x-kom hosting

plik wupdmger.exe ( wirus? )

chilly313
utworzono
utworzono

Mam problem dotyczący tego pliku. Od czasu do czasu wyskakuje mi komunikat :

16-bitowy podsystem MS-DOS : C:\WINDOWS\TEMP\wupdmger.exe

NTVDM CPU: napotkano niedozwoloną instrukcję.

CS:0000 IP:0210 OP:00 00 00 00 00 Wybierz przycisk „Zamknij”, aby zakończyć działanie aplikacji.

Moge takze nacisnac przycisk " Ignoruj "

Moze sie przyda log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:54:49, on 2008-07-29Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exeC:\Program Files\Microsoft LifeCam\MSCamSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\vVX1000.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\VentriloMIX\Ventrilo 2.1.4.exeC:\Program Files\Valve\Steam\Steam.exeC:\Documents and Settings\asdf\Pulpit\GC.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\ClamWinPortable\ClamWinPortable.exeC:\Program Files\ClamWinPortable\App\clamwin\bin\ClamWin.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\ClamWinPortable\App\clamwin\bin\clamscan.exeC:\WINDOWS\system32\mmc.exeC:\WINDOWS\system32\mmc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.plR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dllO23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 3531 bytes

Nie mam pojecia z jakiej winy wyskakuje mi ten komunikat. Wszedlem w ten folder gdzie znajduje sie ten plik, ale go nie bylo. W panelu Sterowania zaznaczylem opcje zeby pokazywał ukryte pliki itd znalazlem ten plik, usunelem go na jakis czas byl spokoj ale plik powracał w to samo miejsce

i komunikat znow wyskakuje. Mam antywirusa Kaspersky 2009 skanowałęm plik i nic nie wykryl...

Moze cos zle napisalem ale nie znam sie i szukam pomocy:p pzdr

Mateusz J.
komentarz
komentarz

C:\WINDOWS\TEMP\wupdmger.exe - Trojan.

Proszę pokazać logi z Silent Runners i ComboFix.

HijackThis jest czysty.

chilly313
komentarz
komentarz
ComboFix 08-07-28.5 - asdf 2008-07-29 14:27:03.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.255 [GMT 2:00]Running from: C:\Documents and Settings\asdf\Pulpit\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\WINDOWS\system32\ctfmon.dll.(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-29  ))))))))))))))))))))))))))))))).2008-07-29 01:37 . 2008-07-29 01:37	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Avira2008-07-29 01:33 . 2008-07-29 01:33	<DIR>	d--------	C:\Program Files\Avira2008-07-29 01:33 . 2008-07-29 01:33	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-29 01:21 . 2008-07-29 01:22	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-07-28 22:54 . 2008-07-28 22:54	<DIR>	d--h-----	C:\WINDOWS\PIF2008-07-28 21:30 . 2008-07-28 21:30	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Malwarebytes2008-07-28 21:30 . 2008-07-28 21:30	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes2008-07-28 21:26 . 2008-07-29 02:02	1,374	--a------	C:\WINDOWS\imsins.BAK2008-07-28 17:36 . 2008-07-28 17:36	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy2008-07-28 17:11 . 2008-07-28 17:11	<DIR>	d--------	C:\Program Files\Trend Micro2008-07-28 10:30 . 2008-07-28 14:05	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-07-28 10:29 . 2008-07-28 10:29	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Simply Super Software2008-07-28 10:17 . 2008-07-28 10:17	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Uniblue2008-07-28 00:49 . 2008-07-28 13:04	<DIR>	d--------	C:\WINDOWS\system32\CatRoot_bak2008-07-28 00:34 . 2008-07-28 00:34	<DIR>	d---s----	C:\Documents and Settings\asdf\UserData2008-07-27 21:53 . 2008-07-29 01:30	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-07-24 19:25 . 2008-07-24 19:25	<DIR>	d--------	C:\WINDOWS\BricoPacks2008-07-23 23:18 . 2008-07-23 23:18	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-07-22 02:18 . 2008-07-22 02:22	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE2008-07-22 02:18 . 2005-03-03 19:47	31,104	--a------	C:\WINDOWS\system32\drivers\CYUSB.sys2008-07-22 02:18 . 2007-08-02 17:32	22,784	--a------	C:\WINDOWS\system32\drivers\dadder.sys2008-07-21 17:45 . 2008-07-27 17:03	1,705	--a------	C:\WINDOWS\wininit.ini2008-07-21 16:51 . 2008-07-28 23:08	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-07-21 15:54 . 2008-07-21 15:54	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-07-21 15:41 . 2003-09-12 17:08	18,515	--a------	C:\WINDOWS\system32\drivers\wpsdrvnt.sys2008-07-20 14:48 . 2008-07-20 14:49	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\teamspeak22008-07-19 17:20 . 2008-07-29 01:39	<DIR>	d--------	C:\Downloads2008-07-19 17:14 . 2008-07-19 17:14	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\BitSpirit2008-07-19 17:13 . 2008-07-19 17:14	<DIR>	d--------	C:\Program Files\BitSpirit2008-07-17 23:01 . 2008-07-17 23:01	<DIR>	d--------	C:\WINDOWS\system32\svcdll2008-07-16 01:19 . 2008-07-16 01:19	<DIR>	d--------	C:\Program Files\Sony Ericsson2008-07-16 01:19 . 2005-06-13 10:05	96,224	--a------	C:\WINDOWS\system32\drivers\w800mdm.sys2008-07-16 01:19 . 2005-06-13 10:06	87,792	--a------	C:\WINDOWS\system32\drivers\w800mgmt.sys2008-07-16 01:19 . 2005-06-13 10:08	85,664	--a------	C:\WINDOWS\system32\drivers\w800obex.sys2008-07-16 01:19 . 2005-06-13 10:03	60,768	--a------	C:\WINDOWS\system32\drivers\w800bus.sys2008-07-16 01:19 . 2005-06-13 10:05	9,264	--a------	C:\WINDOWS\system32\drivers\w800mdfl.sys2008-07-16 01:19 . 2005-06-13 10:08	6,144	--a------	C:\WINDOWS\system32\drivers\w800cmnt.sys2008-07-16 01:19 . 2005-06-13 10:08	6,144	--a------	C:\WINDOWS\system32\drivers\w800cm.sys2008-07-16 01:19 . 2005-06-13 10:03	5,744	--a------	C:\WINDOWS\system32\drivers\w800whnt.sys2008-07-16 01:19 . 2005-06-13 10:03	5,744	--a------	C:\WINDOWS\system32\drivers\w800wh.sys2008-07-15 14:11 . 2004-08-03 23:08	26,496	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys2008-07-15 00:29 . 2008-07-15 00:29	<DIR>	d--------	C:\Program Files\Codec2008-07-14 12:24 . 2008-06-14 20:01	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys2008-07-14 12:24 . 2008-06-14 20:01	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-07-14 12:04 . 2008-07-28 15:31	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-07-13 18:18 . 2008-07-29 10:45	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\skypePM2008-07-13 18:18 . 2008-07-13 18:18	56	--ah-----	C:\WINDOWS\system32\ezsidmv.dat2008-07-13 18:17 . 2008-07-29 14:19	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Skype2008-07-13 18:16 . 2008-07-13 18:16	<DIR>	d--------	C:\Program Files\Skype2008-07-13 18:16 . 2008-07-13 18:16	<DIR>	d--------	C:\Program Files\Common Files\Skype2008-07-13 18:16 . 2008-07-13 18:16	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-07-13 17:49 . 2008-07-18 22:53	<DIR>	d--------	C:\Program Files\Windows Media Connect 22008-07-13 17:39 . 2008-07-13 17:39	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-07-13 17:39 . 2008-07-13 17:41	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF2008-07-13 17:39 . 2006-09-25 17:58	23,856	--a------	C:\WINDOWS\system32\spupdsvc.exe2008-07-12 23:04 . 2008-07-12 23:06	<DIR>	d--------	C:\Program Files\Winamp2008-07-12 23:04 . 2008-07-12 23:22	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Winamp2008-07-12 22:40 . 2008-07-12 22:44	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\BullGuard2008-07-12 22:31 . 2008-07-12 22:32	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Ventrilo2008-07-12 19:52 . 2008-07-12 19:52	58	---hs----	C:\WINDOWS\system32\User.ini2008-07-12 19:41 . 2008-07-12 19:41	65,536	---h-----	C:\WINDOWS\system32\wmoptimizer.dll2008-07-12 19:40 . 2008-07-12 19:40	<DIR>	d--------	C:\Program Files\Valve2008-07-12 19:37 . 2008-07-12 19:37	25	--a------	C:\WINDOWS\mixerdef.ini2008-07-12 19:35 . 2008-07-12 19:35	<DIR>	d--------	C:\Program Files\VentriloMIX2008-07-12 19:26 . 2008-07-12 19:26	<DIR>	d--------	C:\Program Files\MarBit2008-07-12 19:25 . 2008-07-12 19:26	<DIR>	d--------	C:\Program Files\Microsoft LifeCam2008-07-12 19:25 . 2008-07-12 19:25	0	--ah-----	C:\WINDOWS\system32\sx.inf2008-07-12 19:24 . 2008-07-12 19:28	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Nowe Gadu-Gadu2008-07-12 19:24 . 2008-07-12 19:24	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Gadu-Gadu2008-07-12 19:24 . 2005-05-26 15:34	2,297,552	--a------	C:\WINDOWS\system32\d3dx9_26.dll2008-07-12 19:19 . 2008-07-12 19:47	138,893	--a------	C:\WINDOWS\system32\nvapps.xml2008-07-12 19:19 . 2008-07-12 19:19	0	--a------	C:\WINDOWS\nsreg.dat2008-07-12 19:18 . 2008-07-12 19:18	<DIR>	d--------	C:\WINDOWS\nview2008-07-12 19:18 . 2008-07-12 19:18	<DIR>	d--------	C:\Program Files\XP Codec Pack2008-07-12 19:18 . 2007-08-09 11:27	380,928	--a------	C:\WINDOWS\system32\ac3filter.acm2008-07-12 19:18 . 2007-09-16 19:07	356,352	--a------	C:\WINDOWS\system32\nvudisp.exe2008-07-12 19:18 . 2007-09-16 19:07	17,525	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-07-12 19:17 . 2008-07-12 19:17	<DIR>	d--------	C:\Program Files\Common Files\InstallShield2008-07-12 19:17 . 2008-07-12 19:18	<DIR>	d--------	C:\Documents and Settings\asdf\Gadu-Gadu2008-07-12 19:17 . 2007-09-17 02:38	356,352	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-07-12 19:16 . 2008-07-12 19:16	<DIR>	d--------	C:\Program Files\C-Media2008-07-12 19:14 . 2008-07-29 14:27	<DIR>	d--h-----	C:\Documents and Settings\asdf\Ustawienia lokalne2008-07-12 19:14 . 2008-07-12 19:14	<DIR>	dr-------	C:\Documents and Settings\asdf\Ulubione2008-07-12 19:14 . 2008-07-12 16:04	<DIR>	d--h-----	C:\Documents and Settings\asdf\Szablony2008-07-12 19:14 . 2008-07-29 14:25	<DIR>	d--------	C:\Documents and Settings\asdf\Pulpit2008-07-12 19:14 . 2008-07-29 01:09	<DIR>	dr-------	C:\Documents and Settings\asdf\Moje dokumenty2008-07-12 19:14 . 2008-07-23 23:18	<DIR>	dr-------	C:\Documents and Settings\asdf\Menu Start2008-07-12 19:14 . 2008-07-29 01:37	<DIR>	dr-h-----	C:\Documents and Settings\asdf\Dane aplikacji2008-07-12 19:14 . 2008-07-28 17:23	<DIR>	d--------	C:\Documents and Settings\asdf2008-07-12 19:12 . 2008-07-12 19:12	<DIR>	d---s----	C:\WINDOWS\system32\Microsoft2008-07-12 19:12 . 2008-07-29 14:27	<DIR>	d--h-----	C:\Documents and Settings\NetworkService\Ustawienia lokalne2008-07-12 19:12 . 2008-07-12 19:12	<DIR>	d--------	C:\Documents and Settings\NetworkService\Dane aplikacji2008-07-12 19:12 . 2008-07-28 15:10	<DIR>	d--hs----	C:\Documents and Settings\NetworkService2008-07-12 19:12 . 2008-07-29 14:27	<DIR>	d--h-----	C:\Documents and Settings\LocalService\Ustawienia lokalne2008-07-12 19:12 . 2008-07-12 19:12	<DIR>	d--------	C:\Documents and Settings\LocalService\Dane aplikacji2008-07-12 19:12 . 2008-07-28 15:10	<DIR>	d--hs----	C:\Documents and Settings\LocalService2008-07-12 19:12 . 2008-07-12 19:12	8,192	--a------	C:\WINDOWS\REGLOCS.OLD2008-07-12 19:11 . 2008-07-29 14:27	<DIR>	dr-h-----	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Ulubione2008-07-12 19:11 . 2008-07-12 16:04	<DIR>	d--h-----	C:\WINDOWS\system32\config\systemprofile\Szablony2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Pulpit2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Moje dokumenty2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	dr-------	C:\WINDOWS\system32\config\systemprofile\Menu Start2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	dr-h-----	C:\WINDOWS\system32\config\systemprofile\Dane aplikacji2008-07-12 19:10 . 2001-10-26 21:28	10,129,408	--a--c---	C:\WINDOWS\system32\dllcache\hwxkor.dll2008-07-12 19:09 . 2001-10-26 21:28	13,463,552	--a--c---	C:\WINDOWS\system32\dllcache\hwxjpn.dll2008-07-12 19:08 . 2008-07-12 19:08	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-07-12 19:08 . 2008-07-12 19:08	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-07-12 19:07 . 2008-07-13 17:48	<DIR>	d--hs----	C:\Documents and Settings\All Users\DRM2008-07-12 19:06 . 2008-07-12 19:06	<DIR>	d--------	C:\Program Files\Usługi online2008-07-12 17:10 . 2006-06-14 10:47	172,416	--a------	C:\WINDOWS\system32\drivers\kmixer.sys2008-07-12 17:09 . 2007-09-16 19:07	6,853,088	--a------	C:\WINDOWS\system32\drivers\nv4_mini.sys2008-07-12 17:08 . 2004-08-04 02:44	77,312	--a------	C:\WINDOWS\system32\usbui.dll2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Ustawienia lokalne2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--------	C:\Documents and Settings\Default User\Ulubione2008-07-12 17:07 . 2008-07-12 16:04	<DIR>	d--h-----	C:\Documents and Settings\Default User\Szablony2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--------	C:\Documents and Settings\Default User\Pulpit2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--------	C:\Documents and Settings\Default User\Moje dokumenty2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	dr-------	C:\Documents and Settings\Default User\Menu Start2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--------	C:\Documents and Settings\All Users\Ulubione2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--h-----	C:\Documents and Settings\All Users\Szablony2008-07-12 17:07 . 2008-07-29 01:59	<DIR>	d--------	C:\Documents and Settings\All Users\Pulpit2008-07-12 17:07 . 2008-07-12 19:11	<DIR>	dr-------	C:\Documents and Settings\All Users\Menu Start2008-07-12 17:07 . 2008-07-12 16:06	<DIR>	dr-------	C:\Documents and Settings\All Users\Dokumenty2008-07-12 17:05 . 2008-07-28 23:20	<DIR>	d--------	C:\WINDOWS\system32\CatRoot2.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-12 20:45	10,240	----a-w	C:\WINDOWS\system32\BgGp.dll2008-07-12 17:36	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll2008-06-20 17:42	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll2001-11-23 11:08	712,704	----a-w	C:\WINDOWS\inf\OTHER\AUDIO3D.DLL.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54 269104]"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 01:42 707376]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-29 01:43 266497]"nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Skr˘t do gammacontrol.lnk - D:\Programs\gammacontrol.exe [2008-04-12 21:17:21 22528][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.ffds"= ffdshow.ax"msacm.ac3filter"= ac3filter.acm[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]--a------ 2002-07-12 17:33 1581056 C:\WINDOWS\mixer.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\chilly_willy_pl\\counter-strike\\hl.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Documents and Settings\\asdf\\Pulpit\\azereus 4.9\\azereus.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-29 01:43]R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-29 01:43]R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-29 01:43]R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 01:54]R2 WMOptimizer;Windows Media Optimizer;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44]R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 01:42]S3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]wmosvr	REG_MULTI_SZ   	WMOptimizer*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.- - - - ORPHANS REMOVED - - - -MSConfigStartUp-PrevxCSI - C:\Documents and Settings\asdf\Pulpit\PREVXCSIFREE.EXE.------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = hxxp://www.google.plO8 -: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htmO8 -: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-29 14:27:59Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-29 14:29:02ComboFix-quarantined-files.txt  2008-07-29 12:28:58Pre-Run: 18,036,436,992 bajtów wolnychPost-Run: 18,027,528,192 bajtów wolnych221	--- E O F ---	2008-07-29 12:16:52
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"LifeCam" = ""C:\Program Files\Microsoft LifeCam\LifeExp.exe"" [MS]"VX1000" = "C:\WINDOWS\vVX1000.exe" [MS]"avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min" ["Avira GmbH"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"				   \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"  -> {HKLM...CLSID} = "Haali Column Provider"				   \InProcServer32\(Default) = "C:\Program Files\Codec\Haali\mmfinfo.dll" [null data]"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"  -> {HKLM...CLSID} = "Haali Matroska Shell Property Page"				   \InProcServer32\(Default) = "C:\Program Files\Codec\Haali\mmfinfo.dll" [null data]"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor"  -> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"				   \InProcServer32\(Default) = "C:\Program Files\Codec\Haali\mmfinfo.dll" [null data]"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"				   \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"  -> {HKLM...CLSID} = "WPDShServiceObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\<<!>> ("" [file not found]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"  -> {HKLM...CLSID} = "Haali Column Provider"				   \InProcServer32\(Default) = "C:\Program Files\Codec\Haali\mmfinfo.dll" [null data]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"				   \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"				   \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\asdf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------
Mateusz J.
komentarz
komentarz

File::

C:\Documents and Settings\asdf\Pulpit\PREVXCSIFREE.EXEC:\WINDOWS\TEMP\wupdmger.exe

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

Pojawia się nadal komunikat?

chilly313
komentarz
komentarz

Mam nadzieje ze zrobilem to dobrze.

ComboFix 08-07-28.6 - asdf 2008-07-29 17:52:14.3 - NTFSx86 MINIMALMicrosoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.395 [GMT 2:00]Running from: D:\Programs\Combofix\ComboFix.exeCommand switches used :: D:\Programs\Combofix\CFScript.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-29  ))))))))))))))))))))))))))))))).2008-07-29 01:37 . 2008-07-29 01:37	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Avira2008-07-29 01:33 . 2008-07-29 01:33	<DIR>	d--------	C:\Program Files\Avira2008-07-29 01:33 . 2008-07-29 01:33	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-07-29 01:21 . 2008-07-29 01:22	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-07-28 22:54 . 2008-07-28 22:54	<DIR>	d--h-----	C:\WINDOWS\PIF2008-07-28 21:30 . 2008-07-28 21:30	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Malwarebytes2008-07-28 21:30 . 2008-07-28 21:30	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes2008-07-28 21:26 . 2008-07-29 02:02	1,374	--a------	C:\WINDOWS\imsins.BAK2008-07-28 17:36 . 2008-07-28 17:36	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy2008-07-28 17:11 . 2008-07-28 17:11	<DIR>	d--------	C:\Program Files\Trend Micro2008-07-28 10:30 . 2008-07-28 14:05	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-07-28 10:29 . 2008-07-28 10:29	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Simply Super Software2008-07-28 10:17 . 2008-07-28 10:17	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Uniblue2008-07-28 00:49 . 2008-07-28 13:04	<DIR>	d--------	C:\WINDOWS\system32\CatRoot_bak2008-07-28 00:34 . 2008-07-28 00:34	<DIR>	d---s----	C:\Documents and Settings\asdf\UserData2008-07-27 21:53 . 2008-07-29 01:30	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-07-24 19:25 . 2008-07-24 19:25	<DIR>	d--------	C:\WINDOWS\BricoPacks2008-07-23 23:18 . 2008-07-23 23:18	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-07-22 02:18 . 2008-07-22 02:22	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE2008-07-22 02:18 . 2005-03-03 19:47	31,104	--a------	C:\WINDOWS\system32\drivers\CYUSB.sys2008-07-22 02:18 . 2007-08-02 17:32	22,784	--a------	C:\WINDOWS\system32\drivers\dadder.sys2008-07-21 17:45 . 2008-07-27 17:03	1,705	--a------	C:\WINDOWS\wininit.ini2008-07-21 16:51 . 2008-07-28 23:08	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-07-21 15:54 . 2008-07-21 15:54	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-07-21 15:41 . 2003-09-12 17:08	18,515	--a------	C:\WINDOWS\system32\drivers\wpsdrvnt.sys2008-07-20 14:48 . 2008-07-20 14:49	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\teamspeak22008-07-19 17:20 . 2008-07-29 01:39	<DIR>	d--------	C:\Downloads2008-07-19 17:14 . 2008-07-19 17:14	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\BitSpirit2008-07-19 17:13 . 2008-07-19 17:14	<DIR>	d--------	C:\Program Files\BitSpirit2008-07-17 23:01 . 2008-07-17 23:01	<DIR>	d--------	C:\WINDOWS\system32\svcdll2008-07-16 01:19 . 2008-07-16 01:19	<DIR>	d--------	C:\Program Files\Sony Ericsson2008-07-16 01:19 . 2005-06-13 10:05	96,224	--a------	C:\WINDOWS\system32\drivers\w800mdm.sys2008-07-16 01:19 . 2005-06-13 10:06	87,792	--a------	C:\WINDOWS\system32\drivers\w800mgmt.sys2008-07-16 01:19 . 2005-06-13 10:08	85,664	--a------	C:\WINDOWS\system32\drivers\w800obex.sys2008-07-16 01:19 . 2005-06-13 10:03	60,768	--a------	C:\WINDOWS\system32\drivers\w800bus.sys2008-07-16 01:19 . 2005-06-13 10:05	9,264	--a------	C:\WINDOWS\system32\drivers\w800mdfl.sys2008-07-16 01:19 . 2005-06-13 10:08	6,144	--a------	C:\WINDOWS\system32\drivers\w800cmnt.sys2008-07-16 01:19 . 2005-06-13 10:08	6,144	--a------	C:\WINDOWS\system32\drivers\w800cm.sys2008-07-16 01:19 . 2005-06-13 10:03	5,744	--a------	C:\WINDOWS\system32\drivers\w800whnt.sys2008-07-16 01:19 . 2005-06-13 10:03	5,744	--a------	C:\WINDOWS\system32\drivers\w800wh.sys2008-07-15 14:11 . 2004-08-03 23:08	26,496	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys2008-07-15 00:29 . 2008-07-15 00:29	<DIR>	d--------	C:\Program Files\Codec2008-07-14 12:24 . 2008-06-14 20:01	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys2008-07-14 12:24 . 2008-06-14 20:01	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-07-14 12:04 . 2008-07-28 15:31	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-07-13 18:18 . 2008-07-29 10:45	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\skypePM2008-07-13 18:18 . 2008-07-13 18:18	56	--ah-----	C:\WINDOWS\system32\ezsidmv.dat2008-07-13 18:17 . 2008-07-29 14:19	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Skype2008-07-13 18:16 . 2008-07-13 18:16	<DIR>	d--------	C:\Program Files\Skype2008-07-13 18:16 . 2008-07-13 18:16	<DIR>	d--------	C:\Program Files\Common Files\Skype2008-07-13 18:16 . 2008-07-13 18:16	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-07-13 17:49 . 2008-07-18 22:53	<DIR>	d--------	C:\Program Files\Windows Media Connect 22008-07-13 17:39 . 2008-07-13 17:39	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-07-13 17:39 . 2008-07-13 17:41	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF2008-07-13 17:39 . 2006-09-25 17:58	23,856	--a------	C:\WINDOWS\system32\spupdsvc.exe2008-07-12 23:04 . 2008-07-12 23:06	<DIR>	d--------	C:\Program Files\Winamp2008-07-12 23:04 . 2008-07-12 23:22	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Winamp2008-07-12 22:40 . 2008-07-12 22:44	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\BullGuard2008-07-12 22:31 . 2008-07-12 22:32	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Ventrilo2008-07-12 19:52 . 2008-07-12 19:52	58	---hs----	C:\WINDOWS\system32\User.ini2008-07-12 19:41 . 2008-07-12 19:41	65,536	---h-----	C:\WINDOWS\system32\wmoptimizer.dll2008-07-12 19:40 . 2008-07-12 19:40	<DIR>	d--------	C:\Program Files\Valve2008-07-12 19:37 . 2008-07-12 19:37	25	--a------	C:\WINDOWS\mixerdef.ini2008-07-12 19:35 . 2008-07-12 19:35	<DIR>	d--------	C:\Program Files\VentriloMIX2008-07-12 19:26 . 2008-07-12 19:26	<DIR>	d--------	C:\Program Files\MarBit2008-07-12 19:25 . 2008-07-12 19:26	<DIR>	d--------	C:\Program Files\Microsoft LifeCam2008-07-12 19:25 . 2008-07-12 19:25	0	--ah-----	C:\WINDOWS\system32\sx.inf2008-07-12 19:24 . 2008-07-12 19:28	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Nowe Gadu-Gadu2008-07-12 19:24 . 2008-07-12 19:24	<DIR>	d--------	C:\Documents and Settings\asdf\Dane aplikacji\Gadu-Gadu2008-07-12 19:24 . 2005-05-26 15:34	2,297,552	--a------	C:\WINDOWS\system32\d3dx9_26.dll2008-07-12 19:19 . 2008-07-12 19:47	138,893	--a------	C:\WINDOWS\system32\nvapps.xml2008-07-12 19:19 . 2008-07-12 19:19	0	--a------	C:\WINDOWS\nsreg.dat2008-07-12 19:18 . 2008-07-12 19:18	<DIR>	d--------	C:\WINDOWS\nview2008-07-12 19:18 . 2008-07-12 19:18	<DIR>	d--------	C:\Program Files\XP Codec Pack2008-07-12 19:18 . 2007-08-09 11:27	380,928	--a------	C:\WINDOWS\system32\ac3filter.acm2008-07-12 19:18 . 2007-09-16 19:07	356,352	--a------	C:\WINDOWS\system32\nvudisp.exe2008-07-12 19:18 . 2007-09-16 19:07	17,525	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-07-12 19:17 . 2008-07-12 19:17	<DIR>	d--------	C:\Program Files\Common Files\InstallShield2008-07-12 19:17 . 2008-07-12 19:18	<DIR>	d--------	C:\Documents and Settings\asdf\Gadu-Gadu2008-07-12 19:17 . 2007-09-17 02:38	356,352	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-07-12 19:16 . 2008-07-12 19:16	<DIR>	d--------	C:\Program Files\C-Media2008-07-12 19:14 . 2008-07-29 17:53	<DIR>	d--h-----	C:\Documents and Settings\asdf\Ustawienia lokalne2008-07-12 19:14 . 2008-07-12 19:14	<DIR>	dr-------	C:\Documents and Settings\asdf\Ulubione2008-07-12 19:14 . 2008-07-12 16:04	<DIR>	d--h-----	C:\Documents and Settings\asdf\Szablony2008-07-12 19:14 . 2008-07-29 17:52	<DIR>	d--------	C:\Documents and Settings\asdf\Pulpit2008-07-12 19:14 . 2008-07-29 01:09	<DIR>	dr-------	C:\Documents and Settings\asdf\Moje dokumenty2008-07-12 19:14 . 2008-07-23 23:18	<DIR>	dr-------	C:\Documents and Settings\asdf\Menu Start2008-07-12 19:14 . 2008-07-29 01:37	<DIR>	dr-h-----	C:\Documents and Settings\asdf\Dane aplikacji2008-07-12 19:14 . 2008-07-28 17:23	<DIR>	d--------	C:\Documents and Settings\asdf2008-07-12 19:12 . 2008-07-12 19:12	<DIR>	d---s----	C:\WINDOWS\system32\Microsoft2008-07-12 19:12 . 2008-07-29 17:53	<DIR>	d--h-----	C:\Documents and Settings\NetworkService\Ustawienia lokalne2008-07-12 19:12 . 2008-07-12 19:12	<DIR>	d--------	C:\Documents and Settings\NetworkService\Dane aplikacji2008-07-12 19:12 . 2008-07-28 15:10	<DIR>	d--hs----	C:\Documents and Settings\NetworkService2008-07-12 19:12 . 2008-07-29 14:29	<DIR>	d--h-----	C:\Documents and Settings\LocalService\Ustawienia lokalne2008-07-12 19:12 . 2008-07-12 19:12	<DIR>	d--------	C:\Documents and Settings\LocalService\Dane aplikacji2008-07-12 19:12 . 2008-07-28 15:10	<DIR>	d--hs----	C:\Documents and Settings\LocalService2008-07-12 19:12 . 2008-07-12 19:12	8,192	--a------	C:\WINDOWS\REGLOCS.OLD2008-07-12 19:11 . 2008-07-29 17:53	<DIR>	dr-h-----	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Ulubione2008-07-12 19:11 . 2008-07-12 16:04	<DIR>	d--h-----	C:\WINDOWS\system32\config\systemprofile\Szablony2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Pulpit2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Moje dokumenty2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	dr-------	C:\WINDOWS\system32\config\systemprofile\Menu Start2008-07-12 19:11 . 2008-07-12 17:07	<DIR>	dr-h-----	C:\WINDOWS\system32\config\systemprofile\Dane aplikacji2008-07-12 19:10 . 2001-10-26 21:28	10,129,408	--a--c---	C:\WINDOWS\system32\dllcache\hwxkor.dll2008-07-12 19:09 . 2001-10-26 21:28	13,463,552	--a--c---	C:\WINDOWS\system32\dllcache\hwxjpn.dll2008-07-12 19:08 . 2008-07-12 19:08	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-07-12 19:08 . 2008-07-12 19:08	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-07-12 19:07 . 2008-07-13 17:48	<DIR>	d--hs----	C:\Documents and Settings\All Users\DRM2008-07-12 19:06 . 2008-07-12 19:06	<DIR>	d--------	C:\Program Files\Usługi online2008-07-12 17:10 . 2006-06-14 10:47	172,416	--a------	C:\WINDOWS\system32\drivers\kmixer.sys2008-07-12 17:09 . 2007-09-16 19:07	6,853,088	--a------	C:\WINDOWS\system32\drivers\nv4_mini.sys2008-07-12 17:08 . 2004-08-04 02:44	77,312	--a------	C:\WINDOWS\system32\usbui.dll2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Ustawienia lokalne2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--------	C:\Documents and Settings\Default User\Ulubione2008-07-12 17:07 . 2008-07-12 16:04	<DIR>	d--h-----	C:\Documents and Settings\Default User\Szablony2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--------	C:\Documents and Settings\Default User\Pulpit2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--------	C:\Documents and Settings\Default User\Moje dokumenty2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	dr-------	C:\Documents and Settings\Default User\Menu Start2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--------	C:\Documents and Settings\All Users\Ulubione2008-07-12 17:07 . 2008-07-12 17:07	<DIR>	d--h-----	C:\Documents and Settings\All Users\Szablony2008-07-12 17:07 . 2008-07-29 01:59	<DIR>	d--------	C:\Documents and Settings\All Users\Pulpit2008-07-12 17:07 . 2008-07-12 19:11	<DIR>	dr-------	C:\Documents and Settings\All Users\Menu Start2008-07-12 17:07 . 2008-07-12 16:06	<DIR>	dr-------	C:\Documents and Settings\All Users\Dokumenty2008-07-12 17:05 . 2008-07-29 17:41	<DIR>	d--------	C:\WINDOWS\system32\CatRoot2.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-12 20:45	10,240	----a-w	C:\WINDOWS\system32\BgGp.dll2008-07-12 17:36	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll2008-06-20 17:42	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll2001-11-23 11:08	712,704	----a-w	C:\WINDOWS\inf\OTHER\AUDIO3D.DLL.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54 269104]"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 01:42 707376]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-29 01:43 266497]"nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Skr˘t do gammacontrol.lnk - D:\Programs\gammacontrol.exe [2008-04-12 21:17:21 22528][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.ffds"= ffdshow.ax"msacm.ac3filter"= ac3filter.acm[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]--a------ 2002-07-12 17:33 1581056 C:\WINDOWS\mixer.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\chilly_willy_pl\\counter-strike\\hl.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Documents and Settings\\asdf\\Pulpit\\azereus 4.9\\azereus.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-29 01:43]S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-29 01:43]S2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-29 01:43]S2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 01:54]S2 WMOptimizer;Windows Media Optimizer;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44]S3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32]S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 01:42][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]wmosvr	REG_MULTI_SZ   	WMOptimizer.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-29 17:53:36Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-29 17:54:46ComboFix-quarantined-files.txt  2008-07-29 15:54:40ComboFix2.txt  2008-07-29 15:41:53ComboFix3.txt  2008-07-29 12:29:03Pre-Run: 18,585,088,000 bajtów wolnychPost-Run: 18,576,912,384 bajtów wolnych207	--- E O F ---	2008-07-29 12:16:52

Komunikat nadal sie pojawia co jakis czas:/

//ile razy można pisać, że logi wstawiamy w tagi CODE?

//tym razem +10%

//sniper45

MAce pomysl jak go wywalic???? A do tego kogos u gory niewiem oco mu chodzi bo nieznam sie na forach itd ;] 10% ? wtf :D

chilly313
komentarz
komentarz

Zrobilem to, czyszczac wszystko a plik nadal wraca:|

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.