Wencman utworzono 2 lipca 2008 utworzono 2 lipca 2008 witam. mam właśnie tego wiruska z tematu, czyli xcopy.exe, autorun.inf i svhost.exe, niestety mój kasperek sobie z nim nie radzi ... codziennie mi o nim mówi i ,że niby usunięty. Pomożecie? oto logi: @edit i jeśli to nie stanowi jakiegoś wielkiego problemu, może widzicie coś co może zamulać kompa?... (to tak przy okazji ) Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:26:17, on 2008-07-02Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20627)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\CCleaner\ccleaner.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PLO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Remove AtiHotKey] "c:\program files\AtiHotKey\AtiHotKey.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytrayO4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: WinFlip.lnk = C:\Program Files\Winflip\WinFlip.exeO8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 5931 bytes ComboFix 08-07-01.5 - Wencman 2008-07-02 23:20:17.2 - NTFSx86 MINIMALRunning from: C:\Documents and Settings\Wencman\Pulpit\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))).2008-07-02 14:58 . 2008-07-02 14:58 <DIR> d-------- C:\Program Files\Audacity2008-06-28 11:06 . 2008-06-28 11:06 <DIR> d-------- C:\Program Files\Winamp2008-06-28 11:06 . 2008-06-28 11:40 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Winamp2008-06-27 21:47 . 2008-06-27 21:47 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Nokia Multimedia Player2008-06-27 13:52 . 2008-06-27 13:52 <DIR> d--hs---- C:\ckis2008-06-27 10:15 . 2008-06-27 10:17 <DIR> d-------- C:\Program Files\NAPI-PROJEKT2008-06-26 23:55 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll2008-06-26 23:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys2008-06-26 23:55 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll2008-06-26 00:11 . 2008-06-26 00:11 <DIR> d-------- C:\Documents and Settings\Moje dokumenty\VirtualDJ2008-06-26 00:11 . 2008-06-26 00:11 <DIR> d-------- C:\Documents and Settings\Moje dokumenty2008-06-26 00:09 . 2008-06-26 00:09 <DIR> d-------- C:\Program Files\VirtualDJ2008-06-25 22:57 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx2008-06-25 22:56 . 2008-06-25 22:57 <DIR> d-------- C:\Program Files\Total Video Converter2008-06-22 22:16 . 2008-06-22 22:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles2008-06-22 22:16 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys2008-06-22 22:15 . 2008-06-22 22:15 <DIR> d-------- C:\Program Files\Common Files\PCSuite2008-06-22 22:15 . 2008-06-22 22:15 <DIR> d-------- C:\Program Files\Common Files\Nokia2008-06-22 22:15 . 2008-06-22 22:16 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\PC Suite2008-06-22 22:15 . 2008-06-22 22:15 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Nokia2008-06-22 22:15 . 2008-06-22 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite2008-06-22 22:14 . 2008-06-22 22:14 <DIR> d-------- C:\Program Files\DIFX2008-06-22 22:14 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys2008-06-22 22:08 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe2008-06-22 22:08 . 2008-06-22 22:08 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-06-22 22:08 . 2008-06-22 22:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf2008-06-22 22:07 . 2008-06-22 22:15 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\PC Connectivity Solution2008-06-22 22:07 . 2008-06-22 22:15 <DIR> d-------- C:\Program Files\Nokia2008-06-22 22:07 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll2008-06-22 22:07 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll2008-06-22 22:07 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll2008-06-22 22:07 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys2008-06-22 22:07 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys2008-06-22 22:07 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys2008-06-22 22:07 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys2008-06-22 22:06 . 2008-06-22 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations2008-06-22 13:32 . 2008-06-26 20:40 <DIR> d-------- C:\Program Files\BearShare2008-06-22 13:32 . 2008-06-25 23:46 <DIR> d-------- C:\My Downloads2008-06-20 10:24 . 2008-06-20 10:24 <DIR> d-------- C:\WINDOWS\Downloaded Installations2008-06-20 09:37 . 2008-06-27 16:31 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Corel2008-06-20 09:29 . 2008-06-20 09:29 <DIR> d-------- C:\Program Files\Common Files\Corel2008-06-20 09:29 . 2008-06-20 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel2008-06-20 09:23 . 2008-06-27 16:31 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys2008-06-20 09:23 . 2008-06-27 16:30 88 -r-hs---- C:\WINDOWS\system32\6857B4B05A.sys2008-06-20 09:22 . 2008-06-20 09:29 <DIR> d-------- C:\Program Files\Corel2008-06-19 21:56 . 2008-06-19 21:56 <DIR> d-------- C:\Program Files\Gronzo2008-06-15 14:07 . 2008-06-15 14:07 <DIR> d-------- C:\Documents and Settings\Slave\Dane aplikacji\Media Player Classic2008-06-15 14:07 . 2008-06-15 14:07 <DIR> d-------- C:\Documents and Settings\Slave\Dane aplikacji\DivX2008-06-10 23:53 . 2008-06-18 21:26 <DIR> d-------- C:\Documents and Settings\Wencman\PsiData2008-06-10 22:48 . 2008-06-10 22:48 <DIR> d-------- C:\WINDOWS\system32\NtmsData2008-06-10 21:41 . 2008-07-02 23:23 <DIR> d--h----- C:\Documents and Settings\Slave\Ustawienia lokalne2008-06-10 21:41 . 2008-06-10 21:41 <DIR> dr------- C:\Documents and Settings\Slave\Ulubione2008-06-10 21:41 . 2008-06-03 19:13 <DIR> d--h----- C:\Documents and Settings\Slave\Szablony2008-06-10 21:41 . 2008-06-15 00:04 <DIR> d-------- C:\Documents and Settings\Slave\Pulpit2008-06-10 21:41 . 2008-06-10 21:41 <DIR> dr------- C:\Documents and Settings\Slave\Moje dokumenty2008-06-10 21:41 . 2008-06-03 21:06 <DIR> dr------- C:\Documents and Settings\Slave\Menu Start2008-06-10 21:41 . 2008-06-03 21:06 <DIR> dr-h----- C:\Documents and Settings\Slave\Dane aplikacji2008-06-10 21:41 . 2008-07-02 18:14 <DIR> d-------- C:\Documents and Settings\Slave2008-06-10 21:26 . 2008-06-10 21:26 <DIR> d-------- C:\Program Files\MegauploadToolbar2008-06-10 21:26 . 2008-06-25 23:45 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\MegauploadToolbar2008-06-10 21:24 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-09 00:02 . 2008-07-02 10:21 69 --a------ C:\WINDOWS\NeroDigital.ini2008-06-08 23:56 . 2008-06-19 20:24 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Ahead2008-06-08 23:55 . 2008-06-08 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-06-08 23:53 . 2008-06-08 23:53 <DIR> d-------- C:\Program Files\Nero2008-06-08 23:53 . 2008-06-08 23:55 <DIR> d-------- C:\Program Files\Common Files\Ahead2008-06-08 23:53 . 2008-06-08 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-06-07 21:57 . 2007-08-08 09:52 185,856 --a------ C:\WINDOWS\system32\drivers\rig3usb.sys2008-06-07 21:57 . 2007-08-08 09:52 25,600 --a------ C:\WINDOWS\system32\drivers\rig3avs.sys2008-06-07 21:56 . 2008-06-07 21:56 <DIR> d-------- C:\Program Files\Common Files\Native Instruments2008-06-07 21:56 . 2008-06-07 21:56 <DIR> d-------- C:\Program Files\Common Files\Digidesign2008-06-07 21:55 . 2008-06-07 21:57 <DIR> d-------- C:\Program Files\Native Instruments2008-06-04 22:59 . 2008-06-04 23:07 <DIR> d-------- C:\Program Files\ATI Technologies2008-06-04 22:44 . 2008-06-04 22:44 <DIR> d-------- C:\ATI2008-06-04 22:41 . 2008-06-04 22:41 <DIR> d-------- C:\Program Files\AIDA32 - Personal System Information2008-06-04 21:44 . 2008-06-04 21:44 <DIR> d-------- C:\Program Files\AtiHotKey2008-06-04 19:23 . 2008-06-04 19:23 0 --a------ C:\WINDOWS\ativpsrm.bin2008-06-04 19:19 . 2008-06-04 19:19 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe2008-06-04 15:23 . 2008-06-04 23:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat2008-06-04 13:07 . 2008-06-04 22:34 10 --a------ C:\WINDOWS\WININIT.INI2008-06-04 12:24 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS2008-06-04 00:27 . 2008-06-04 00:49 <DIR> d-------- C:\Program Files\Kaspersky Lab2008-06-04 00:27 . 2008-07-02 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-06-04 00:27 . 2008-07-02 23:15 25,609,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat2008-06-04 00:27 . 2008-07-02 23:15 348,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx2008-06-04 00:27 . 2008-07-02 23:15 337,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat2008-06-04 00:27 . 2008-06-04 00:35 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat2008-06-04 00:27 . 2008-06-04 00:35 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat2008-06-04 00:27 . 2008-07-02 23:15 33,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx2008-06-04 00:09 . 2008-07-02 23:03 <DIR> d-------- C:\Program Files\Winflip2008-06-03 23:05 . 2008-06-07 08:04 <DIR> d-------- C:\Program Files\Gadu-Gadu2008-06-03 22:59 . 2008-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\Adobe2008-06-03 22:58 . 2008-06-03 22:58 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Gadu-Gadu2008-06-03 22:56 . 2008-07-01 20:24 <DIR> d-------- C:\Documents and Settings\Wencman\Gadu-Gadu2008-06-03 22:50 . 2008-06-03 22:50 <DIR> d-------- C:\Program Files\MarBit2008-06-03 22:49 . 2008-06-03 22:49 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Media Player Classic2008-06-03 22:39 . 2008-06-03 22:39 <DIR> d-------- C:\Program Files\CCleaner2008-06-03 22:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-06-03 22:38 . 2008-06-03 22:38 <DIR> d-------- C:\Program Files\MSBuild2008-06-03 22:38 . 2008-06-03 22:38 <DIR> d-------- C:\Program Files\Microsoft Works2008-06-03 22:35 . 2008-06-03 22:35 <DIR> d-------- C:\Program Files\uTorrent2008-06-03 22:35 . 2008-06-30 10:42 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\uTorrent2008-06-03 22:34 . 2008-06-03 22:38 <DIR> d-------- C:\WINDOWS\SHELLNEW2008-06-03 22:34 . 2008-06-03 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-06-03 22:33 . 2008-06-03 22:33 <DIR> dr-h----- C:\MSOCache2008-06-03 22:22 . 2005-12-12 07:25 2,518,016 --a------ C:\WINDOWS\system32\ati3duag.dll2008-06-03 22:22 . 2005-12-12 07:18 862,464 --a------ C:\WINDOWS\system32\ativvaxx.dll2008-06-03 22:22 . 2008-06-03 22:22 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe2008-06-03 22:22 . 2005-12-12 07:41 252,928 --a------ C:\WINDOWS\system32\ati2dvag.dll2008-06-03 22:22 . 2005-12-12 06:33 237,568 --a------ C:\WINDOWS\system32\ati2cqag.dll2008-06-03 22:21 . 2008-06-03 22:21 <DIR> d-------- C:\Program Files\Alcohol Soft2008-06-03 22:20 . 2008-06-03 22:20 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys2008-06-03 22:19 . 2008-06-03 22:19 <DIR> d-------- C:\Program Files\Internet Download Manager2008-06-03 22:19 . 2008-06-03 22:19 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\IDM2008-06-03 22:19 . 2008-07-02 22:53 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\DMCache2008-06-03 22:19 . 2008-07-02 22:46 67 --a------ C:\WINDOWS\IDMan.INI2008-06-03 22:18 . 2008-06-03 22:18 <DIR> d-------- C:\Program Files\Common Files\Adobe2008-06-03 22:16 . 2008-07-02 14:23 <DIR> d-------- C:\Program Files\Counter-Strike 1.62008-06-03 22:15 . 2008-06-03 22:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack2008-06-03 22:14 . 2008-06-03 22:14 <DIR> d-------- C:\Program Files\Skype2008-06-03 22:14 . 2008-06-03 22:14 <DIR> d-------- C:\Program Files\Common Files\Skype2008-06-03 22:14 . 2008-07-01 20:32 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\skypePM2008-06-03 22:14 . 2008-07-02 17:32 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Skype2008-06-03 22:14 . 2008-06-03 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-04 21:08 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-03 22:35 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys2008-06-03 20:05 --------- d-----w C:\Program Files\Common Files\InstallShield2008-06-03 17:37 --------- d-----w C:\Program Files\Customer2008-06-03 17:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-06-03 17:34 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll2008-06-03 17:16 --------- d-----w C:\Program Files\Usługi online2008-06-03 17:13 --------- d-----w C:\Program Files\Windows Media Connect 2.------- Sigcheck -------2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll2007-10-16 01:19 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys2007-10-19 00:19 2066816 9aa8aeee2c77b68af93691758eb0a78b C:\WINDOWS\system32\ntkrnlpa.exe2007-10-19 00:19 2189824 1aeb1a9aa55de24bda1d441989ae4492 C:\WINDOWS\system32\ntoskrnl.exe2007-10-17 21:30 974848 16df8a100e8966e48ba00c86f6c89972 C:\WINDOWS\explorer.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:44 15360]"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 12:04 65536]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 06:13 1589248]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]"Remove AtiHotKey"="c:\program files\AtiHotKey\AtiHotKey.exe" [2005-08-01 20:48 19968]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 21:05 344064]"TPSMain"="TPSMain.exe" [2005-08-04 14:16 266240 C:\WINDOWS\system32\TPSMain.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]C:\Documents and Settings\Wencman\Menu Start\Programy\Autostart\WinFlip.lnk - C:\Program Files\Winflip\WinFlip.exe [2008-06-04 00:09:45 483328][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3fhg"= mp3fhg.acm"msacm.divxa32"= divxa32.acm"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"vidc.i263"= i263_32.drv"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-02 23:23:22Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-02 23:25:11ComboFix-quarantined-files.txt 2008-07-02 21:24:55Pre-Run: 8,273,666,048 bajtów wolnychPost-Run: 8,343,494,656 bajtów wolnych232
CatchMe komentarz 3 lipca 2008 komentarz 3 lipca 2008 (edytowane) Znasz folder? C:\ckis Otwórz notatnik i wklej: C:\WINDOWS\system32\drivers\usbser_lowerfltj.sysC:\WINDOWS\system32\drivers\usbser_lowerflt.sysC:\WINDOWS\system32\6857B4B05A.sys Zapisz jako CFScript.txt >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe Powinno rozpocząć się usuwanie. Przeskanuj plik na www.virustotal.com : C:\WINDOWS\system32\msvbvm60.dll Następnie daj nowe logi.
Wencman komentarz 3 lipca 2008 Autor komentarz 3 lipca 2008 Plik czysty z virustotal.pl CKIS znam Czy to normalne, że po wklejeniu cfscript'a otrzymuje taki komunikat? (robiłem to na adminie w trybie awaryjnym) http://img530.imageshack.us/img530/5525/beztytuurf7.png ComboFix 08-07-01.5 - MasterAdmin 2008-07-03 16:58:07.4 - NTFSx86 NETWORKRunning from: C:\Documents and Settings\MasterAdmin\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\MasterAdmin\Pulpit\CFScript.txt.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))).2008-07-03 16:55 . 2008-07-03 16:59 <DIR> d--h----- C:\Documents and Settings\MasterAdmin\Ustawienia lokalne2008-07-03 16:55 . 2008-06-03 21:06 <DIR> d-------- C:\Documents and Settings\MasterAdmin\Ulubione2008-07-03 16:55 . 2008-06-03 19:13 <DIR> d--h----- C:\Documents and Settings\MasterAdmin\Szablony2008-07-03 16:55 . 2008-07-03 16:58 <DIR> d-------- C:\Documents and Settings\MasterAdmin\Pulpit2008-07-03 16:55 . 2008-06-03 21:06 <DIR> d-------- C:\Documents and Settings\MasterAdmin\Moje dokumenty2008-07-03 16:55 . 2008-06-03 21:06 <DIR> dr------- C:\Documents and Settings\MasterAdmin\Menu Start2008-07-03 16:55 . 2008-07-03 16:55 <DIR> dr-h----- C:\Documents and Settings\MasterAdmin\Dane aplikacji2008-07-03 16:55 . 2008-07-03 16:55 <DIR> d-------- C:\Documents and Settings\MasterAdmin2008-07-02 23:28 . 2008-07-02 23:28 <DIR> d-------- C:\WINDOWS\system32\xircom2008-07-02 23:28 . 2008-07-02 23:28 <DIR> d-------- C:\WINDOWS\srchasst2008-07-02 23:28 . 2008-07-02 23:28 <DIR> d-------- C:\WINDOWS\msagent2008-07-02 23:28 . 2008-07-02 23:28 <DIR> d-------- C:\Program Files\microsoft frontpage2008-07-02 23:25 . 2008-07-02 23:25 <DIR> d-------- C:\Program Files\Trend Micro2008-07-02 14:58 . 2008-07-02 14:58 <DIR> d-------- C:\Program Files\Audacity2008-06-28 11:06 . 2008-06-28 11:06 <DIR> d-------- C:\Program Files\Winamp2008-06-28 11:06 . 2008-06-28 11:40 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Winamp2008-06-27 21:47 . 2008-06-27 21:47 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Nokia Multimedia Player2008-06-27 13:52 . 2008-06-27 13:52 <DIR> d--hs---- C:\ckis2008-06-27 10:15 . 2008-06-27 10:17 <DIR> d-------- C:\Program Files\NAPI-PROJEKT2008-06-26 23:55 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll2008-06-26 23:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys2008-06-26 23:55 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll2008-06-26 00:11 . 2008-06-26 00:11 <DIR> d-------- C:\Documents and Settings\Moje dokumenty\VirtualDJ2008-06-26 00:11 . 2008-06-26 00:11 <DIR> d-------- C:\Documents and Settings\Moje dokumenty2008-06-26 00:09 . 2008-06-26 00:09 <DIR> d-------- C:\Program Files\VirtualDJ2008-06-25 22:57 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx2008-06-25 22:56 . 2008-06-25 22:57 <DIR> d-------- C:\Program Files\Total Video Converter2008-06-22 22:16 . 2008-06-22 22:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles2008-06-22 22:16 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys2008-06-22 22:15 . 2008-06-22 22:15 <DIR> d-------- C:\Program Files\Common Files\PCSuite2008-06-22 22:15 . 2008-06-22 22:15 <DIR> d-------- C:\Program Files\Common Files\Nokia2008-06-22 22:15 . 2008-06-22 22:16 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\PC Suite2008-06-22 22:15 . 2008-06-22 22:15 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Nokia2008-06-22 22:15 . 2008-06-22 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite2008-06-22 22:14 . 2008-06-22 22:14 <DIR> d-------- C:\Program Files\DIFX2008-06-22 22:14 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys2008-06-22 22:08 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe2008-06-22 22:08 . 2008-06-22 22:08 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-06-22 22:08 . 2008-06-22 22:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf2008-06-22 22:07 . 2008-06-22 22:15 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\PC Connectivity Solution2008-06-22 22:07 . 2008-06-22 22:15 <DIR> d-------- C:\Program Files\Nokia2008-06-22 22:07 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll2008-06-22 22:07 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll2008-06-22 22:07 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll2008-06-22 22:07 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys2008-06-22 22:07 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys2008-06-22 22:07 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys2008-06-22 22:07 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys2008-06-22 22:06 . 2008-06-22 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations2008-06-22 13:32 . 2008-06-26 20:40 <DIR> d-------- C:\Program Files\BearShare2008-06-22 13:32 . 2008-06-25 23:46 <DIR> d-------- C:\My Downloads2008-06-20 10:24 . 2008-06-20 10:24 <DIR> d-------- C:\WINDOWS\Downloaded Installations2008-06-20 09:37 . 2008-06-27 16:31 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Corel2008-06-20 09:29 . 2008-06-20 09:29 <DIR> d-------- C:\Program Files\Common Files\Corel2008-06-20 09:29 . 2008-06-20 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel2008-06-20 09:23 . 2008-06-27 16:31 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys2008-06-20 09:23 . 2008-06-27 16:30 88 -r-hs---- C:\WINDOWS\system32\6857B4B05A.sys2008-06-20 09:22 . 2008-06-20 09:29 <DIR> d-------- C:\Program Files\Corel2008-06-19 21:56 . 2008-06-19 21:56 <DIR> d-------- C:\Program Files\Gronzo2008-06-15 14:07 . 2008-06-15 14:07 <DIR> d-------- C:\Documents and Settings\Slave\Dane aplikacji\Media Player Classic2008-06-15 14:07 . 2008-06-15 14:07 <DIR> d-------- C:\Documents and Settings\Slave\Dane aplikacji\DivX2008-06-10 23:53 . 2008-06-18 21:26 <DIR> d-------- C:\Documents and Settings\Wencman\PsiData2008-06-10 22:48 . 2008-06-10 22:48 <DIR> d-------- C:\WINDOWS\system32\NtmsData2008-06-10 21:41 . 2008-07-03 16:59 <DIR> d--h----- C:\Documents and Settings\Slave\Ustawienia lokalne2008-06-10 21:41 . 2008-06-10 21:41 <DIR> dr------- C:\Documents and Settings\Slave\Ulubione2008-06-10 21:41 . 2008-06-03 19:13 <DIR> d--h----- C:\Documents and Settings\Slave\Szablony2008-06-10 21:41 . 2008-06-15 00:04 <DIR> d-------- C:\Documents and Settings\Slave\Pulpit2008-06-10 21:41 . 2008-06-10 21:41 <DIR> dr------- C:\Documents and Settings\Slave\Moje dokumenty2008-06-10 21:41 . 2008-06-03 21:06 <DIR> dr------- C:\Documents and Settings\Slave\Menu Start2008-06-10 21:41 . 2008-06-03 21:06 <DIR> dr-h----- C:\Documents and Settings\Slave\Dane aplikacji2008-06-10 21:41 . 2008-07-02 18:14 <DIR> d-------- C:\Documents and Settings\Slave2008-06-10 21:26 . 2008-06-10 21:26 <DIR> d-------- C:\Program Files\MegauploadToolbar2008-06-10 21:26 . 2008-06-25 23:45 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\MegauploadToolbar2008-06-10 21:24 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-09 00:02 . 2008-07-02 10:21 69 --a------ C:\WINDOWS\NeroDigital.ini2008-06-08 23:56 . 2008-06-19 20:24 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Ahead2008-06-08 23:55 . 2008-06-08 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-06-08 23:53 . 2008-06-08 23:53 <DIR> d-------- C:\Program Files\Nero2008-06-08 23:53 . 2008-06-08 23:55 <DIR> d-------- C:\Program Files\Common Files\Ahead2008-06-08 23:53 . 2008-06-08 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-06-07 21:57 . 2007-08-08 09:52 185,856 --a------ C:\WINDOWS\system32\drivers\rig3usb.sys2008-06-07 21:57 . 2007-08-08 09:52 25,600 --a------ C:\WINDOWS\system32\drivers\rig3avs.sys2008-06-07 21:56 . 2008-06-07 21:56 <DIR> d-------- C:\Program Files\Common Files\Native Instruments2008-06-07 21:56 . 2008-06-07 21:56 <DIR> d-------- C:\Program Files\Common Files\Digidesign2008-06-07 21:55 . 2008-06-07 21:57 <DIR> d-------- C:\Program Files\Native Instruments2008-06-04 22:59 . 2008-06-04 23:07 <DIR> d-------- C:\Program Files\ATI Technologies2008-06-04 22:44 . 2008-06-04 22:44 <DIR> d-------- C:\ATI2008-06-04 22:41 . 2008-06-04 22:41 <DIR> d-------- C:\Program Files\AIDA32 - Personal System Information2008-06-04 21:44 . 2008-06-04 21:44 <DIR> d-------- C:\Program Files\AtiHotKey2008-06-04 19:23 . 2008-06-04 19:23 0 --a------ C:\WINDOWS\ativpsrm.bin2008-06-04 19:19 . 2008-06-04 19:19 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe2008-06-04 15:23 . 2008-06-04 23:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat2008-06-04 13:07 . 2008-06-04 22:34 10 --a------ C:\WINDOWS\WININIT.INI2008-06-04 12:24 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS2008-06-04 00:27 . 2008-06-04 00:49 <DIR> d-------- C:\Program Files\Kaspersky Lab2008-06-04 00:27 . 2008-07-03 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-06-04 00:27 . 2008-07-03 16:49 25,797,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat2008-06-04 00:27 . 2008-07-03 08:06 349,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx2008-06-04 00:27 . 2008-07-03 16:47 343,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat2008-06-04 00:27 . 2008-06-04 00:35 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat2008-06-04 00:27 . 2008-06-04 00:35 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat2008-06-04 00:27 . 2008-07-03 08:06 33,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx2008-06-04 00:09 . 2008-07-03 16:42 <DIR> d-------- C:\Program Files\Winflip2008-06-03 23:05 . 2008-06-07 08:04 <DIR> d-------- C:\Program Files\Gadu-Gadu2008-06-03 22:59 . 2008-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\Adobe2008-06-03 22:58 . 2008-06-03 22:58 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Gadu-Gadu2008-06-03 22:56 . 2008-07-01 20:24 <DIR> d-------- C:\Documents and Settings\Wencman\Gadu-Gadu2008-06-03 22:50 . 2008-06-03 22:50 <DIR> d-------- C:\Program Files\MarBit2008-06-03 22:49 . 2008-06-03 22:49 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\Media Player Classic2008-06-03 22:39 . 2008-06-03 22:39 <DIR> d-------- C:\Program Files\CCleaner2008-06-03 22:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-06-03 22:38 . 2008-06-03 22:38 <DIR> d-------- C:\Program Files\MSBuild2008-06-03 22:38 . 2008-06-03 22:38 <DIR> d-------- C:\Program Files\Microsoft Works2008-06-03 22:35 . 2008-06-03 22:35 <DIR> d-------- C:\Program Files\uTorrent2008-06-03 22:35 . 2008-06-30 10:42 <DIR> d-------- C:\Documents and Settings\Wencman\Dane aplikacji\uTorrent2008-06-03 22:34 . 2008-06-03 22:38 <DIR> d-------- C:\WINDOWS\SHELLNEW2008-06-03 22:34 . 2008-06-03 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-06-03 22:33 . 2008-06-03 22:33 <DIR> dr-h----- C:\MSOCache2008-06-03 22:22 . 2005-12-12 07:25 2,518,016 --a------ C:\WINDOWS\system32\ati3duag.dll2008-06-03 22:22 . 2005-12-12 07:18 862,464 --a------ C:\WINDOWS\system32\ativvaxx.dll2008-06-03 22:22 . 2008-06-03 22:22 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe2008-06-03 22:22 . 2005-12-12 07:41 252,928 --a------ C:\WINDOWS\system32\ati2dvag.dll2008-06-03 22:22 . 2005-12-12 06:33 237,568 --a------ C:\WINDOWS\system32\ati2cqag.dll2008-06-03 22:21 . 2008-06-03 22:21 <DIR> d-------- C:\Program Files\Alcohol Soft.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-04 21:08 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-03 22:35 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys2008-06-03 20:05 --------- d-----w C:\Program Files\Common Files\InstallShield2008-06-03 17:37 --------- d-----w C:\Program Files\Customer2008-06-03 17:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-06-03 17:34 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll2008-06-03 17:16 --------- d-----w C:\Program Files\Usługi online2008-06-03 17:13 --------- d-----w C:\Program Files\Windows Media Connect 2.------- Sigcheck -------2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll2007-10-16 01:19 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys2007-10-19 00:19 2066816 9aa8aeee2c77b68af93691758eb0a78b C:\WINDOWS\system32\ntkrnlpa.exe2007-10-19 00:19 2189824 1aeb1a9aa55de24bda1d441989ae4492 C:\WINDOWS\system32\ntoskrnl.exe2007-10-17 21:30 974848 16df8a100e8966e48ba00c86f6c89972 C:\WINDOWS\explorer.exe.((((((((((((((((((((((((((((( snapshot@2008-07-02_23.24.43.09 ))))))))))))))))))))))))))))))))))))))))).- 2008-07-02 21:17:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-07-03 14:54:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 06:13 1589248]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]"Remove AtiHotKey"="c:\program files\AtiHotKey\AtiHotKey.exe" [2005-08-01 20:48 19968]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 21:05 344064]"TPSMain"="TPSMain.exe" [2005-08-04 14:16 266240 C:\WINDOWS\system32\TPSMain.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]C:\Documents and Settings\Wencman\Menu Start\Programy\Autostart\WinFlip.lnk - C:\Program Files\Winflip\WinFlip.exe [2008-06-04 00:09:45 483328][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3fhg"= mp3fhg.acm"msacm.divxa32"= divxa32.acm"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"vidc.i263"= i263_32.drv"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-03 16:59:36Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-03 17:00:20ComboFix-quarantined-files.txt 2008-07-03 15:00:10Pre-Run: 8,224,387,072 bajtów wolnychPost-Run: 8,215,252,992 bajtów wolnych237 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:01:19, on 2008-07-03Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20627)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PLO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Remove AtiHotKey] "c:\program files\AtiHotKey\AtiHotKey.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXEO4 - HKCU\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 5597 bytes
CatchMe komentarz 3 lipca 2008 komentarz 3 lipca 2008 To nie jest komunikat tylko oznaka, że CF pracuje nadal. Musisz czekać do końca. Zrób na nowo wszystko co napisałem wcześniej.
Wencman komentarz 3 lipca 2008 Autor komentarz 3 lipca 2008 ale ja mu dałem do końca przecież inaczej nie dostałbym loga skończył chyba na dwudziestym którymś. dziś w nocy był pełen skan kasperskim na full czułości na rootkity, obiekty startowe i cały komp, to może to wyrzucił?...
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.