Podejrzany plik

[pejson]

witam.od wczoraj avast inforuje mnie o jakis zainfekowanym pliku.opcja usuniecia go nic nie daje, poniewaz po restarcie komputera i przeskanowaniu dysków komunikat pojawia sie ponownie.ponizej screen z tym komunikatem.czy to cos groznego??i jak go usnąc??
http://img353.imageshack.us/my.php?image=beztytuubv0.jpg

[Okocza]

pejson, wstaw log z combofixa

jak-generujemy-logi-z-combofixa-oraz-rsita-vt95026.html

[pejson]

Kod: Zaznacz wszystko

ComboFix 08-12-15.01 - Pejson 2008-12-15 21:37:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.448 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Pejson\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usuniŕto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-15 do 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-13 02:44 . 2008-12-15 07:05 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-12 16:16 . 2008-12-12 16:16 <DIR> d-------- c:\documents and settings\Pejson\Dane aplikacji\Samsung
2008-12-12 16:04 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2008-12-12 16:03 . 2008-12-12 18:52 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2008-12-12 16:03 . 2007-05-02 11:11 109,704 --a------ c:\windows\system32\drivers\ss_mdm.sys
2008-12-12 16:03 . 2007-05-02 11:11 83,592 --a------ c:\windows\system32\drivers\ss_bus.sys
2008-12-12 16:03 . 2007-05-02 11:11 15,112 --a------ c:\windows\system32\drivers\ss_mdfl.sys
2008-12-12 16:03 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_whnt.sys
2008-12-12 16:03 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_wh.sys
2008-12-12 16:03 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_cmnt.sys
2008-12-12 16:03 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_cm.sys
2008-12-12 16:03 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2008-12-12 16:02 . 2008-12-12 16:02 <DIR> d-------- c:\program files\Samsung
2008-12-12 16:02 . 2008-12-12 16:10 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2008-12-12 16:01 . 2008-12-12 16:01 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-12 15:28 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-12 15:26 . 2008-12-12 15:26 <DIR> d-------- c:\program files\Microsoft Works
2008-12-12 15:25 . 2008-12-12 15:25 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-12 15:24 . 2008-12-12 15:24 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-12 15:23 . 2008-12-12 15:26 <DIR> d-------- c:\windows\SHELLNEW
2008-12-12 15:23 . 2008-12-12 15:23 <DIR> dr-h----- C:\MSOCache
2008-12-12 15:23 . 2008-12-12 15:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-12 13:38 . 2008-12-12 13:38 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-12 13:36 . 2008-12-12 13:36 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-12 13:36 . 2008-12-12 13:36 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-12 13:35 . 2008-12-12 13:35 <DIR> d-------- c:\windows\system32\xlive
2008-12-12 13:35 . 2008-12-12 13:45 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-12 12:49 . 2008-12-12 12:59 <DIR> d-------- c:\program files\Winamp
2008-12-12 12:49 . 2008-12-12 14:20 <DIR> d-------- c:\documents and settings\Pejson\Dane aplikacji\Winamp
2008-12-12 12:47 . 2008-12-12 13:23 <DIR> d-------- c:\program files\SubEdit-Player
2008-12-12 12:45 . 2008-12-12 12:45 <DIR> d-------- c:\documents and settings\Pejson\Dane aplikacji\Media Player Classic
2008-12-12 12:44 . 2008-12-12 12:44 <DIR> d-------- c:\program files\Real Alternative
2008-12-12 12:43 . 2008-12-12 12:43 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-12 12:43 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-12-12 12:43 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini
2008-12-12 12:41 . 2008-12-12 12:41 <DIR> d-------- c:\documents and settings\Pejson\Dane aplikacji\DAEMON Tools Pro
2008-12-12 12:41 . 2008-12-12 12:41 <DIR> d-------- c:\documents and settings\Pejson\Dane aplikacji\DAEMON Tools
2008-12-12 12:40 . 2008-12-12 12:40 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2008-12-12 11:53 . 2008-12-12 11:53 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-12-12 11:53 . 2008-12-12 11:53 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-12 02:00 . 2008-12-12 02:00 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-12 01:59 . 2008-12-12 12:51 <DIR> d-------- c:\documents and settings\Pejson\Dane aplikacji\DAEMON Tools Lite
2008-12-12 00:56 . 2008-12-12 03:34 <DIR> d-------- C:\WinFast WorkArea
2008-12-12 00:56 . 2008-12-12 00:56 <DIR> d-------- c:\documents and settings\Pejson\Dane aplikacji\ATI
2008-12-12 00:56 . 2008-12-12 00:56 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ATI
2008-12-12 00:55 . 2008-12-12 00:55 <DIR> d-------- C:\WFDB
2008-12-12 00:55 . 2008-12-12 00:55 <DIR> d-------- c:\program files\WinFast
2008-12-12 00:55 . 2008-12-12 00:55 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2008-12-12 00:52 . 2008-12-12 00:52 <DIR> d-------- c:\program files\Opera
2008-12-12 00:51 . 2008-12-12 00:51 <DIR> d-------- c:\program files\Gadu-Gadu
2008-12-12 00:51 . 2008-12-12 00:52 <DIR> d-------- c:\documents and settings\Pejson\Gadu-Gadu
2008-12-12 00:50 . 2008-12-12 00:51 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-12 00:50 . 2008-12-12 00:50 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-12 00:50 . 2008-12-12 15:26 <DIR> d-------- c:\program files\MSBuild
2008-12-12 00:50 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-12 00:47 . 2006-10-18 11:37 162,944 --a------ c:\windows\system32\drivers\cx88vid.sys
2008-12-12 00:47 . 2008-04-14 22:51 91,648 --a------ c:\windows\system32\kswdmcap.ax
2008-12-12 00:47 . 2008-04-14 22:51 91,648 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-12 00:47 . 2008-04-14 22:51 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-12 00:47 . 2008-04-14 22:51 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-12 00:47 . 2008-04-14 22:50 54,784 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-12 00:47 . 2008-04-14 22:50 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-12 00:47 . 2006-10-18 11:37 50,816 --a------ c:\windows\system32\drivers\cx88tune.sys
2008-12-12 00:47 . 2008-04-14 22:51 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-12 00:47 . 2008-04-14 22:51 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-12 00:47 . 2006-10-18 11:38 9,728 --a------ c:\windows\system32\drivers\cxavxbar.sys
2008-12-12 00:46 . 2008-12-12 00:47 <DIR> d-------- c:\windows\system32\WinFast
2008-12-12 00:36 . 2008-04-14 22:50 81,920 --a------ c:\windows\system32\ils.dll
2008-12-12 00:36 . 2008-04-14 22:50 81,920 --a--c--- c:\windows\system32\dllcache\ils.dll
2008-12-12 00:34 . 2006-12-29 00:31 19,569 --a------ c:\windows\002693_.tmp
2008-12-12 00:01 . 2008-12-12 00:01 0 --a------ c:\windows\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 15:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 22:58 --------- d-----w c:\program files\ATI Technologies
2008-12-11 22:55 --------- d-----w c:\program files\ASUS
2008-12-11 22:44 --------- d-----w c:\program files\Marvell
2008-12-11 22:42 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-11 22:40 --------- d-----w c:\program files\DIFX
2008-12-11 22:30 --------- d-----w c:\program files\NVIDIA Corporation
2008-12-11 21:43 --------- d-----w c:\program files\Alwil Software
2008-12-11 21:35 --------- d-----w c:\program files\Analog Devices
2008-12-11 21:21 --------- d-----w c:\program files\microsoft frontpage
2008-12-11 21:20 --------- d-----w c:\program files\Usługi online
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyťlne, prawid-owe wpisy nie s¦ pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"RGSC"="d:\gry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-10 1419776]
"Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 415744]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-11-16 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-11-15 2850816]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Gry\\GTA IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Gry\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Gry\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

R0 mv614x;mv614x;c:\windows\system32\DRIVERS\mv614x.sys [2008-12-11 35200]
R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2006-08-30 70784]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-11 20560]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2008-12-12 9446]

*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupe-niaj¦cy -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 21:38:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesˇw ...

skanowanie ukrytych wpisˇw autostartu ...

skanowanie ukrytych plikˇw ...

skanowanie pomyťlnie uko˝czone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL -adowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\nvappfilter.dll
.
Czas uko˝czenia: 2008-12-15 21:39:05
ComboFix-quarantined-files.txt 2008-12-15 20:39:02

Przed: 15 594 377 216 bajtów wolnych
Po: 16,077,058,048 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

208

Kod: Zaznacz wszystko

[wojtas]

uzyj opcji edytuj i wstaw logi w tagi code

[pejson]

i co??

[Okocza]

pejson, popraw tagi, masz log w quote i w śrdoku jeszcze code...

[pejson]

dobra , od poczatku, jak mam to wrzucic??bo juz niewiem

[wojtas]

prosze czytać przyklejone tematy

[pejson]

Kod: Zaznacz wszystko

ComboFix 08-12-15.01 - Pejson 2008-12-15 21:37:36.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2046.448 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Pejson\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usuniŕto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Dvbpws.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-15 do 2008-12-15  )))))))))))))))))))))))))))))))
.

2008-12-13 02:44 . 2008-12-15 07:05   664   --a------   c:\windows\system32\d3d9caps.dat
2008-12-12 16:16 . 2008-12-12 16:16   <DIR>   d--------   c:\documents and settings\Pejson\Dane aplikacji\Samsung
2008-12-12 16:04 . 2006-05-03 22:53   174,592   --a------   c:\windows\system32\framedyn.dll
2008-12-12 16:03 . 2008-12-12 18:52   <DIR>   d--------   c:\windows\system32\Samsung_USB_Drivers
2008-12-12 16:03 . 2007-05-02 11:11   109,704   --a------   c:\windows\system32\drivers\ss_mdm.sys
2008-12-12 16:03 . 2007-05-02 11:11   83,592   --a------   c:\windows\system32\drivers\ss_bus.sys
2008-12-12 16:03 . 2007-05-02 11:11   15,112   --a------   c:\windows\system32\drivers\ss_mdfl.sys
2008-12-12 16:03 . 2007-05-02 11:11   12,424   --a------   c:\windows\system32\drivers\ss_whnt.sys
2008-12-12 16:03 . 2007-05-02 11:11   12,424   --a------   c:\windows\system32\drivers\ss_wh.sys
2008-12-12 16:03 . 2007-05-02 11:11   12,424   --a------   c:\windows\system32\drivers\ss_cmnt.sys
2008-12-12 16:03 . 2007-05-02 11:11   12,424   --a------   c:\windows\system32\drivers\ss_cm.sys
2008-12-12 16:03 . 2005-08-28 20:51   766   --a------   c:\windows\system32\Uninstall.ico
2008-12-12 16:02 . 2008-12-12 16:02   <DIR>   d--------   c:\program files\Samsung
2008-12-12 16:02 . 2008-12-12 16:10   5,632   --a------   c:\windows\system32\drivers\StarOpen.sys
2008-12-12 16:01 . 2008-12-12 16:01   <DIR>   d--------   c:\program files\Common Files\Adobe
2008-12-12 15:28 . 2006-10-26 19:56   32,592   --a------   c:\windows\system32\msonpmon.dll
2008-12-12 15:26 . 2008-12-12 15:26   <DIR>   d--------   c:\program files\Microsoft Works
2008-12-12 15:25 . 2008-12-12 15:25   <DIR>   d--------   c:\program files\Microsoft.NET
2008-12-12 15:24 . 2008-12-12 15:24   <DIR>   d--------   c:\program files\Microsoft Visual Studio 8
2008-12-12 15:23 . 2008-12-12 15:26   <DIR>   d--------   c:\windows\SHELLNEW
2008-12-12 15:23 . 2008-12-12 15:23   <DIR>   dr-h-----   C:\MSOCache
2008-12-12 15:23 . 2008-12-12 15:28   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-12 13:38 . 2008-12-12 13:38   107,888   --a------   c:\windows\system32\CmdLineExt.dll
2008-12-12 13:36 . 2008-12-12 13:36   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-12 13:36 . 2008-12-12 13:36   <DIR>   d--------   c:\windows\system32\drivers\umdf
2008-12-12 13:35 . 2008-12-12 13:35   <DIR>   d--------   c:\windows\system32\xlive
2008-12-12 13:35 . 2008-12-12 13:45   <DIR>   d--------   c:\program files\Microsoft Games for Windows - LIVE
2008-12-12 12:49 . 2008-12-12 12:59   <DIR>   d--------   c:\program files\Winamp
2008-12-12 12:49 . 2008-12-12 14:20   <DIR>   d--------   c:\documents and settings\Pejson\Dane aplikacji\Winamp
2008-12-12 12:47 . 2008-12-12 13:23   <DIR>   d--------   c:\program files\SubEdit-Player
2008-12-12 12:45 . 2008-12-12 12:45   <DIR>   d--------   c:\documents and settings\Pejson\Dane aplikacji\Media Player Classic
2008-12-12 12:44 . 2008-12-12 12:44   <DIR>   d--------   c:\program files\Real Alternative
2008-12-12 12:43 . 2008-12-12 12:43   <DIR>   d--------   c:\program files\K-Lite Codec Pack
2008-12-12 12:43 . 2007-09-04 17:56   164,352   --a------   c:\windows\system32\unrar.dll
2008-12-12 12:43 . 2008-07-30 20:09   38   --a------   c:\windows\avisplitter.ini
2008-12-12 12:41 . 2008-12-12 12:41   <DIR>   d--------   c:\documents and settings\Pejson\Dane aplikacji\DAEMON Tools Pro
2008-12-12 12:41 . 2008-12-12 12:41   <DIR>   d--------   c:\documents and settings\Pejson\Dane aplikacji\DAEMON Tools
2008-12-12 12:40 . 2008-12-12 12:40   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2008-12-12 11:53 . 2008-12-12 11:53   <DIR>   d--------   c:\program files\DAEMON Tools Toolbar
2008-12-12 11:53 . 2008-12-12 11:53   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2008-12-12 02:00 . 2008-12-12 02:00   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-12 01:59 . 2008-12-12 12:51   <DIR>   d--------   c:\documents and settings\Pejson\Dane aplikacji\DAEMON Tools Lite
2008-12-12 00:56 . 2008-12-12 03:34   <DIR>   d--------   C:\WinFast WorkArea
2008-12-12 00:56 . 2008-12-12 00:56   <DIR>   d--------   c:\documents and settings\Pejson\Dane aplikacji\ATI
2008-12-12 00:56 . 2008-12-12 00:56   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ATI
2008-12-12 00:55 . 2008-12-12 00:55   <DIR>   d--------   C:\WFDB
2008-12-12 00:55 . 2008-12-12 00:55   <DIR>   d--------   c:\program files\WinFast
2008-12-12 00:55 . 2008-12-12 00:55   <DIR>   d--------   c:\program files\Common Files\Ulead Systems
2008-12-12 00:52 . 2008-12-12 00:52   <DIR>   d--------   c:\program files\Opera
2008-12-12 00:51 . 2008-12-12 00:51   <DIR>   d--------   c:\program files\Gadu-Gadu
2008-12-12 00:51 . 2008-12-12 00:52   <DIR>   d--------   c:\documents and settings\Pejson\Gadu-Gadu
2008-12-12 00:50 . 2008-12-12 00:51   <DIR>   d--------   c:\windows\system32\XPSViewer
2008-12-12 00:50 . 2008-12-12 00:50   <DIR>   d--------   c:\program files\Reference Assemblies
2008-12-12 00:50 . 2008-12-12 15:26   <DIR>   d--------   c:\program files\MSBuild
2008-12-12 00:50 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2008-12-12 00:47 . 2006-10-18 11:37   162,944   --a------   c:\windows\system32\drivers\cx88vid.sys
2008-12-12 00:47 . 2008-04-14 22:51   91,648   --a------   c:\windows\system32\kswdmcap.ax
2008-12-12 00:47 . 2008-04-14 22:51   91,648   --a--c---   c:\windows\system32\dllcache\kswdmcap.ax
2008-12-12 00:47 . 2008-04-14 22:51   61,952   --a------   c:\windows\system32\kstvtune.ax
2008-12-12 00:47 . 2008-04-14 22:51   61,952   --a--c---   c:\windows\system32\dllcache\kstvtune.ax
2008-12-12 00:47 . 2008-04-14 22:50   54,784   --a------   c:\windows\system32\vfwwdm32.dll
2008-12-12 00:47 . 2008-04-14 22:50   54,784   --a--c---   c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-12 00:47 . 2006-10-18 11:37   50,816   --a------   c:\windows\system32\drivers\cx88tune.sys
2008-12-12 00:47 . 2008-04-14 22:51   43,008   --a------   c:\windows\system32\ksxbar.ax
2008-12-12 00:47 . 2008-04-14 22:51   43,008   --a--c---   c:\windows\system32\dllcache\ksxbar.ax
2008-12-12 00:47 . 2006-10-18 11:38   9,728   --a------   c:\windows\system32\drivers\cxavxbar.sys
2008-12-12 00:46 . 2008-12-12 00:47   <DIR>   d--------   c:\windows\system32\WinFast
2008-12-12 00:36 . 2008-04-14 22:50   81,920   --a------   c:\windows\system32\ils.dll
2008-12-12 00:36 . 2008-04-14 22:50   81,920   --a--c---   c:\windows\system32\dllcache\ils.dll
2008-12-12 00:34 . 2006-12-29 00:31   19,569   --a------   c:\windows\[u]0[/u]02693_.tmp
2008-12-12 00:01 . 2008-12-12 00:01   0   --a------   c:\windows\ativpsrm.bin

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 15:02   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-11 22:58   ---------   d-----w   c:\program files\ATI Technologies
2008-12-11 22:55   ---------   d-----w   c:\program files\ASUS
2008-12-11 22:44   ---------   d-----w   c:\program files\Marvell
2008-12-11 22:42   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-11 22:40   ---------   d-----w   c:\program files\DIFX
2008-12-11 22:30   ---------   d-----w   c:\program files\NVIDIA Corporation
2008-12-11 21:43   ---------   d-----w   c:\program files\Alwil Software
2008-12-11 21:35   ---------   d-----w   c:\program files\Analog Devices
2008-12-11 21:21   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-11 21:20   ---------   d-----w   c:\program files\Usługi online
2008-12-01 22:13   3,452,928   ----a-w   c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:52   425,984   ----a-w   c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51   318,464   ----a-w   c:\windows\system32\ati2dvag.dll
2008-12-01 20:46   11,304,960   ----a-w   c:\windows\system32\atioglxx.dll
2008-12-01 20:41   188,416   ----a-w   c:\windows\system32\atipdlxx.dll
2008-12-01 20:40   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2008-12-01 20:40   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40   147,456   ----a-w   c:\windows\system32\Oemdspif.dll
2008-12-01 20:40   143,360   ----a-w   c:\windows\system32\ati2evxx.dll
2008-12-01 20:38   598,016   ----a-w   c:\windows\system32\ati2evxx.exe
2008-12-01 20:37   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27   4,120,384   ----a-w   c:\windows\system32\ati3duag.dll
2008-12-01 20:19   307,200   ----a-w   c:\windows\system32\atiiiexx.dll
2008-12-01 20:11   2,495,360   ----a-w   c:\windows\system32\ativvaxx.dll
2008-12-01 19:57   48,640   ----a-w   c:\windows\system32\amdpcom32.dll
2008-12-01 19:53   45,056   ----a-w   c:\windows\system32\amdcalrt.dll
2008-12-01 19:53   45,056   ----a-w   c:\windows\system32\amdcalcl.dll
2008-12-01 19:53   401,408   ----a-w   c:\windows\system32\atikvmag.dll
2008-12-01 19:52   86,016   ----a-w   c:\windows\system32\atiadlxx.dll
2008-12-01 19:52   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2008-12-01 19:51   53,248   ----a-w   c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50   3,252,224   ----a-w   c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50   286,720   ----a-w   c:\windows\system32\atiok3x2.dll
2008-12-01 19:45   577,536   ----a-w   c:\windows\system32\ati2cqag.dll
2008-12-01 13:35   593,920   ------w   c:\windows\system32\ati2sgag.exe
2008-10-28 16:41   14,303,392   ----a-w   c:\windows\system32\xlive.dll
2008-10-28 16:41   13,643,936   ----a-w   c:\windows\system32\xlivefnt.dll
2008-10-27 09:04   70,992   ----a-w   c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04   514,384   ----a-w   c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04   235,856   ----a-w   c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04   23,376   ----a-w   c:\windows\system32\X3DAudio1_5.dll
2008-10-21 18:51   118,784   ----a-w   c:\windows\system32\atibrtmon.exe
2008-10-10 03:52   452,440   ----a-w   c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52   4,379,984   ----a-w   c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52   2,036,576   ----a-w   c:\windows\system32\D3DCompiler_40.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyťlne, prawid-owe wpisy nie s¦ pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"RGSC"="d:\gry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-10 1419776]
"Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 415744]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-11-16 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-11-15 2850816]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Gry\\GTA IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Gry\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Gry\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

R0 mv614x;mv614x;c:\windows\system32\DRIVERS\mv614x.sys [2008-12-11 35200]
R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2006-08-30 70784]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-11 20560]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2008-12-12 9446]

*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupe-niaj¦cy -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 21:38:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesˇw ...

skanowanie ukrytych wpisˇw autostartu ...

skanowanie ukrytych plikˇw ...

skanowanie pomyťlnie uko˝czone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL -adowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\nvappfilter.dll
.
Czas uko˝czenia: 2008-12-15 21:39:05
ComboFix-quarantined-files.txt  2008-12-15 20:39:02

Przed: 15 594 377 216 bajtów wolnych
Po: 16,077,058,048 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

208


[wojtas]

te plik/i :

c:\windows\system32\ils.dll
c:\windows\system32\dllcache\ils.dll

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

[pejson]

mam te pliki przeskanować na obydwóch stronkach czy wystarczy na jednej??

[wojtas]

mozesz na jednej ale możesz tez na dwóch :p

[pejson]

to raport z pierwszego pliku:
File: ils.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 9b9a6c55c93cf48b315f08b1477ceddc
Packers detected: -
Scan taken on 16 Dec 2008 23:21:09 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

natomiast drugiego pliku wogole nie moge znalesc na dysku, nie ma takiego folderu dllcache

[sgsman]

Może jest niewidoczny, albo był tymczasowy. Po prostu wklej tą ścieżkę bezpośrednio na stronę, do paska wyboru pliku:

Kod: Zaznacz wszystko

c:\windows\system32\dllcache\ils.dll

I powiedz, czy przeskanował, czy wyskoczył komunikat, że plik nie jstnieje lub ma 0 bajtów.

[pejson]

przeskanował:

File: ils.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 9b9a6c55c93cf48b315f08b1477ceddc
Packers detected: -

Scanner results
Scan taken on 17 Dec 2008 11:47:37 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.