x-kom hosting

LOG z HT

casanova07
utworzono
utworzono

Prosze o sprawdzenie loga.

Kasper wykrywa mi takie virusy, a raczej obiekt:

C:\System Volume Information\_restore... .exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe

E:\System Volume Information\_restore... .exe/SDFix\catchme.exe

Nie ma opcji usun tylko napraw, ale przy nowym skanowaniu znowu wyskakuje i tak w kółko.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:08, on 2008-06-17Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Dualview Server\dualviewsvc.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Smart Watchdog\SWDsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Wireless Select Switch\WLSS.exeC:\WINDOWS\vsnp2uvc.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Compal\Wow Video&Audio\WVAMain.exeC:\Program Files\Compal\Smart Battery\SMBTray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\system32\hphmon04.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\CyberLink\Power2Go\Power2GoExpress.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Winamp\winamp.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpageR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exeO4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exeO4 - HKLM\..\Run: [sMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exeO4 - HKLM\..\Run: [smart Watch Dog] -C:\Program Files\Smart Watchdog\SmartWD.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exeO4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /StartupO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exeO4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: BTTray.lnk = ?O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: DualView Server Service (DualView Server) - Unknown owner - C:\Program Files\Dualview Server\dualviewsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Smart Watchdog\SWDsvc.exe--End of file - 8556 bytes

Mateusz J.
komentarz
komentarz

Wyłącz i włącz przywracanie systemu.

Zobacz, czy Kaspersky dalej wykrywa wira.

Daj log z ComboFix.

Sean
komentarz
komentarz

Czysto ... wklej jeszcze log z cobofix

casanova07
komentarz
komentarz

właśnie nie wiem czemu ale zawsze wykrywa wirusa w ComboFix, więc wywaliłem z dysku?

Mateusz J.
komentarz
komentarz
właśnie nie wiem czemu ale zawsze wykrywa wirusa w ComboFix, więc wywaliłem z dysku?

Wyłącz antywirusa i zrób loga z ComboFix.

To fałszywy alarm, niektóre antywirusy tak pokazują.

casanova07
komentarz
komentarz

z CF:

ComboFix 08-06-16.5 - MILAN 2008-06-17 23:40:57.3 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2517 [GMT 2:00]Running from: C:\Documents and Settings\MILAN\Pulpit\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((   Files Created from 2008-05-17 to 2008-06-17  ))))))))))))))))))))))))))))))).2008-06-17 19:07 . 2008-06-17 19:07	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-17 17:11 . 2008-06-17 17:27	<DIR>	d--------	C:\Program Files\uTorrent2008-06-17 17:11 . 2008-06-17 18:11	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\uTorrent2008-06-17 14:40 . 2008-06-17 14:40	<DIR>	d--------	C:\Program Files\SAGEM WiFi manager2008-06-17 14:40 . 2008-06-17 14:40	<DIR>	d--------	C:\Program Files\SAGEM2008-06-17 14:40 . 2007-01-16 13:52	20,608	--a------	C:\WINDOWS\system32\drivers\BRGSp50.sys2008-06-17 14:40 . 2007-01-16 13:52	17,664	--a------	C:\WINDOWS\system32\drivers\ZDPSp50.sys2008-06-17 14:37 . 2007-01-10 10:14	450,560	--a------	C:\WINDOWS\system32\drivers\WlanBZXP.sys2008-06-17 14:36 . 2005-06-17 10:26	114,688	--a------	C:\WINDOWS\system32\WLANUTL.dll2008-06-17 14:36 . 2005-06-17 10:26	61,440	--a------	C:\WINDOWS\system32\W32N50.dll2008-06-03 20:54 . 2008-06-17 00:17	564	--a------	C:\hpfr5550.xml2008-06-01 11:20 . 2008-06-01 11:20	82,380	--a------	C:\WINDOWS\system32\drivers\AFS2K.SYS2008-06-01 11:19 . 2008-06-01 11:19	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\Folder przesyłania Share-to-Web2008-06-01 11:18 . 2008-06-01 11:20	<DIR>	d--------	C:\Program Files\Hewlett-Packard2008-06-01 11:18 . 2008-06-01 11:18	34	--a------	C:\WINDOWS\hpfsched.ini2008-06-01 11:16 . 2008-06-01 11:16	<DIR>	d--------	C:\Program Files\HP Photosmart 112008-05-31 19:56 . 2008-05-31 19:56	<DIR>	d--------	C:\WINDOWS\Sun2008-05-31 15:13 . 2008-05-31 15:13	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\Gadu-Gadu2008-05-31 15:09 . 2008-06-01 14:32	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-05-31 15:09 . 2008-06-06 22:21	<DIR>	d--------	C:\Documents and Settings\MILAN\Gadu-Gadu2008-05-31 15:01 . 2008-04-14 22:51	221,184	--a------	C:\WINDOWS\system32\wmpns.dll2008-05-31 14:49 . 2008-05-31 14:49	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-05-31 14:49 . 2008-04-14 22:50	33,792	-----c---	C:\WINDOWS\system32\dllcache\custsat.dll2008-05-31 14:44 . 2006-12-29 00:31	19,569	--a------	C:\WINDOWS\[u]0[/u]02661_.tmp2008-05-31 14:37 . 2008-05-31 14:37	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav2008-05-31 14:37 . 2008-05-31 14:37	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav2008-05-31 14:36 . 2008-05-31 14:36	<DIR>	d--------	C:\WINDOWS\system32\Lang2008-05-31 14:36 . 2008-05-31 14:36	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\CyberLink2008-05-31 14:31 . 2007-11-14 15:18	553	--a------	C:\WINDOWS\USetup.iss2008-05-31 14:30 . 2008-04-14 00:46	141,056	--a------	C:\WINDOWS\system32\drivers\ks.sys2008-05-31 14:30 . 2008-04-14 22:51	129,536	--a------	C:\WINDOWS\system32\ksproxy.ax2008-05-31 14:30 . 2008-04-14 00:15	60,160	--a------	C:\WINDOWS\system32\drivers\drmk.sys2008-05-31 14:30 . 2008-04-14 00:15	49,408	--a------	C:\WINDOWS\system32\drivers\stream.sys2008-05-31 14:30 . 2006-08-01 15:02	49,152	--a------	C:\WINDOWS\system32\ChCfg.exe2008-05-31 14:30 . 2008-04-14 22:50	4,096	--a------	C:\WINDOWS\system32\ksuser.dll2008-05-31 14:29 . 2008-05-31 14:29	<DIR>	d--------	C:\Program Files\Realtek2008-05-31 14:28 . 2008-03-05 18:07	520,192	--a------	C:\WINDOWS\RtlExUpd.dll2008-05-31 14:26 . 2003-08-25 18:06	182,880	--a------	C:\WINDOWS\system32\iuenginenew.dll2008-05-31 12:10 . 2008-06-17 23:38	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\OpenOffice.org22008-05-31 10:46 . 2008-05-31 10:46	1,169	--a------	C:\WINDOWS\mozver.dat2008-05-31 10:19 . 2007-05-04 05:21	208,896	-ra------	C:\WINDOWS\system32\drivers\iaNvStor.sys2008-05-31 10:19 . 2007-05-04 05:29	167,936	-ra------	C:\WINDOWS\system32\nvccoin.dll2008-05-31 10:02 . 2008-05-31 10:29	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\CyberLink2008-05-31 09:58 . 2003-03-18 20:14	499,712	---------	C:\WINDOWS\system32\msvcp71.dll2008-05-31 09:58 . 2003-02-21 04:42	348,160	---------	C:\WINDOWS\system32\msvcr71.dll2008-05-31 09:58 . 2001-03-08 18:30	24,064	---------	C:\WINDOWS\system32\msxml3a.dll2008-05-31 09:57 . 2008-05-31 10:02	<DIR>	d--------	C:\Program Files\CyberLink2008-05-31 08:51 . 2008-06-01 10:12	<DIR>	d--------	C:\Program Files\ICeQ2008-05-31 08:50 . 2008-05-31 10:32	<DIR>	d--------	C:\Program Files\Winamp Remote2008-05-31 08:42 . 2008-05-31 08:51	<DIR>	d--------	C:\Program Files\Winamp2008-05-31 08:42 . 2008-05-31 11:40	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\Winamp2008-05-31 08:39 . 2008-05-31 08:40	<DIR>	d--------	C:\Program Files\OpenOffice.org 2.42008-05-31 08:39 . 2008-05-31 08:39	<DIR>	d--------	C:\Program Files\Java2008-05-31 08:39 . 2008-05-31 08:39	<DIR>	d--------	C:\Program Files\Common Files\Java2008-05-31 08:39 . 2007-12-14 01:59	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl2008-05-31 08:34 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-05-31 08:33 . 2008-05-31 08:33	<DIR>	d--------	C:\Program Files\MSBuild2008-05-31 08:33 . 2008-05-31 08:33	<DIR>	d--------	C:\Program Files\Microsoft Works2008-05-31 08:30 . 2008-05-31 08:33	<DIR>	d--------	C:\WINDOWS\SHELLNEW2008-05-31 08:30 . 2008-05-31 08:30	<DIR>	dr-h-----	C:\MSOCache2008-05-31 08:30 . 2008-06-10 20:03	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-05-31 08:21 . 2008-05-31 08:26	<DIR>	d--------	C:\Program Files\DAEMON Tools Lite2008-05-31 08:18 . 2008-05-31 08:18	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\DAEMON Tools2008-05-31 08:18 . 2008-05-31 08:18	717,296	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-05-31 08:16 . 2008-05-31 08:16	0	--a------	C:\WINDOWS\nsreg.dat2008-05-31 08:15 . 2008-05-31 08:15	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-05-31 07:54 . 2008-06-17 23:36	<DIR>	d--------	C:\Program Files\Dualview Server2008-05-31 07:53 . 2008-06-17 23:36	<DIR>	d--------	C:\Program Files\Smart Watchdog2008-05-31 07:48 . 2007-05-03 17:45	790,528	--a------	C:\WINDOWS\system32\SMB.cpl2008-05-31 07:42 . 2008-05-31 07:42	<DIR>	d--------	C:\Program Files\Compal2008-05-31 07:42 . 2007-05-03 17:47	1,986,560	--a------	C:\WINDOWS\system32\WVAProp.cpl2008-05-31 07:40 . 2008-05-31 07:40	<DIR>	d--------	C:\Documents and Settings\NetworkService\Dane aplikacji\Intel2008-05-31 07:40 . 2008-05-31 07:40	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\Intel2008-05-31 07:40 . 2008-05-31 07:40	<DIR>	d--------	C:\Documents and Settings\LocalService\Dane aplikacji\Intel2008-05-31 07:40 . 2008-05-31 07:40	356,352	--a------	C:\WINDOWS\system32\AegisI5Installer.exe2008-05-31 07:40 . 2008-05-31 07:40	21,393	--a------	C:\WINDOWS\system32\drivers\AegisP.sys2008-05-31 07:40 . 2008-05-31 07:40	21,393	--a------	C:\WINDOWS\AegisP.sys2008-05-31 07:40 . 2008-05-31 07:40	13,864	--a------	C:\WINDOWS\AegisP.inf2008-05-31 07:40 . 2008-05-31 07:40	10,640	--a------	C:\WINDOWS\AegisP.cat2008-05-31 07:39 . 2008-05-31 07:39	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Intel2008-05-31 07:38 . 2007-06-01 10:33	2,772,992	--a------	C:\WINDOWS\system32\NETw4r32.dll2008-05-31 07:38 . 2007-05-28 09:03	2,207,232	--a------	C:\WINDOWS\system32\drivers\NETw4x32.sys2008-05-31 07:38 . 2007-06-01 10:33	684,032	--a------	C:\WINDOWS\system32\NETw4c32.dll2008-05-31 07:35 . 2008-05-31 07:35	13,646	--a------	C:\WINDOWS\system32\wpa.bak2008-05-31 07:28 . 2008-05-31 07:29	<DIR>	d--------	C:\Program Files\Protector Suite QL2008-05-31 07:27 . 2008-05-31 07:27	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\UIB2008-05-31 07:26 . 2006-12-29 11:48	569,344	--a------	C:\WINDOWS\vsnp2uvc.exe2008-05-31 07:26 . 2004-08-09 17:43	94,208	--a------	C:\WINDOWS\amcap.exe2008-05-31 07:26 . 2006-05-20 03:39	15,497	--a------	C:\WINDOWS\snp2uvc.ini2008-05-31 07:26 . 2006-05-20 03:53	13,022	--a------	C:\WINDOWS\snp2uvc.src2008-05-31 07:25 . 2008-05-31 07:26	<DIR>	d--------	C:\Program Files\Common Files\snp2uvc2008-05-31 07:25 . 2008-05-31 07:25	<DIR>	d--------	C:\Documents and Settings\MILAN\Dane aplikacji\InstallShield2008-05-31 07:25 . 2007-01-17 03:04	9,599,872	--a------	C:\WINDOWS\system32\drivers\snp2uvc.sys2008-05-31 07:25 . 2007-01-13 10:17	299,008	--a------	C:\WINDOWS\system32\vsnp2uvc.dll2008-05-31 07:25 . 2007-01-24 06:26	81,920	--a------	C:\WINDOWS\system32\rsnp2uvc.dll2008-05-31 07:25 . 2005-11-24 05:55	53,248	--a------	C:\WINDOWS\system32\csnp2uvc.dll2008-05-31 07:25 . 2007-01-17 03:01	27,904	--a------	C:\WINDOWS\system32\drivers\sncduvc.sys2008-05-31 07:22 . 2004-09-04 03:00	90,112	--a------	C:\WINDOWS\system32\snymsico.dll2008-05-31 07:22 . 2007-01-23 16:40	42,496	--a------	C:\WINDOWS\system32\drivers\rimsptsk.sys2008-05-31 07:22 . 2007-02-24 14:42	39,936	--a------	C:\WINDOWS\system32\drivers\rimmptsk.sys2008-05-31 07:15 . 2008-05-31 07:15	<DIR>	d--------	C:\Documents and Settings\MILAN\Bluetooth Software2008-05-31 07:14 . 2008-04-14 21:50	14,720	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys2008-05-31 07:14 . 2008-04-14 21:50	14,720	--a--c---	C:\WINDOWS\system32\dllcache\kbdhid.sys2008-05-31 07:12 . 2006-11-28 08:50	863,402	--a------	C:\WINDOWS\system32\drivers\btkrnl.sys2008-05-31 07:12 . 2006-10-15 08:02	329,901	--a------	C:\WINDOWS\system32\drivers\btaudio.sys2008-05-31 07:12 . 2006-10-15 08:01	149,123	--a------	C:\WINDOWS\system32\drivers\btwdndis.sys2008-05-31 07:12 . 2006-10-15 08:04	106,557	--a------	C:\WINDOWS\system32\btw_ci.dll2008-05-31 07:12 . 2006-10-15 07:59	67,672	--a------	C:\WINDOWS\system32\drivers\btwusb.sys2008-05-31 07:12 . 2006-11-28 08:48	47,907	--a------	C:\WINDOWS\system32\drivers\btwhid.sys2008-05-31 07:12 . 2006-10-09 16:00	30,459	--a------	C:\WINDOWS\system32\drivers\btport.sys2008-05-31 07:12 . 2006-10-15 07:59	30,285	--a------	C:\WINDOWS\system32\drivers\btwmodem.sys2008-05-31 07:11 . 2008-05-31 07:11	<DIR>	d--------	C:\Program Files\WIDCOMM2008-05-31 06:59 . 2008-05-31 06:59	<DIR>	d--------	C:\Program Files\Broadcom2008-05-31 06:59 . 2007-02-16 15:46	160,256	--a------	C:\WINDOWS\system32\drivers\b57xp32.sys2008-05-31 06:59 . 2007-02-16 15:46	160,256	--a--c---	C:\WINDOWS\system32\dllcache\b57xp32.sys2008-05-31 06:55 . 2008-05-31 06:55	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-05-31 06:55 . 2008-05-31 06:56	<DIR>	d--------	C:\Program Files\Wireless Select Switch2008-05-31 06:55 . 2008-06-17 14:40	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information2008-05-31 06:55 . 2008-05-31 06:55	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\XP322008-05-31 06:55 . 2008-05-31 06:55	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Vista642008-05-31 06:55 . 2008-05-31 06:55	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Vista322008-05-31 06:55 . 2007-04-17 09:44	266,240	--a------	C:\WINDOWS\system32\EMSC.DLL2008-05-31 06:55 . 2007-03-14 10:16	9,856	--a------	C:\WINDOWS\system32\drivers\EMSC.sys2008-05-31 06:55 . 2008-05-31 06:55	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-05-31 06:54 . 2008-05-31 06:54	<DIR>	d--------	C:\Program Files\Motorola.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-31 05:06	112,144	----a-w	C:\WINDOWS\system32\drivers\kl1.sys2008-05-30 21:52	558,142	----a-w	C:\WINDOWS\java\Packages\jljpbpn1.zip2008-05-30 21:52	155,995	----a-w	C:\WINDOWS\java\Packages\c8pn3vpr.zip2008-05-30 21:52	---------	d-----w	C:\Program Files\microsoft frontpage2008-05-30 21:50	---------	d-----w	C:\Program Files\Usługi online2008-05-20 15:53	4,800,000	----a-w	C:\WINDOWS\system32\drivers\RtkHDAud.sys2008-05-16 12:39	16,862,720	----a-w	C:\WINDOWS\RTHDCPL.exe2008-04-14 21:16	1,804	----a-w	C:\WINDOWS\system32\dcache.bin2008-04-14 20:56	332,288	----a-w	C:\WINDOWS\system32\netsetup.exe2008-04-14 20:52	92,424	----a-w	C:\WINDOWS\system32\rdpdd.dll2008-04-14 20:52	87,176	----a-w	C:\WINDOWS\system32\rdpwsx.dll2008-04-14 20:52	695,808	----a-w	C:\WINDOWS\system32\drmv2clt.dll2008-04-14 20:52	356,352	----a-w	C:\WINDOWS\system32\msscp.dll2008-04-14 20:52	299,520	----a-w	C:\WINDOWS\system32\drmclien.dll2008-04-14 20:52	259,072	----a-w	C:\WINDOWS\system32\msnetobj.dll2008-04-14 20:52	12,168	----a-w	C:\WINDOWS\system32\tsddd.dll2008-04-14 20:50	999,936	----a-w	C:\WINDOWS\system32\syssetup.dll2008-04-14 20:49	98,304	----a-w	C:\WINDOWS\system32\actxprxy.dll2008-04-14 20:48	5,632	----a-w	C:\WINDOWS\system32\wmi.dll2008-04-14 20:48	24,064	----a-w	C:\WINDOWS\system32\pidgen.dll2008-04-14 20:48	1,449,472	----a-w	C:\WINDOWS\system32\winntbbu.dll2008-04-14 20:47	57,375	----a-w	C:\WINDOWS\system32\odbcji32.dll2008-04-14 20:43	4,126	----a-w	C:\WINDOWS\system32\msdxmlc.dll2008-04-14 20:42	3,584	----a-w	C:\WINDOWS\system32\msafd.dll2008-04-14 20:36	3,584	----a-w	C:\WINDOWS\system32\icmp.dll2008-04-14 20:35	9,344	----a-w	C:\WINDOWS\system32\framebuf.dll2008-04-14 20:35	569,856	----a-w	C:\WINDOWS\system32\gpedit.dll2008-04-14 20:33	3,072	----a-w	C:\WINDOWS\system32\dpnlobby.dll2008-04-14 20:33	3,072	----a-w	C:\WINDOWS\system32\dpnaddr.dll2008-04-14 20:31	16,896	----a-w	C:\WINDOWS\system32\cfgmgr32.dll2008-04-14 20:30	285,696	----a-w	C:\WINDOWS\system32\atmfd.dll2008-04-14 19:59	2,146,816	----a-w	C:\WINDOWS\system32\ntoskrnl.exe2008-04-14 19:59	2,025,472	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 19:55	4,096	----a-w	C:\WINDOWS\system32\dsprpres.dll2008-04-14 19:52	89,600	------w	C:\WINDOWS\system32\msxml6r.dll2008-04-14 19:50	80,896	------w	C:\WINDOWS\system32\msshavmsg.dll2008-04-14 19:45	49,664	----a-w	C:\WINDOWS\system32\inetres.dll2008-04-14 19:45	2,977,792	----a-w	C:\WINDOWS\system32\wmploc.dll2008-04-14 19:43	563,200	----a-w	C:\WINDOWS\system32\shdoclc.dll2008-04-14 19:39	190,976	------w	C:\WINDOWS\system32\wmerror.dll2008-04-14 19:37	10,240	----a-w	C:\WINDOWS\system32\gpkrsrc.dll2008-04-14 19:35	67,584	----a-w	C:\WINDOWS\system32\browselc.dll2008-04-14 19:35	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys2008-04-14 19:32	57,344	----a-w	C:\WINDOWS\system32\mshtmler.dll2008-04-14 19:29	8,192	----a-w	C:\WINDOWS\system32\asferror.dll2008-04-14 19:24	69,552	----a-w	C:\WINDOWS\system32\mmsystem.dll2008-04-13 22:15	17,664	----a-w	C:\WINDOWS\system32\watchdog.sys2008-04-13 22:13	9,728	------w	C:\WINDOWS\system32\comsdupd.exe2008-04-13 22:13	12,800	----a-w	C:\WINDOWS\system32\spiisupd.exe2008-04-13 22:10	427,008	------w	C:\WINDOWS\system32\xpob2res.dll2008-04-13 22:08	2,953,216	------w	C:\WINDOWS\system32\xpsp2res.dll2008-04-13 22:01	7,424	----a-w	C:\WINDOWS\system32\kd1394.dll2008-04-13 22:00	61,440	----a-w	C:\WINDOWS\system32\msvcrt40.dll2008-04-13 21:08	306,176	----a-w	C:\WINDOWS\system32\slbcsp.dll2008-04-13 21:07	208,384	----a-w	C:\WINDOWS\system32\rsaenh.dll2008-04-13 21:07	138,752	----a-w	C:\WINDOWS\system32\dssenh.dll2008-04-13 20:56	12,288	----a-w	C:\WINDOWS\system32\odbcp32r.dll2008-04-13 20:56	12,288	----a-w	C:\WINDOWS\system32\mscpx32r.dll2008-04-13 20:51	733,696	----a-w	C:\WINDOWS\system32\qedwipes.dll2008-04-13 20:25	53,920	----a-w	C:\WINDOWS\system32\dosx.exe2008-04-13 20:23	92,320	----a-w	C:\WINDOWS\system32\krnl386.exe2008-04-13 20:22	3,346	----a-w	C:\WINDOWS\system32\redir.exe2008-04-13 20:19	35,648	----a-w	C:\WINDOWS\system32\ntio411.sys2008-04-13 20:19	35,424	----a-w	C:\WINDOWS\system32\ntio412.sys2008-04-13 20:19	34,560	----a-w	C:\WINDOWS\system32\ntio804.sys2008-04-13 20:19	34,560	----a-w	C:\WINDOWS\system32\ntio404.sys2008-04-13 20:19	33,936	----a-w	C:\WINDOWS\system32\ntio.sys2008-04-13 20:18	1,647,616	----a-w	C:\WINDOWS\system32\winbrand.dll2008-04-13 20:15	216,064	----a-w	C:\WINDOWS\system32\moricons.dll2008-04-13 19:53	48,128	----a-w	C:\WINDOWS\system32\msprivs.dll2008-04-13 19:09	884,736	----a-w	C:\WINDOWS\system32\msimsg.dll2008-04-02 07:27	1,196,032	----a-w	C:\WINDOWS\RtlUpd.exe.(((((((((((((((((((((((((((((   snapshot@2008-06-17_23.39.37.87   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-17 21:37:10	5,200,416	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat+ 2008-06-17 21:49:40	5,275,680	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat- 2008-06-17 21:37:27	370,208	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat+ 2008-06-17 21:49:40	373,280	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2007-03-28 19:59	2953216	--a------	C:\Program Files\Protector Suite QL\farchns.dll[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2007-03-28 19:59	2953216	--a------	C:\Program Files\Protector Suite QL\farchns.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-02-15 18:28 2471472][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-26 14:06 8462336]"nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2007-06-26 14:06 81920]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]"WLSS"="C:\Program Files\Wireless Select Switch\WLSS.exe" [2007-10-17 11:40 189736]"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344]"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 10:51 823296]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 10:49 974848]"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 17:51 951856]"SMBTray"="C:\Program Files\Compal\Smart Battery\SMBTray.exe" [2007-06-04 17:22 521776]"Smart Watch Dog"="-C:\Program Files\Smart Watchdog\SmartWD.exe" [ ]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 14:39 16862720 C:\WINDOWS\RTHDCPL.exe]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 22:49 188416]"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 22:48 348160]"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 22:50 49152]"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 22:51 15360]C:\Documents and Settings\MILAN\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213]Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-06-17 14:40:39 950272][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 19:46 90112 C:\WINDOWS\system32\psqlpwd.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"=R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]R2 DualView Server;DualView Server Service;C:\Program Files\Dualview Server\dualviewsvc.exe [2007-10-02 03:54]R2 Smart Watchdog;Smart Watchdog Service;C:\Program Files\Smart Watchdog\SWDsvc.exe [2007-09-10 00:08]R3 DualViewFilter;DualViewFilter;C:\WINDOWS\system32\Drivers\DualViewFilter.sys [2007-09-27 19:28]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-17 23:49:42Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-06-17 23:51:30ComboFix-quarantined-files.txt  2008-06-17 21:51:24Pre-Run: 214,952,960,000 bajtów wolnychPost-Run: 214,932,361,216 bajtów wolnych301	--- E O F ---	2008-06-17 16:11:20
Mateusz J.
komentarz
komentarz

Czysto.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.