Log hj msudks.exe

**Posty:** 924 · przez **kepa416** 10 Sie 2008, 17:09

Witam ostatnio Nod znalazł u mnie kilka infekcji jedna z nim był plik msudks.exe drugi jest w logu z hj poniżej i jeden wpis który mi nie pasuje :

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:05:39, on 2008-08-10 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe D:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe D:\Program Files\Xfire\xfire.exe C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe H:\MOJE\Programy\system\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKCU\..\Run: [AutoConnect] D:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [b]O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe[/b] O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BAA5C073-F897-45E4-BAC1-6DC963635AAB}: NameServer = 208.67.222.222 208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [b]O23 - Service: Microsoft Network Device Manage Service (msbrnd) - Unknown owner - C:\WINDOWS\system32\msbrn.exe[/b] O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 5543 bytes

Kod: Zaznacz wszystko: ComboFix 08-08-09.06 - User 2008-08-10 17:15:21.5 - NTFSx86 Running from: E:\zassane\ComboFix.exe * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\setup.ini . ((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 ))))))))))))))))))))))))))))))) . 2008-08-10 00:13 . 2008-08-10 00:17 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-08-10 00:13 . 2008-08-10 00:13 <DIR> d--h----- C:\Documents and Settings\User\InstallAnywhere 2008-08-09 23:38 . 2008-08-10 01:13 <DIR> d-------- C:\Temp 2008-08-09 15:19 . 2008-08-09 15:19 <DIR> d-------- C:\Documents and Settings\User\EurekaLog 2008-08-09 04:02 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-08-09 03:57 . 2008-08-09 03:57 <DIR> d-------- C:\Program Files\Realtek 2008-08-09 03:56 . 2008-03-05 18:07 520,192 --a------ C:\WINDOWS\RtlExUpd.dll 2008-08-09 03:56 . 2008-08-09 03:56 315,392 --a------ C:\WINDOWS\HideWin.exe 2008-07-30 03:14 . 2008-07-30 03:14 <DIR> d-------- C:\Documents and Settings\User\WapSter 2008-07-30 01:16 . 2008-07-30 01:16 <DIR> d-------- C:\Program Files\WapSter 2008-07-29 12:33 . 2008-07-29 12:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-07-29 12:33 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-07-29 12:33 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-07-29 12:33 . 2008-05-31 01:22 683,520 --a------ C:\WINDOWS\system32\divx.dll 2008-07-29 12:33 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-07-29 12:33 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-07-29 12:33 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-07-29 12:33 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm 2008-07-29 12:33 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-07-29 12:33 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2008-07-26 01:01 . 2008-04-14 22:51 345,088 --a--c--- C:\WINDOWS\system32\dllcache\mspaint.exe 2008-07-26 01:01 . 2008-07-26 01:01 339,968 --a------ C:\WINDOWS\mspaint.exe 2008-07-26 00:40 . 2006-11-08 21:19 4,544 --a------ C:\WINDOWS\system32\drivers\hidusbf.sys 2008-07-25 00:24 . 2008-07-25 00:24 <DIR> d-------- C:\Program Files\A4Tech 2008-07-25 00:23 . 2007-05-15 17:31 36,864 --a------ C:\WINDOWS\system32\Amhooker.dll 2008-07-25 00:23 . 2007-05-15 05:41 14,336 --a------ C:\WINDOWS\system32\drivers\Amusbprt.sys 2008-07-25 00:23 . 2007-05-15 05:40 14,336 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys 2008-07-25 00:23 . 2007-05-15 05:38 9,216 --a------ C:\WINDOWS\system32\drivers\Amfilter.sys 2008-07-21 18:03 . 2008-08-09 23:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-21 18:03 . 2008-07-21 18:03 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-21 16:20 . 2008-07-21 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2008-07-16 01:09 . 2008-07-16 01:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-07-11 13:56 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll 2008-07-11 13:56 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll 2008-07-11 13:56 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll 2008-07-11 13:56 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll 2008-07-11 13:56 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll 2008-07-11 13:56 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll 2008-07-11 13:56 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll 2008-07-11 13:55 . 2008-07-11 13:55 <DIR> d-------- C:\WINDOWS\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 15:12 25,611,807 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-08-10 15:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5 2008-08-10 14:31 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Xfire 2008-08-10 13:30 162,008 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-10 13:29 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-10 12:46 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-10 11:37 --------- d-----w C:\Program Files\Spyware Terminator 2008-08-10 11:36 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Spyware Terminator 2008-08-09 21:10 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\teamspeak2 2008-08-09 02:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys 2008-08-09 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-08 12:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator 2008-08-04 21:57 --------- d-----w C:\Program Files\Java 2008-08-03 18:03 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent 2008-07-31 20:27 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-07-29 10:33 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\DivX 2008-07-25 11:45 --------- d-----w C:\Program Files\eMule 2008-07-13 08:20 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Winamp 2008-07-09 13:48 --------- d-----w C:\Program Files\ESET 2008-07-05 14:04 --------- d-----w C:\Program Files\Driver Sweeper 2008-07-04 13:02 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Ventrilo 2008-07-04 12:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-02 05:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-07-02 04:49 --------- d-----w C:\Program Files\Reference Assemblies 2008-07-02 04:49 --------- d-----w C:\Program Files\MSBuild 2008-06-30 17:17 --------- d-----w C:\Program Files\Diskeeper Corporation 2008-06-30 17:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation 2008-06-20 13:54 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\gtk-2.0 2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-15 15:16 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Nokia Multimedia Player 2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-06-11 00:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-06-11 00:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-06-11 00:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-06-11 00:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-06-11 00:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-06-07 20:12 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-06-01 19:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-17 15:05 22,328 ----a-w C:\Documents and Settings\User\Dane aplikacji\PnkBstrK.sys 2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-02-25 16:44 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-02-16 01:57 98 --sha-w C:\Program Files\desktop.ini 2008-04-14 20:51 60,928 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe 2008-02-20 13:26 88 --sh--r C:\WINDOWS\system32\D66AB7E280.sys 2008-02-20 13:26 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-05-02 23:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008050320080504\index.dat . ------- Sigcheck ------- 2008-03-01 15:02 817152 c18cc1b019ba1082f6925fd603993777 C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2008-03-01 15:02 817152 c18cc1b019ba1082f6925fd603993777 C:\WINDOWS\system32\wininet.dll 2008-03-01 15:02 826368 acb31b4ed243d4dffa5268f4ad2b0d6f C:\WINDOWS\system32\dllcache\wininet.dll 2008-01-19 18:09 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2008-05-28 17:02 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2008-05-28 17:02 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe 2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutoConnect"="D:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784] "AQQ"="C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [2008-07-29 22:49 1605104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168] "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 17:33 204800] "AdslTaskBar"="stmctrl.dll" [2006-09-25 07:28 151552 C:\WINDOWS\system32\stmctrl.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 4 (0x4) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "VIDC.XFR1"= xfcodec.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Awp03.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kqj47.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ocm15.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ymo60.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-13 22:11] R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 10:21] R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\WINDOWS\system32\DRIVERS\hidusbf.sys [2006-11-08 21:19] R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2006-06-27 05:56] R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-11-30 03:32] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-10-26 21:30] S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 13:06] S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys [] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 16:19] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 20:33] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 16:11] *Newly Created Service* - PROCEXP90 *Newly Created Service* - SR . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://forum.programosy.pl/ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\np32dsw.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin2.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin3.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin4.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin5.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin6.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin7.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin2.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin3.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin4.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin5.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin6.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin7.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-10 17:20:03 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-10 17:21:37 ComboFix-quarantined-files.txt 2008-08-10 15:21:32 Pre-Run: 9,746,575,360 bajtów wolnych Post-Run: 9,791,041,536 bajtów wolnych 213 --- E O F --- 2008-05-31 23:10:00

**Posty:** 8001 · przez **Okocza** 10 Sie 2008, 17:11

wstaw log z CF

**Posty:** 684 · przez **djarta** 10 Sie 2008, 17:32

Ja nie widzę tu nic szkodliwego,oprócz tego co usunął ComboFix.

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

i tym

FixIEDef.

:wink:

**Posty:** 924 · przez **kepa416** 10 Sie 2008, 17:52

djarta napisał(a):Wykonaj optymalizację autostartu

6 wpisów to dużo ?

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.5.3.6067 * * * ******************************************************************************** Created at 17:49:18 on Sunday, August 10, 2008 Time Zone : Logged On User : User Operating System : Microsoft Windows XP Professional Dodatek Service Pack 3 OS Version : 5.1.2600 System Langauge : Polish Keyboard Layout : Polish Processor : X86 Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 Total Physical Memory : 2096236 KB Free Physical Memory : 1544328 KB Total Virtual Memory : 2097024 KB Free Virtual Memory : 2012196 KB Boot State : Normal boot -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\WINDOWS\system32\Uninstall.ico -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

**Posty:** 7956 · przez **Magik** 10 Sie 2008, 17:54

kepa416 napisał(a):6 wpisów to dużo ?

pokaz te wpisy, zalezy, moze byc 1 i moze byc zamul :wink:

he

**Posty:** 924 · przez **kepa416** 10 Sie 2008, 23:05

Skan z KS " :

Kod: Zaznacz wszystko: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 10 sierpień 2008 23:04:21 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 3 (Build 2600) Kaspersky Online Scanner wersja: 5.0.98.1 Ostatnia aktualizacja Kaspersky Anti-Virus10/08/2008 Liczba wpisów w bazie danych Kaspersky Anti-Virus1079166 ------------------------------------------------------------------------------- Ustawienia skanowania: Skanowanie przy użyciu następujących baz danych: rozszerzone Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Statystyki skanowania: Liczba skanowanych obiektów: 100200 Liczba wykrytych wirusów: 0 Liczba zainfekowanych obiektów: 0 Liczba podejrzanych obiektów: 0 Czas trwania skanowania: 00:37:27 Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\User\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\cert8.db Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\content-prefs.sqlite Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\cookies.sqlite Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\downloads.sqlite Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\formhistory.sqlite Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\key3.db Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\parent.lock Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\permissions.sqlite Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\places.sqlite Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\places.sqlite-journal Object is locked pominięty C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\search.sqlite Object is locked pominięty C:\Documents and Settings\User\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\User\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\CardSpace\CardSpace.db Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\CardSpace\CardSpace.db.shadow Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\Cache\_CACHE_001_ Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\Cache\_CACHE_002_ Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\Cache\_CACHE_003_ Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\Cache\_CACHE_MAP_ Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\urlclassifier3.sqlite Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Historia\History.IE5\MSHist012008081020080811\index.dat Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\temp\etilqs_kmgQ1o5gVGSxxhJJrFMm Object is locked pominięty C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked pominięty C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty C:\WINDOWS\SchedLgU.Txt Object is locked pominięty C:\WINDOWS\Sti_Trace.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\default Object is locked pominięty C:\WINDOWS\system32\config\default.LOG Object is locked pominięty C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty C:\WINDOWS\system32\config\ODiag.evt Object is locked pominięty C:\WINDOWS\system32\config\OSession.evt Object is locked pominięty C:\WINDOWS\system32\config\SAM Object is locked pominięty C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\SECURITY Object is locked pominięty C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty C:\WINDOWS\system32\config\software Object is locked pominięty C:\WINDOWS\system32\config\software.LOG Object is locked pominięty C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\system Object is locked pominięty C:\WINDOWS\system32\config\system.LOG Object is locked pominięty C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\RIR2PKET\msjdk[1].bin Object is locked pominięty C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty C:\WINDOWS\system32\h323log.txt Object is locked pominięty C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked pominięty C:\WINDOWS\system32\msbrn.exe Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty C:\WINDOWS\TEMP\Perflib_Perfdata_464.dat Object is locked pominięty C:\WINDOWS\TempFile Object is locked pominięty C:\WINDOWS\wiadebug.log Object is locked pominięty C:\WINDOWS\wiaservc.log Object is locked pominięty D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty H:\MOJE\Programy\Install\NOD32\NOD32 3.0.667.0 pl\NOD32_v3.0.655_32bits_FiX.exe Object is locked pominięty H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty Proces skanowania został zakończony.

Dodano 10.08.2008 22:06:20:
a wpisy to aqq, nod stery od a4tech no i rundll32 i nvcpl i autoconnect

**Posty:** 7956 · przez **Magik** 10 Sie 2008, 23:10

kepa416 napisał(a):Skan z KS " :

ktory niczego nie wykryl

Kod: Zaznacz wszystko: O23 - Service: Microsoft Network Device Manage Service (msbrnd) - Unknown owner - C:\WINDOWS\system32\msbrn.exe

ten plik Sophos oznacza jako malware, sfixuj go to raz

kepa416 napisał(a):msudks.exe

tak samo usuwasz ten plik

edit

wpisy w msconfig sa ok

**Posty:** 924 · przez **kepa416** 10 Sie 2008, 23:35

A co z takim fantem :

**Posty:** 7956 · przez **Magik** 10 Sie 2008, 23:38

kepa416 napisał(a):A co z takim fantem :

postępuj wg tych wskazówek a nastepnie pozbadz sie tych plikow

**Posty:** 924 · przez **kepa416** 11 Sie 2008, 01:24

A skad mam być pewny ze ten plik nie zrobi mi żadnej szkody ?

**Posty:** 7956 · przez **Magik** 11 Sie 2008, 02:12

kepa416 napisał(a):A skad mam być pewny ze ten plik nie zrobi mi żadnej szkody ?

Słuchaj...........jak odpalisz kompa w trybie awaryjnym, usuniesz te pliki chociazby recznie, to potem Kerio bedzie "milczal" bo niby do czego mialby sie odwolywac

Wiesz co to jest malware?? zwykla aplikacja szpiegowska

Napisalem Ci wyzej daj oba wpisy na fix?? Ano.........Nawet, gdybys go dopuscil i usunal, tragedia by sie nie stala, a slonce rano by wzeszlo.......he

Autor postu otrzymał pochwałę

**Posty:** 924 · przez **kepa416** 13 Sie 2008, 10:54

Co do Tematu to dziś rano po aktualizacji Noda wykryło mi kilka infekcji :

**Posty:** 8001 · przez **Okocza** 13 Sie 2008, 12:01

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 924 · przez **kepa416** 13 Sie 2008, 13:12

Kod: Zaznacz wszystko: Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 13:10:06 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... IPC error: 2 Nie można odnaleźć określonego pliku. scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance] "Error Count"=dword:0000000f [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:513c5286 "s2"=dword:32913539 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="d:\Program Files\DAEMON Tools Pro\" "h0"=dword:00000001 "hdf12"=hex:45,00,ae,08,40,a6,fc,79,a5,fa,9d,78,43,eb,14,c5,64,6a,1a,85,45,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,65,75,f9,62,a8,cc,1c,c3,ad,7b,40,fb,23,b8,10,3b,1b,.. "hdf12"=hex:1f,cf,f4,ae,eb,bc,70,c6,35,e4,17,13,66,52,ca,c5,ab,62,3c,e7,9c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:08,a5,28,59,7e,6c,ff,fb,4b,a1,f3,13,7c,b2,ae,50,fd,5a,c8,bc,b9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:b4,1a,03,d9,42,24,6e,7a,e0,31,3d,1d,3b,0b,e4,36,02,85,4b,02,47,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002] "a0"=hex:20,01,00,00,6f,90,fe,62,14,b2,a4,51,83,8d,fb,b8,10,9e,2b,fa,f2,.. "hdf12"=hex:b7,98,dc,94,88,30,e3,05,78,a2,0e,5c,7d,3b,72,be,8c,f5,5c,c5,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0] "hdf12"=hex:a4,db,fb,c5,78,c9,18,fb,bd,0d,ec,38,5d,d2,d4,da,36,7e,7a,f1,da,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1] "hdf12"=hex:14,7f,1f,89,0a,7c,cc,8d,15,9e,5e,39,6a,a6,ab,cd,aa,9a,01,64,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:67,b0,56,46,d6,98,f5,89,c1,c6,ca,54,93,7c,55,be,d5,da,0b,fe,bb,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="d:\Program Files\DAEMON Tools Pro\" "h0"=dword:00000001 "hdf12"=hex:ba,8b,ff,bf,a5,cd,30,f6,f7,e8,c9,0c,f5,cc,1d,db,c0,63,dc,e9,aa,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,65,75,f9,62,a8,cc,1c,c3,ad,7b,40,fb,23,b8,10,3b,1b,.. "hdf12"=hex:e7,9d,16,7b,b4,aa,ec,65,1d,22,de,2a,c2,e0,af,cf,4f,86,3d,c2,6f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:15,3b,c4,51,70,26,97,92,51,8c,ea,28,7d,22,a0,9b,5e,e9,d1,a3,9b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:15,66,bb,44,c4,64,04,ff,59,2b,a4,f5,28,b8,03,ba,b2,61,88,4d,c3,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002] "a0"=hex:20,01,00,00,6f,90,fe,62,14,b2,a4,51,83,8d,fb,b8,10,9e,2b,fa,f2,.. "hdf12"=hex:b7,98,dc,94,88,30,e3,05,78,a2,0e,5c,7d,3b,72,be,8c,f5,5c,c5,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0] "hdf12"=hex:77,97,a6,63,3a,75,fd,b8,7d,25,fc,68,4b,8a,4b,9d,7d,e6,1b,d4,17,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1] "hdf12"=hex:14,7f,1f,89,0a,7c,cc,8d,15,9e,5e,39,6a,a6,ab,cd,aa,9a,01,64,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:67,b0,56,46,d6,98,f5,89,c1,c6,ca,54,93,7c,55,be,d5,da,0b,fe,bb,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="d:\Program Files\DAEMON Tools Pro\" "h0"=dword:00000001 "hdf12"=hex:45,00,ae,08,40,a6,fc,79,a5,fa,9d,78,43,eb,14,c5,64,6a,1a,85,45,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,65,75,f9,62,a8,cc,1c,c3,ad,7b,40,fb,23,b8,10,3b,1b,.. "hdf12"=hex:1f,cf,f4,ae,eb,bc,70,c6,35,e4,17,13,66,52,ca,c5,ab,62,3c,e7,9c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:08,a5,28,59,7e,6c,ff,fb,4b,a1,f3,13,7c,b2,ae,50,fd,5a,c8,bc,b9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:b4,1a,03,d9,42,24,6e,7a,e0,31,3d,1d,3b,0b,e4,36,02,85,4b,02,47,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002] "a0"=hex:20,01,00,00,6f,90,fe,62,14,b2,a4,51,83,8d,fb,b8,10,9e,2b,fa,f2,.. "hdf12"=hex:b7,98,dc,94,88,30,e3,05,78,a2,0e,5c,7d,3b,72,be,8c,f5,5c,c5,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0] "hdf12"=hex:a4,db,fb,c5,78,c9,18,fb,bd,0d,ec,38,5d,d2,d4,da,36,7e,7a,f1,da,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1] "hdf12"=hex:14,7f,1f,89,0a,7c,cc,8d,15,9e,5e,39,6a,a6,ab,cd,aa,9a,01,64,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:67,b0,56,46,d6,98,f5,89,c1,c6,ca,54,93,7c,55,be,d5,da,0b,fe,bb,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24A3B191-9CDA-E568-772F-8E2FC061844B}] "iahedahdihkeppdgon"=hex:6a,61,61,6e,63,6a,62,62,63,6c,69,61,70,6e,63,70,6c,6f,61,68,00,.. "hafennmbgjeegcki"=hex:6a,61,61,6e,63,6a,62,62,63,6c,69,61,70,6e,63,70,6c,6f,61,68,00,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain] "y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="C:\WINDOWS\Twain_32\hpsj_0000\hpsj_0000.ds" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Mon 3 Mar 2008 568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg" Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg" Tue 22 Apr 2008 625,664 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe" Wed 20 Feb 2008 88 ..SHR --- "C:\WINDOWS\system32\D66AB7E280.sys" Wed 20 Feb 2008 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Sat 5 Apr 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 14 Apr 2008 60,928 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe" Thu 7 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 1 Jun 2008 5,409 ...HR --- "C:\Documents and Settings\User\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak" [b]Finished![/b]

Dodano 13.08.2008 12:13:21:
Nie wiem czy dobrze bo w awaryjnem SDfix nie chcił odpalic wyszło cos o Hardlock Driver

**Posty:** 8001 · przez **Okocza** 13 Sie 2008, 13:14

kepa416,

a gdzie

okocza napisał(a):log z combofixa oraz daj loga z hijacka

**Posty:** 924 · przez **kepa416** 13 Sie 2008, 13:21

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:14, on 2008-08-13 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe D:\Program Files\AutoConnect\AutoConnect.exe C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe D:\Program Files\Xfire\xfire.exe C:\WINDOWS\system32\CF10113.exe H:\MOJE\Programy\system\bezpiecz\HiJackThis.exe C:\ComboFix\swreg.cfexe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKCU\..\Run: [AutoConnect] D:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BAA5C073-F897-45E4-BAC1-6DC963635AAB}: NameServer = 208.67.222.222 208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 5145 bytes

Dodano 13.08.2008 12:21:48:

Kod: Zaznacz wszystko: ComboFix 08-08-12.01 - User 2008-08-13 13:14:43.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1534 [GMT 2:00] Running from: E:\zassane\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))) . 2008-08-13 12:55 . 2008-08-13 12:55 <DIR> d-------- C:\WINDOWS\ERUNT 2008-08-13 12:51 . 2008-08-13 13:11 <DIR> d-------- C:\SDFix 2008-08-10 23:30 . 2008-08-10 23:31 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-10 23:26 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-10 23:23 . 2008-08-10 23:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-08-10 23:23 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-08-10 17:52 . 2008-08-10 17:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-10 17:52 . 2008-08-10 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-08-10 00:13 . 2008-08-10 00:17 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-08-10 00:13 . 2008-08-10 00:13 <DIR> d--h----- C:\Documents and Settings\User\InstallAnywhere 2008-08-09 23:38 . 2008-08-10 01:13 <DIR> d-------- C:\Temp 2008-08-09 15:19 . 2008-08-09 15:19 <DIR> d-------- C:\Documents and Settings\User\EurekaLog 2008-08-09 04:02 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-08-09 03:57 . 2008-08-09 03:57 <DIR> d-------- C:\Program Files\Realtek 2008-08-09 03:56 . 2008-03-05 18:07 520,192 --a------ C:\WINDOWS\RtlExUpd.dll 2008-08-09 03:56 . 2008-08-09 03:56 315,392 --a------ C:\WINDOWS\HideWin.exe 2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-07-30 03:14 . 2008-07-30 03:14 <DIR> d-------- C:\Documents and Settings\User\WapSter 2008-07-30 01:16 . 2008-07-30 01:16 <DIR> d-------- C:\Program Files\WapSter 2008-07-29 12:33 . 2008-07-29 12:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-07-29 12:33 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-07-29 12:33 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-07-29 12:33 . 2008-05-31 01:22 683,520 --a------ C:\WINDOWS\system32\divx.dll 2008-07-29 12:33 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-07-29 12:33 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-07-29 12:33 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-07-29 12:33 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm 2008-07-29 12:33 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-07-29 12:33 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2008-07-26 01:01 . 2008-04-14 22:51 345,088 --a--c--- C:\WINDOWS\system32\dllcache\mspaint.exe 2008-07-26 01:01 . 2008-07-26 01:01 339,968 --a------ C:\WINDOWS\mspaint.exe 2008-07-26 00:40 . 2006-11-08 21:19 4,544 --a------ C:\WINDOWS\system32\drivers\hidusbf.sys 2008-07-25 00:24 . 2008-07-25 00:24 <DIR> d-------- C:\Program Files\A4Tech 2008-07-25 00:23 . 2007-05-15 17:31 36,864 --a------ C:\WINDOWS\system32\Amhooker.dll 2008-07-25 00:23 . 2007-05-15 05:41 14,336 --a------ C:\WINDOWS\system32\drivers\Amusbprt.sys 2008-07-25 00:23 . 2007-05-15 05:40 14,336 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys 2008-07-25 00:23 . 2007-05-15 05:38 9,216 --a------ C:\WINDOWS\system32\drivers\Amfilter.sys 2008-07-21 18:03 . 2008-08-09 23:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-21 18:03 . 2008-07-21 18:03 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-21 16:20 . 2008-07-21 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 11:16 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5 2008-08-13 10:54 25,630,716 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-08-13 10:47 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Xfire 2008-08-13 09:43 162,008 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-13 09:43 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-13 08:58 --------- d-----w C:\Program Files\Spyware Terminator 2008-08-13 08:56 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Spyware Terminator 2008-08-13 08:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator 2008-08-13 08:37 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent 2008-08-12 23:43 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-12 15:44 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-10 23:15 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Skype 2008-08-10 23:13 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\skypePM 2008-08-10 23:10 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\teamspeak2 2008-08-09 02:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys 2008-08-09 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-04 21:57 --------- d-----w C:\Program Files\Java 2008-07-29 10:33 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\DivX 2008-07-25 11:45 --------- d-----w C:\Program Files\eMule 2008-07-13 08:20 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Winamp 2008-07-09 13:48 --------- d-----w C:\Program Files\ESET 2008-07-05 14:04 --------- d-----w C:\Program Files\Driver Sweeper 2008-07-04 13:02 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Ventrilo 2008-07-04 12:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-02 05:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-07-02 04:49 --------- d-----w C:\Program Files\Reference Assemblies 2008-07-02 04:49 --------- d-----w C:\Program Files\MSBuild 2008-06-30 17:17 --------- d-----w C:\Program Files\Diskeeper Corporation 2008-06-30 17:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation 2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 13:54 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\gtk-2.0 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-15 15:16 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Nokia Multimedia Player 2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-06-11 00:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-06-11 00:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-06-11 00:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-06-11 00:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-06-11 00:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-06-07 20:12 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-06-01 19:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll 2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-17 15:05 22,328 ----a-w C:\Documents and Settings\User\Dane aplikacji\PnkBstrK.sys 2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-02-25 16:44 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-02-16 01:57 98 --sha-w C:\Program Files\desktop.ini 2008-04-14 20:51 60,928 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe 2008-02-20 13:26 88 --sh--r C:\WINDOWS\system32\D66AB7E280.sys 2008-02-20 13:26 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-05-02 23:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008050320080504\index.dat . ------- Sigcheck ------- 2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe 2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutoConnect"="D:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784] "AQQ"="C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [2008-08-12 19:05 1582064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168] "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 17:33 204800] "AdslTaskBar"="stmctrl.dll" [2006-09-25 07:28 151552 C:\WINDOWS\system32\stmctrl.dll] C:\Documents and Settings\User\Menu Start\Programy\Autostart\ Xfire.lnk - D:\Program Files\Xfire\xfire.exe [2008-08-06 02:26:38 3065168] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 4 (0x4) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "VIDC.XFR1"= xfcodec.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Awp03.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kqj47.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ocm15.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ymo60.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-13 22:11] R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\WINDOWS\system32\DRIVERS\hidusbf.sys [2006-11-08 21:19] R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2006-06-27 05:56] R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-11-30 03:32] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-10-26 21:30] S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 10:21] S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 13:06] S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys [] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 16:19] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 20:33] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 16:11] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\t198wcap.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://forum.programosy.pl/ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\np32dsw.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin2.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin3.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin4.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin5.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin6.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin7.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin2.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin3.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin4.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin5.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin6.dll FF -: plugin - D:\Program Files\QuickTime\Plugins\npqtplugin7.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 13:19:31 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-13 13:21:05 ComboFix-quarantined-files.txt 2008-08-13 11:20:59 Pre-Run: 9,490,882,560 bajtów wolnych Post-Run: 9,493,528,576 bajtów wolnych 215 --- E O F --- 2008-08-10 21:31:58

**Posty:** 684 · przez **djarta** 13 Sie 2008, 13:31

Czysto.

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 924 · przez **kepa416** 13 Sie 2008, 13:47

djarta,

!!! zobacz 3 post ood góry !

**Posty:** 8001 · przez **Okocza** 13 Sie 2008, 13:51

kepa416 napisał(a):djarta,

!!! zobacz 3 post ood góry !

spokojnie...

zobacz że przez ten czas mogłeś coś dołapać...

djarta napisał już ze teraz powinno być ok...

**Posty:** 924 · przez **kepa416** 13 Sie 2008, 14:01

Ale to sa te same pliki ;/

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Re: log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Log hj msudks.exe

Re: log hj msudks.exe

Log hj msudks.exe

Kto jest na forum