casanova07 utworzono 17 czerwca 2008 utworzono 17 czerwca 2008 Prosze o sprawdzenie loga. Kasper wykrywa mi takie virusy, a raczej obiekt: C:\System Volume Information\_restore... .exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe E:\System Volume Information\_restore... .exe/SDFix\catchme.exe Nie ma opcji usun tylko napraw, ale przy nowym skanowaniu znowu wyskakuje i tak w kółko. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:08, on 2008-06-17Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Dualview Server\dualviewsvc.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Smart Watchdog\SWDsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Wireless Select Switch\WLSS.exeC:\WINDOWS\vsnp2uvc.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Compal\Wow Video&Audio\WVAMain.exeC:\Program Files\Compal\Smart Battery\SMBTray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\system32\hphmon04.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\CyberLink\Power2Go\Power2GoExpress.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Winamp\winamp.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpageR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exeO4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exeO4 - HKLM\..\Run: [sMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exeO4 - HKLM\..\Run: [smart Watch Dog] -C:\Program Files\Smart Watchdog\SmartWD.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exeO4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /StartupO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exeO4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: BTTray.lnk = ?O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: DualView Server Service (DualView Server) - Unknown owner - C:\Program Files\Dualview Server\dualviewsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Smart Watchdog\SWDsvc.exe--End of file - 8556 bytes
Mateusz J. komentarz 17 czerwca 2008 komentarz 17 czerwca 2008 Wyłącz i włącz przywracanie systemu. Zobacz, czy Kaspersky dalej wykrywa wira. Daj log z ComboFix.
casanova07 komentarz 17 czerwca 2008 Autor komentarz 17 czerwca 2008 właśnie nie wiem czemu ale zawsze wykrywa wirusa w ComboFix, więc wywaliłem z dysku?
Mateusz J. komentarz 17 czerwca 2008 komentarz 17 czerwca 2008 właśnie nie wiem czemu ale zawsze wykrywa wirusa w ComboFix, więc wywaliłem z dysku? Wyłącz antywirusa i zrób loga z ComboFix. To fałszywy alarm, niektóre antywirusy tak pokazują.
casanova07 komentarz 17 czerwca 2008 Autor komentarz 17 czerwca 2008 z CF: ComboFix 08-06-16.5 - MILAN 2008-06-17 23:40:57.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2517 [GMT 2:00]Running from: C:\Documents and Settings\MILAN\Pulpit\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))).2008-06-17 19:07 . 2008-06-17 19:07 <DIR> d-------- C:\Program Files\Trend Micro2008-06-17 17:11 . 2008-06-17 17:27 <DIR> d-------- C:\Program Files\uTorrent2008-06-17 17:11 . 2008-06-17 18:11 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\uTorrent2008-06-17 14:40 . 2008-06-17 14:40 <DIR> d-------- C:\Program Files\SAGEM WiFi manager2008-06-17 14:40 . 2008-06-17 14:40 <DIR> d-------- C:\Program Files\SAGEM2008-06-17 14:40 . 2007-01-16 13:52 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys2008-06-17 14:40 . 2007-01-16 13:52 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys2008-06-17 14:37 . 2007-01-10 10:14 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys2008-06-17 14:36 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll2008-06-17 14:36 . 2005-06-17 10:26 61,440 --a------ C:\WINDOWS\system32\W32N50.dll2008-06-03 20:54 . 2008-06-17 00:17 564 --a------ C:\hpfr5550.xml2008-06-01 11:20 . 2008-06-01 11:20 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS2008-06-01 11:19 . 2008-06-01 11:19 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\Folder przesyłania Share-to-Web2008-06-01 11:18 . 2008-06-01 11:20 <DIR> d-------- C:\Program Files\Hewlett-Packard2008-06-01 11:18 . 2008-06-01 11:18 34 --a------ C:\WINDOWS\hpfsched.ini2008-06-01 11:16 . 2008-06-01 11:16 <DIR> d-------- C:\Program Files\HP Photosmart 112008-05-31 19:56 . 2008-05-31 19:56 <DIR> d-------- C:\WINDOWS\Sun2008-05-31 15:13 . 2008-05-31 15:13 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\Gadu-Gadu2008-05-31 15:09 . 2008-06-01 14:32 <DIR> d-------- C:\Program Files\Gadu-Gadu2008-05-31 15:09 . 2008-06-06 22:21 <DIR> d-------- C:\Documents and Settings\MILAN\Gadu-Gadu2008-05-31 15:01 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll2008-05-31 14:49 . 2008-05-31 14:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles2008-05-31 14:49 . 2008-04-14 22:50 33,792 -----c--- C:\WINDOWS\system32\dllcache\custsat.dll2008-05-31 14:44 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]02661_.tmp2008-05-31 14:37 . 2008-05-31 14:37 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav2008-05-31 14:37 . 2008-05-31 14:37 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav2008-05-31 14:36 . 2008-05-31 14:36 <DIR> d-------- C:\WINDOWS\system32\Lang2008-05-31 14:36 . 2008-05-31 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink2008-05-31 14:31 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss2008-05-31 14:30 . 2008-04-14 00:46 141,056 --a------ C:\WINDOWS\system32\drivers\ks.sys2008-05-31 14:30 . 2008-04-14 22:51 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax2008-05-31 14:30 . 2008-04-14 00:15 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys2008-05-31 14:30 . 2008-04-14 00:15 49,408 --a------ C:\WINDOWS\system32\drivers\stream.sys2008-05-31 14:30 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe2008-05-31 14:30 . 2008-04-14 22:50 4,096 --a------ C:\WINDOWS\system32\ksuser.dll2008-05-31 14:29 . 2008-05-31 14:29 <DIR> d-------- C:\Program Files\Realtek2008-05-31 14:28 . 2008-03-05 18:07 520,192 --a------ C:\WINDOWS\RtlExUpd.dll2008-05-31 14:26 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll2008-05-31 12:10 . 2008-06-17 23:38 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\OpenOffice.org22008-05-31 10:46 . 2008-05-31 10:46 1,169 --a------ C:\WINDOWS\mozver.dat2008-05-31 10:19 . 2007-05-04 05:21 208,896 -ra------ C:\WINDOWS\system32\drivers\iaNvStor.sys2008-05-31 10:19 . 2007-05-04 05:29 167,936 -ra------ C:\WINDOWS\system32\nvccoin.dll2008-05-31 10:02 . 2008-05-31 10:29 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\CyberLink2008-05-31 09:58 . 2003-03-18 20:14 499,712 --------- C:\WINDOWS\system32\msvcp71.dll2008-05-31 09:58 . 2003-02-21 04:42 348,160 --------- C:\WINDOWS\system32\msvcr71.dll2008-05-31 09:58 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll2008-05-31 09:57 . 2008-05-31 10:02 <DIR> d-------- C:\Program Files\CyberLink2008-05-31 08:51 . 2008-06-01 10:12 <DIR> d-------- C:\Program Files\ICeQ2008-05-31 08:50 . 2008-05-31 10:32 <DIR> d-------- C:\Program Files\Winamp Remote2008-05-31 08:42 . 2008-05-31 08:51 <DIR> d-------- C:\Program Files\Winamp2008-05-31 08:42 . 2008-05-31 11:40 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\Winamp2008-05-31 08:39 . 2008-05-31 08:40 <DIR> d-------- C:\Program Files\OpenOffice.org 2.42008-05-31 08:39 . 2008-05-31 08:39 <DIR> d-------- C:\Program Files\Java2008-05-31 08:39 . 2008-05-31 08:39 <DIR> d-------- C:\Program Files\Common Files\Java2008-05-31 08:39 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl2008-05-31 08:34 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-05-31 08:33 . 2008-05-31 08:33 <DIR> d-------- C:\Program Files\MSBuild2008-05-31 08:33 . 2008-05-31 08:33 <DIR> d-------- C:\Program Files\Microsoft Works2008-05-31 08:30 . 2008-05-31 08:33 <DIR> d-------- C:\WINDOWS\SHELLNEW2008-05-31 08:30 . 2008-05-31 08:30 <DIR> dr-h----- C:\MSOCache2008-05-31 08:30 . 2008-06-10 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-05-31 08:21 . 2008-05-31 08:26 <DIR> d-------- C:\Program Files\DAEMON Tools Lite2008-05-31 08:18 . 2008-05-31 08:18 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\DAEMON Tools2008-05-31 08:18 . 2008-05-31 08:18 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys2008-05-31 08:16 . 2008-05-31 08:16 0 --a------ C:\WINDOWS\nsreg.dat2008-05-31 08:15 . 2008-05-31 08:15 <DIR> d-------- C:\Program Files\Common Files\Adobe2008-05-31 07:54 . 2008-06-17 23:36 <DIR> d-------- C:\Program Files\Dualview Server2008-05-31 07:53 . 2008-06-17 23:36 <DIR> d-------- C:\Program Files\Smart Watchdog2008-05-31 07:48 . 2007-05-03 17:45 790,528 --a------ C:\WINDOWS\system32\SMB.cpl2008-05-31 07:42 . 2008-05-31 07:42 <DIR> d-------- C:\Program Files\Compal2008-05-31 07:42 . 2007-05-03 17:47 1,986,560 --a------ C:\WINDOWS\system32\WVAProp.cpl2008-05-31 07:40 . 2008-05-31 07:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel2008-05-31 07:40 . 2008-05-31 07:40 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\Intel2008-05-31 07:40 . 2008-05-31 07:40 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Intel2008-05-31 07:40 . 2008-05-31 07:40 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe2008-05-31 07:40 . 2008-05-31 07:40 21,393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys2008-05-31 07:40 . 2008-05-31 07:40 21,393 --a------ C:\WINDOWS\AegisP.sys2008-05-31 07:40 . 2008-05-31 07:40 13,864 --a------ C:\WINDOWS\AegisP.inf2008-05-31 07:40 . 2008-05-31 07:40 10,640 --a------ C:\WINDOWS\AegisP.cat2008-05-31 07:39 . 2008-05-31 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intel2008-05-31 07:38 . 2007-06-01 10:33 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll2008-05-31 07:38 . 2007-05-28 09:03 2,207,232 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys2008-05-31 07:38 . 2007-06-01 10:33 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll2008-05-31 07:35 . 2008-05-31 07:35 13,646 --a------ C:\WINDOWS\system32\wpa.bak2008-05-31 07:28 . 2008-05-31 07:29 <DIR> d-------- C:\Program Files\Protector Suite QL2008-05-31 07:27 . 2008-05-31 07:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\UIB2008-05-31 07:26 . 2006-12-29 11:48 569,344 --a------ C:\WINDOWS\vsnp2uvc.exe2008-05-31 07:26 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe2008-05-31 07:26 . 2006-05-20 03:39 15,497 --a------ C:\WINDOWS\snp2uvc.ini2008-05-31 07:26 . 2006-05-20 03:53 13,022 --a------ C:\WINDOWS\snp2uvc.src2008-05-31 07:25 . 2008-05-31 07:26 <DIR> d-------- C:\Program Files\Common Files\snp2uvc2008-05-31 07:25 . 2008-05-31 07:25 <DIR> d-------- C:\Documents and Settings\MILAN\Dane aplikacji\InstallShield2008-05-31 07:25 . 2007-01-17 03:04 9,599,872 --a------ C:\WINDOWS\system32\drivers\snp2uvc.sys2008-05-31 07:25 . 2007-01-13 10:17 299,008 --a------ C:\WINDOWS\system32\vsnp2uvc.dll2008-05-31 07:25 . 2007-01-24 06:26 81,920 --a------ C:\WINDOWS\system32\rsnp2uvc.dll2008-05-31 07:25 . 2005-11-24 05:55 53,248 --a------ C:\WINDOWS\system32\csnp2uvc.dll2008-05-31 07:25 . 2007-01-17 03:01 27,904 --a------ C:\WINDOWS\system32\drivers\sncduvc.sys2008-05-31 07:22 . 2004-09-04 03:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll2008-05-31 07:22 . 2007-01-23 16:40 42,496 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys2008-05-31 07:22 . 2007-02-24 14:42 39,936 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys2008-05-31 07:15 . 2008-05-31 07:15 <DIR> d-------- C:\Documents and Settings\MILAN\Bluetooth Software2008-05-31 07:14 . 2008-04-14 21:50 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys2008-05-31 07:14 . 2008-04-14 21:50 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys2008-05-31 07:12 . 2006-11-28 08:50 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys2008-05-31 07:12 . 2006-10-15 08:02 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys2008-05-31 07:12 . 2006-10-15 08:01 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys2008-05-31 07:12 . 2006-10-15 08:04 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll2008-05-31 07:12 . 2006-10-15 07:59 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys2008-05-31 07:12 . 2006-11-28 08:48 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys2008-05-31 07:12 . 2006-10-09 16:00 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys2008-05-31 07:12 . 2006-10-15 07:59 30,285 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys2008-05-31 07:11 . 2008-05-31 07:11 <DIR> d-------- C:\Program Files\WIDCOMM2008-05-31 06:59 . 2008-05-31 06:59 <DIR> d-------- C:\Program Files\Broadcom2008-05-31 06:59 . 2007-02-16 15:46 160,256 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys2008-05-31 06:59 . 2007-02-16 15:46 160,256 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys2008-05-31 06:55 . 2008-05-31 06:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations2008-05-31 06:55 . 2008-05-31 06:56 <DIR> d-------- C:\Program Files\Wireless Select Switch2008-05-31 06:55 . 2008-06-17 14:40 <DIR> d--h----- C:\Program Files\InstallShield Installation Information2008-05-31 06:55 . 2008-05-31 06:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\XP322008-05-31 06:55 . 2008-05-31 06:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Vista642008-05-31 06:55 . 2008-05-31 06:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Vista322008-05-31 06:55 . 2007-04-17 09:44 266,240 --a------ C:\WINDOWS\system32\EMSC.DLL2008-05-31 06:55 . 2007-03-14 10:16 9,856 --a------ C:\WINDOWS\system32\drivers\EMSC.sys2008-05-31 06:55 . 2008-05-31 06:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-05-31 06:54 . 2008-05-31 06:54 <DIR> d-------- C:\Program Files\Motorola.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-31 05:06 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys2008-05-30 21:52 558,142 ----a-w C:\WINDOWS\java\Packages\jljpbpn1.zip2008-05-30 21:52 155,995 ----a-w C:\WINDOWS\java\Packages\c8pn3vpr.zip2008-05-30 21:52 --------- d-----w C:\Program Files\microsoft frontpage2008-05-30 21:50 --------- d-----w C:\Program Files\Usługi online2008-05-20 15:53 4,800,000 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys2008-05-16 12:39 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll2008-04-14 20:52 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll2008-04-14 20:52 356,352 ----a-w C:\WINDOWS\system32\msscp.dll2008-04-14 20:52 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll2008-04-14 20:52 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll2008-04-14 20:48 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll2008-04-14 19:45 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll2008-04-14 19:39 190,976 ------w C:\WINDOWS\system32\wmerror.dll2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll2008-04-14 19:29 8,192 ----a-w C:\WINDOWS\system32\asferror.dll2008-04-14 19:24 69,552 ----a-w C:\WINDOWS\system32\mmsystem.dll2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe2008-04-13 22:10 427,008 ------w C:\WINDOWS\system32\xpob2res.dll2008-04-13 22:08 2,953,216 ------w C:\WINDOWS\system32\xpsp2res.dll2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll2008-04-13 21:08 306,176 ----a-w C:\WINDOWS\system32\slbcsp.dll2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll2008-04-13 20:25 53,920 ----a-w C:\WINDOWS\system32\dosx.exe2008-04-13 20:23 92,320 ----a-w C:\WINDOWS\system32\krnl386.exe2008-04-13 20:22 3,346 ----a-w C:\WINDOWS\system32\redir.exe2008-04-13 20:19 35,648 ----a-w C:\WINDOWS\system32\ntio411.sys2008-04-13 20:19 35,424 ----a-w C:\WINDOWS\system32\ntio412.sys2008-04-13 20:19 34,560 ----a-w C:\WINDOWS\system32\ntio804.sys2008-04-13 20:19 34,560 ----a-w C:\WINDOWS\system32\ntio404.sys2008-04-13 20:19 33,936 ----a-w C:\WINDOWS\system32\ntio.sys2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe.((((((((((((((((((((((((((((( snapshot@2008-06-17_23.39.37.87 ))))))))))))))))))))))))))))))))))))))))).- 2008-06-17 21:37:10 5,200,416 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat+ 2008-06-17 21:49:40 5,275,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat- 2008-06-17 21:37:27 370,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat+ 2008-06-17 21:49:40 373,280 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-02-15 18:28 2471472][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-26 14:06 8462336]"nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2007-06-26 14:06 81920]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]"WLSS"="C:\Program Files\Wireless Select Switch\WLSS.exe" [2007-10-17 11:40 189736]"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344]"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 10:51 823296]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 10:49 974848]"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 17:51 951856]"SMBTray"="C:\Program Files\Compal\Smart Battery\SMBTray.exe" [2007-06-04 17:22 521776]"Smart Watch Dog"="-C:\Program Files\Smart Watchdog\SmartWD.exe" [ ]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 14:39 16862720 C:\WINDOWS\RTHDCPL.exe]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 22:49 188416]"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 22:48 348160]"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 22:50 49152]"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 22:51 15360]C:\Documents and Settings\MILAN\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213]Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-06-17 14:40:39 950272][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 19:46 90112 C:\WINDOWS\system32\psqlpwd.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"=R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]R2 DualView Server;DualView Server Service;C:\Program Files\Dualview Server\dualviewsvc.exe [2007-10-02 03:54]R2 Smart Watchdog;Smart Watchdog Service;C:\Program Files\Smart Watchdog\SWDsvc.exe [2007-09-10 00:08]R3 DualViewFilter;DualViewFilter;C:\WINDOWS\system32\Drivers\DualViewFilter.sys [2007-09-27 19:28]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-17 23:49:42Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-06-17 23:51:30ComboFix-quarantined-files.txt 2008-06-17 21:51:24Pre-Run: 214,952,960,000 bajtów wolnychPost-Run: 214,932,361,216 bajtów wolnych301 --- E O F --- 2008-06-17 16:11:20
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.