DIR> d-------- c:\windows\msagent2009-03-27 22:41 . 2009-03-27 22:41 <DIR> d-------- c:\program files\microsoft frontpage2009-03-27 21:58 . 2009-03-27 21:58 <DIR> d-------- c:\program files\Trend Micro2009-03-27 21:03 . 2009-03-27 22:28 <DIR> d-------- c:\program files\mks_vir_20072009-03-27 21:03 . 2009-03-27 21:03 270 --a------ c:\windows\{6ECB6EE7-DF64-4F26-9273-9525FC11A417}_WiseFW.ini2009-03-27 20:40 . 2004-08-12 08:50 2,568,192 -ra------ c:\windows\system\cmicnfg.cpl2009-03-27 20:40 . 2004-02-17 03:51 1,478,656 -ra------ c:\windows\system\SmWizard.exe2009-03-27 20:40 . 2002-04-29 08:04 917,504 -ra------ c:\windows\system\cmids3d.dll2009-03-27 20:40 . 2004-08-23 09:21 821,760 -ra------ c:\windows\system32\drivers\cmuda.sys2009-03-27 20:40 . 2001-11-23 05:08 712,704 -ra------ c:\windows\system32\Audio3D.dll2009-03-27 20:40 . 2004-08-26 11:25 163,840 -ra------ c:\windows\system32\cmuda.dll2009-03-27 20:40 . 2003-04-24 06:29 32,768 -ra------ c:\windows\system32\udaprop.dll2009-03-27 20:39 . 2009-03-27 20:39 <DIR> d-------- c:\program files\C-Media 3D Audio2009-03-27 20:39 . 2003-07-22 11:15 245,760 --a------ c:\windows\CmiRmRedundDir.exe2009-03-27 20:39 . 2009-03-27 20:39 171 --a------ c:\windows\system\CmiCnfg.ini2009-03-27 19:39 . 2009-03-27 20:30 <DIR> d-------- c:\program files\Odkurzacz2009-03-24 23:09 . 2009-03-24 23:09 <DIR> d-------- C:\Ajt Soft2009-03-23 18:36 . 2009-03-23 18:36 <DIR> d-------- c:\program files\Nowe Gadu-Gadu2009-03-22 20:02 . 2009-03-22 20:02 <DIR> d--hs---- c:\documents and settings\User\IECompatCache2009-03-22 20:01 . 2009-03-22 20:01 <DIR> d--hs---- c:\documents and settings\User\PrivacIE2009-03-22 19:47 . 2009-03-23 14:01 <DIR> d-------- c:\windows\SxsCaPendDel2009-03-22 19:37 . 2009-03-22 19:37 <DIR> d--h----- c:\windows\PIF2009-03-22 19:36 . 2009-03-22 19:36 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE2009-03-22 19:36 . 2009-03-22 19:36 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache2009-03-22 19:36 . 2009-03-22 19:36 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache2009-03-22 19:35 . 2009-03-22 19:35 <DIR> d--hs---- c:\documents and settings\User\IETldCache2009-03-22 19:32 . 2009-01-07 18:21 26,144 --a------ c:\windows\system32\spupdsvc.exe2009-03-22 19:30 . 2009-03-22 19:32 <DIR> d--h-c--- c:\windows\ie82009-03-22 01:29 . 2009-03-22 01:29 124 --a------ c:\windows\system32\8.tmp2009-03-21 23:00 . 2009-03-21 23:00 124 --a------ c:\windows\system32\5.tmp2009-03-21 20:37 . 2009-03-21 20:38 71,680 --a------ c:\windows\system32\5A.tmp2009-03-21 20:37 . 2009-03-21 20:37 28,672 --a------ c:\windows\system32\59.tmp2009-03-21 20:37 . 2009-03-21 20:37 124 --a------ c:\windows\system32\58.tmp2009-03-21 17:12 . 2009-03-21 17:12 64,512 --a------ c:\windows\system32\deviceemulator.exe2009-03-21 17:11 . 2009-03-21 17:11 124 --a------ c:\windows\system32\2.tmp2009-03-21 17:01 . 2009-03-21 17:01 182,656 --a------ c:\windows\system32\dllcache\ndis.sys2009-03-21 17:01 . 2009-03-21 17:01 6 --a------ c:\windows\_id.dat2009-03-21 17:00 . 2009-03-21 17:00 0 --a------ c:\windows\system32\33.tmp2009-03-21 16:59 . 2009-03-21 16:59 11,450,341 --a------ c:\windows\services.ex_2009-03-21 16:59 . 2009-03-22 19:36 130 --a------ c:\windows\adobe.bat2009-03-21 16:58 . 2009-03-21 16:59 71,680 --a------ c:\windows\system32\31.tmp2009-03-21 16:58 . 2009-03-21 10:30 9,240 --a------ c:\windows\system32\wf.exe2009-03-21 16:58 . 2009-03-21 16:58 124 --a------ c:\windows\system32\2E.tmp2009-03-19 20:56 . 2009-03-19 20:56 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\OpenOffice.org2009-03-19 20:54 . 2009-03-19 20:54 <DIR> d-------- c:\program files\OpenOffice.org 32009-03-19 17:08 . 2009-03-19 17:08 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\222222009-03-19 00:19 . 2009-03-19 00:19 <DIR> d-------- c:\program files\NiemPol2009-03-19 00:19 . 2008-01-06 13:44 140,288 --a------ c:\windows\system32\COMDLG32.OCX2009-03-19 00:19 . 2004-03-08 23:00 132,880 --a------ c:\windows\system32\MSINET.OCX2009-03-18 16:47 . 2009-03-18 16:47 <DIR> d-------- c:\program files\AVIcodec2009-03-18 16:42 . 2009-03-24 15:36 1,065 --a------ c:\windows\winamp.ini2009-03-16 22:30 . 2009-03-16 22:30 <DIR> d--hs---- C:\found.0002009-03-15 22:17 . 2009-03-18 17:38 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu2009-03-13 17:25 . 2009-03-13 17:25 <DIR> d-------- c:\program files\Ares2009-03-13 13:56 . 2009-03-13 13:56 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\AltrixSoft2009-03-12 21:05 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx2009-03-12 16:09 . 2001-10-26 13:29 89,088 --a------ c:\windows\system32\hpgt33.dll2009-03-12 16:09 . 2001-10-26 13:29 87,040 --a------ c:\windows\system32\wiafbdrv.dll2009-03-12 16:09 . 2001-10-26 13:29 48,128 --a------ c:\windows\system32\hpgt33tk.dll2009-03-12 16:09 . 2001-10-26 13:29 32,768 --a------ c:\windows\system32\hpgtmcro.dll2009-03-12 16:09 . 2008-04-13 20:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys2009-03-08 17:50 . 2009-03-08 17:50 <DIR> d-------- c:\windows\Sun2009-03-08 17:49 . 2009-03-08 17:49 <DIR> d-------- c:\program files\Java2009-03-08 17:49 . 2009-03-08 17:49 410,984 --a------ c:\windows\system32\deploytk.dll2009-03-08 17:49 . 2009-03-08 17:49 73,728 --a------ c:\windows\system32\javacpl.cpl2009-03-08 14:15 . 2009-03-08 14:15 1,294,336 --------- c:\windows\system32\ieframe.dll.mui2009-03-08 14:14 . 2009-03-08 14:14 53,248 --------- c:\windows\system32\msrating.dll.mui2009-03-08 14:14 . 2009-03-08 14:14 2,560 --------- c:\windows\system32\mshta.exe.mui2009-03-08 14:13 . 2009-03-08 14:13 4,096 --------- c:\windows\system32\ie4uinit.exe.mui2009-03-08 14:12 . 2009-03-08 14:12 81,920 --------- c:\windows\system32\iedkcs32.dll.mui2009-03-08 04:34 . 2009-03-08 04:34 43,008 --------- c:\windows\system32\dllcache\licmgr10.dll2009-03-08 04:33 . 2009-03-08 04:33 759,296 --------- c:\windows\system32\dllcache\VGX.dll2009-03-08 04:33 . 2009-03-08 04:33 726,528 --------- c:\windows\system32\dllcache\jscript.dll2009-03-08 04:33 . 2009-03-08 04:33 420,352 --------- c:\windows\system32\dllcache\vbscript.dll2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll2009-03-08 04:32 . 2009-03-08 04:32 94,720 --------- c:\windows\system32\dllcache\inseng.dll2009-03-08 04:32 . 2009-03-08 04:32 72,704 --------- c:\windows\system32\dllcache\admparse.dll2009-03-08 04:32 . 2009-03-08 04:32 71,680 --------- c:\windows\system32\dllcache\iesetup.dll2009-03-08 04:31 . 2009-03-08 04:31 1,638,912 --------- c:\windows\system32\dllcache\mshtml.tlb2009-03-08 04:31 . 2009-03-08 04:31 183,808 --------- c:\windows\system32\dllcache\iepeers.dll2009-03-08 04:31 . 2009-03-08 04:31 62,464 --------- c:\windows\system32\dllcache\mshta.exe2009-03-08 04:31 . 2009-03-08 04:31 48,128 --------- c:\windows\system32\dllcache\mshtmler.dll2009-03-08 04:31 . 2009-03-08 04:31 34,816 --------- c:\windows\system32\dllcache\imgutil.dll2009-03-08 04:30 . 2009-03-08 04:30 66,560 --------- c:\windows\system32\dllcache\tdc.ocx2009-03-08 04:24 . 2009-03-08 04:24 68,608 --------- c:\windows\system32\dllcache\hmmapi.dll2009-03-08 04:22 . 2009-03-08 04:22 156,160 --------- c:\windows\system32\dllcache\msls31.dll2009-03-08 01:31 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl2009-03-08 01:30 . 2009-03-08 01:31 <DIR> d-------- c:\program files\ACE Mega CoDecS Pack2009-03-08 01:30 . 2001-10-31 10:14 1,650,688 --a------ c:\windows\system32\mplva6.dll2009-03-08 01:30 . 2001-10-31 10:14 1,581,056 --a------ c:\windows\system32\mplvw7.dll2009-03-08 01:30 . 2001-10-31 10:14 1,552,384 --a------ c:\windows\system32\mplvm6.dll2009-03-08 01:30 . 2001-10-31 10:14 1,122,304 --a------ c:\windows\system32\mplvpx.dll2009-03-08 01:30 . 2004-10-30 15:39 761,856 --a------ c:\windows\system32\xvidcore.dll2009-03-08 01:30 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl2009-03-08 01:30 . 2003-03-25 05:49 152,064 --a------ c:\windows\system32\unrar.dll2009-03-08 01:30 . 2001-10-31 10:14 77,824 --a------ c:\windows\system32\mplaw7.dll2009-03-08 01:30 . 2001-10-31 10:14 77,824 --a------ c:\windows\system32\mplaa6.dll2009-03-08 01:30 . 2001-10-31 10:14 65,536 --a------ c:\windows\system32\mplapx.dll2009-03-08 01:30 . 2001-10-31 10:14 65,536 --a------ c:\windows\system32\mplam6.dll2009-03-08 01:30 . 2001-09-17 12:20 19,968 --a------ c:\windows\system32\cpuinf32.dll2009-03-07 00:53 . 2009-03-07 00:53 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\AdobeUM2009-03-06 15:47 . 2009-03-06 15:47 <DIR> d-------- c:\program files\Common Files\Adobe2009-03-04 23:25 . 2009-03-04 23:25 <DIR> d-------- c:\program files\EA SPORTS2009-03-04 20:05 . 2008-04-13 20:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys2009-03-04 20:05 . 2008-04-13 18:09 142,592 --a------ c:\windows\system32\drivers\aec.sys2009-03-04 20:05 . 2008-04-13 20:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys2009-03-04 20:05 . 2008-04-13 20:45 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys2009-03-04 20:05 . 2008-04-13 20:15 56,576 --a------ c:\windows\system32\drivers\swmidi.sys2009-03-04 20:05 . 2008-04-13 20:15 52,864 --a------ c:\windows\system32\drivers\DMusic.sys2009-03-04 20:05 . 2008-04-13 20:09 7,552 --a------ c:\windows\system32\drivers\MSKSSRV.sys2009-03-04 20:05 . 2008-04-13 20:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys2009-03-04 20:05 . 2008-04-13 20:09 5,376 --a------ c:\windows\system32\drivers\MSPCLOCK.sys2009-03-04 20:05 . 2008-04-13 20:09 4,992 --a------ c:\windows\system32\drivers\MSPQM.sys2009-03-04 20:05 . 2008-04-13 20:15 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys2009-03-04 20:04 . 2009-03-04 20:04 <DIR> d--h----- c:\program files\InstallShield Installation Information2009-03-04 20:04 . 2001-11-23 05:08 712,704 -ra------ c:\windows\system32\a3d.dll2009-03-04 20:04 . 2003-08-05 14:23 286,720 --a------ c:\windows\CMIUninstall.exe2009-03-04 20:04 . 2004-04-23 08:02 253,952 -ra------ c:\windows\system32\cmirmdrv.exe2009-03-04 20:04 . 2008-04-13 20:49 146,048 --a------ c:\windows\system32\drivers\portcls.sys2009-03-04 20:04 . 2008-04-14 18:51 129,536 --a------ c:\windows\system32\ksproxy.ax2009-03-04 20:04 . 2008-04-13 20:15 60,160 --a------ c:\windows\system32\drivers\drmk.sys2009-03-04 20:04 . 2003-02-18 11:26 28,672 -ra------ c:\windows\system32\cmirmdrv.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-25 19:35 --------- d-----w c:\program files\Usługi online2009-03-21 16:01 182,656 ----a-w c:\windows\system32\drivers\ndis.sys2009-03-08 03:34 914,944 ----a-w c:\windows\system32\wininet.dll2009-03-08 03:34 43,008 ----a-w c:\windows\system32\licmgr10.dll2009-03-08 03:33 420,352 ----a-w c:\windows\system32\vbscript.dll2009-03-08 03:33 18,944 ----a-w c:\windows\system32\corpol.dll2009-03-08 03:32 72,704 ----a-w c:\windows\system32\admparse.dll2009-03-08 03:32 71,680 ----a-w c:\windows\system32\iesetup.dll2009-03-08 03:31 62,464 ----a-w c:\windows\system32\mshta.exe2009-03-08 03:31 48,128 ----a-w c:\windows\system32\mshtmler.dll2009-03-08 03:31 34,816 ----a-w c:\windows\system32\imgutil.dll2009-03-08 03:22 156,160 ----a-w c:\windows\system32\msls31.dll2009-03-03 17:14 --------- d-----w c:\program files\FRISK Software2009-03-03 17:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\FRISK Software2009-03-03 17:02 --------- d-----w c:\program files\Common Files\InstallShield2009-03-03 16:51 --------- d-----w c:\program files\Windows Media Connect 22009-01-07 17:20 265,720 ----a-w c:\windows\system32\msdbg2.dll2009-01-07 17:20 26,112 ----a-w c:\windows\system32\idndl.dll2009-01-07 17:20 24,576 ----a-w c:\windows\system32\nlsdl.dll2009-01-07 17:20 23,552 ----a-w c:\windows\system32\normaliz.dll2008-07-19 00:28 113,664 ----a-w c:\windows\inf\hdaudio.sys2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL.------- Sigcheck -------2007-07-11 06:06 642560 ce594e18fe0d0af804f1f3694921ce62 c:\windows\system32\user32.dll2008-06-16 14:28 361344 030dc4d48cc2b894fee2f390d8e66ad5 c:\windows\system32\drivers\tcpip.sys2008-06-16 14:28 549888 335813eacd16e84f3047a3326f6e5473 c:\windows\system32\winlogon.exe2009-03-21 17:01 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys2009-03-21 17:01 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys2008-07-19 01:33 2074240 0dbf1939df18ac8f8c1e4bd63d7d4b0f c:\windows\system32\ntkrnlpa.exe2008-07-07 10:44 2197376 37d5daaeda594b9bee00c82f185cc549 c:\windows\system32\ntoskrnl.exe2008-06-27 16:36 1442304 41f5e2719aea48fb4696fd4cfff6ad12 c:\windows\explorer.exe2008-06-16 14:28 74752 d575a92e20b8dba5c120ea5ef69fd960 c:\windows\system32\spoolsv.exe2008-06-16 14:28 43520 f98fbb2a5a312e82d1578f2ba34bcf40 c:\windows\system32\userinit.exe.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1025536]"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 282112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"nltide_3"="advpack.dll" [2009-03-08 c:\windows\system32\advpack.dll]c:\documents and settings\User\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 401408]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 46592][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoResolveTrack"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoResolveTrack"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Userinit"="c:\windows\explorer.exe,"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll"vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll"vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll"vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]@="service"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Ares\\Ares.exe"=R0 mksidsa;mksidsa;c:\windows\system32\MksIdsa.sys [2007-05-24 6144]R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-06-16 77312]R1 mksfwallf;mksfwallf;c:\windows\system32\MksFwallf.sys [2007-05-24 13312]R1 mksfwallt;mksfwallt;c:\windows\system32\MksFwallt.sys [2007-05-24 15360]R2 afisicx;afisicx Service;c:\windows\system32\afisicx.exe [2008-06-16 193024]R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2008-06-16 194560]R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2008-06-16 193536]S2 MksFwall;MksFwall;c:\program files\mks_vir_2007\bin\MksFwall.exe [2007-05-24 290816]S2 MksPC;MksPC;"c:\program files\mks_vir_2007\bin\MksPC.exe" --> c:\program files\mks_vir_2007\bin\MksPC.exe [?]S2 MksUpdate;MksUpdate;"c:\program files\mks_vir_2007\bin\mksupdate.exe" --> c:\program files\mks_vir_2007\bin\mksupdate.exe [?]S3 mksidsf;mksidsf;c:\windows\system32\MksIdsf.sys [2007-05-24 11776]S3 MksMonEn;MksMonEn;\??\c:\program files\mks_vir_2007\bin\MksMonEn.sys --> c:\program files\mks_vir_2007\bin\MksMonEn.sys [?]S3 MksMonEv;MksMonEv;\??\c:\program files\mks_vir_2007\bin\MksMonEv.sys --> c:\program files\mks_vir_2007\bin\MksMonEv.sys [?]S3 MksMonFd;MksMonFd;\??\c:\program files\mks_vir_2007\bin\MksMonFd.sys --> c:\program files\mks_vir_2007\bin\MksMonFd.sys [?]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - AFISICX*NewlyCreated* - HELPSVC*NewlyCreated* - SOPIDKC[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]\Shell\AutoRun\command - E:\pcformat.exe[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Zawartość folderu 'Zaplanowane zadania'2009-03-27 c:\windows\Tasks\User_Feed_Synchronization-{2E909A0B-590A-4BCC-872B-38A7EF776724}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-Gadu-Gadu - d:\gadu-gadu\gg.exeHKLM-Run-mkstray - c:\program files\mks_vir_2007\bin\mkstray.exeHKLM-Run-MKSRegmon - c:\program files\mks_vir_2007\bin\mksregmon.exeHKLM-Run-Cmaudio - cmicnfg.cplHKU-Default-Run-services - c:\windows\services.exe.------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreLSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-27 22:42:27Windows 5.1.2600 Dodatek Service Pack 3 NTFSdetected NTDLL code modification:ZwOpenFileskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\windows\system32\tpszxyd.sys 214016 bytes executablec:\windows\system32\afisicx.exe 193024 bytes executableskanowanie pomyślnie ukończoneukryte pliki: 2**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,ef,0b,fa,14,68,74,4f,a5,c7,fa,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,ef,0b,fa,14,68,74,4f,a5,c7,fa,\.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(636)c:\windows\system32\sfc_os.dllc:\windows\system32\cscui.dllc:\windows\system32\COMRes.dllc:\program files\mks_vir_2007\bin\mkslsp.dllc:\program files\mks_vir_2007\bin\mksfwallweb.dll- - - - - - - > 'lsass.exe'(696)c:\windows\system32\scecli.dllc:\program files\mks_vir_2007\bin\mkslsp.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Java\jre6\bin\jqs.exec:\windows\system32\rundll32.exec:\windows\system32\rundll32.exec:\windows\system32\tpszxyd.sysc:\program files\Internet Explorer\iexplore.exec:\program files\Internet Explorer\iexplore.exec:\windows\system32\dpcxool64.sys.**************************************************************************.Czas ukończenia: 2009-03-27 22:44:44 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-03-27 21:44:40Przed: 2 676 269 056 bajtów wolnychPo: 2,842,193,920 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect355
Gość komentarz 28 marca 2009 komentarz 28 marca 2009 Nie wiem, czy opłaca się ratować... Użyj (w Trybie Awaryjnym)-->SDFix. (niżej na stronie linku). Pokaż Report.txt znajdujący się w folderze SDFix. detected NTDLL code modification:ZwOpenFile Przeskanuj tym: Dr.WEB CureIt!. (Pełne Skanowanie). .
bogumill23 komentarz 28 marca 2009 Autor komentarz 28 marca 2009 o to raport z SDFixa [b]SDFix: Version 1.240 [/b]Run by User on 2009-03-28 at 16:07Microsoft Windows XP [Wersja 5.1.2600]Running From: C:\SDFix[b]Checking Services [/b]:Restoring Default Security ValuesRestoring Default Hosts FileRebooting[b]Checking Files [/b]: Trojan Files Found:C:\WINDOWS\system32\2.tmp - DeletedC:\WINDOWS\system32\5.tmp - DeletedC:\WINDOWS\system32\8.tmp - DeletedC:\WINDOWS\system32\2.tmp - DeletedC:\WINDOWS\system32\2E.tmp - DeletedC:\WINDOWS\system32\comsa32.sys - DeletedRemoving Temp Files[b]ADS Check [/b]: [b]Final Check [/b]:catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-28 16:11:17Windows 5.1.2600 Dodatek Service Pack 3 NTFSdetected NTDLL code modification:ZwOpenFilescanning hidden processes ...
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.