Wolny net

**Posty:** 110 · przez **cnx1234** 06 Gru 2008, 22:58

Witam !
Otoz mam problem z netem nieraz bardzo powoli chodzi a transfer 10,ale to jak jest to na jakis czas.Skanowalem kompa kasperskim i bylo pelno wirusow i chyba usunelo.Chcialbym sprawdzic czy juz wszystko ok.Oto logi

HijackThis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:57, on 2008-12-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe E:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\RALINK\Common\RaUI.exe C:\WINDOWS\explorer.exe E:\Programy Zainstalowane\Gamaa Adjuster\GammaAdjuster.exe C:\Program Files\Opera\opera.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\cNx\Pulpit\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 4651 bytes

ComboFix

Kod: Zaznacz wszystko: ComboFix 08-12-06.03 - cNx 2008-12-06 21:40:33.4 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.241 [GMT 1:00] Uruchomiony z: E:\INSTALKI\ComboFix.exe * Utworzono nowy punkt przywracania . /wow section - STAGE 27 ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\system32\febefd_z.dll C:\WINDOWS\system32\gasretyw0.dll C:\WINDOWS\system32\kamsoft.exe D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-06 do 2008-12-06 ))))))))))))))))))))))))))))))) . 2008-12-06 19:33 . 2008-12-06 19:33 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-12-06 19:33 . 2008-12-06 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-12-06 19:33 . 2008-12-06 21:42 1,064,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-12-06 19:33 . 2008-12-06 21:42 122,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-12-06 19:33 . 2008-12-06 19:33 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-12-06 19:33 . 2008-12-06 19:33 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-12-06 19:33 . 2008-12-06 21:42 10,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-12-06 19:33 . 2008-12-06 21:42 2,548 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-12-06 19:32 . 2008-12-06 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-12-05 20:19 . 2008-12-05 20:19 <DIR> d-------- C:\Program Files\WMV9_VCM 2008-12-05 20:18 . 2008-12-05 20:18 <DIR> d-------- C:\Program Files\Avalon 2008-12-05 19:44 . 2008-12-05 19:45 <DIR> d-------- C:\WINDOWS\Logs 2008-12-05 19:44 . 2008-12-05 19:44 <DIR> d-------- C:\Program Files\directx9 2008-12-05 14:04 . 2008-12-05 14:04 <DIR> d-------- C:\Documents and Settings\cNx\Dane aplikacji\Media Player Classic 2008-12-05 13:51 . 2008-12-06 20:01 104,421 -r-hs---- C:\2u.com 2008-12-04 15:34 . 2008-12-04 15:35 <DIR> d-------- C:\Program Files\Odkurzacz 2008-12-03 17:13 . 2008-12-03 17:13 <DIR> d-------- C:\Documents and Settings\Nikola\Dane aplikacji\OpenOffice.ux.pl2 2008-12-02 21:45 . 2008-12-02 21:45 <DIR> d-------- C:\Documents and Settings\cNx\Dane aplikacji\vlc 2008-12-02 21:44 . 2008-12-02 21:44 <DIR> d-------- C:\Program Files\VideoLAN 2008-12-02 21:27 . 2008-12-02 21:27 23 --a------ C:\WINDOWS\system32\abcdf9_z.ocx 2008-12-02 21:08 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-12-02 20:57 . 2008-12-02 20:57 <DIR> d-------- C:\Program Files\NAPI-PROJEKT 2008-12-02 20:53 . 2008-12-02 20:53 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- C:\Program Files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- C:\Documents and Settings\cNx\Dane aplikacji\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-11-27 13:31 . 2008-11-27 13:31 <DIR> d-------- C:\Documents and Settings\Nikola\Dane aplikacji\Winamp 2008-11-25 19:29 . 2008-11-25 19:29 <DIR> d-------- C:\Documents and Settings\cNx\Dane aplikacji\OpenOffice.ux.pl2 2008-11-25 19:26 . 2008-11-25 19:26 <DIR> d-------- C:\Program Files\OpenOffice.ux.pl 2.1.0 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- C:\Documents and Settings\cNx\SystemRequirementsLab 2008-11-22 15:58 . 2008-11-27 19:23 502 --a------ C:\hpfr3420.xml 2008-11-22 15:56 . 2008-11-22 15:56 <DIR> d-------- C:\Program Files\hp deskjet 3420 series 2008-11-22 15:56 . 2002-11-03 21:02 184,386 --a------ C:\WINDOWS\system32\hpzsnt07.dll 2008-11-22 15:56 . 2008-11-22 15:56 704 --a------ C:\WINDOWS\hpinfo.lnk 2008-11-22 15:55 . 2008-11-22 15:55 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-11-18 17:48 . 2008-11-18 17:48 <DIR> d-------- C:\Documents and Settings\cNx\Dane aplikacji\InstallShield 2008-11-12 17:45 . 2008-12-04 16:00 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-11-12 17:34 . 2008-11-12 17:34 <DIR> d-------- C:\Documents and Settings\Nikola\Dane aplikacji\Gadu-Gadu 2008-11-12 17:25 . 2008-11-12 17:25 <DIR> d-------- C:\Documents and Settings\Nikola\Gadu-Gadu 2008-11-12 17:21 . 2008-11-12 17:21 <DIR> d-------- C:\Documents and Settings\Nikola\Dane aplikacji\Nero 2008-11-12 15:08 . 2008-09-04 17:46 1,106,944 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2008-11-12 07:52 . 2008-10-24 12:10 453,632 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-11-11 20:42 . 2008-11-11 20:42 <DIR> d-------- C:\Documents and Settings\cNx\Dane aplikacji\Nero 2008-11-11 20:37 . 2008-11-11 20:37 <DIR> d-------- C:\Program Files\Nero 2008-11-11 20:37 . 2008-11-11 20:37 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-11-11 20:37 . 2008-11-11 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-11-11 20:12 . 2008-11-11 20:12 422 --a------ C:\log.udt 2008-11-11 08:15 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-11-11 08:15 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe 2008-11-11 08:15 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd 2008-11-11 08:15 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat 2008-11-11 08:15 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg 2008-11-11 08:15 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2008-11-09 18:58 . 2001-08-17 21:52 18,688 --a------ C:\WINDOWS\system32\dllcache\cdaudio.sys 2008-11-07 19:19 . 2008-11-07 19:19 <DIR> d-------- C:\Program Files\Realtek AC97 2008-11-07 19:19 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe 2008-11-07 19:19 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll 2008-11-07 19:19 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-11-07 15:47 . 2008-11-07 15:47 <DIR> d-------- C:\WINDOWS\ERUNT 2008-11-07 15:47 . 2008-11-07 15:47 <DIR> d-------- C:\ERDNT 2008-11-07 15:47 . 2008-11-07 15:47 <DIR> d-------- C:\!FixIEDef 2008-11-07 15:45 . 2008-11-07 15:45 <DIR> d-------- C:\WINDOWS\Sun 2008-11-07 15:15 . 2008-11-07 15:15 <DIR> d--hs---- C:\Recycled 2008-11-06 08:09 . 2008-09-15 16:40 1,846,272 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-11-06 08:09 . 2008-11-06 08:09 0 --a------ C:\WINDOWS\nsreg.dat 2008-11-06 07:57 . 2008-08-28 11:04 333,056 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-11-06 07:55 . 2008-11-06 07:55 <DIR> d-------- C:\Program Files\Sun 2008-11-06 07:53 . 2008-11-10 05:43 410,984 --a------ C:\WINDOWS\system32\deploytk.dll 2008-11-06 07:53 . 2008-11-10 03:39 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-11-06 07:52 . 2008-11-06 07:52 <DIR> d-------- C:\Program Files\Java 2008-11-06 07:51 . 2008-06-14 19:01 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-11-06 07:48 . 2008-08-14 10:51 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-11-06 07:28 . 2008-04-11 19:51 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-11-06 07:28 . 2008-05-01 15:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-11-06 07:21 . 2008-10-15 18:00 332,800 --------- C:\WINDOWS\system32\dllcache\netapi32.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-05 16:34 --------- d-----w C:\Program Files\AvRack 2008-11-05 16:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2008-11-05 16:24 --------- d-----w C:\Documents and Settings\cNx\Dane aplikacji\Gadu-Gadu 2008-11-05 15:42 --------- d-----w C:\Program Files\Winamp 2008-11-05 15:42 --------- d-----w C:\Documents and Settings\cNx\Dane aplikacji\Winamp 2008-11-05 15:35 --------- d-----w C:\Program Files\Opera 2008-11-05 15:33 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-11-05 15:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-11-05 15:32 --------- d-----w C:\Program Files\RALINK 2008-11-05 15:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-11-05 14:56 558,142 ----a-w C:\WINDOWS\java\Packages\1NZHN93D.ZIP 2008-11-05 14:56 155,995 ----a-w C:\WINDOWS\java\Packages\UUJ17N73.ZIP 2008-11-05 14:56 --------- d-----w C:\Program Files\microsoft frontpage 2008-11-05 14:53 --------- d-----w C:\Program Files\Usługi online 2008-10-27 09:04 70,992 ----a-w C:\WINDOWS\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w C:\WINDOWS\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w C:\WINDOWS\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w C:\WINDOWS\system32\X3DAudio1_5.dll 2008-10-24 11:10 453,632 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-10-10 03:52 452,440 ----a-w C:\WINDOWS\system32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w C:\WINDOWS\system32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w C:\WINDOWS\system32\D3DCompiler_40.dll 2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll 2008-09-15 15:40 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584] "Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-08-16 16:01 264704] "Gadu-Gadu"="E:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 11:04 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-05-14 06:41 3784704] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 21:02 188416] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-05-14 06:41 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43 136600] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 20:20 206088] "nwiz"="nwiz.exe" [2004-05-14 06:41 831488 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360] C:\Documents and Settings\Nikola\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.1.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe [2006-12-30 04:32:40 17408] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-11-05 16:33:35 614400] [HKLM\~\startupfolder\C:^Documents and Settings^cNx^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk] path=C:\Documents and Settings\cNx\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.1.0.lnk backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.1.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] --a------ 2007-05-04 01:32 961024 E:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] --a------ 2008-07-29 20:20 206088 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 09:31 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-11-18 16:31 21633320 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-11-08 12:52 1410296 D:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "D:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "E:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29:38 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06:48 24592] S3 AVPsys;AVPsys;\??\C:\WINDOWS\system32\drivers\cdaudio.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077770a8-ae76-11dd-8029-000e2e4965d4}] \Shell\AutoRun\command - G:\sq.com \Shell\explore\Command - G:\sq.com \Shell\open\Command - G:\sq.com . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-Gadu-Gadu - E:\Programy Zainstalowane\Gadu-Gadu\gg.exe . ------- Skan uzupełniający ------- . O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd FireFox -: Profile - C:\Documents and Settings\cNx\Dane aplikacji\Mozilla\Firefox\Profiles\sha3vqod.default\ FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 21:44:10 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ...

edit by Magik

http://forum.programosy.pl/przeczytaj-zanim-wstawisz-logi-na-forum-vt93842.html

po cos ktos to pisal :!:

Chyba już dobrze ? prosze o sprawdzenie

**Posty:** 18165 · przez **wojtas** 07 Gru 2008, 17:28

jest infekcja z pendriva...

1)

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format

Otworz notatnik i wklej w nim to:

File::
C:\2u.com
D:\2u.com
E:\2u.com

Folder::
C:\Recycled
D:\Recycled
E:\Recycled

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077770a8-ae76-11dd-8029-000e2e4965d4}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 110 · przez **cnx1234** 07 Gru 2008, 19:02

oto log :

Kod: Zaznacz wszystko: ComboFix 08-12-06.06 - cNx 2008-12-07 17:56:02.5 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.221 [GMT 1:00] Uruchomiony z: c:\documents and settings\cNx\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\cNx\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania FILE :: C:\2u.com D:\2u.com E:\2u.com . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2u.com C:\Recycled c:\recycled\desktop.ini c:\recycled\INFO2 D:\2u.com E:\2u.com . ---- Previous Run ------- . C:\autorun.inf c:\windows\system32\febefd_z.dll c:\windows\system32\gasretyw0.dll c:\windows\system32\kamsoft.exe D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-07 do 2008-12-07 ))))))))))))))))))))))))))))))) . 2008-12-06 19:33 . 2008-12-06 19:33 <DIR> d-------- c:\program files\Kaspersky Lab 2008-12-06 19:33 . 2008-12-06 19:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2008-12-06 19:33 . 2008-12-07 11:08 1,064,480 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-06 19:33 . 2008-12-07 11:08 147,488 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-12-06 19:33 . 2008-12-06 19:33 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-12-06 19:33 . 2008-12-06 19:33 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-12-06 19:33 . 2008-12-07 11:08 10,444 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-06 19:33 . 2008-12-07 11:08 2,632 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-12-06 19:32 . 2008-12-06 19:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-12-05 20:19 . 2008-12-05 20:19 <DIR> d-------- c:\program files\WMV9_VCM 2008-12-05 20:18 . 2008-12-05 20:18 <DIR> d-------- c:\program files\Avalon 2008-12-05 19:44 . 2008-12-05 19:45 <DIR> d-------- c:\windows\Logs 2008-12-05 19:44 . 2008-12-05 19:44 <DIR> d-------- c:\program files\directx9 2008-12-05 14:04 . 2008-12-05 14:04 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Media Player Classic 2008-12-04 15:34 . 2008-12-04 15:35 <DIR> d-------- c:\program files\Odkurzacz 2008-12-03 17:13 . 2008-12-03 17:13 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\OpenOffice.ux.pl2 2008-12-02 21:45 . 2008-12-02 21:45 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\vlc 2008-12-02 21:44 . 2008-12-02 21:44 <DIR> d-------- c:\program files\VideoLAN 2008-12-02 21:27 . 2008-12-02 21:27 23 --a------ c:\windows\system32\abcdf9_z.ocx 2008-12-02 21:08 . 2004-08-04 00:44 221,184 --a------ c:\windows\system32\wmpns.dll 2008-12-02 20:57 . 2008-12-02 20:57 <DIR> d-------- c:\program files\NAPI-PROJEKT 2008-12-02 20:53 . 2008-12-02 20:53 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\program files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\program files\Common Files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype 2008-11-27 13:31 . 2008-11-27 13:31 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Winamp 2008-11-25 19:29 . 2008-11-25 19:29 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\OpenOffice.ux.pl2 2008-11-25 19:26 . 2008-11-25 19:26 <DIR> d-------- c:\program files\OpenOffice.ux.pl 2.1.0 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- c:\documents and settings\cNx\SystemRequirementsLab 2008-11-22 15:58 . 2008-11-27 19:23 502 --a------ C:\hpfr3420.xml 2008-11-22 15:56 . 2008-11-22 15:56 <DIR> d-------- c:\program files\hp deskjet 3420 series 2008-11-22 15:56 . 2002-11-03 21:02 184,386 --a------ c:\windows\system32\hpzsnt07.dll 2008-11-22 15:56 . 2008-11-22 15:56 704 --a------ c:\windows\hpinfo.lnk 2008-11-22 15:55 . 2008-11-22 15:55 <DIR> d-------- c:\program files\Hewlett-Packard 2008-11-18 17:48 . 2008-11-18 17:48 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\InstallShield 2008-11-12 17:45 . 2008-12-04 16:00 69 --a------ c:\windows\NeroDigital.ini 2008-11-12 17:34 . 2008-11-12 17:34 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Gadu-Gadu 2008-11-12 17:25 . 2008-11-12 17:25 <DIR> d-------- c:\documents and settings\Nikola\Gadu-Gadu 2008-11-12 17:21 . 2008-11-12 17:21 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Nero 2008-11-12 15:08 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 07:52 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 20:42 . 2008-11-11 20:42 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Nero 2008-11-11 20:37 . 2008-11-11 20:37 <DIR> d-------- c:\program files\Nero 2008-11-11 20:37 . 2008-11-11 20:37 <DIR> d-------- c:\program files\Common Files\Nero 2008-11-11 20:37 . 2008-11-11 20:37 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Nero 2008-11-11 20:12 . 2008-11-11 20:12 422 --a------ C:\log.udt 2008-11-11 08:15 . 2003-02-28 18:26 139,536 --a------ c:\windows\system32\javaee.dll 2008-11-11 08:15 . 2003-02-28 18:26 46,352 --a------ c:\windows\setdebug.exe 2008-11-11 08:15 . 2003-02-28 16:54 7,315 --a------ c:\windows\system32\javasup.vxd 2008-11-11 08:15 . 2003-02-28 16:35 6,550 --a------ c:\windows\jautoexp.dat 2008-11-11 08:15 . 2003-02-28 16:38 113 --a------ c:\windows\system32\zonedon.reg 2008-11-11 08:15 . 2003-02-28 16:38 113 --a------ c:\windows\system32\zonedoff.reg 2008-11-09 18:58 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\dllcache\cdaudio.sys 2008-11-07 19:19 . 2008-11-07 19:19 <DIR> d-------- c:\program files\Realtek AC97 2008-11-07 19:19 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe 2008-11-07 19:19 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll 2008-11-07 19:19 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe 2008-11-07 15:47 . 2008-11-07 15:47 <DIR> d-------- c:\windows\ERUNT 2008-11-07 15:47 . 2008-11-07 15:47 <DIR> d-------- C:\ERDNT 2008-11-07 15:47 . 2008-11-07 15:47 <DIR> d-------- C:\!FixIEDef 2008-11-07 15:45 . 2008-11-07 15:45 <DIR> d-------- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-06 06:55 --------- d-----w c:\program files\Sun 2008-11-06 06:52 --------- d-----w c:\program files\Java 2008-11-05 16:34 --------- d-----w c:\program files\AvRack 2008-11-05 16:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2008-11-05 16:24 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Gadu-Gadu 2008-11-05 15:42 --------- d-----w c:\program files\Winamp 2008-11-05 15:42 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Winamp 2008-11-05 15:35 --------- d-----w c:\program files\Opera 2008-11-05 15:33 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-11-05 15:32 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-05 15:32 --------- d-----w c:\program files\RALINK 2008-11-05 15:32 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-05 14:56 558,142 ----a-w c:\windows\java\Packages\1NZHN93D.ZIP 2008-11-05 14:56 155,995 ----a-w c:\windows\java\Packages\UUJ17N73.ZIP 2008-11-05 14:56 --------- d-----w c:\program files\microsoft frontpage 2008-11-05 14:53 --------- d-----w c:\program files\Usługi online 2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-15 17:00 332,800 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:40 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-06_21.44.54.20 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-06 20:43:42 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-07 14:35:20 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-06 20:43:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-12-07 14:35:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-12-07 14:35:26 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_754.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088] "nwiz"="nwiz.exe" [2004-05-14 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Nikola\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.1.0.lnk - c:\program files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe [2006-12-30 17408] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-11-05 614400] [HKLM\~\startupfolder\C:^Documents and Settings^cNx^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk] path=c:\documents and settings\cNx\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.1.0.lnk backup=c:\windows\pss\OpenOffice.ux.pl 2.1.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] --a------ 2007-05-04 01:32 961024 e:\program files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] --a------ 2008-07-29 20:20 206088 c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] e:\programy zainstalowane\Gadu-Gadu\gg.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 16:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 09:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-06-19 09:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-11-08 12:52 1410296 d:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "d:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "e:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [] . . ------- Skan uzupełniający ------- . O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FireFox -: Profile - c:\documents and settings\cNx\Dane aplikacji\Mozilla\Firefox\Profiles\sha3vqod.default\ FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 18:00:20 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-12-07 18:01:15 ComboFix2.txt 2008-11-07 14:15:00 ComboFix-quarantined-files.txt 2008-12-07 17:01:12 Przed: 18,947,751,936 bajtów wolnych Po: 18,936,250,368 bajtów wolnych 233 --- E O F --- 2008-11-12 20:28:57

Najgorzej ze czesto mam wysokie pingi w grach przez internet

**Posty:** 18165 · przez **wojtas** 07 Gru 2008, 19:33

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 110 · przez **cnx1234** 07 Gru 2008, 20:06

Log:

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.7.20.6874 * * * ******************************************************************************** Created at 19:05:31 on Sunday, December 07, 2008 Time Zone : Logged On User : cNx Operating System : Microsoft Windows XP Professional Dodatek Service Pack 2 OS Version : 5.1.2600 System Langauge : Polish Keyboard Layout : Polish Processor : X86 AMD Sempron(tm) 2300+ System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 System Drive Type : Fixed System Drive Status : READY System Drive Label : System Drive Size : 24.99 GB System Drive Free : 19.42 GB Total Physical Memory: 511 MB Free Physical Memory : 266 MB Total Page File : 511 MB Free Page File : 1045 MB Total Virtual Memory : 2048 MB Free Virtual Memory : 1969 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! userinit.exe is Clean !!! -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\WINDOWS\system32\Uninstall.ico -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

z Kasperskiego sie niedalo bo mam zainstalowanego nawet jak wyloncze to sie nie da przeskanowac.
Skanuje kompa tera Kaspersky Virus Removal Tool

Oto log z Kaspersky Virus Removal Tool 2 keylogery jakies

Kod: Zaznacz wszystko: Scan ---- Scanned: 372664 Detected: 2 Untreated: 0 Start time: 2008-12-07 19:20:42 Duration: 01:45:29 Finish time: 2008-12-07 21:06:11 Detected -------- Status Object ------ ------ deleted: Trojan program Trojan-Spy.Win32.KeyLogger.bhg File: c:\documents and settings\cnx\pulpit\virus removal tool\is-bgda3\startup.exe deleted: Trojan program Trojan-Spy.Win32.KeyLogger.bhg File: C:\Documents and Settings\cNx\Pulpit\setup_7.0.0.290_07.12.2008_20-37.exe//file019 Events ------ Time Name Status Reason ---- ---- ------ ------ Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ----

**Posty:** 18165 · przez **wojtas** 08 Gru 2008, 00:20

czysto juz

Autor postu otrzymał pochwałę

**Posty:** 110 · przez **cnx1234** 10 Gru 2008, 21:32

przy starcie systemu od razu wyswietla mi sie wiadomosc :

Hard Disk infected by Virus
[Cos takiego]

trzeba wcisnac enter zeby sie wlanczal system

Byl goscio od neta i juz dobrze jest
Mowil zeby zrobic reinstalke windowsa i ze mialem zle zainstalowane fat na c cos takiego.
Moze mi pomozecie dzieki

**Posty:** 18165 · przez **wojtas** 10 Gru 2008, 22:13

pokaz screena z alertu oraz nowe logi

**Posty:** 110 · przez **cnx1234** 12 Gru 2008, 14:19

Przy wlonczeniu jest na czarnym tle napisane :
Caution: This hard disk may be infected by virus !

Hijackthis:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:14:49, on 2008-12-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe E:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\RALINK\Common\RaUI.exe E:\Programy Zainstalowane\Gamaa Adjuster\GammaAdjuster.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\cNx\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 4171 bytes

ComboFix

Kod: Zaznacz wszystko: ComboFix 08-12-06.03 - cNx 2008-12-12 13:16:26.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.251 [GMT 1:00] Uruchomiony z: e:\instalki\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-12 do 2008-12-12 ))))))))))))))))))))))))))))))) . 2008-12-10 19:04 . 2008-12-10 19:04 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\ESET 2008-12-10 17:22 . 2008-12-10 17:22 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\ESET 2008-12-10 17:22 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2008-12-10 17:21 . 2008-12-10 17:21 <DIR> d-------- c:\program files\ESET 2008-12-10 17:21 . 2008-12-10 17:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET 2008-12-10 17:20 . 2008-12-11 21:18 290,848 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-10 17:20 . 2008-12-11 21:18 5,456 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-10 17:10 . 2008-12-10 17:10 <DIR> d-------- c:\program files\RALINK 2008-12-10 17:10 . 2007-07-28 16:10 483,968 --a------ c:\windows\system32\drivers\rt61.sys 2008-12-07 19:19 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\52785454.sys 2008-12-07 18:01 . 2008-12-07 18:01 <DIR> d--hs---- C:\Recycled 2008-12-06 19:33 . 2008-12-06 19:33 <DIR> d-------- c:\program files\Kaspersky Lab 2008-12-06 19:32 . 2008-12-06 19:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-12-05 20:19 . 2008-12-05 20:19 <DIR> d-------- c:\program files\WMV9_VCM 2008-12-05 20:18 . 2008-12-05 20:18 <DIR> d-------- c:\program files\Avalon 2008-12-05 19:44 . 2008-12-05 19:45 <DIR> d-------- c:\windows\Logs 2008-12-05 19:44 . 2008-12-05 19:44 <DIR> d-------- c:\program files\directx9 2008-12-05 14:04 . 2008-12-05 14:04 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Media Player Classic 2008-12-04 15:34 . 2008-12-04 15:35 <DIR> d-------- c:\program files\Odkurzacz 2008-12-03 17:13 . 2008-12-03 17:13 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\OpenOffice.ux.pl2 2008-12-02 21:45 . 2008-12-02 21:45 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\vlc 2008-12-02 21:44 . 2008-12-02 21:44 <DIR> d-------- c:\program files\VideoLAN 2008-12-02 21:27 . 2008-12-02 21:27 23 --a------ c:\windows\system32\abcdf9_z.ocx 2008-12-02 21:08 . 2004-08-04 00:44 221,184 --a------ c:\windows\system32\wmpns.dll 2008-12-02 20:57 . 2008-12-02 20:57 <DIR> d-------- c:\program files\NAPI-PROJEKT 2008-12-02 20:53 . 2008-12-02 20:53 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\program files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\program files\Common Files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype 2008-11-27 13:31 . 2008-11-27 13:31 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Winamp 2008-11-25 19:29 . 2008-11-25 19:29 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\OpenOffice.ux.pl2 2008-11-25 19:26 . 2008-11-25 19:26 <DIR> d-------- c:\program files\OpenOffice.ux.pl 2.1.0 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- c:\documents and settings\cNx\SystemRequirementsLab 2008-11-22 15:58 . 2008-11-27 19:23 502 --a------ C:\hpfr3420.xml 2008-11-22 15:56 . 2008-11-22 15:56 <DIR> d-------- c:\program files\hp deskjet 3420 series 2008-11-22 15:56 . 2002-11-03 21:02 184,386 --a------ c:\windows\system32\hpzsnt07.dll 2008-11-22 15:56 . 2008-11-22 15:56 704 --a------ c:\windows\hpinfo.lnk 2008-11-22 15:55 . 2008-11-22 15:55 <DIR> d-------- c:\program files\Hewlett-Packard 2008-11-18 17:48 . 2008-11-18 17:48 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\InstallShield 2008-11-12 17:45 . 2008-12-04 16:00 69 --a------ c:\windows\NeroDigital.ini 2008-11-12 17:34 . 2008-11-12 17:34 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Gadu-Gadu 2008-11-12 17:25 . 2008-11-12 17:25 <DIR> d-------- c:\documents and settings\Nikola\Gadu-Gadu 2008-11-12 17:21 . 2008-11-12 17:21 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Nero 2008-11-12 15:08 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 07:52 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 16:10 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-11-11 19:42 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Nero 2008-11-11 19:37 --------- d-----w c:\program files\Nero 2008-11-11 19:37 --------- d-----w c:\program files\Common Files\Nero 2008-11-11 19:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-07 18:19 --------- d-----w c:\program files\Realtek AC97 2008-11-06 06:55 --------- d-----w c:\program files\Sun 2008-11-06 06:52 --------- d-----w c:\program files\Java 2008-11-05 16:34 --------- d-----w c:\program files\AvRack 2008-11-05 16:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2008-11-05 16:24 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Gadu-Gadu 2008-11-05 15:42 --------- d-----w c:\program files\Winamp 2008-11-05 15:42 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Winamp 2008-11-05 15:35 --------- d-----w c:\program files\Opera 2008-11-05 15:32 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-05 15:32 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-05 14:56 558,142 ----a-w c:\windows\java\Packages\1NZHN93D.ZIP 2008-11-05 14:56 155,995 ----a-w c:\windows\java\Packages\UUJ17N73.ZIP 2008-11-05 14:56 --------- d-----w c:\program files\microsoft frontpage 2008-11-05 14:53 --------- d-----w c:\program files\Usługi online 2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-15 17:00 332,800 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:40 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Nikola\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.1.0.lnk - c:\program files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe [2006-12-30 17408] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-10 675840] [HKLM\~\startupfolder\C:^Documents and Settings^cNx^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk] path=c:\documents and settings\cNx\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.1.0.lnk backup=c:\windows\pss\OpenOffice.ux.pl 2.1.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] --a------ 2007-05-04 01:32 961024 e:\program files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 16:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:44 1667584 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 09:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-06-19 09:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] --a------ 2008-08-16 16:01 264704 c:\program files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-11-08 12:52 1410296 d:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2004-05-14 06:41 831488 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "d:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "e:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 is-BGDA3drv;is-BGDA3drv;c:\windows\system32\DRIVERS\52785454.sys [2008-12-07 148496] R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [] . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe MSConfigStartUp-Gadu-Gadu - e:\programy zainstalowane\Gadu-Gadu\gg.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.pl/ O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FireFox -: Profile - c:\documents and settings\cNx\Dane aplikacji\Mozilla\Firefox\Profiles\sha3vqod.default\ FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-12 13:18:45 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-12-12 13:19:35 ComboFix-quarantined-files.txt 2008-12-12 12:19:34 Przed: 19 714 293 760 bajtów wolnych Po: 19,743,932,416 bajtów wolnych 195 --- E O F --- 2008-11-12 20:28:57

**Posty:** 18165 · przez **wojtas** 12 Gru 2008, 17:11

te plik/i :

c:\windows\system32\drivers\52785454.sys

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

Otworz notatnik i wklej w nim to:

Folder::
C:\Recycled
D:\Recycled
E:\Recycled

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
oraz raport ze skanu pliku !

**Posty:** 110 · przez **cnx1234** 12 Gru 2008, 20:37

Kod: Zaznacz wszystko: File size: 148496 bytes MD5...: 0aa3ad071827118fcc8f37f7a6ab7aa1 SHA1..: 59784c49ffe530931010070c8843366f9d7fa6f0 SHA256: 3e893bcf9e3ec8fa44c8ef0cf7c2d269212651d65c16b30bd953cc3a54f3b2aa SHA512: b56442c4271033f9547727ac097fc903f0bd51c062f415726aeee3e6abde24e1 ec127cb548086d5429ff4dc4e78c322b2594bb4f29f817338299f6c9c23bbc25 ssdeep: 3072:xoZsjyhxlNCet3MATPO1jUFLVFnRkPjcow9gT7wNwSk7Fa/4NJ:xnjyhx8A d6jcpgTsW/KqJ PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x33010 timedatestamp.....: 0x4873470a (Tue Jul 08 10:52:58 2008) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1a848 0x1aa00 6.38 ca8bbffb8c1aac75560de3ffede16f38 NONPAGED 0x1c000 0x25 0x200 0.30 76fbfaa1c4997eccce3ca016c3b1345b .rdata 0x1d000 0x850 0xa00 4.25 6ffc26ac817e2ae1a1cf5ce42adc9f0b .data 0x1e000 0x1b00 0x600 6.42 2680643c152bf562cae4ab5d1ed2070c PAGE 0x20000 0x2cdc 0x2e00 6.28 7516763c152ec5b6c5df87c555fadbb5 INIT 0x23000 0x1b88 0x1c00 5.96 4459dca4b85a564cb98f26cfbff36fbe .rsrc 0x25000 0x400 0x400 3.36 09f200edb8e02e6fa4ab2f6bc27ad921 .reloc 0x26000 0x1b6e 0x1c00 6.47 5d73a4e2a3be56c2448dbd9511deefa3 ( 3 imports ) > ntoskrnl.exe: IoAllocateWorkItem, RtlDeleteElementGenericTableAvl, RtlGetElementGenericTableAvl, FsRtlIsNameInExpression, RtlInsertElementGenericTableAvl, InitSafeBootMode, InterlockedPopEntrySList, InterlockedPushEntrySList, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList, SeTokenType, SeCreateClientSecurity, SeImpersonateClientEx, IoVerifyVolume, IoDeviceObjectType, IoBuildSynchronousFsdRequest, IoDeleteDevice, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, MmIsAddressValid, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, IoRegisterShutdownNotification, IoCreateSymbolicLink, IoCreateDevice, RtlAppendUnicodeToString, KeDelayExecutionThread, KeQuerySystemTime, strncmp, IoGetCurrentProcess, ExGetPreviousMode, SeReleaseSubjectContext, IoQueueWorkItem, SeCaptureSubjectContext, PsDereferenceImpersonationToken, RtlCopySid, RtlLengthSid, SeQueryInformationToken, PsReferencePrimaryToken, PsReferenceImpersonationToken, PsIsThreadTerminating, IoThreadToProcess, RtlInitializeGenericTableAvl, READ_REGISTER_UCHAR, ProbeForRead, RtlLookupElementGenericTableAvl, ObQueryNameString, CmUnRegisterCallback, MmUserProbeAddress, CmRegisterCallback, ZwEnumerateValueKey, ZwDeleteValueKey, ZwQueryKey, wcsrchr, NtBuildNumber, KeClearEvent, ExInitializePagedLookasideList, ExDeletePagedLookasideList, PsLookupProcessByProcessId, RtlCopyUnicodeString, RtlNumberGenericTableElementsAvl, RtlEnumerateGenericTableAvl, PsSetLoadImageNotifyRoutine, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, PsRemoveCreateThreadNotifyRoutine, PsRemoveLoadImageNotifyRoutine, IoFreeWorkItem, IofCompleteRequest, IoWMIRegistrationControl, MmGetSystemRoutineAddress, RtlCompareMemory, IoWMIWriteEvent, ZwQueryInformationProcess, KeStackAttachProcess, _wcsicmp, KeUnstackDetachProcess, ZwOpenKey, ZwEnumerateKey, RtlUnicodeStringToInteger, ZwQueryValueKey, ZwCreateKey, RtlIntegerToUnicodeString, ZwSetValueKey, RtlAppendUnicodeStringToString, ZwDeleteKey, DbgBreakPoint, ZwCreateFile, IoGetRelatedDeviceObject, _vsnwprintf, KeQueryInterruptTime, strncpy, RtlInitUnicodeString, RtlCompareUnicodeString, IoFileObjectType, ObReferenceObjectByPointer, _allmul, KeWaitForMultipleObjects, KeSetEvent, ExDeleteResourceLite, ExInitializeResourceLite, memcpy, _except_handler3, ZwOpenProcess, ZwTerminateProcess, PsCreateSystemThread, ObReferenceObjectByHandle, ZwClose, PsTerminateSystemThread, ObfDereferenceObject, KeGetCurrentThread, PsGetCurrentProcessId, PsGetCurrentThreadId, RtlUpcaseUnicodeChar, RtlUpperChar, memset, ExAllocatePoolWithTag, KeInitializeEvent, IoBuildDeviceIoControlRequest, IofCallDriver, KeWaitForSingleObject, SeQueryAuthenticationIdToken, ExFreePoolWithTag > HAL.dll: KfReleaseSpinLock, KeGetCurrentIrql, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock > FLTMGR.SYS: FltQueryInformationFile, FltGetRoutineAddress, FltIsDirectory, FltGetFileNameInformation, FltParseFileNameInformation, FltAllocateCallbackData, FltPerformSynchronousIo, FltFreeCallbackData, FltReferenceFileNameInformation, FltReleaseFileNameInformation, FltGetStreamHandleContext, FltGetStreamContext, FltEnumerateVolumeInformation, FltRegisterFilter, FltStartFiltering, FltSetCallbackDataDirty, FltGetDestinationFileNameInformation, FltSetStreamHandleContext, FltCancelFileOpen, FltSetStreamContext, FltReleaseContext, FltGetVolumeProperties, FltAllocateContext, FltQueryVolumeInformation, FltGetVolumeName, FltSetInstanceContext, FltSetVolumeContext, FltUnregisterFilter, FltFsControlFile, FltGetVolumeFromFileObject, FltGetVolumeContext, FltGetInstanceContext, FltCreateFile, FltClose, FltFlushBuffers, FltSetInformationFile, FltWriteFile, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltObjectReference, FltAllocatePoolAlignedWithTag, FltReadFile, FltFreePoolAlignedWithTag, FltObjectDereference, FltSendMessage, FltCloseClientPort, FltCloseCommunicationPort, FltReleaseResource, FltAcquireResourceShared, FltAcquireResourceExclusive, FltGetFileNameInformationUnsafe

Drugi skaner

Kod: Zaznacz wszystko: File size: 148496 bytes MD5...: 0aa3ad071827118fcc8f37f7a6ab7aa1 SHA1..: 59784c49ffe530931010070c8843366f9d7fa6f0 SHA256: 3e893bcf9e3ec8fa44c8ef0cf7c2d269212651d65c16b30bd953cc3a54f3b2aa SHA512: b56442c4271033f9547727ac097fc903f0bd51c062f415726aeee3e6abde24e1 ec127cb548086d5429ff4dc4e78c322b2594bb4f29f817338299f6c9c23bbc25 ssdeep: 3072:xoZsjyhxlNCet3MATPO1jUFLVFnRkPjcow9gT7wNwSk7Fa/4NJ:xnjyhx8A d6jcpgTsW/KqJ PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x33010 timedatestamp.....: 0x4873470a (Tue Jul 08 10:52:58 2008) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1a848 0x1aa00 6.38 ca8bbffb8c1aac75560de3ffede16f38 NONPAGED 0x1c000 0x25 0x200 0.30 76fbfaa1c4997eccce3ca016c3b1345b .rdata 0x1d000 0x850 0xa00 4.25 6ffc26ac817e2ae1a1cf5ce42adc9f0b .data 0x1e000 0x1b00 0x600 6.42 2680643c152bf562cae4ab5d1ed2070c PAGE 0x20000 0x2cdc 0x2e00 6.28 7516763c152ec5b6c5df87c555fadbb5 INIT 0x23000 0x1b88 0x1c00 5.96 4459dca4b85a564cb98f26cfbff36fbe .rsrc 0x25000 0x400 0x400 3.36 09f200edb8e02e6fa4ab2f6bc27ad921 .reloc 0x26000 0x1b6e 0x1c00 6.47 5d73a4e2a3be56c2448dbd9511deefa3 ( 3 imports ) > ntoskrnl.exe: IoAllocateWorkItem, RtlDeleteElementGenericTableAvl, RtlGetElementGenericTableAvl, FsRtlIsNameInExpression, RtlInsertElementGenericTableAvl, InitSafeBootMode, InterlockedPopEntrySList, InterlockedPushEntrySList, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList, SeTokenType, SeCreateClientSecurity, SeImpersonateClientEx, IoVerifyVolume, IoDeviceObjectType, IoBuildSynchronousFsdRequest, IoDeleteDevice, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, MmIsAddressValid, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, IoRegisterShutdownNotification, IoCreateSymbolicLink, IoCreateDevice, RtlAppendUnicodeToString, KeDelayExecutionThread, KeQuerySystemTime, strncmp, IoGetCurrentProcess, ExGetPreviousMode, SeReleaseSubjectContext, IoQueueWorkItem, SeCaptureSubjectContext, PsDereferenceImpersonationToken, RtlCopySid, RtlLengthSid, SeQueryInformationToken, PsReferencePrimaryToken, PsReferenceImpersonationToken, PsIsThreadTerminating, IoThreadToProcess, RtlInitializeGenericTableAvl, READ_REGISTER_UCHAR, ProbeForRead, RtlLookupElementGenericTableAvl, ObQueryNameString, CmUnRegisterCallback, MmUserProbeAddress, CmRegisterCallback, ZwEnumerateValueKey, ZwDeleteValueKey, ZwQueryKey, wcsrchr, NtBuildNumber, KeClearEvent, ExInitializePagedLookasideList, ExDeletePagedLookasideList, PsLookupProcessByProcessId, RtlCopyUnicodeString, RtlNumberGenericTableElementsAvl, RtlEnumerateGenericTableAvl, PsSetLoadImageNotifyRoutine, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, PsRemoveCreateThreadNotifyRoutine, PsRemoveLoadImageNotifyRoutine, IoFreeWorkItem, IofCompleteRequest, IoWMIRegistrationControl, MmGetSystemRoutineAddress, RtlCompareMemory, IoWMIWriteEvent, ZwQueryInformationProcess, KeStackAttachProcess, _wcsicmp, KeUnstackDetachProcess, ZwOpenKey, ZwEnumerateKey, RtlUnicodeStringToInteger, ZwQueryValueKey, ZwCreateKey, RtlIntegerToUnicodeString, ZwSetValueKey, RtlAppendUnicodeStringToString, ZwDeleteKey, DbgBreakPoint, ZwCreateFile, IoGetRelatedDeviceObject, _vsnwprintf, KeQueryInterruptTime, strncpy, RtlInitUnicodeString, RtlCompareUnicodeString, IoFileObjectType, ObReferenceObjectByPointer, _allmul, KeWaitForMultipleObjects, KeSetEvent, ExDeleteResourceLite, ExInitializeResourceLite, memcpy, _except_handler3, ZwOpenProcess, ZwTerminateProcess, PsCreateSystemThread, ObReferenceObjectByHandle, ZwClose, PsTerminateSystemThread, ObfDereferenceObject, KeGetCurrentThread, PsGetCurrentProcessId, PsGetCurrentThreadId, RtlUpcaseUnicodeChar, RtlUpperChar, memset, ExAllocatePoolWithTag, KeInitializeEvent, IoBuildDeviceIoControlRequest, IofCallDriver, KeWaitForSingleObject, SeQueryAuthenticationIdToken, ExFreePoolWithTag > HAL.dll: KfReleaseSpinLock, KeGetCurrentIrql, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock > FLTMGR.SYS: FltQueryInformationFile, FltGetRoutineAddress, FltIsDirectory, FltGetFileNameInformation, FltParseFileNameInformation, FltAllocateCallbackData, FltPerformSynchronousIo, FltFreeCallbackData, FltReferenceFileNameInformation, FltReleaseFileNameInformation, FltGetStreamHandleContext, FltGetStreamContext, FltEnumerateVolumeInformation, FltRegisterFilter, FltStartFiltering, FltSetCallbackDataDirty, FltGetDestinationFileNameInformation, FltSetStreamHandleContext, FltCancelFileOpen, FltSetStreamContext, FltReleaseContext, FltGetVolumeProperties, FltAllocateContext, FltQueryVolumeInformation, FltGetVolumeName, FltSetInstanceContext, FltSetVolumeContext, FltUnregisterFilter, FltFsControlFile, FltGetVolumeFromFileObject, FltGetVolumeContext, FltGetInstanceContext, FltCreateFile, FltClose, FltFlushBuffers, FltSetInformationFile, FltWriteFile, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltObjectReference, FltAllocatePoolAlignedWithTag, FltReadFile, FltFreePoolAlignedWithTag, FltObjectDereference, FltSendMessage, FltCloseClientPort, FltCloseCommunicationPort, FltReleaseResource, FltAcquireResourceShared, FltAcquireResourceExclusive, FltGetFileNameInformationUnsafe

Combofix

Kod: Zaznacz wszystko: ComboFix 08-12-06.03 - cNx 2008-12-12 19:33:36.7 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.233 [GMT 1:00] Uruchomiony z: c:\documents and settings\cNx\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\cNx\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-12 do 2008-12-12 ))))))))))))))))))))))))))))))) . 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d-------- c:\documents and settings\Administrator\Ulubione 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d--h----- c:\documents and settings\Administrator\Szablony 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d-------- c:\documents and settings\Administrator\Pulpit 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> dr------- c:\documents and settings\Administrator\Menu Start 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji 2008-12-12 16:29 . 2008-12-12 16:29 <DIR> d-------- c:\documents and settings\Administrator 2008-12-10 19:04 . 2008-12-10 19:04 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\ESET 2008-12-10 17:22 . 2008-12-10 17:22 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\ESET 2008-12-10 17:22 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2008-12-10 17:21 . 2008-12-10 17:21 <DIR> d-------- c:\program files\ESET 2008-12-10 17:21 . 2008-12-10 17:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET 2008-12-10 17:20 . 2008-12-12 17:19 329,760 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-10 17:20 . 2008-12-12 17:19 5,936 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-10 17:10 . 2008-12-10 17:10 <DIR> d-------- c:\program files\RALINK 2008-12-10 17:10 . 2007-07-28 16:10 483,968 --a------ c:\windows\system32\drivers\rt61.sys 2008-12-07 19:19 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\52785454.sys 2008-12-07 18:01 . 2008-12-07 18:01 <DIR> d--hs---- C:\Recycled 2008-12-06 19:33 . 2008-12-06 19:33 <DIR> d-------- c:\program files\Kaspersky Lab 2008-12-06 19:32 . 2008-12-06 19:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-12-05 20:19 . 2008-12-05 20:19 <DIR> d-------- c:\program files\WMV9_VCM 2008-12-05 20:18 . 2008-12-05 20:18 <DIR> d-------- c:\program files\Avalon 2008-12-05 19:44 . 2008-12-05 19:45 <DIR> d-------- c:\windows\Logs 2008-12-05 19:44 . 2008-12-05 19:44 <DIR> d-------- c:\program files\directx9 2008-12-05 14:04 . 2008-12-05 14:04 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Media Player Classic 2008-12-04 15:34 . 2008-12-04 15:35 <DIR> d-------- c:\program files\Odkurzacz 2008-12-03 17:13 . 2008-12-03 17:13 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\OpenOffice.ux.pl2 2008-12-02 21:45 . 2008-12-02 21:45 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\vlc 2008-12-02 21:44 . 2008-12-02 21:44 <DIR> d-------- c:\program files\VideoLAN 2008-12-02 21:27 . 2008-12-02 21:27 23 --a------ c:\windows\system32\abcdf9_z.ocx 2008-12-02 21:08 . 2004-08-04 00:44 221,184 --a------ c:\windows\system32\wmpns.dll 2008-12-02 20:57 . 2008-12-02 20:57 <DIR> d-------- c:\program files\NAPI-PROJEKT 2008-12-02 20:53 . 2008-12-02 20:53 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\program files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\program files\Common Files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype 2008-11-27 13:31 . 2008-11-27 13:31 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Winamp 2008-11-25 19:29 . 2008-11-25 19:29 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\OpenOffice.ux.pl2 2008-11-25 19:26 . 2008-11-25 19:26 <DIR> d-------- c:\program files\OpenOffice.ux.pl 2.1.0 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- c:\documents and settings\cNx\SystemRequirementsLab 2008-11-22 15:58 . 2008-11-27 19:23 502 --a------ C:\hpfr3420.xml 2008-11-22 15:56 . 2008-11-22 15:56 <DIR> d-------- c:\program files\hp deskjet 3420 series 2008-11-22 15:56 . 2002-11-03 21:02 184,386 --a------ c:\windows\system32\hpzsnt07.dll 2008-11-22 15:56 . 2008-11-22 15:56 704 --a------ c:\windows\hpinfo.lnk 2008-11-22 15:55 . 2008-11-22 15:55 <DIR> d-------- c:\program files\Hewlett-Packard 2008-11-18 17:48 . 2008-11-18 17:48 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\InstallShield 2008-11-12 17:45 . 2008-12-04 16:00 69 --a------ c:\windows\NeroDigital.ini 2008-11-12 17:34 . 2008-11-12 17:34 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Gadu-Gadu 2008-11-12 17:25 . 2008-11-12 17:25 <DIR> d-------- c:\documents and settings\Nikola\Gadu-Gadu 2008-11-12 17:21 . 2008-11-12 17:21 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Nero 2008-11-12 15:08 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 07:52 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 16:10 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-11-11 19:42 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Nero 2008-11-11 19:37 --------- d-----w c:\program files\Nero 2008-11-11 19:37 --------- d-----w c:\program files\Common Files\Nero 2008-11-11 19:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-07 18:19 --------- d-----w c:\program files\Realtek AC97 2008-11-06 06:55 --------- d-----w c:\program files\Sun 2008-11-06 06:52 --------- d-----w c:\program files\Java 2008-11-05 16:34 --------- d-----w c:\program files\AvRack 2008-11-05 16:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2008-11-05 16:24 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Gadu-Gadu 2008-11-05 15:42 --------- d-----w c:\program files\Winamp 2008-11-05 15:42 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Winamp 2008-11-05 15:35 --------- d-----w c:\program files\Opera 2008-11-05 15:32 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-05 15:32 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-05 14:56 558,142 ----a-w c:\windows\java\Packages\1NZHN93D.ZIP 2008-11-05 14:56 155,995 ----a-w c:\windows\java\Packages\UUJ17N73.ZIP 2008-11-05 14:56 --------- d-----w c:\program files\microsoft frontpage 2008-11-05 14:53 --------- d-----w c:\program files\Usługi online 2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-15 17:00 332,800 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:40 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-12_13.19.01,18 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-12 18:22:48 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_598.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Nikola\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.1.0.lnk - c:\program files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe [2006-12-30 17408] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-10 675840] [HKLM\~\startupfolder\C:^Documents and Settings^cNx^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk] path=c:\documents and settings\cNx\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.1.0.lnk backup=c:\windows\pss\OpenOffice.ux.pl 2.1.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] --a------ 2007-05-04 01:32 961024 e:\program files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 16:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:44 1667584 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 09:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-06-19 09:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] --a------ 2008-08-16 16:01 264704 c:\program files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-11-08 12:52 1410296 d:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2004-05-14 06:41 831488 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "d:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "e:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 is-BGDA3drv;is-BGDA3drv;c:\windows\system32\DRIVERS\52785454.sys [2008-12-07 148496] R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.pl/ O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FireFox -: Profile - c:\documents and settings\cNx\Dane aplikacji\Mozilla\Firefox\Profiles\sha3vqod.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-12 19:35:23 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-12-12 19:36:03 ComboFix-quarantined-files.txt 2008-12-12 18:36:02 ComboFix2.txt 2008-12-12 12:19:38 Przed: 20 276 740 096 bajtów wolnych Po: 20,268,204,032 bajtów wolnych 208 --- E O F --- 2008-11-12 20:28:57

**Posty:** 18165 · przez **wojtas** 12 Gru 2008, 20:49

źle wykonany skan chyba oraz nie wykonales zadania z combofixem

**Posty:** 110 · przez **cnx1234** 12 Gru 2008, 20:50

czekaj
jak tego skana zrobic inaczej ?
co innego skopiowac ?

**Posty:** 18165 · przez **wojtas** 12 Gru 2008, 20:56

wejdz na strone . dajesz przegladaj szukasz pliku i dajesz otworz.. czekasz i potem opcje pokaz ostatni raport i go wklejasz

**Posty:** 110 · przez **cnx1234** 12 Gru 2008, 20:58

combofix

Kod: Zaznacz wszystko: ComboFix 08-12-11.06 - cNx 2008-12-12 19:54:40.8 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.228 [GMT 1:00] Uruchomiony z: c:\documents and settings\cNx\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\cNx\Pulpit\CFScript.txt.txt * Utworzono nowy punkt przywracania * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Recycled c:\recycled\desktop.ini c:\recycled\INFO2 . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-12 do 2008-12-12 ))))))))))))))))))))))))))))))) . 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d-------- c:\documents and settings\Administrator\Ulubione 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d--h----- c:\documents and settings\Administrator\Szablony 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d-------- c:\documents and settings\Administrator\Pulpit 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> dr------- c:\documents and settings\Administrator\Menu Start 2008-12-12 16:29 . 2008-11-05 15:46 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji 2008-12-12 16:29 . 2008-12-12 16:29 <DIR> d-------- c:\documents and settings\Administrator 2008-12-10 19:04 . 2008-12-10 19:04 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\ESET 2008-12-10 17:22 . 2008-12-10 17:22 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\ESET 2008-12-10 17:22 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2008-12-10 17:21 . 2008-12-10 17:21 <DIR> d-------- c:\program files\ESET 2008-12-10 17:21 . 2008-12-10 17:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET 2008-12-10 17:20 . 2008-12-12 17:19 342,048 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-10 17:20 . 2008-12-12 17:19 5,936 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-10 17:10 . 2008-12-10 17:10 <DIR> d-------- c:\program files\RALINK 2008-12-10 17:10 . 2007-07-28 16:10 483,968 --a------ c:\windows\system32\drivers\rt61.sys 2008-12-07 19:19 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\52785454.sys 2008-12-06 19:33 . 2008-12-06 19:33 <DIR> d-------- c:\program files\Kaspersky Lab 2008-12-06 19:32 . 2008-12-06 19:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-12-05 20:19 . 2008-12-05 20:19 <DIR> d-------- c:\program files\WMV9_VCM 2008-12-05 20:18 . 2008-12-05 20:18 <DIR> d-------- c:\program files\Avalon 2008-12-05 19:44 . 2008-12-05 19:45 <DIR> d-------- c:\windows\Logs 2008-12-05 19:44 . 2008-12-05 19:44 <DIR> d-------- c:\program files\directx9 2008-12-05 14:04 . 2008-12-05 14:04 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Media Player Classic 2008-12-04 15:34 . 2008-12-04 15:35 <DIR> d-------- c:\program files\Odkurzacz 2008-12-03 17:13 . 2008-12-03 17:13 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\OpenOffice.ux.pl2 2008-12-02 21:45 . 2008-12-02 21:45 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\vlc 2008-12-02 21:44 . 2008-12-02 21:44 <DIR> d-------- c:\program files\VideoLAN 2008-12-02 21:27 . 2008-12-02 21:27 23 --a------ c:\windows\system32\abcdf9_z.ocx 2008-12-02 21:08 . 2004-08-04 00:44 221,184 --a------ c:\windows\system32\wmpns.dll 2008-12-02 20:57 . 2008-12-02 20:57 <DIR> d-------- c:\program files\NAPI-PROJEKT 2008-12-02 20:53 . 2008-12-02 20:53 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\program files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\program files\Common Files\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\Skype 2008-12-02 20:50 . 2008-12-02 20:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype 2008-11-27 13:31 . 2008-11-27 13:31 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Winamp 2008-11-25 19:29 . 2008-11-25 19:29 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\OpenOffice.ux.pl2 2008-11-25 19:26 . 2008-11-25 19:26 <DIR> d-------- c:\program files\OpenOffice.ux.pl 2.1.0 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-11-23 10:02 . 2008-11-23 10:02 <DIR> d-------- c:\documents and settings\cNx\SystemRequirementsLab 2008-11-22 15:58 . 2008-11-27 19:23 502 --a------ C:\hpfr3420.xml 2008-11-22 15:56 . 2008-11-22 15:56 <DIR> d-------- c:\program files\hp deskjet 3420 series 2008-11-22 15:56 . 2002-11-03 21:02 184,386 --a------ c:\windows\system32\hpzsnt07.dll 2008-11-22 15:56 . 2008-11-22 15:56 704 --a------ c:\windows\hpinfo.lnk 2008-11-22 15:55 . 2008-11-22 15:55 <DIR> d-------- c:\program files\Hewlett-Packard 2008-11-18 17:48 . 2008-11-18 17:48 <DIR> d-------- c:\documents and settings\cNx\Dane aplikacji\InstallShield 2008-11-12 17:45 . 2008-12-04 16:00 69 --a------ c:\windows\NeroDigital.ini 2008-11-12 17:34 . 2008-11-12 17:34 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Gadu-Gadu 2008-11-12 17:25 . 2008-11-12 17:25 <DIR> d-------- c:\documents and settings\Nikola\Gadu-Gadu 2008-11-12 17:21 . 2008-11-12 17:21 <DIR> d-------- c:\documents and settings\Nikola\Dane aplikacji\Nero 2008-11-12 15:08 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 07:52 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 16:10 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-11-11 19:42 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Nero 2008-11-11 19:37 --------- d-----w c:\program files\Nero 2008-11-11 19:37 --------- d-----w c:\program files\Common Files\Nero 2008-11-11 19:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-07 18:19 --------- d-----w c:\program files\Realtek AC97 2008-11-06 06:55 --------- d-----w c:\program files\Sun 2008-11-06 06:52 --------- d-----w c:\program files\Java 2008-11-05 16:34 --------- d-----w c:\program files\AvRack 2008-11-05 16:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2008-11-05 16:24 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Gadu-Gadu 2008-11-05 15:42 --------- d-----w c:\program files\Winamp 2008-11-05 15:42 --------- d-----w c:\documents and settings\cNx\Dane aplikacji\Winamp 2008-11-05 15:35 --------- d-----w c:\program files\Opera 2008-11-05 15:32 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-05 15:32 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-05 14:56 558,142 ----a-w c:\windows\java\Packages\1NZHN93D.ZIP 2008-11-05 14:56 155,995 ----a-w c:\windows\java\Packages\UUJ17N73.ZIP 2008-11-05 14:56 --------- d-----w c:\program files\microsoft frontpage 2008-11-05 14:53 --------- d-----w c:\program files\Usługi online 2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-15 17:00 332,800 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:40 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-12_13.19.01,18 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-12 18:22:48 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_598.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Nikola\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.1.0.lnk - c:\program files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe [2006-12-30 17408] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-10 675840] [HKLM\~\startupfolder\C:^Documents and Settings^cNx^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk] path=c:\documents and settings\cNx\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.1.0.lnk backup=c:\windows\pss\OpenOffice.ux.pl 2.1.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] --a------ 2007-05-04 01:32 961024 e:\program files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 16:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:44 1667584 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 09:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-06-19 09:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] --a------ 2008-08-16 16:01 264704 c:\program files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-11-08 12:52 1410296 d:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2004-05-14 06:41 831488 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "d:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "e:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 is-BGDA3drv;is-BGDA3drv;c:\windows\system32\DRIVERS\52785454.sys [2008-12-07 148496] R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.pl/ O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\documents and settings\cNx\Dane aplikacji\Mozilla\Firefox\Profiles\sha3vqod.default\ FF - prefs.js: browser.startup.homepage - www.google.pl FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-12 19:56:21 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-12-12 19:56:58 ComboFix-quarantined-files.txt 2008-12-12 18:56:58 ComboFix3.txt 2008-12-12 12:19:38 ComboFix2.txt 2008-12-12 18:36:06 Przed: 20 226 719 744 bajtów wolnych Po: 20,214,906,880 bajtów wolnych 214 --- E O F --- 2008-11-12 20:28:57

Skany zara benda

Dodano Dzisiaj, 20:01:
nie ma tam nic jak opcje i ostatni raport

to jest

Kod: Zaznacz wszystko: Plik 39230840.sys otrzymany 2008.12.11 17:55:57 (CET) Obecny status: zakończono Wynik: 0/38 (0.00%) Zwięzły Drukuj wyniki Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.12.12.0 2008.12.11 - AntiVir 7.9.0.43 2008.12.11 - Authentium 5.1.0.4 2008.12.11 - Avast 4.8.1281.0 2008.12.10 - AVG 8.0.0.199 2008.12.11 - BitDefender 7.2 2008.12.11 - CAT-QuickHeal 10.00 2008.12.11 - ClamAV 0.94.1 2008.12.11 - Comodo 733 2008.12.11 - DrWeb 4.44.0.09170 2008.12.11 - eSafe 7.0.17.0 2008.12.11 - eTrust-Vet 31.6.6256 2008.12.11 - Ewido 4.0 2008.12.11 - F-Prot 4.4.4.56 2008.12.10 - F-Secure 8.0.14332.0 2008.12.11 - Fortinet 3.117.0.0 2008.12.11 - GData 19 2008.12.11 - Ikarus T3.1.1.45.0 2008.12.11 - K7AntiVirus 7.10.551 2008.12.11 - Kaspersky 7.0.0.125 2008.12.11 - McAfee 5460 2008.12.10 - McAfee+Artemis 5460 2008.12.10 - Microsoft 1.4205 2008.12.10 - NOD32 3683 2008.12.11 - Norman 5.80.02 2008.12.11 - Panda 9.0.0.4 2008.12.10 - PCTools 4.4.2.0 2008.12.11 - Prevx1 V2 2008.12.11 - Rising 21.07.32.00 2008.12.11 - SecureWeb-Gateway 6.7.6 2008.12.11 - Sophos 4.36.0 2008.12.11 - Sunbelt 3.2.1801.2 2008.12.11 - Symantec 10 2008.12.11 - TheHacker 6.3.1.2.183 2008.12.11 - TrendMicro 8.700.0.1004 2008.12.11 - VBA32 3.12.8.10 2008.12.11 - ViRobot 2008.12.11.1513 2008.12.11 - VirusBuster 4.5.11.0 2008.12.11 - Dodatkowe informacje File size: 148496 bytes MD5...: 0aa3ad071827118fcc8f37f7a6ab7aa1 SHA1..: 59784c49ffe530931010070c8843366f9d7fa6f0 SHA256: 3e893bcf9e3ec8fa44c8ef0cf7c2d269212651d65c16b30bd953cc3a54f3b2aa SHA512: b56442c4271033f9547727ac097fc903f0bd51c062f415726aeee3e6abde24e1 ec127cb548086d5429ff4dc4e78c322b2594bb4f29f817338299f6c9c23bbc25 ssdeep: 3072:xoZsjyhxlNCet3MATPO1jUFLVFnRkPjcow9gT7wNwSk7Fa/4NJ:xnjyhx8A d6jcpgTsW/KqJ PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x33010 timedatestamp.....: 0x4873470a (Tue Jul 08 10:52:58 2008) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1a848 0x1aa00 6.38 ca8bbffb8c1aac75560de3ffede16f38 NONPAGED 0x1c000 0x25 0x200 0.30 76fbfaa1c4997eccce3ca016c3b1345b .rdata 0x1d000 0x850 0xa00 4.25 6ffc26ac817e2ae1a1cf5ce42adc9f0b .data 0x1e000 0x1b00 0x600 6.42 2680643c152bf562cae4ab5d1ed2070c PAGE 0x20000 0x2cdc 0x2e00 6.28 7516763c152ec5b6c5df87c555fadbb5 INIT 0x23000 0x1b88 0x1c00 5.96 4459dca4b85a564cb98f26cfbff36fbe .rsrc 0x25000 0x400 0x400 3.36 09f200edb8e02e6fa4ab2f6bc27ad921 .reloc 0x26000 0x1b6e 0x1c00 6.47 5d73a4e2a3be56c2448dbd9511deefa3 ( 3 imports ) > ntoskrnl.exe: IoAllocateWorkItem, RtlDeleteElementGenericTableAvl, RtlGetElementGenericTableAvl, FsRtlIsNameInExpression, RtlInsertElementGenericTableAvl, InitSafeBootMode, InterlockedPopEntrySList, InterlockedPushEntrySList, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList, SeTokenType, SeCreateClientSecurity, SeImpersonateClientEx, IoVerifyVolume, IoDeviceObjectType, IoBuildSynchronousFsdRequest, IoDeleteDevice, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, MmIsAddressValid, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, IoRegisterShutdownNotification, IoCreateSymbolicLink, IoCreateDevice, RtlAppendUnicodeToString, KeDelayExecutionThread, KeQuerySystemTime, strncmp, IoGetCurrentProcess, ExGetPreviousMode, SeReleaseSubjectContext, IoQueueWorkItem, SeCaptureSubjectContext, PsDereferenceImpersonationToken, RtlCopySid, RtlLengthSid, SeQueryInformationToken, PsReferencePrimaryToken, PsReferenceImpersonationToken, PsIsThreadTerminating, IoThreadToProcess, RtlInitializeGenericTableAvl, READ_REGISTER_UCHAR, ProbeForRead, RtlLookupElementGenericTableAvl, ObQueryNameString, CmUnRegisterCallback, MmUserProbeAddress, CmRegisterCallback, ZwEnumerateValueKey, ZwDeleteValueKey, ZwQueryKey, wcsrchr, NtBuildNumber, KeClearEvent, ExInitializePagedLookasideList, ExDeletePagedLookasideList, PsLookupProcessByProcessId, RtlCopyUnicodeString, RtlNumberGenericTableElementsAvl, RtlEnumerateGenericTableAvl, PsSetLoadImageNotifyRoutine, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, PsRemoveCreateThreadNotifyRoutine, PsRemoveLoadImageNotifyRoutine, IoFreeWorkItem, IofCompleteRequest, IoWMIRegistrationControl, MmGetSystemRoutineAddress, RtlCompareMemory, IoWMIWriteEvent, ZwQueryInformationProcess, KeStackAttachProcess, _wcsicmp, KeUnstackDetachProcess, ZwOpenKey, ZwEnumerateKey, RtlUnicodeStringToInteger, ZwQueryValueKey, ZwCreateKey, RtlIntegerToUnicodeString, ZwSetValueKey, RtlAppendUnicodeStringToString, ZwDeleteKey, DbgBreakPoint, ZwCreateFile, IoGetRelatedDeviceObject, _vsnwprintf, KeQueryInterruptTime, strncpy, RtlInitUnicodeString, RtlCompareUnicodeString, IoFileObjectType, ObReferenceObjectByPointer, _allmul, KeWaitForMultipleObjects, KeSetEvent, ExDeleteResourceLite, ExInitializeResourceLite, memcpy, _except_handler3, ZwOpenProcess, ZwTerminateProcess, PsCreateSystemThread, ObReferenceObjectByHandle, ZwClose, PsTerminateSystemThread, ObfDereferenceObject, KeGetCurrentThread, PsGetCurrentProcessId, PsGetCurrentThreadId, RtlUpcaseUnicodeChar, RtlUpperChar, memset, ExAllocatePoolWithTag, KeInitializeEvent, IoBuildDeviceIoControlRequest, IofCallDriver, KeWaitForSingleObject, SeQueryAuthenticationIdToken, ExFreePoolWithTag > HAL.dll: KfReleaseSpinLock, KeGetCurrentIrql, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock > FLTMGR.SYS: FltQueryInformationFile, FltGetRoutineAddress, FltIsDirectory, FltGetFileNameInformation, FltParseFileNameInformation, FltAllocateCallbackData, FltPerformSynchronousIo, FltFreeCallbackData, FltReferenceFileNameInformation, FltReleaseFileNameInformation, FltGetStreamHandleContext, FltGetStreamContext, FltEnumerateVolumeInformation, FltRegisterFilter, FltStartFiltering, FltSetCallbackDataDirty, FltGetDestinationFileNameInformation, FltSetStreamHandleContext, FltCancelFileOpen, FltSetStreamContext, FltReleaseContext, FltGetVolumeProperties, FltAllocateContext, FltQueryVolumeInformation, FltGetVolumeName, FltSetInstanceContext, FltSetVolumeContext, FltUnregisterFilter, FltFsControlFile, FltGetVolumeFromFileObject, FltGetVolumeContext, FltGetInstanceContext, FltCreateFile, FltClose, FltFlushBuffers, FltSetInformationFile, FltWriteFile, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltObjectReference, FltAllocatePoolAlignedWithTag, FltReadFile, FltFreePoolAlignedWithTag, FltObjectDereference, FltSendMessage, FltCloseClientPort, FltCloseCommunicationPort, FltReleaseResource, FltAcquireResourceShared, FltAcquireResourceExclusive, FltGetFileNameInformationUnsafe ( 0 exports ) UWAGA: VirusTotal jest darmową usługą utrzymywaną przez Hispasec Sistemas. Nie ma żadnych gwarancji co do dostępności lub ciągłości tej usługi. Pomimo, że wykrywalność złośliwego oprogramowania w przypadku kilku skanerów antywirusowych jest o wiele większa, niż tylko jednego, raporty nie mogą być 100% miernikiem szkodliwości lub nieszkodliwości danego pliku. Obecnie nie istnieje rozwiązanie gwarantujące 100% wykrywalność złośliwego oprogramowania.

**Posty:** 18165 · przez **wojtas** 13 Gru 2008, 16:52

nic w logu nie widać ...

**Posty:** 110 · przez **cnx1234** 13 Gru 2008, 17:52

co mam zobic ? a dalej ten komunikat wymienic dysk ?

**Posty:** 18165 · przez **wojtas** 13 Gru 2008, 18:38

pokaż screena z komunikatu... i daj loga z rsita ( opis tam gdzie combofix)

**Posty:** 110 · przez **cnx1234** 14 Gru 2008, 12:00

jak mam dac screena jak to jest przy starcie w biosie na czarnym tle jest po tym jak pisze o temp kompie i wlasnie tera ten komunikat a pozniej start windowsa

log 1

Kod: Zaznacz wszystko: info.txt logfile of random's system information tool 1.04 2008-12-14 10:59:10 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19 ESET Smart Security-->MsiExec.exe /I{A1350B64-1AF8-497B-AC07-307DF67FB8D4} FlatOut2-->C:\Program Files\InstallShield Installation Information\{4EB106F5-110F-4E96-BCBA-1687AE57A04E}\setup.exe -runfromtemp -l0x0015 -removeonly Gadu-Gadu 7.7-->E:\Program Files\Gadu-Gadu\Setup.exe HijackThis 2.0.2-->"C:\Documents and Settings\cNx\Pulpit\HijackThis.exe" /uninstall hp deskjet 3420 series (Remove only)-->C:\Program Files\hp deskjet 3420 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3420 -huninstall Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero 8 Ultra Edition HD-->MsiExec.exe /X{6D45EF03-E8EE-4355-81C3-F918CBCF1033} Nero 8 Ultra Edition HD-->MsiExec.exe /X{6D45EF03-E8EE-4355-81C3-F918CBCF1045} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)-->"C:\Program Files\ESET\ESET Smart Security\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI NVIDIA Windows 2000/XP nForce Drivers-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush Odkurzacz 11.3-->"C:\Program Files\Odkurzacz\unins000.exe" OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} OpenOffice.ux.pl 2.1.0-->MsiExec.exe /I{D9B32743-2040-43FD-8669-6F4AADC68C2E} Opera 9.52-->MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7} Ralink Wireless LAN-->C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe -runfromtemp -l0x0009 -removeonly Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x15 -removeonly SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe Vodafone 804SS USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll ZhyperMU Season 4-->C:\Program Files\InstallShield Installation Information\{EFC268F6-B031-4914-A705-4A68CC27953A}\setup.exe -runfromtemp -l0x0015 -removeonly ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------

Log 2

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.04 (written by random/random) Run by cNx at 2008-12-14 10:59:02 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 19 GB (78%) free of 25 GB Total RAM: 511 MB (46% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:07, on 2008-12-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe E:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\cNx\Pulpit\RSIT.exe C:\Documents and Settings\cNx\Pulpit\cNx.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 4151 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-05-14 3784704] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-03 188416] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-05-14 81920] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"=E:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] E:\Program Files\Ares\Ares.exe [2007-05-04 961024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe [2008-08-16 264704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] D:\Program Files\Steam\Steam.exe [2008-11-08 1410296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cNx^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk] C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2006-12-30 17408] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Polish\setup.exe"="C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Polish\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup" "D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter" "E:\Program Files\Ares\Ares.exe"="E:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2008-12-14 10:59:02 ----D---- C:\rsit 2008-12-12 19:57:00 ----SHD---- C:\Recycled 2008-12-12 19:57:00 ----A---- C:\ComboFix.txt 2008-12-12 13:15:57 ----A---- C:\WINDOWS\zip.exe 2008-12-12 13:15:57 ----A---- C:\WINDOWS\VFIND.exe 2008-12-12 13:15:57 ----A---- C:\WINDOWS\SWREG.exe 2008-12-12 13:15:57 ----A---- C:\WINDOWS\sed.exe 2008-12-12 13:15:57 ----A---- C:\WINDOWS\NIRCMD.exe 2008-12-12 13:15:57 ----A---- C:\WINDOWS\grep.exe 2008-12-12 13:15:57 ----A---- C:\WINDOWS\fdsv.exe 2008-12-12 13:15:56 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-12-12 13:15:56 ----A---- C:\WINDOWS\SWSC.exe 2008-12-12 13:15:45 ----D---- C:\Qoobox 2008-12-10 17:22:34 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\ESET 2008-12-10 17:21:33 ----D---- C:\Program Files\ESET 2008-12-10 17:21:33 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-12-10 17:10:05 ----D---- C:\Program Files\RALINK 2008-12-07 18:06:27 ----RASHD---- C:\autorun.inf 2008-12-06 19:33:15 ----D---- C:\Program Files\Kaspersky Lab 2008-12-06 19:32:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-12-05 20:19:19 ----D---- C:\Program Files\WMV9_VCM 2008-12-05 20:18:51 ----D---- C:\Program Files\Avalon 2008-12-05 19:45:31 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2008-12-05 19:45:31 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2008-12-05 19:45:31 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2008-12-05 19:45:30 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2008-12-05 19:45:29 ----A---- C:\WINDOWS\system32\XAudio2_1.dll 2008-12-05 19:45:29 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll 2008-12-05 19:45:29 ----A---- C:\WINDOWS\system32\xactengine3_1.dll 2008-12-05 19:45:29 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll 2008-12-05 19:45:29 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2008-12-05 19:45:29 ----A---- C:\WINDOWS\system32\d3dx10_38.dll 2008-12-05 19:45:29 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll 2008-12-05 19:45:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2008-12-05 19:45:28 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2008-12-05 19:45:28 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2008-12-05 19:45:28 ----A---- C:\WINDOWS\system32\D3DX9_38.dll 2008-12-05 19:45:28 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2008-12-05 19:45:28 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2008-12-05 19:45:28 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2008-12-05 19:45:27 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2008-12-05 19:45:27 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2008-12-05 19:45:27 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2008-12-05 19:45:27 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2008-12-05 19:45:27 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2008-12-05 19:45:26 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2008-12-05 19:45:26 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2008-12-05 19:45:26 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2008-12-05 19:45:26 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2008-12-05 19:45:26 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2008-12-05 19:45:26 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2008-12-05 19:45:26 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2008-12-05 19:45:26 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2008-12-05 19:45:24 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2008-12-05 19:45:23 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2008-12-05 19:45:22 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2008-12-05 19:45:22 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2008-12-05 19:45:19 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2008-12-05 19:45:19 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2008-12-05 19:45:19 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2008-12-05 19:45:18 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2008-12-05 19:45:18 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2008-12-05 19:45:18 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2008-12-05 19:45:18 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2008-12-05 19:45:18 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2008-12-05 19:45:18 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2008-12-05 19:45:18 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2008-12-05 19:45:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2008-12-05 19:45:17 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2008-12-05 19:45:13 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2008-12-05 19:45:13 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2008-12-05 19:45:12 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2008-12-05 19:45:11 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2008-12-05 19:45:11 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2008-12-05 19:45:11 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2008-12-05 19:45:10 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2008-12-05 19:45:10 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2008-12-05 19:44:58 ----D---- C:\WINDOWS\Logs 2008-12-05 19:44:34 ----D---- C:\Program Files\directx9 2008-12-05 14:10:41 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\Macromedia 2008-12-05 14:10:41 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\Adobe 2008-12-05 14:04:45 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\Media Player Classic 2008-12-04 15:34:58 ----D---- C:\Program Files\Odkurzacz 2008-12-04 14:03:03 ----A---- C:\WINDOWS\system32\javaws.exe 2008-12-04 14:03:03 ----A---- C:\WINDOWS\system32\javaw.exe 2008-12-04 14:03:03 ----A---- C:\WINDOWS\system32\java.exe 2008-12-02 21:45:00 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\vlc 2008-12-02 21:44:37 ----D---- C:\Program Files\VideoLAN 2008-12-02 21:08:05 ----A---- C:\WINDOWS\system32\wmpns.dll 2008-12-02 20:57:11 ----D---- C:\Program Files\NAPI-PROJEKT 2008-12-02 20:50:57 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\Skype 2008-12-02 20:50:26 ----D---- C:\Program Files\Skype 2008-12-02 20:50:26 ----D---- C:\Program Files\Common Files\Skype 2008-12-02 20:50:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-11-29 22:21:48 ----RSD---- C:\WINDOWS\assembly 2008-11-29 22:21:24 ----D---- C:\WINDOWS\Microsoft.NET 2008-11-27 14:15:25 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\Help 2008-11-25 19:29:07 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\OpenOffice.ux.pl2 2008-11-25 19:26:49 ----D---- C:\Program Files\OpenOffice.ux.pl 2.1.0 2008-11-23 10:02:51 ----D---- C:\Program Files\SystemRequirementsLab 2008-11-22 15:56:33 ----D---- C:\Program Files\hp deskjet 3420 series 2008-11-22 15:56:17 ----A---- C:\WINDOWS\system32\hpzsnt07.dll 2008-11-22 15:55:36 ----D---- C:\Program Files\Hewlett-Packard 2008-11-18 17:48:43 ----D---- C:\Documents and Settings\cNx\Dane aplikacji\InstallShield ======List of files/folders modified in the last 1 months====== 2008-12-14 10:47:36 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-12 19:56:24 ----A---- C:\WINDOWS\system.ini 2008-12-12 16:30:56 ----RASH---- C:\boot.ini 2008-12-12 16:30:56 ----A---- C:\WINDOWS\win.ini 2008-12-10 17:11:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-04 16:00:58 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-15 11:33:04 ----A---- C:\WINDOWS\system32\MsiExec.exe.log ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 41472] R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768] R1 is-BGDA3drv;is-BGDA3drv; C:\WINDOWS\system32\DRIVERS\52785454.sys [2008-07-08 148496] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-10 21419] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728] R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-05-14 2205760] R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT61.sys [2007-07-28 483968] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-10-04 391552] S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys [] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-05-14 114755] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200] -----------------EOF-----------------

**Posty:** 18165 · przez **wojtas** 14 Gru 2008, 12:57

nie masz podlączonego pendriva lub coś ? bo caly czas infekcja wraca: jak tak to go sformatuj

Pobierz i uruchom narzędzie
The Avenger
w bialym polu wklej tekst:

Files to delete:

C:\autorun.inf
D:\autorun.inf
E:\autorun.inf

Folders to delete:

C:\Recycled
D:\Recycled
E:\Recycled

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt oraz nowy log z rsita

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Re: wolny net

Wolny net

Re: wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Wolny net

Kto jest na forum