x-kom hosting

wirus Worm.Win32.Perlovga.a

Wencman
utworzono
utworzono

witam. mam właśnie tego wiruska z tematu, czyli

xcopy.exe, autorun.inf i svhost.exe, niestety mój kasperek sobie z nim nie radzi :(...

codziennie mi o nim mówi i ,że niby usunięty. Pomożecie? oto logi:

@edit

i jeśli to nie stanowi jakiegoś wielkiego problemu, może widzicie coś co może zamulać kompa?... (to tak przy okazji :) )

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:26:17, on 2008-07-02Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20627)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\CCleaner\ccleaner.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PLO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Remove AtiHotKey] "c:\program files\AtiHotKey\AtiHotKey.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytrayO4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: WinFlip.lnk = C:\Program Files\Winflip\WinFlip.exeO8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 5931 bytes
ComboFix 08-07-01.5 - Wencman 2008-07-02 23:20:17.2 - NTFSx86 MINIMALRunning from: C:\Documents and Settings\Wencman\Pulpit\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((   Files Created from 2008-06-02 to 2008-07-02  ))))))))))))))))))))))))))))))).2008-07-02 14:58 . 2008-07-02 14:58	<DIR>	d--------	C:\Program Files\Audacity2008-06-28 11:06 . 2008-06-28 11:06	<DIR>	d--------	C:\Program Files\Winamp2008-06-28 11:06 . 2008-06-28 11:40	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Winamp2008-06-27 21:47 . 2008-06-27 21:47	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Nokia Multimedia Player2008-06-27 13:52 . 2008-06-27 13:52	<DIR>	d--hs----	C:\ckis2008-06-27 10:15 . 2008-06-27 10:17	<DIR>	d--------	C:\Program Files\NAPI-PROJEKT2008-06-26 23:55 . 2004-08-04 00:44	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll2008-06-26 23:55 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys2008-06-26 23:55 . 2001-10-26 17:29	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll2008-06-26 00:11 . 2008-06-26 00:11	<DIR>	d--------	C:\Documents and Settings\Moje dokumenty\VirtualDJ2008-06-26 00:11 . 2008-06-26 00:11	<DIR>	d--------	C:\Documents and Settings\Moje dokumenty2008-06-26 00:09 . 2008-06-26 00:09	<DIR>	d--------	C:\Program Files\VirtualDJ2008-06-25 22:57 . 2000-05-22 22:58	608,448	--a------	C:\WINDOWS\system32\comctl32.ocx2008-06-25 22:56 . 2008-06-25 22:57	<DIR>	d--------	C:\Program Files\Total Video Converter2008-06-22 22:16 . 2008-06-22 22:16	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-06-22 22:16 . 2004-08-03 23:08	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys2008-06-22 22:15 . 2008-06-22 22:15	<DIR>	d--------	C:\Program Files\Common Files\PCSuite2008-06-22 22:15 . 2008-06-22 22:15	<DIR>	d--------	C:\Program Files\Common Files\Nokia2008-06-22 22:15 . 2008-06-22 22:16	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\PC Suite2008-06-22 22:15 . 2008-06-22 22:15	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Nokia2008-06-22 22:15 . 2008-06-22 22:16	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\PC Suite2008-06-22 22:14 . 2008-06-22 22:14	<DIR>	d--------	C:\Program Files\DIFX2008-06-22 22:14 . 2007-09-17 15:53	21,632	--a------	C:\WINDOWS\system32\drivers\pccsmcfd.sys2008-06-22 22:08 . 2006-10-08 21:51	23,856	--a------	C:\WINDOWS\system32\spupdsvc.exe2008-06-22 22:08 . 2008-06-22 22:08	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-06-22 22:08 . 2008-06-22 22:08	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf2008-06-22 22:07 . 2008-06-22 22:15	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE2008-06-22 22:07 . 2008-06-22 22:07	<DIR>	d--------	C:\Program Files\PC Connectivity Solution2008-06-22 22:07 . 2008-06-22 22:15	<DIR>	d--------	C:\Program Files\Nokia2008-06-22 22:07 . 2007-11-29 10:33	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll2008-06-22 22:07 . 2007-11-29 10:39	95,744	--a------	C:\WINDOWS\system32\nmwcdcocls.dll2008-06-22 22:07 . 2007-11-29 10:32	48,128	--a------	C:\WINDOWS\system32\nmwcdcls.dll2008-06-22 22:07 . 2007-11-29 10:39	19,328	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys2008-06-22 22:07 . 2007-11-29 10:39	16,896	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys2008-06-22 22:07 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys2008-06-22 22:07 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys2008-06-22 22:06 . 2008-06-22 22:06	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Installations2008-06-22 13:32 . 2008-06-26 20:40	<DIR>	d--------	C:\Program Files\BearShare2008-06-22 13:32 . 2008-06-25 23:46	<DIR>	d--------	C:\My Downloads2008-06-20 10:24 . 2008-06-20 10:24	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-06-20 09:37 . 2008-06-27 16:31	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Corel2008-06-20 09:29 . 2008-06-20 09:29	<DIR>	d--------	C:\Program Files\Common Files\Corel2008-06-20 09:29 . 2008-06-20 09:29	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Corel2008-06-20 09:23 . 2008-06-27 16:31	2,516	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys2008-06-20 09:23 . 2008-06-27 16:30	88	-r-hs----	C:\WINDOWS\system32\6857B4B05A.sys2008-06-20 09:22 . 2008-06-20 09:29	<DIR>	d--------	C:\Program Files\Corel2008-06-19 21:56 . 2008-06-19 21:56	<DIR>	d--------	C:\Program Files\Gronzo2008-06-15 14:07 . 2008-06-15 14:07	<DIR>	d--------	C:\Documents and Settings\Slave\Dane aplikacji\Media Player Classic2008-06-15 14:07 . 2008-06-15 14:07	<DIR>	d--------	C:\Documents and Settings\Slave\Dane aplikacji\DivX2008-06-10 23:53 . 2008-06-18 21:26	<DIR>	d--------	C:\Documents and Settings\Wencman\PsiData2008-06-10 22:48 . 2008-06-10 22:48	<DIR>	d--------	C:\WINDOWS\system32\NtmsData2008-06-10 21:41 . 2008-07-02 23:23	<DIR>	d--h-----	C:\Documents and Settings\Slave\Ustawienia lokalne2008-06-10 21:41 . 2008-06-10 21:41	<DIR>	dr-------	C:\Documents and Settings\Slave\Ulubione2008-06-10 21:41 . 2008-06-03 19:13	<DIR>	d--h-----	C:\Documents and Settings\Slave\Szablony2008-06-10 21:41 . 2008-06-15 00:04	<DIR>	d--------	C:\Documents and Settings\Slave\Pulpit2008-06-10 21:41 . 2008-06-10 21:41	<DIR>	dr-------	C:\Documents and Settings\Slave\Moje dokumenty2008-06-10 21:41 . 2008-06-03 21:06	<DIR>	dr-------	C:\Documents and Settings\Slave\Menu Start2008-06-10 21:41 . 2008-06-03 21:06	<DIR>	dr-h-----	C:\Documents and Settings\Slave\Dane aplikacji2008-06-10 21:41 . 2008-07-02 18:14	<DIR>	d--------	C:\Documents and Settings\Slave2008-06-10 21:26 . 2008-06-10 21:26	<DIR>	d--------	C:\Program Files\MegauploadToolbar2008-06-10 21:26 . 2008-06-25 23:45	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\MegauploadToolbar2008-06-10 21:24 . 2004-08-03 23:08	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-09 00:02 . 2008-07-02 10:21	69	--a------	C:\WINDOWS\NeroDigital.ini2008-06-08 23:56 . 2008-06-19 20:24	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Ahead2008-06-08 23:55 . 2008-06-08 23:55	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-06-08 23:53 . 2008-06-08 23:53	<DIR>	d--------	C:\Program Files\Nero2008-06-08 23:53 . 2008-06-08 23:55	<DIR>	d--------	C:\Program Files\Common Files\Ahead2008-06-08 23:53 . 2008-06-08 23:53	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-06-07 21:57 . 2007-08-08 09:52	185,856	--a------	C:\WINDOWS\system32\drivers\rig3usb.sys2008-06-07 21:57 . 2007-08-08 09:52	25,600	--a------	C:\WINDOWS\system32\drivers\rig3avs.sys2008-06-07 21:56 . 2008-06-07 21:56	<DIR>	d--------	C:\Program Files\Common Files\Native Instruments2008-06-07 21:56 . 2008-06-07 21:56	<DIR>	d--------	C:\Program Files\Common Files\Digidesign2008-06-07 21:55 . 2008-06-07 21:57	<DIR>	d--------	C:\Program Files\Native Instruments2008-06-04 22:59 . 2008-06-04 23:07	<DIR>	d--------	C:\Program Files\ATI Technologies2008-06-04 22:44 . 2008-06-04 22:44	<DIR>	d--------	C:\ATI2008-06-04 22:41 . 2008-06-04 22:41	<DIR>	d--------	C:\Program Files\AIDA32 - Personal System Information2008-06-04 21:44 . 2008-06-04 21:44	<DIR>	d--------	C:\Program Files\AtiHotKey2008-06-04 19:23 . 2008-06-04 19:23	0	--a------	C:\WINDOWS\ativpsrm.bin2008-06-04 19:19 . 2008-06-04 19:19	451,072	--a------	C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe2008-06-04 15:23 . 2008-06-04 23:01	664	--a------	C:\WINDOWS\system32\d3d9caps.dat2008-06-04 13:07 . 2008-06-04 22:34	10	--a------	C:\WINDOWS\WININIT.INI2008-06-04 12:24 . 2001-08-17 21:56	7,552	--a------	C:\WINDOWS\system32\drivers\SONYPVU1.SYS2008-06-04 00:27 . 2008-06-04 00:49	<DIR>	d--------	C:\Program Files\Kaspersky Lab2008-06-04 00:27 . 2008-07-02 23:04	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-06-04 00:27 . 2008-07-02 23:15	25,609,504	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat2008-06-04 00:27 . 2008-07-02 23:15	348,236	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx2008-06-04 00:27 . 2008-07-02 23:15	337,696	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat2008-06-04 00:27 . 2008-06-04 00:35	96,966	--a------	C:\WINDOWS\system32\drivers\klin.dat2008-06-04 00:27 . 2008-06-04 00:35	88,774	--a------	C:\WINDOWS\system32\drivers\klick.dat2008-06-04 00:27 . 2008-07-02 23:15	33,776	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx2008-06-04 00:09 . 2008-07-02 23:03	<DIR>	d--------	C:\Program Files\Winflip2008-06-03 23:05 . 2008-06-07 08:04	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-06-03 22:59 . 2008-06-03 23:00	<DIR>	d--------	C:\WINDOWS\system32\Adobe2008-06-03 22:58 . 2008-06-03 22:58	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Gadu-Gadu2008-06-03 22:56 . 2008-07-01 20:24	<DIR>	d--------	C:\Documents and Settings\Wencman\Gadu-Gadu2008-06-03 22:50 . 2008-06-03 22:50	<DIR>	d--------	C:\Program Files\MarBit2008-06-03 22:49 . 2008-06-03 22:49	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Media Player Classic2008-06-03 22:39 . 2008-06-03 22:39	<DIR>	d--------	C:\Program Files\CCleaner2008-06-03 22:39 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-06-03 22:38 . 2008-06-03 22:38	<DIR>	d--------	C:\Program Files\MSBuild2008-06-03 22:38 . 2008-06-03 22:38	<DIR>	d--------	C:\Program Files\Microsoft Works2008-06-03 22:35 . 2008-06-03 22:35	<DIR>	d--------	C:\Program Files\uTorrent2008-06-03 22:35 . 2008-06-30 10:42	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\uTorrent2008-06-03 22:34 . 2008-06-03 22:38	<DIR>	d--------	C:\WINDOWS\SHELLNEW2008-06-03 22:34 . 2008-06-03 22:45	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-06-03 22:33 . 2008-06-03 22:33	<DIR>	dr-h-----	C:\MSOCache2008-06-03 22:22 . 2005-12-12 07:25	2,518,016	--a------	C:\WINDOWS\system32\ati3duag.dll2008-06-03 22:22 . 2005-12-12 07:18	862,464	--a------	C:\WINDOWS\system32\ativvaxx.dll2008-06-03 22:22 . 2008-06-03 22:22	472,576	--a------	C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe2008-06-03 22:22 . 2005-12-12 07:41	252,928	--a------	C:\WINDOWS\system32\ati2dvag.dll2008-06-03 22:22 . 2005-12-12 06:33	237,568	--a------	C:\WINDOWS\system32\ati2cqag.dll2008-06-03 22:21 . 2008-06-03 22:21	<DIR>	d--------	C:\Program Files\Alcohol Soft2008-06-03 22:20 . 2008-06-03 22:20	685,816	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-06-03 22:19 . 2008-06-03 22:19	<DIR>	d--------	C:\Program Files\Internet Download Manager2008-06-03 22:19 . 2008-06-03 22:19	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\IDM2008-06-03 22:19 . 2008-07-02 22:53	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\DMCache2008-06-03 22:19 . 2008-07-02 22:46	67	--a------	C:\WINDOWS\IDMan.INI2008-06-03 22:18 . 2008-06-03 22:18	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-06-03 22:16 . 2008-07-02 14:23	<DIR>	d--------	C:\Program Files\Counter-Strike 1.62008-06-03 22:15 . 2008-06-03 22:15	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack2008-06-03 22:14 . 2008-06-03 22:14	<DIR>	d--------	C:\Program Files\Skype2008-06-03 22:14 . 2008-06-03 22:14	<DIR>	d--------	C:\Program Files\Common Files\Skype2008-06-03 22:14 . 2008-07-01 20:32	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\skypePM2008-06-03 22:14 . 2008-07-02 17:32	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Skype2008-06-03 22:14 . 2008-06-03 22:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-04 21:08	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-03 22:35	112,144	----a-w	C:\WINDOWS\system32\drivers\kl1.sys2008-06-03 20:05	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-06-03 17:37	---------	d-----w	C:\Program Files\Customer2008-06-03 17:37	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-06-03 17:34	1,386,496	----a-w	C:\WINDOWS\system32\msvbvm60.dll2008-06-03 17:16	---------	d-----w	C:\Program Files\Usługi online2008-06-03 17:13	---------	d-----w	C:\Program Files\Windows Media Connect 2.------- Sigcheck -------2007-07-10 15:06  642560  ce594e18fe0d0af804f1f3694921ce62	C:\WINDOWS\system32\user32.dll2007-07-14 00:56  814592  ce7193c5f7c01b19768e066087c1c919	C:\WINDOWS\system32\wininet.dll2007-10-16 01:19  360576  0fb6743e937c7bb248b2530a5a77abc6	C:\WINDOWS\system32\drivers\tcpip.sys2007-10-19 00:19  2066816  9aa8aeee2c77b68af93691758eb0a78b	C:\WINDOWS\system32\ntkrnlpa.exe2007-10-19 00:19  2189824  1aeb1a9aa55de24bda1d441989ae4492	C:\WINDOWS\system32\ntoskrnl.exe2007-10-17 21:30  974848  16df8a100e8966e48ba00c86f6c89972	C:\WINDOWS\explorer.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:44 15360]"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 12:04 65536]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 06:13 1589248]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]"Remove AtiHotKey"="c:\program files\AtiHotKey\AtiHotKey.exe" [2005-08-01 20:48 19968]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 21:05 344064]"TPSMain"="TPSMain.exe" [2005-08-04 14:16 266240 C:\WINDOWS\system32\TPSMain.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]C:\Documents and Settings\Wencman\Menu Start\Programy\Autostart\WinFlip.lnk - C:\Program Files\Winflip\WinFlip.exe [2008-06-04 00:09:45 483328][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3fhg"= mp3fhg.acm"msacm.divxa32"= divxa32.acm"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"vidc.i263"= i263_32.drv"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-02 23:23:22Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-02 23:25:11ComboFix-quarantined-files.txt  2008-07-02 21:24:55Pre-Run: 8,273,666,048 bajtów wolnychPost-Run: 8,343,494,656 bajtów wolnych232

CatchMe
komentarz
komentarz (edytowane)

Znasz folder?

C:\ckis

Otwórz notatnik i wklej:

C:\WINDOWS\system32\drivers\usbser_lowerfltj.sysC:\WINDOWS\system32\drivers\usbser_lowerflt.sysC:\WINDOWS\system32\6857B4B05A.sys

Zapisz jako CFScript.txt >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

88953CFScript-createdbyMiekiemoes.gif

Powinno rozpocząć się usuwanie.

Przeskanuj plik na www.virustotal.com :

C:\WINDOWS\system32\msvbvm60.dll

Następnie daj nowe logi.

Wencman
komentarz
komentarz

Plik czysty z virustotal.pl

CKIS znam :)

Czy to normalne, że po wklejeniu cfscript'a otrzymuje taki komunikat? (robiłem to na adminie w trybie awaryjnym)

http://img530.imageshack.us/img530/5525/beztytuurf7.png
ComboFix 08-07-01.5 - MasterAdmin 2008-07-03 16:58:07.4 - NTFSx86 NETWORKRunning from: C:\Documents and Settings\MasterAdmin\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\MasterAdmin\Pulpit\CFScript.txt.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((   Files Created from 2008-06-03 to 2008-07-03  ))))))))))))))))))))))))))))))).2008-07-03 16:55 . 2008-07-03 16:59	<DIR>	d--h-----	C:\Documents and Settings\MasterAdmin\Ustawienia lokalne2008-07-03 16:55 . 2008-06-03 21:06	<DIR>	d--------	C:\Documents and Settings\MasterAdmin\Ulubione2008-07-03 16:55 . 2008-06-03 19:13	<DIR>	d--h-----	C:\Documents and Settings\MasterAdmin\Szablony2008-07-03 16:55 . 2008-07-03 16:58	<DIR>	d--------	C:\Documents and Settings\MasterAdmin\Pulpit2008-07-03 16:55 . 2008-06-03 21:06	<DIR>	d--------	C:\Documents and Settings\MasterAdmin\Moje dokumenty2008-07-03 16:55 . 2008-06-03 21:06	<DIR>	dr-------	C:\Documents and Settings\MasterAdmin\Menu Start2008-07-03 16:55 . 2008-07-03 16:55	<DIR>	dr-h-----	C:\Documents and Settings\MasterAdmin\Dane aplikacji2008-07-03 16:55 . 2008-07-03 16:55	<DIR>	d--------	C:\Documents and Settings\MasterAdmin2008-07-02 23:28 . 2008-07-02 23:28	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-07-02 23:28 . 2008-07-02 23:28	<DIR>	d--------	C:\WINDOWS\srchasst2008-07-02 23:28 . 2008-07-02 23:28	<DIR>	d--------	C:\WINDOWS\msagent2008-07-02 23:28 . 2008-07-02 23:28	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-07-02 23:25 . 2008-07-02 23:25	<DIR>	d--------	C:\Program Files\Trend Micro2008-07-02 14:58 . 2008-07-02 14:58	<DIR>	d--------	C:\Program Files\Audacity2008-06-28 11:06 . 2008-06-28 11:06	<DIR>	d--------	C:\Program Files\Winamp2008-06-28 11:06 . 2008-06-28 11:40	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Winamp2008-06-27 21:47 . 2008-06-27 21:47	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Nokia Multimedia Player2008-06-27 13:52 . 2008-06-27 13:52	<DIR>	d--hs----	C:\ckis2008-06-27 10:15 . 2008-06-27 10:17	<DIR>	d--------	C:\Program Files\NAPI-PROJEKT2008-06-26 23:55 . 2004-08-04 00:44	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll2008-06-26 23:55 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys2008-06-26 23:55 . 2001-10-26 17:29	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll2008-06-26 00:11 . 2008-06-26 00:11	<DIR>	d--------	C:\Documents and Settings\Moje dokumenty\VirtualDJ2008-06-26 00:11 . 2008-06-26 00:11	<DIR>	d--------	C:\Documents and Settings\Moje dokumenty2008-06-26 00:09 . 2008-06-26 00:09	<DIR>	d--------	C:\Program Files\VirtualDJ2008-06-25 22:57 . 2000-05-22 22:58	608,448	--a------	C:\WINDOWS\system32\comctl32.ocx2008-06-25 22:56 . 2008-06-25 22:57	<DIR>	d--------	C:\Program Files\Total Video Converter2008-06-22 22:16 . 2008-06-22 22:16	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-06-22 22:16 . 2004-08-03 23:08	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys2008-06-22 22:15 . 2008-06-22 22:15	<DIR>	d--------	C:\Program Files\Common Files\PCSuite2008-06-22 22:15 . 2008-06-22 22:15	<DIR>	d--------	C:\Program Files\Common Files\Nokia2008-06-22 22:15 . 2008-06-22 22:16	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\PC Suite2008-06-22 22:15 . 2008-06-22 22:15	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Nokia2008-06-22 22:15 . 2008-06-22 22:16	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\PC Suite2008-06-22 22:14 . 2008-06-22 22:14	<DIR>	d--------	C:\Program Files\DIFX2008-06-22 22:14 . 2007-09-17 15:53	21,632	--a------	C:\WINDOWS\system32\drivers\pccsmcfd.sys2008-06-22 22:08 . 2006-10-08 21:51	23,856	--a------	C:\WINDOWS\system32\spupdsvc.exe2008-06-22 22:08 . 2008-06-22 22:08	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-06-22 22:08 . 2008-06-22 22:08	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf2008-06-22 22:07 . 2008-06-22 22:15	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE2008-06-22 22:07 . 2008-06-22 22:07	<DIR>	d--------	C:\Program Files\PC Connectivity Solution2008-06-22 22:07 . 2008-06-22 22:15	<DIR>	d--------	C:\Program Files\Nokia2008-06-22 22:07 . 2007-11-29 10:33	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll2008-06-22 22:07 . 2007-11-29 10:39	95,744	--a------	C:\WINDOWS\system32\nmwcdcocls.dll2008-06-22 22:07 . 2007-11-29 10:32	48,128	--a------	C:\WINDOWS\system32\nmwcdcls.dll2008-06-22 22:07 . 2007-11-29 10:39	19,328	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys2008-06-22 22:07 . 2007-11-29 10:39	16,896	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys2008-06-22 22:07 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys2008-06-22 22:07 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys2008-06-22 22:06 . 2008-06-22 22:06	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Installations2008-06-22 13:32 . 2008-06-26 20:40	<DIR>	d--------	C:\Program Files\BearShare2008-06-22 13:32 . 2008-06-25 23:46	<DIR>	d--------	C:\My Downloads2008-06-20 10:24 . 2008-06-20 10:24	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-06-20 09:37 . 2008-06-27 16:31	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Corel2008-06-20 09:29 . 2008-06-20 09:29	<DIR>	d--------	C:\Program Files\Common Files\Corel2008-06-20 09:29 . 2008-06-20 09:29	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Corel2008-06-20 09:23 . 2008-06-27 16:31	2,516	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys2008-06-20 09:23 . 2008-06-27 16:30	88	-r-hs----	C:\WINDOWS\system32\6857B4B05A.sys2008-06-20 09:22 . 2008-06-20 09:29	<DIR>	d--------	C:\Program Files\Corel2008-06-19 21:56 . 2008-06-19 21:56	<DIR>	d--------	C:\Program Files\Gronzo2008-06-15 14:07 . 2008-06-15 14:07	<DIR>	d--------	C:\Documents and Settings\Slave\Dane aplikacji\Media Player Classic2008-06-15 14:07 . 2008-06-15 14:07	<DIR>	d--------	C:\Documents and Settings\Slave\Dane aplikacji\DivX2008-06-10 23:53 . 2008-06-18 21:26	<DIR>	d--------	C:\Documents and Settings\Wencman\PsiData2008-06-10 22:48 . 2008-06-10 22:48	<DIR>	d--------	C:\WINDOWS\system32\NtmsData2008-06-10 21:41 . 2008-07-03 16:59	<DIR>	d--h-----	C:\Documents and Settings\Slave\Ustawienia lokalne2008-06-10 21:41 . 2008-06-10 21:41	<DIR>	dr-------	C:\Documents and Settings\Slave\Ulubione2008-06-10 21:41 . 2008-06-03 19:13	<DIR>	d--h-----	C:\Documents and Settings\Slave\Szablony2008-06-10 21:41 . 2008-06-15 00:04	<DIR>	d--------	C:\Documents and Settings\Slave\Pulpit2008-06-10 21:41 . 2008-06-10 21:41	<DIR>	dr-------	C:\Documents and Settings\Slave\Moje dokumenty2008-06-10 21:41 . 2008-06-03 21:06	<DIR>	dr-------	C:\Documents and Settings\Slave\Menu Start2008-06-10 21:41 . 2008-06-03 21:06	<DIR>	dr-h-----	C:\Documents and Settings\Slave\Dane aplikacji2008-06-10 21:41 . 2008-07-02 18:14	<DIR>	d--------	C:\Documents and Settings\Slave2008-06-10 21:26 . 2008-06-10 21:26	<DIR>	d--------	C:\Program Files\MegauploadToolbar2008-06-10 21:26 . 2008-06-25 23:45	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\MegauploadToolbar2008-06-10 21:24 . 2004-08-03 23:08	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-09 00:02 . 2008-07-02 10:21	69	--a------	C:\WINDOWS\NeroDigital.ini2008-06-08 23:56 . 2008-06-19 20:24	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Ahead2008-06-08 23:55 . 2008-06-08 23:55	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-06-08 23:53 . 2008-06-08 23:53	<DIR>	d--------	C:\Program Files\Nero2008-06-08 23:53 . 2008-06-08 23:55	<DIR>	d--------	C:\Program Files\Common Files\Ahead2008-06-08 23:53 . 2008-06-08 23:53	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-06-07 21:57 . 2007-08-08 09:52	185,856	--a------	C:\WINDOWS\system32\drivers\rig3usb.sys2008-06-07 21:57 . 2007-08-08 09:52	25,600	--a------	C:\WINDOWS\system32\drivers\rig3avs.sys2008-06-07 21:56 . 2008-06-07 21:56	<DIR>	d--------	C:\Program Files\Common Files\Native Instruments2008-06-07 21:56 . 2008-06-07 21:56	<DIR>	d--------	C:\Program Files\Common Files\Digidesign2008-06-07 21:55 . 2008-06-07 21:57	<DIR>	d--------	C:\Program Files\Native Instruments2008-06-04 22:59 . 2008-06-04 23:07	<DIR>	d--------	C:\Program Files\ATI Technologies2008-06-04 22:44 . 2008-06-04 22:44	<DIR>	d--------	C:\ATI2008-06-04 22:41 . 2008-06-04 22:41	<DIR>	d--------	C:\Program Files\AIDA32 - Personal System Information2008-06-04 21:44 . 2008-06-04 21:44	<DIR>	d--------	C:\Program Files\AtiHotKey2008-06-04 19:23 . 2008-06-04 19:23	0	--a------	C:\WINDOWS\ativpsrm.bin2008-06-04 19:19 . 2008-06-04 19:19	451,072	--a------	C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe2008-06-04 15:23 . 2008-06-04 23:01	664	--a------	C:\WINDOWS\system32\d3d9caps.dat2008-06-04 13:07 . 2008-06-04 22:34	10	--a------	C:\WINDOWS\WININIT.INI2008-06-04 12:24 . 2001-08-17 21:56	7,552	--a------	C:\WINDOWS\system32\drivers\SONYPVU1.SYS2008-06-04 00:27 . 2008-06-04 00:49	<DIR>	d--------	C:\Program Files\Kaspersky Lab2008-06-04 00:27 . 2008-07-03 11:18	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-06-04 00:27 . 2008-07-03 16:49	25,797,664	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat2008-06-04 00:27 . 2008-07-03 08:06	349,148	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx2008-06-04 00:27 . 2008-07-03 16:47	343,072	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat2008-06-04 00:27 . 2008-06-04 00:35	96,966	--a------	C:\WINDOWS\system32\drivers\klin.dat2008-06-04 00:27 . 2008-06-04 00:35	88,774	--a------	C:\WINDOWS\system32\drivers\klick.dat2008-06-04 00:27 . 2008-07-03 08:06	33,920	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx2008-06-04 00:09 . 2008-07-03 16:42	<DIR>	d--------	C:\Program Files\Winflip2008-06-03 23:05 . 2008-06-07 08:04	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-06-03 22:59 . 2008-06-03 23:00	<DIR>	d--------	C:\WINDOWS\system32\Adobe2008-06-03 22:58 . 2008-06-03 22:58	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Gadu-Gadu2008-06-03 22:56 . 2008-07-01 20:24	<DIR>	d--------	C:\Documents and Settings\Wencman\Gadu-Gadu2008-06-03 22:50 . 2008-06-03 22:50	<DIR>	d--------	C:\Program Files\MarBit2008-06-03 22:49 . 2008-06-03 22:49	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\Media Player Classic2008-06-03 22:39 . 2008-06-03 22:39	<DIR>	d--------	C:\Program Files\CCleaner2008-06-03 22:39 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-06-03 22:38 . 2008-06-03 22:38	<DIR>	d--------	C:\Program Files\MSBuild2008-06-03 22:38 . 2008-06-03 22:38	<DIR>	d--------	C:\Program Files\Microsoft Works2008-06-03 22:35 . 2008-06-03 22:35	<DIR>	d--------	C:\Program Files\uTorrent2008-06-03 22:35 . 2008-06-30 10:42	<DIR>	d--------	C:\Documents and Settings\Wencman\Dane aplikacji\uTorrent2008-06-03 22:34 . 2008-06-03 22:38	<DIR>	d--------	C:\WINDOWS\SHELLNEW2008-06-03 22:34 . 2008-06-03 22:45	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-06-03 22:33 . 2008-06-03 22:33	<DIR>	dr-h-----	C:\MSOCache2008-06-03 22:22 . 2005-12-12 07:25	2,518,016	--a------	C:\WINDOWS\system32\ati3duag.dll2008-06-03 22:22 . 2005-12-12 07:18	862,464	--a------	C:\WINDOWS\system32\ativvaxx.dll2008-06-03 22:22 . 2008-06-03 22:22	472,576	--a------	C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe2008-06-03 22:22 . 2005-12-12 07:41	252,928	--a------	C:\WINDOWS\system32\ati2dvag.dll2008-06-03 22:22 . 2005-12-12 06:33	237,568	--a------	C:\WINDOWS\system32\ati2cqag.dll2008-06-03 22:21 . 2008-06-03 22:21	<DIR>	d--------	C:\Program Files\Alcohol Soft.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-04 21:08	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-03 22:35	112,144	----a-w	C:\WINDOWS\system32\drivers\kl1.sys2008-06-03 20:05	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-06-03 17:37	---------	d-----w	C:\Program Files\Customer2008-06-03 17:37	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-06-03 17:34	1,386,496	----a-w	C:\WINDOWS\system32\msvbvm60.dll2008-06-03 17:16	---------	d-----w	C:\Program Files\Usługi online2008-06-03 17:13	---------	d-----w	C:\Program Files\Windows Media Connect 2.------- Sigcheck -------2007-07-10 15:06  642560  ce594e18fe0d0af804f1f3694921ce62	C:\WINDOWS\system32\user32.dll2007-07-14 00:56  814592  ce7193c5f7c01b19768e066087c1c919	C:\WINDOWS\system32\wininet.dll2007-10-16 01:19  360576  0fb6743e937c7bb248b2530a5a77abc6	C:\WINDOWS\system32\drivers\tcpip.sys2007-10-19 00:19  2066816  9aa8aeee2c77b68af93691758eb0a78b	C:\WINDOWS\system32\ntkrnlpa.exe2007-10-19 00:19  2189824  1aeb1a9aa55de24bda1d441989ae4492	C:\WINDOWS\system32\ntoskrnl.exe2007-10-17 21:30  974848  16df8a100e8966e48ba00c86f6c89972	C:\WINDOWS\explorer.exe.(((((((((((((((((((((((((((((   snapshot@2008-07-02_23.24.43.09   ))))))))))))))))))))))))))))))))))))))))).- 2008-07-02 21:17:22	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-07-03 14:54:51	2,048	--s-a-w	C:\WINDOWS\bootstat.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 06:13 1589248]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]"Remove AtiHotKey"="c:\program files\AtiHotKey\AtiHotKey.exe" [2005-08-01 20:48 19968]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 21:05 344064]"TPSMain"="TPSMain.exe" [2005-08-04 14:16 266240 C:\WINDOWS\system32\TPSMain.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]C:\Documents and Settings\Wencman\Menu Start\Programy\Autostart\WinFlip.lnk - C:\Program Files\Winflip\WinFlip.exe [2008-06-04 00:09:45 483328][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3fhg"= mp3fhg.acm"msacm.divxa32"= divxa32.acm"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"vidc.i263"= i263_32.drv"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-03 16:59:36Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-03 17:00:20ComboFix-quarantined-files.txt  2008-07-03 15:00:10Pre-Run: 8,224,387,072 bajtów wolnychPost-Run: 8,215,252,992 bajtów wolnych237
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:01:19, on 2008-07-03Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20627)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PLO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Remove AtiHotKey] "c:\program files\AtiHotKey\AtiHotKey.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXEO4 - HKCU\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 5597 bytes
CatchMe
komentarz
komentarz

To nie jest komunikat tylko oznaka, że CF pracuje nadal. Musisz czekać do końca. Zrób na nowo wszystko co napisałem wcześniej.

Wencman
komentarz
komentarz

ale ja mu dałem do końca :) przecież inaczej nie dostałbym loga :) skończył chyba na dwudziestym którymś. dziś w nocy był pełen skan kasperskim na full czułości na rootkity, obiekty startowe i cały komp, to może to wyrzucił?...

CatchMe
komentarz
komentarz

Nie sądzę :P - poszło CF.

Wencman
komentarz
komentarz

czy to oznacza, że już czysty? :)

CatchMe
komentarz
komentarz

Tak.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.