Trojan ckvo.exe, problem z odczytywaniem pendriva

[kawka]

Witam,

Bardzo proszę o sprawdzenie loga wygenerowanego z combofixa. Przeskanowałam komputer DrWebem i usunął kilka robali, m.in ckvo.exe, jednak komputer nadal nie odczytuje pendriva. USB nie działa. Proszę o pomoc.

http://www.wklejto.pl/26406

Kod: Zaznacz wszystko

ComboFix 09-02-14.01 - Michdora 2009-02-15 15:12:57.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.2046.1670 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Michdora\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-15 do 2009-02-15  )))))))))))))))))))))))))))))))
.

2009-02-13 18:54 . 2009-02-13 18:54   0   --a------   c:\windows\nsreg.dat
2009-02-13 15:37 . 2009-02-13 15:37   <DIR>   d--------   c:\documents and settings\Michdora\DoctorWeb
2009-02-13 13:58 . 2009-02-13 14:00   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\F-Secure
2009-02-13 13:53 . 2009-02-15 15:02   <DIR>   d--------   c:\program files\F-Secure
2009-02-13 13:52 . 2009-02-13 13:52   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\fssg
2009-02-13 13:49 . 2009-02-13 13:49   13,646   --a------   c:\windows\system32\wpa.bak
2009-02-11 14:40 . 2004-08-04 00:44   21,504   --a------   c:\windows\system32\hidserv.dll
2009-02-11 14:40 . 2004-08-04 00:44   21,504   --a--c---   c:\windows\system32\dllcache\hidserv.dll
2009-02-11 14:40 . 2004-08-04 00:38   14,848   --a------   c:\windows\system32\drivers\kbdhid.sys
2009-02-11 14:40 . 2004-08-04 00:38   14,848   --a--c---   c:\windows\system32\dllcache\kbdhid.sys
2009-02-11 14:39 . 2001-10-26 16:57   12,160   --a------   c:\windows\system32\drivers\mouhid.sys
2009-02-11 14:39 . 2001-10-26 16:57   12,160   --a--c---   c:\windows\system32\dllcache\mouhid.sys
2009-02-11 14:22 . 2009-02-11 14:22   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-02-11 13:29 . 2009-02-13 20:48   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\gtk-2.0
2009-02-11 13:22 . 2009-02-11 13:22   <DIR>   d--------   c:\documents and settings\Michdora\.thumbnails
2009-02-11 13:21 . 2009-02-13 20:48   <DIR>   d--------   c:\documents and settings\Michdora\.gimp-2.6
2009-02-11 13:21 . 2009-02-11 13:21   <DIR>   d--------   c:\documents and settings\Michdora\.gegl-0.0
2009-02-11 13:07 . 2009-02-11 13:07   <DIR>   d--------   c:\program files\Motorola
2009-02-11 13:07 . 2007-01-17 07:38   983,936   -ra------   c:\windows\system32\drivers\smserial.sys
2009-02-11 13:07 . 2007-01-17 07:34   196,608   -ra------   c:\windows\system32\sm56co6a.dll
2009-02-11 13:06 . 2004-09-04 03:00   90,112   --a------   c:\windows\system32\snymsico.dll
2009-02-11 13:06 . 2007-01-23 16:40   42,496   --a------   c:\windows\system32\drivers\rimsptsk.sys
2009-02-11 13:06 . 2007-02-24 14:42   39,936   --a------   c:\windows\system32\drivers\rimmptsk.sys
2009-02-04 21:38 . 2009-02-04 21:38   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\Apple Computer
2009-01-27 18:25 . 2009-01-27 18:25   <DIR>   d--------   c:\program files\EA GAMES
2009-01-27 18:25 . 2004-08-18 02:34   442,368   -ra------   c:\windows\system32\vp6vfw.dll
2009-01-27 18:21 . 2009-01-27 18:21   <DIR>   d--------   c:\program files\D-Tools
2009-01-27 18:21 . 2004-08-22 16:31   155,136   --a------   c:\windows\system32\drivers\d347bus.sys
2009-01-27 18:21 . 2004-08-22 16:31   5,248   --a------   c:\windows\system32\drivers\d347prt.sys
2009-01-27 16:50 . 2009-01-27 16:50   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\GlarySoft
2009-01-27 16:48 . 2009-01-27 16:49   <DIR>   d--------   c:\program files\Glary Utilities
2009-01-27 16:47 . 2009-01-27 16:47   <DIR>   d--------   c:\program files\QuickTime
2009-01-27 16:47 . 2009-01-27 16:47   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-01-27 16:29 . 2009-01-27 16:29   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\DAEMON Tools Pro
2009-01-27 16:29 . 2009-01-27 16:29   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\DAEMON Tools
2009-01-27 16:28 . 2009-01-27 16:28   <DIR>   d--------   c:\windows\system32\Lang
2009-01-27 16:28 . 2009-01-27 16:28   940,794   --a------   c:\windows\system32\LoopyMusic.wav
2009-01-27 16:28 . 2009-01-27 16:28   146,650   --a------   c:\windows\system32\BuzzingBee.wav
2009-01-27 16:26 . 2009-01-27 16:26   <DIR>   d--------   c:\program files\Compal Electronics, INC
2009-01-27 16:26 . 2007-05-03 17:45   790,528   --a------   c:\windows\system32\SMB.cpl
2009-01-27 16:25 . 2007-05-03 17:47   1,986,560   --a------   c:\windows\system32\WVAProp.cpl
2009-01-27 16:24 . 2009-01-27 16:24   <DIR>   d--------   c:\documents and settings\NetworkService\Dane aplikacji\Intel
2009-01-27 16:24 . 2009-01-27 16:24   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\Intel
2009-01-27 16:24 . 2009-01-27 16:24   <DIR>   d--------   c:\documents and settings\LocalService\Dane aplikacji\Intel
2009-01-27 16:24 . 2009-01-27 16:24   356,352   --a------   c:\windows\system32\AegisI5Installer.exe
2009-01-27 16:24 . 2009-01-27 16:24   21,393   --a------   c:\windows\system32\drivers\AegisP.sys
2009-01-27 16:24 . 2009-01-27 16:24   21,393   --a------   c:\windows\AegisP.sys
2009-01-27 16:24 . 2009-01-27 16:24   13,864   --a------   c:\windows\AegisP.inf
2009-01-27 16:24 . 2009-01-27 16:24   10,640   --a------   c:\windows\AegisP.cat
2009-01-27 16:23 . 2009-01-27 16:23   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Intel
2009-01-27 16:23 . 2007-06-01 10:33   2,772,992   --a------   c:\windows\system32\NETw4r32.dll
2009-01-27 16:23 . 2007-05-28 09:03   2,207,232   --a------   c:\windows\system32\drivers\NETw4x32.sys
2009-01-27 16:23 . 2007-06-01 10:33   684,032   --a------   c:\windows\system32\NETw4c32.dll
2009-01-27 16:22 . 2009-01-27 16:22   <DIR>   d--------   c:\program files\Broadcom
2009-01-27 16:22 . 2007-02-16 15:46   160,256   --a------   c:\windows\system32\drivers\b57xp32.sys
2009-01-27 16:22 . 2007-02-16 15:46   160,256   --a--c---   c:\windows\system32\dllcache\b57xp32.sys
2009-01-27 16:21 . 2004-08-09 17:43   94,208   --a------   c:\windows\amcap.exe
2009-01-27 16:20 . 2009-01-27 16:20   <DIR>   d--------   c:\program files\Elantech
2009-01-27 16:20 . 2007-02-13 20:53   192,512   -ra------   c:\windows\system32\KtpCoinst.dll
2009-01-27 16:20 . 2006-11-18 02:55   27,776   -ra------   c:\windows\system32\drivers\Ktp.sys
2009-01-27 16:17 . 2009-01-27 16:17   <DIR>   d--------   c:\program files\Compal
2009-01-27 16:17 . 2009-01-27 16:17   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\XP32
2009-01-27 16:17 . 2009-01-27 16:17   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Vista64
2009-01-27 16:17 . 2009-01-27 16:17   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Vista32
2009-01-27 16:17 . 2007-04-17 09:44   266,240   --a------   c:\windows\system32\EMSC.DLL
2009-01-27 16:17 . 2007-03-14 10:16   9,856   --a------   c:\windows\system32\drivers\EMSC.sys
2009-01-27 16:17 . 2009-01-27 16:17   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-27 16:16 . 2009-01-27 16:16   <DIR>   d--------   c:\windows\Downloaded Installations
2009-01-27 16:13 . 2009-01-27 16:13   <DIR>   d--------   c:\windows\system32\RTCOM
2009-01-27 16:13 . 2004-08-03 23:08   60,288   --a------   c:\windows\system32\drivers\drmk.sys
2009-01-27 16:13 . 2004-08-03 23:08   60,288   --a--c---   c:\windows\system32\dllcache\drmk.sys
2009-01-27 16:13 . 2006-08-01 08:02   49,152   -r-------   c:\windows\system32\ChCfg.exe
2009-01-27 16:12 . 2009-01-27 16:12   <DIR>   d--------   c:\program files\Realtek
2009-01-27 16:12 . 2009-02-15 15:05   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2009-01-27 16:11 . 2009-01-27 16:11   <DIR>   d--------   c:\windows\nview
2009-01-27 16:11 . 2007-06-26 13:06   356,352   --a------   c:\windows\system32\nvudisp.exe
2009-01-27 16:11 . 2009-01-27 16:28   127,256   --a------   c:\windows\system32\nvapps.xml
2009-01-27 16:11 . 2007-06-26 13:06   17,431   --a------   c:\windows\system32\nvdisp.nvu
2009-01-27 16:10 . 2009-01-27 16:16   <DIR>   d--------   c:\program files\Common Files\InstallShield
2009-01-27 16:10 . 2007-06-26 21:15   356,352   --a------   c:\windows\system32\NVUNINST.EXE
2009-01-27 16:07 . 2009-01-27 16:23   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2009-01-27 16:07 . 2009-01-27 16:23   <DIR>   d--------   c:\program files\Intel
2009-01-27 16:06 . 2009-01-27 16:06   <DIR>   d--------   C:\Intel
2009-01-27 15:47 . 2009-01-27 15:47   <DIR>   d--------   c:\program files\Java
2009-01-27 15:47 . 2009-01-27 15:47   <DIR>   d--------   c:\program files\Common Files\Java
2009-01-27 15:47 . 2008-05-28 03:03   49,265   --a------   c:\windows\system32\jpicpl32.cpl
2009-01-27 15:46 . 2009-01-27 15:46   <DIR>   d--------   c:\program files\GIMP-2.0
2009-01-27 15:43 . 2009-02-10 19:17   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\foobar2000
2009-01-27 15:42 . 2009-01-27 15:43   <DIR>   d--------   c:\program files\foobar2000
2009-01-27 15:41 . 2009-01-27 15:41   <DIR>   d--------   c:\program files\ffdshow
2009-01-27 15:41 . 2008-12-08 12:53   57,344   --a------   c:\windows\system32\ff_vfw.dll
2009-01-27 15:41 . 2007-07-10 17:10   547   --a------   c:\windows\system32\ff_vfw.dll.manifest
2009-01-27 15:40 . 2009-01-27 15:40   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-01-27 15:38 . 2009-01-27 15:38   <DIR>   d--------   c:\documents and settings\Michdora\Dane aplikacji\DAEMON Tools Lite
2009-01-27 15:38 . 2009-01-27 15:38   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2009-01-27 15:37 . 2009-01-27 15:37   <DIR>   d--------   c:\program files\CCleaner
2009-01-27 15:35 . 2009-01-27 15:35   <DIR>   d--------   c:\program files\Common Files\Adobe
2009-01-27 15:34 . 2009-01-27 15:34   <DIR>   d--------   c:\program files\7-Zip
2009-01-27 15:29 . 2009-02-10 19:16   <DIR>   d--------   c:\program files\PhotoScape

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 15:12   315,392   ----a-w   c:\windows\HideWin.exe
2009-01-27 12:01   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-27 11:59   ---------   d-----w   c:\program files\Usługi online
2008-12-18 00:26   67,688   ----a-w   c:\program files\mozilla firefox\components\jar50.dll
2008-12-18 00:26   54,368   ----a-w   c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-18 00:26   34,944   ----a-w   c:\program files\mozilla firefox\components\myspell.dll
2008-12-18 00:26   46,712   ----a-w   c:\program files\mozilla firefox\components\spellchk.dll
2008-12-18 00:26   172,136   ----a-w   c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8462336]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"nwiz"="nwiz.exe" [2007-06-26 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SMBTray"=c:\program files\Compal\Smart Battery\SMBTray.exe
"Wow Video&Audio"=c:\program files\Compal\Wow Video&Audio\WVAMain.exe
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe"
"WLSS"=c:\program files\Compal\Wireless Select Switch\WLSS.exe
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_16\bin\jusched.exe"
"snp2uvc"=c:\windows\vsnp2uvc.exe
"Alcmtr"=ALCMTR.EXE
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe"  -lang 1033

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-01-27 9856]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2009-01-27 27776]
S3 CamFilter;CamFilter;c:\windows\system32\drivers\Camfilter.sys [2007-05-11 16640]
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-10 17:02]
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.glaryutilities.com/startuplibrary/kamsoft=ckvo.exe.html
FF - ProfilePath - c:\documents and settings\Michdora\Dane aplikacji\Mozilla\Firefox\Profiles\189o89vh.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 15:13:50
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-02-15 15:14:27
ComboFix-quarantined-files.txt  2009-02-15 14:14:25

Przed: 44 585 385 984 bajtów wolnych
Po: 44,598,448,128 bajtów wolnych

180   --- E O F ---   2009-02-15 13:54:31

[wojtas]

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.