Skocz do zawartości


Zdjęcie

[wirus] Prośba o analizę logów, net zamula


  • Zamknięty Temat jest zamknięty
3 odpowiedzi w tym temacie

#1 FlawiuszFlawiusz

FlawiuszFlawiusz

    Początkujący

  • 20 postów

Napisano 04 01 2009 - 19:17

Witam!

Po włączeniu komputera pojawia się okno: "System Windows nie może odnaleźć pliku "C:\Program"(...)".
Net (po sieciówce) niemiłosiernie zamula - czasem w FF uda się wczytać prostą stronę w kilkadziesiąt sekund, później całkowicie przestaje wczytywać cokolwiek. Natomiast IE od samego początku wyświetla "Nie można wyświetlić strony". Z kolei pingi przez cały czas utrzymują się na poziomie 10-20ms.

Internet działa jednak bezproblemowo w trybie awaryjnym z obsługą sieci.

Instalacja windowsa (sp2) jest nowa - ma jeden dzień(naprawa bez formata), uruchamiałem CureIt DrWeb w awaryjnym, usunął parę wpisów. Skanowałem też SDFixem, HJT i ComboFixem.
Czasem blokuje się Menadżer zadań i regedit - potrafię je odblokować, jednak problem znów się pojawia po pewnym czasie.
Skanowanie NOD32 nie przyniosło rezultatu.

Załączam logi:

CODE-BOX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:01, on 09-01-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
G:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
E:\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programy\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Eset\nod32kui.exe
E:\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\SYSTMEM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Windows XP.WINDOWS-8AR1JFC.000\Pulpit\cureit.exe
C:\DOCUME~1\WINDOW~1.000\USTAWI~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\WINDOW~1.000\USTAWI~1\Temp\RarSFX0\setup.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
G:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe %PROGRAMFILES%\SYSTMEM.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMY\FLASHGET\jccatch.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programy\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SYSTMEM.EXE] C:\Program Files\\SYSTMEM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Windows Video Drivers] C:\RECYCLER\S-1-5-21-2178161229-6821830562-127054709-6509\winlogon.exe
O4 - HKUS\S-1-5-19.bak\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19.bak\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-21-746137067-1500820517-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Michał')
O4 - HKUS\S-1-5-21-746137067-1500820517-725345543-1006\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe -p (User 'Michał')
O4 - HKUS\S-1-5-21-746137067-1500820517-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-21-746137067-1500820517-725345543-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMY\FLASHGET\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMY\FLASHGET\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116864843139
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90ACEB8-6A9C-4E3C-88DA-096290AA42E5}: NameServer = 192.168.0.1
O23 - Service: BlueSoleil Hid Service - Unknown owner - G:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7891 bytes

CODE-BOX
ComboFix 09-01-02.01 - Windows XP 2009-01-04 17:36:33.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1791.1366 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA Dołączona grafika
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dane aplikacji\nsv
c:\documents and settings\All Users\Dane aplikacji\nsv\keys.dat
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv0104.dbd
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv0106.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv0204.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv0315.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv0412.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv0504.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv0904.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv1125.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv1204.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv1215.dbd
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv1909.ddx
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv1920.dbd
c:\documents and settings\All Users\Dane aplikacji\nsv\wmv2007.dbd
c:\documents and settings\All Users\Dane aplikacji\picsvr
c:\documents and settings\All Users\Dane aplikacji\picsvr\picsvr.inf
c:\documents and settings\All Users\Dane aplikacji\picsvr\picsvrsh.inf
C:\lswmv.ini
c:\program files\Common Files\uninstall information
c:\windows\system32\nsvsvc
c:\windows\system32\nsvsvc\License.txt
c:\windows\system32\open.ico
c:\windows\system32\picsvr

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCPROC


((((((((((((((((((((((((( Pliki utworzone od 2008-12-04 do 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 17:33 . 2009-01-04 17:33 34,861 --a------ C:\k6k1a8e6g1r5.exe
2009-01-04 16:56 . 2009-01-04 16:56 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-04 16:55 . 2009-01-04 16:55 <DIR> d-------- c:\windows\ERUNT
2009-01-04 16:53 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-04 16:46 . 2009-01-04 16:46 <DIR> d-------- C:\thread-1395_pliki
2009-01-04 16:46 . 2009-01-04 16:46 36,055 --a------ C:\thread-1395.html
2009-01-04 02:07 . 2009-01-04 02:07 <DIR> d-------- c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\DoctorWeb
2009-01-04 01:25 . 2006-03-17 01:38 28,672 --------- c:\windows\system32\verclsid.exe
2009-01-04 01:23 . 2001-10-26 20:29 11,264 --a------ c:\windows\system32\atrace.dll
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-04 01:23 . 2009-01-04 01:23 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-04 01:17 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2009-01-04 01:11 . 2001-10-26 20:29 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-01-04 01:11 . 2001-10-26 20:29 13,312 --a------ c:\windows\system32\irclass.dll
2009-01-03 19:01 . 2009-01-03 19:01 <DIR> d-------- c:\documents and settings\LocalService.ZARZĄDZANIE NT\Menu Start
2009-01-03 19:01 . 2009-01-03 19:01 <DIR> d-------- c:\documents and settings\LocalService.ZARZĄDZANIE NT\Menu Start
2009-01-03 18:59 . 2009-01-03 18:59 <DIR> d-------- c:\documents and settings\NetworkService\Menu Start
2009-01-03 17:35 . 2004-08-04 00:43 1,888,992 --------- c:\windows\system32\ati3duag.dll
2009-01-03 17:35 . 2004-08-04 00:43 870,784 --------- c:\windows\system32\ati3d1ag.dll
2009-01-03 17:35 . 2004-08-04 00:43 516,768 --------- c:\windows\system32\ativvaxx.dll
2009-01-03 17:35 . 2004-08-04 00:43 377,984 --------- c:\windows\system32\ati2dvaa.dll
2009-01-03 17:35 . 2004-08-04 00:43 229,376 --------- c:\windows\system32\ati2cqag.dll
2009-01-03 17:35 . 2004-08-04 00:43 201,728 --------- c:\windows\system32\ati2dvag.dll
2009-01-03 17:35 . 2004-08-04 00:44 163,328 --------- c:\windows\system32\wuaucpl.cpl
2009-01-03 17:35 . 2009-01-03 17:35 89,600 --a------ C:\k1a8e6g1r5.exe
2009-01-03 17:35 . 2004-08-04 00:43 32,768 --------- c:\windows\system32\ativtmxx.dll
2009-01-03 17:35 . 2004-08-04 00:44 23,040 --------- c:\windows\system32\ativmvxx.ax
2009-01-03 17:35 . 2004-08-04 00:44 9,728 --------- c:\windows\system32\ativdaxx.ax
2009-01-03 17:33 . 2009-01-03 17:33 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-03 17:27 . 2004-07-17 11:40 19,528 --a------ c:\windows\002600_.tmp
2009-01-03 00:47 . 2009-01-03 00:47 <DIR> d-------- C:\DYSK_D
2009-01-02 19:56 . 2005-06-03 15:09 454,656 --a------ c:\windows\system32\CapabilityTable.exe
2009-01-02 19:56 . 2005-05-17 10:45 300,032 -ra------ c:\windows\system32\idecoi.dll
2009-01-02 19:56 . 2005-05-17 10:45 92,800 -ra------ c:\windows\system32\drivers\nvata.sys
2009-01-02 19:55 . 2005-04-05 20:19 201,728 -ra------ c:\windows\system32\fdco1ins.dll
2009-01-02 19:55 . 2005-04-05 20:19 201,728 -ra------ c:\windows\system32\fdco1.dll
2009-01-02 19:55 . 2005-04-05 20:22 33,536 -ra------ c:\windows\system32\drivers\NVENETFD.sys
2009-01-02 19:54 . 2005-04-05 20:22 261,888 -ra------ c:\windows\system32\drivers\nvnrm.sys
2009-01-02 19:54 . 2005-04-05 20:22 208,256 -ra------ c:\windows\system32\drivers\nvsnpu.sys
2009-01-02 19:54 . 2005-05-13 03:52 176,128 -ra------ c:\windows\system32\nvusmb.exe
2009-01-02 19:54 . 2005-06-03 15:07 176,128 --a------ c:\windows\system32\nvunrm.exe
2009-01-02 19:54 . 2005-04-04 12:00 32,256 -ra------ c:\windows\system32\nvconrm.dll
2009-01-02 19:54 . 2005-04-05 20:22 12,928 -ra------ c:\windows\system32\drivers\nvnetbus.sys
2009-01-02 19:54 . 2005-04-05 20:19 9,728 -ra------ c:\windows\system32\bdco1ins.dll
2009-01-02 19:54 . 2005-04-05 20:19 9,728 -ra------ c:\windows\system32\bdco1.dll
2009-01-02 19:54 . 2005-02-08 07:26 3,596 --a------ c:\windows\system32\nvnrm.nvu
2009-01-02 19:54 . 2005-02-08 07:26 1,231 -ra------ c:\windows\system32\nvsmb.nvu
2009-01-02 19:53 . 2004-11-13 04:35 810,054 -ra------ c:\windows\system32\A8N-SLI.bmp
2009-01-02 19:53 . 2004-08-13 03:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys
2009-01-02 19:53 . 2004-11-13 05:01 269 -ra------ c:\windows\system32\raidmgmt.ini
2009-01-02 18:34 . 2004-01-30 14:19 286,720 -ra------ c:\windows\system32\sai0109.dll
2009-01-02 18:34 . 2004-01-30 14:19 19,456 -ra------ c:\windows\system32\drivers\SaiU0109.sys
2009-01-02 18:33 . 2004-01-30 14:19 55,936 -ra------ c:\windows\system32\drivers\SaiH0109.sys
2009-01-02 18:25 . 1996-11-05 16:13 299,008 --a------ c:\windows\uninst.exe
2009-01-02 17:30 . 2009-01-02 17:30 664,064 --a------ c:\windows\system32\vsl.exe
2009-01-02 17:30 . 2009-01-02 17:30 664,064 --a------ c:\windows\system32\atu.exe
2009-01-02 17:30 . 2009-01-02 17:30 664,064 --------- c:\program files\SYSTMEM.EXE
2009-01-02 17:30 . 2009-01-02 17:35 89,600 --a------ C:\t9m2t3u6v3s9.exe
2008-12-31 18:08 . 2008-12-31 18:08 <DIR> d-------- c:\windows\system32\Lang
2008-12-31 18:08 . 2008-12-31 18:08 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-12-31 18:08 . 2008-12-31 18:08 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-12-31 18:08 . 2008-12-31 18:08 60,416 --a------ c:\windows\ALCFDRTM.VER
2008-12-31 18:08 . 2008-12-31 18:08 60,416 --a------ c:\windows\ALCFDRTM.EXE
2008-12-26 19:54 . 2008-12-26 19:54 <DIR> d-------- c:\windows\nview
2008-12-26 19:54 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-26 19:54 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-12-26 19:54 . 2009-01-04 17:41 195,368 --a------ c:\windows\system32\nvapps.xml
2008-12-26 19:54 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-12-26 19:48 . 2008-12-26 19:48 <DIR> d-------- c:\program files\Realtek Sound Manager
2008-12-26 19:48 . 2008-12-26 19:48 <DIR> d-------- c:\program files\AvRack
2008-12-26 19:48 . 2005-06-21 10:09 18,751,488 -ra------ c:\windows\system32\ALSNDMGR.CPL
2008-12-26 19:48 . 2005-06-20 21:39 9,410,048 -ra------ c:\windows\system32\RTLCPL.EXE
2008-12-26 19:48 . 2005-06-20 22:08 2,324,480 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS
2008-12-26 19:48 . 2004-09-07 14:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll
2008-12-26 19:48 . 2002-02-05 13:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV
2008-12-26 19:48 . 2005-06-20 21:42 77,824 -ra------ c:\windows\SOUNDMAN.EXE
2008-12-26 19:48 . 2001-07-06 00:19 164 -r------- c:\windows\avrack.ini
2008-12-26 19:47 . 2008-12-26 19:47 <DIR> d-------- c:\program files\Realtek AC97
2008-12-26 19:47 . 2005-06-02 16:31 294,912 -r------- c:\windows\alcupd.exe
2008-12-26 19:47 . 2005-06-02 16:43 200,704 -r------- c:\windows\alcrmv.exe
2008-12-26 19:47 . 2005-05-18 13:38 40,960 -r------- c:\windows\system32\ChCfg.exe
2008-12-26 19:39 . 2008-12-26 19:39 <DIR> d-------- c:\program files\Marvell
2008-12-26 02:16 . 2008-12-26 02:16 <DIR> d--h----- c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\Szablony
2008-12-25 23:52 . 2004-08-04 00:44 382,464 --a------ c:\windows\system32\qmgr.dll
2008-12-25 23:52 . 2004-08-04 00:44 45,568 --a------ c:\windows\system32\safrslv.dll
2008-12-25 23:52 . 2004-08-04 00:44 43,520 --a------ c:\windows\system32\safrcdlg.dll
2008-12-25 23:52 . 2004-08-04 00:44 43,520 --a------ c:\windows\system32\racpldlg.dll
2008-12-25 23:52 . 2004-08-04 00:44 29,696 --a------ c:\windows\system32\safrdm.dll
2008-12-25 23:52 . 2004-08-04 00:44 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2008-12-25 23:50 . 2004-08-04 00:43 1,251,840 --a------ c:\windows\system32\comsvcs.dll
2008-12-25 23:49 . 2004-08-04 00:43 187,904 --a------ c:\windows\system32\cmprops.dll
2008-12-25 23:49 . 2004-08-04 00:44 58,880 --a------ c:\windows\system32\licwmi.dll
2008-12-25 23:49 . 2004-08-04 00:44 17,920 --a------ c:\windows\system32\mmfutil.dll
2008-12-25 23:47 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2008-12-25 23:47 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2008-12-25 23:43 . 2001-08-17 22:00 2,944 --a------ c:\windows\system32\drivers\msmpu401.sys
2008-12-25 23:42 . 2004-08-03 23:01 196,864 --a------ c:\windows\system32\drivers\rdpdr.sys
2008-12-25 23:42 . 2004-08-04 00:35 58,624 --a------ c:\windows\system32\drivers\redbook.sys
2008-12-25 23:42 . 2004-08-04 00:44 40,840 --a------ c:\windows\system32\drivers\termdd.sys
2008-12-25 23:35 . 2001-10-27 12:35 1,085,938 -ra------ c:\windows\SET40.tmp
2008-12-25 23:35 . 2004-08-04 01:44 146,432 --a------ c:\windows\system\WINSPOOL.DRV
2008-12-25 23:35 . 2004-08-04 00:44 75,776 --a------ c:\windows\system32\storprop.dll
2008-12-25 23:35 . 2001-10-27 12:34 13,923 -ra------ c:\windows\SET4C.tmp
2008-12-25 23:35 . 2004-08-04 00:00 11,264 --a------ c:\windows\system32\drivers\irenum.sys
2008-12-25 23:33 . 2009-01-03 19:01 1,036,319 --a------ c:\windows\setupapi.log.1.old
2008-12-04 14:47 . 2008-12-04 14:47 <DIR> d--hs---- C:\FOUND.033

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-12-29 20:42 11 ----a-w c:\program files\bataty.bat
2006-12-14 19:15 1,308 ----a-w c:\program files\shutdown.lnk
2006-12-14 19:06 1,326 ----a-w c:\program files\szut.lnk
2007-08-24 19:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-08-24 19:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-24 19:19 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-08-24 19:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-24 19:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2005-08-28 13:11 5,642 --sha-w c:\windows\system32\KGyGaAvL.sys
2005-08-28 12:23 56 --sh--r c:\windows\system32\A7E8D0570F.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Windows Video Drivers"="c:\recycler\S-1-5-21-2178161229-6821830562-127054709-6509\winlogon.exe" [2009-01-02 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\programy\D-Tools\daemon.exe" [2004-08-22 81920]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 473928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-26 180269]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-05-18 949376]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="e:\nero\Nero 7\InCD\InCD.exe" [2006-11-10 1051648]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-10-07 13574144]
"SYSTMEM.EXE"="c:\program files\\SYSTMEM.EXE" [2009-01-02 664064]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-10-07 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe %PROGRAMFILES%\SYSTMEM.EXE"
"SFCDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
backup=c:\windows\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Service

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
--a------ 2004-02-13 08:34 57344 c:\program files\Lexmark 2200 Series\lxbvbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-07-29 15:23 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-08-26 13:33 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2 (0x2)
"iPodService"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-03-21 270336]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-05-18 15424]
R3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2009-01-02 55936]
R3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2009-01-02 19456]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 jatmlano;jatmlano; [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-07-29 33792]
S3 Ndtmlasvr;Ndtmlasvr; [x]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2007-08-17 178913]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\Autorun.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE []

2009-01-03 c:\windows\Tasks\shutdown_test.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:44]

2007-01-13 c:\windows\Tasks\sf.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:44]

2009-01-03 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:44]

2009-01-03 c:\windows\Tasks\shutdown.job
- c:\windows\system32 [2005-05-04 18:57]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-RestartNeroSetup - i:\installation\Setupx.exe
Notify-AtiExtEvent - (no file)
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-CloneCDElbyCDFL - g:\programy\CloneCD\ElbyCheck.exe
MSConfigStartUp-CloneCDTray - g:\programy\CloneCD\CloneCDTray.exe
MSConfigStartUp-FineReader7NewsReaderPro - g:\programy\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
MSConfigStartUp-InCD - c:\programy\InCD\InCD.exe
MSConfigStartUp-intell32 - c:\windows\System32\intell32.exe
MSConfigStartUp-iTunesHelper - e:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Smapp - c:\program files\Analog Devices\SoundMAX\SMTray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_05\bin\jusched.exe


.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - f:\programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {A90ACEB8-6A9C-4E3C-88DA-096290AA42E5} = 192.168.0.1

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7}
hxxp://skaner.mks.com.pl/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
FF - ProfilePath - c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\Dane aplikacji\Mozilla\Firefox\Profiles\bz5ggift.default\
FF - plugin: c:\programy\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 17:40:52
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1356)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
g:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
e:\nero\Nero 7\InCD\InCDsrv.exe
c:\programy\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
c:\windows\SYSTEM32\LIBUSBD-NT.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\ESET\NOD32KRN.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\programy\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
c:\programy\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 2200 Series\lxbvbmon.exe
c:\program files\SYSTMEM.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-04 17:42:31 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-01-04 16:42:30

Przed: 8 006 492 160 bajtów wolnych
Po: 7,935,078,400 bajtów wolnych

332

CODE-BOX

SDFix: Version 1.240
Run by Windows XP on 09-01-04 at 16:57

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\i - Deleted



Folder C:\WINDOWS\system32\services - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 17:21:28
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="G:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"E:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="E:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"G:\\Skype\\Phone\\Skype.exe"="G:\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 2 Jan 2009 664,064 ..SHR --- "C:\Program Files\SYSTMEM.EXE"
Fri 2 Jan 2009 89,600 ..SHR --- "C:\RECYCLER\S-1-5-21-2178161229-6821830562-127054709-6509\winlogon.exe"
Wed 14 Apr 2004 608,256 A..HR --- "C:\WINDOWS\system32\PolengAddins.dll"
Sun 28 Aug 2005 5,642 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 28 Aug 2005 56 ..SHR --- "C:\WINDOWS\system32\A7E8D0570F.sys"
Thu 12 May 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 28 Aug 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Sun 28 Aug 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sun 25 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun 28 Aug 2005 71,168 A.SHR --- "C:\DYSK_D\Programy\PPLive\Setup.exe"

Finished!


Z góry dzięki za pomoc.

  • 0

#2 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 04 01 2009 - 21:02

Wklej do Notatnika:
File::
C:\Program Files\SYSTMEM.EXE
C:\RECYCLER\S-1-5-21-2178161229-6821830562-127054709-6509\winlogon.exe
C:\k6k1a8e6g1r5.exe
C:\k1a8e6g1r5.exe
c:\windows\system32\vsl.exe
c:\windows\system32\atu.exe
C:\t9m2t3u6v3s9.exe

Folder::
C:\RECYCLER
C:\FOUND.033
C:\FOUND.032
C:\FOUND.031
C:\FOUND.030
C:\FOUND.029
C:\DOCUME~1\WINDOW~1.000\USTAWI~1\Temp

Driver::
jatmlano
Ndtmlasvr

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Video Drivers"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SYSTMEM.EXE"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe 
? podobnie jak na tym obrazku -->Dołączona grafika
Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C:\Qoobox.

Daj ten log, który powstanie w trakcie usuwania.

  • 0

#3 FlawiuszFlawiusz

FlawiuszFlawiusz

    Początkujący

  • 20 postów

Napisano 04 01 2009 - 22:16

Zrobiłem to, co mi wkleiłeś... I net zaczął działać. Ogromne dzięki.

Wklejam log z ComboFixa po operacji (i już na SP3):

CODE-BOX
ComboFix 09-01-02.01 - Windows XP 2009-01-04 21:07:18.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1791.1331 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA Dołączona grafika

FILE ::
C:\k1a8e6g1r5.exe
C:\k6k1a8e6g1r5.exe
c:\program files\SYSTMEM.EXE
c:\recycler\S-1-5-21-2178161229-6821830562-127054709-6509\winlogon.exe
C:\t9m2t3u6v3s9.exe
c:\windows\system32\atu.exe
c:\windows\system32\vsl.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\WINDOW~1.000\USTAWI~1\Temp
c:\docume~1\WINDOW~1.000\USTAWI~1\Temp\~DF4DAF.tmp
c:\docume~1\WINDOW~1.000\USTAWI~1\Temp\~DF5C09.tmp
c:\docume~1\WINDOW~1.000\USTAWI~1\Temp\~DFF020.tmp
c:\docume~1\WINDOW~1.000\USTAWI~1\Temp\677.exe
C:\FOUND.029
c:\found.029\FILE0000.CHK
c:\found.029\FILE0001.CHK
C:\FOUND.030
c:\found.030\FILE0000.CHK
c:\found.030\FILE0001.CHK
c:\found.030\FILE0002.CHK
c:\found.030\FILE0003.CHK
c:\found.030\FILE0004.CHK
c:\found.030\FILE0005.CHK
c:\found.030\FILE0006.CHK
c:\found.030\FILE0007.CHK
c:\found.030\FILE0008.CHK
c:\found.030\FILE0009.CHK
c:\found.030\FILE0010.CHK
c:\found.030\FILE0011.CHK
c:\found.030\FILE0012.CHK
c:\found.030\FILE0013.CHK
C:\FOUND.031
c:\found.031\FILE0000.CHK
C:\FOUND.032
c:\found.032\FILE0000.CHK
C:\FOUND.033
c:\found.033\FILE0000.CHK
c:\found.033\FILE0001.CHK
c:\found.033\FILE0002.CHK
c:\found.033\FILE0003.CHK
c:\found.033\FILE0004.CHK
c:\found.033\FILE0005.CHK
c:\found.033\FILE0006.CHK
C:\k1a8e6g1r5.exe
C:\k6k1a8e6g1r5.exe
c:\program files\SYSTMEM.EXE
C:\RECYCLER
c:\recycler\S-1-5-21-2178161229-6821830562-127054709-6509\Desktop.ini
c:\recycler\S-1-5-21-2178161229-6821830562-127054709-6509\winlogon.exe
C:\t9m2t3u6v3s9.exe
c:\windows\system32\atu.exe
c:\windows\system32\vsl.exe

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_jatmlano
-------\Service_Ndtmlasvr


((((((((((((((((((((((((( Pliki utworzone od 2008-12-04 do 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 20:02 . 2008-04-13 22:06 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2009-01-04 20:02 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2009-01-04 20:00 . 2006-12-29 00:31 19,569 --a------ c:\windows\002650_.tmp
2009-01-04 16:55 . 2009-01-04 16:55 <DIR> d-------- c:\windows\ERUNT
2009-01-04 16:53 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-04 16:46 . 2009-01-04 16:46 <DIR> d-------- C:\thread-1395_pliki
2009-01-04 16:46 . 2009-01-04 16:46 36,055 --a------ C:\thread-1395.html
2009-01-04 02:07 . 2009-01-04 02:07 <DIR> d-------- c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\DoctorWeb
2009-01-04 01:25 . 2008-04-14 22:51 28,672 --------- c:\windows\system32\verclsid.exe
2009-01-04 01:23 . 2001-10-26 20:29 11,264 --a------ c:\windows\system32\atrace.dll
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-04 01:23 . 2009-01-04 01:23 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-04 01:23 . 2009-01-04 01:23 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-04 01:17 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2009-01-04 01:11 . 2001-10-26 20:29 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-01-04 01:11 . 2001-10-26 20:29 13,312 --a------ c:\windows\system32\irclass.dll
2009-01-04 01:10 . 2004-08-04 02:27 1,086,058 -ra------ c:\windows\SET4A.tmp
2009-01-04 01:10 . 2004-08-04 02:32 1,014,483 --a------ c:\windows\system32\dllcache\SP2.CAT
2009-01-04 01:10 . 2004-08-04 02:32 1,014,483 -ra------ c:\windows\SET47.tmp
2009-01-04 01:10 . 2004-08-04 02:26 14,043 -ra------ c:\windows\SET56.tmp
2009-01-04 01:10 . 2004-07-17 12:45 7,334 --a------ c:\windows\system32\dllcache\wmerrenu.cat
2009-01-03 19:01 . 2009-01-03 19:01 <DIR> d-------- c:\documents and settings\LocalService.ZARZĄDZANIE NT\Menu Start
2009-01-03 19:01 . 2009-01-03 19:01 <DIR> d-------- c:\documents and settings\LocalService.ZARZĄDZANIE NT\Menu Start
2009-01-03 18:59 . 2009-01-03 18:59 <DIR> d-------- c:\documents and settings\NetworkService\Menu Start
2009-01-03 17:35 . 2008-04-14 22:50 1,888,992 --------- c:\windows\system32\ati3duag.dll
2009-01-03 17:35 . 2008-04-14 22:50 870,784 --------- c:\windows\system32\ati3d1ag.dll
2009-01-03 17:35 . 2008-04-14 22:50 516,768 --------- c:\windows\system32\ativvaxx.dll
2009-01-03 17:35 . 2008-04-14 22:50 377,984 --------- c:\windows\system32\ati2dvaa.dll
2009-01-03 17:35 . 2008-04-14 22:50 229,376 --------- c:\windows\system32\ati2cqag.dll
2009-01-03 17:35 . 2008-04-14 22:50 201,728 --------- c:\windows\system32\ati2dvag.dll
2009-01-03 17:35 . 2008-04-14 22:51 163,328 --------- c:\windows\system32\wuaucpl.cpl
2009-01-03 17:35 . 2008-04-14 22:50 32,768 --------- c:\windows\system32\ativtmxx.dll
2009-01-03 17:35 . 2008-04-14 22:51 23,040 --------- c:\windows\system32\ativmvxx.ax
2009-01-03 17:35 . 2008-04-14 22:51 9,728 --------- c:\windows\system32\ativdaxx.ax
2009-01-03 17:33 . 2009-01-03 17:33 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-03 17:27 . 2004-07-17 11:40 19,528 --a------ c:\windows\002600_.tmp
2009-01-03 00:47 . 2009-01-03 00:47 <DIR> d-------- C:\DYSK_D
2009-01-02 19:56 . 2005-06-03 15:09 454,656 --a------ c:\windows\system32\CapabilityTable.exe
2009-01-02 19:56 . 2005-05-17 10:45 300,032 -ra------ c:\windows\system32\idecoi.dll
2009-01-02 19:56 . 2005-05-17 10:45 92,800 -ra------ c:\windows\system32\drivers\nvata.sys
2009-01-02 19:55 . 2005-04-05 20:19 201,728 -ra------ c:\windows\system32\fdco1ins.dll
2009-01-02 19:55 . 2005-04-05 20:19 201,728 -ra------ c:\windows\system32\fdco1.dll
2009-01-02 19:55 . 2005-04-05 20:22 33,536 -ra------ c:\windows\system32\drivers\NVENETFD.sys
2009-01-02 19:54 . 2005-04-05 20:22 261,888 -ra------ c:\windows\system32\drivers\nvnrm.sys
2009-01-02 19:54 . 2005-04-05 20:22 208,256 -ra------ c:\windows\system32\drivers\nvsnpu.sys
2009-01-02 19:54 . 2005-05-13 03:52 176,128 -ra------ c:\windows\system32\nvusmb.exe
2009-01-02 19:54 . 2005-06-03 15:07 176,128 --a------ c:\windows\system32\nvunrm.exe
2009-01-02 19:54 . 2005-04-04 12:00 32,256 -ra------ c:\windows\system32\nvconrm.dll
2009-01-02 19:54 . 2005-04-05 20:22 12,928 -ra------ c:\windows\system32\drivers\nvnetbus.sys
2009-01-02 19:54 . 2005-04-05 20:19 9,728 -ra------ c:\windows\system32\bdco1ins.dll
2009-01-02 19:54 . 2005-04-05 20:19 9,728 -ra------ c:\windows\system32\bdco1.dll
2009-01-02 19:54 . 2005-02-08 07:26 3,596 --a------ c:\windows\system32\nvnrm.nvu
2009-01-02 19:54 . 2005-02-08 07:26 1,231 -ra------ c:\windows\system32\nvsmb.nvu
2009-01-02 19:53 . 2004-11-13 04:35 810,054 -ra------ c:\windows\system32\A8N-SLI.bmp
2009-01-02 19:53 . 2004-08-13 03:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys
2009-01-02 19:53 . 2004-11-13 05:01 269 -ra------ c:\windows\system32\raidmgmt.ini
2009-01-02 18:34 . 2004-01-30 14:19 286,720 -ra------ c:\windows\system32\sai0109.dll
2009-01-02 18:34 . 2004-01-30 14:19 19,456 -ra------ c:\windows\system32\drivers\SaiU0109.sys
2009-01-02 18:33 . 2004-01-30 14:19 55,936 -ra------ c:\windows\system32\drivers\SaiH0109.sys
2009-01-02 18:25 . 1996-11-05 16:13 299,008 --a------ c:\windows\uninst.exe
2008-12-31 18:08 . 2008-12-31 18:08 <DIR> d-------- c:\windows\system32\Lang
2008-12-31 18:08 . 2008-12-31 18:08 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-12-31 18:08 . 2008-12-31 18:08 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-12-31 18:08 . 2008-12-31 18:08 60,416 --a------ c:\windows\ALCFDRTM.VER
2008-12-31 18:08 . 2008-12-31 18:08 60,416 --a------ c:\windows\ALCFDRTM.EXE
2008-12-26 19:54 . 2008-12-26 19:54 <DIR> d-------- c:\windows\nview
2008-12-26 19:54 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-26 19:54 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-12-26 19:54 . 2009-01-04 20:58 195,368 --a------ c:\windows\system32\nvapps.xml
2008-12-26 19:54 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-12-26 19:48 . 2008-12-26 19:48 <DIR> d-------- c:\program files\Realtek Sound Manager
2008-12-26 19:48 . 2008-12-26 19:48 <DIR> d-------- c:\program files\AvRack
2008-12-26 19:48 . 2005-06-21 10:09 18,751,488 -ra------ c:\windows\system32\ALSNDMGR.CPL
2008-12-26 19:48 . 2005-06-20 21:39 9,410,048 -ra------ c:\windows\system32\RTLCPL.EXE
2008-12-26 19:48 . 2005-06-20 22:08 2,324,480 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS
2008-12-26 19:48 . 2004-09-07 14:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll
2008-12-26 19:48 . 2002-02-05 13:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV
2008-12-26 19:48 . 2005-06-20 21:42 77,824 -ra------ c:\windows\SOUNDMAN.EXE
2008-12-26 19:48 . 2001-07-06 00:19 164 -r------- c:\windows\avrack.ini
2008-12-26 19:47 . 2008-12-26 19:47 <DIR> d-------- c:\program files\Realtek AC97
2008-12-26 19:47 . 2005-06-02 16:31 294,912 -r------- c:\windows\alcupd.exe
2008-12-26 19:47 . 2005-06-02 16:43 200,704 -r------- c:\windows\alcrmv.exe
2008-12-26 19:47 . 2005-05-18 13:38 40,960 -r------- c:\windows\system32\ChCfg.exe
2008-12-26 19:39 . 2008-12-26 19:39 <DIR> d-------- c:\program files\Marvell
2008-12-26 02:16 . 2008-12-26 02:16 <DIR> d--h----- c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\Szablony
2008-12-25 23:52 . 2008-04-14 22:50 409,088 --a------ c:\windows\system32\qmgr.dll
2008-12-25 23:52 . 2008-04-14 22:50 45,568 --a------ c:\windows\system32\safrslv.dll
2008-12-25 23:52 . 2008-04-14 22:50 43,520 --a------ c:\windows\system32\safrcdlg.dll
2008-12-25 23:52 . 2008-04-14 22:50 43,520 --a------ c:\windows\system32\racpldlg.dll
2008-12-25 23:52 . 2008-04-14 22:50 29,696 --a------ c:\windows\system32\safrdm.dll
2008-12-25 23:52 . 2008-04-14 22:50 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2008-12-25 23:50 . 2008-04-14 22:50 2,061,824 --a------ c:\windows\system32\mstscax.dll
2008-12-25 23:49 . 2008-04-14 22:50 187,904 --a------ c:\windows\system32\cmprops.dll
2008-12-25 23:49 . 2008-04-14 22:50 58,880 --a------ c:\windows\system32\licwmi.dll
2008-12-25 23:49 . 2008-04-14 22:50 17,920 --a------ c:\windows\system32\mmfutil.dll
2008-12-25 23:47 . 2008-04-14 00:15 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2008-12-25 23:47 . 2008-04-14 00:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2008-12-25 23:43 . 2001-08-17 22:00 2,944 --a------ c:\windows\system32\drivers\msmpu401.sys
2008-12-25 23:42 . 2008-04-14 00:02 196,224 --a------ c:\windows\system32\drivers\rdpdr.sys
2008-12-25 23:42 . 2008-04-14 21:35 58,880 --a------ c:\windows\system32\drivers\redbook.sys
2008-12-25 23:42 . 2008-04-14 22:52 40,840 --a------ c:\windows\system32\drivers\termdd.sys
2008-12-25 23:35 . 2001-10-27 12:35 1,085,938 -ra------ c:\windows\SET40.tmp
2008-12-25 23:35 . 2008-04-14 22:51 146,432 --a------ c:\windows\system\winspool.drv
2008-12-25 23:35 . 2008-04-14 22:50 75,776 --a------ c:\windows\system32\storprop.dll
2008-12-25 23:35 . 2001-10-27 12:34 13,923 -ra------ c:\windows\SET4C.tmp
2008-12-25 23:35 . 2008-04-14 00:24 11,264 --a------ c:\windows\system32\drivers\irenum.sys
2008-12-25 23:33 . 2009-01-03 19:01 1,036,319 --a------ c:\windows\setupapi.log.1.old

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-12-29 20:42 11 ----a-w c:\program files\bataty.bat
2006-12-14 19:15 1,308 ----a-w c:\program files\shutdown.lnk
2006-12-14 19:06 1,326 ----a-w c:\program files\szut.lnk
2007-08-24 19:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-08-24 19:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-24 19:19 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-08-24 19:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-24 19:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2005-08-28 13:11 5,642 --sha-w c:\windows\system32\KGyGaAvL.sys
2005-08-28 12:23 56 --sh--r c:\windows\system32\A7E8D0570F.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\programy\D-Tools\daemon.exe" [2004-08-22 81920]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 473928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-26 180269]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-05-18 949376]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="e:\nero\Nero 7\InCD\InCD.exe" [2006-11-10 1051648]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-10-07 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
backup=c:\windows\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
--a------ 2004-02-13 08:34 57344 c:\program files\Lexmark 2200 Series\lxbvbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-07-29 15:23 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-08-26 13:33 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2 (0x2)
"iPodService"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-03-21 270336]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-05-18 15424]
R3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2009-01-02 55936]
R3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2009-01-02 19456]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-07-29 33792]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2007-08-17 178913]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\Autorun.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE []

2009-01-03 c:\windows\Tasks\shutdown_test.job
- c:\windows\system32\shutdown.exe [2008-04-14 22:51]

2007-01-13 c:\windows\Tasks\sf.job
- c:\windows\system32\shutdown.exe [2008-04-14 22:51]

2009-01-03 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2008-04-14 22:51]

2009-01-03 c:\windows\Tasks\shutdown.job
- c:\windows\system32 [2005-05-04 18:57]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - f:\programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {A90ACEB8-6A9C-4E3C-88DA-096290AA42E5} = 192.168.0.1

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7}
hxxp://skaner.mks.com.pl/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
FF - ProfilePath - c:\documents and settings\Windows XP.WINDOWS-8AR1JFC.000\Dane aplikacji\Mozilla\Firefox\Profiles\bz5ggift.default\
FF - plugin: c:\programy\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 21:12:38
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1352)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
g:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
e:\nero\Nero 7\InCD\InCDsrv.exe
c:\programy\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
c:\windows\SYSTEM32\LIBUSBD-NT.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\ESET\NOD32KRN.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\programy\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
c:\programy\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 2200 Series\lxbvbmon.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-04 21:14:19 - komputer został uruchomiony ponownie
ComboFix2.txt 2009-01-04 16:42:36
ComboFix-quarantined-files.txt 2009-01-04 20:14:16

Przed: 6 594 174 976 bajtów wolnych
Po: 6,571,610,112 bajtów wolnych

337

  • 0

#4 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 04 01 2009 - 22:26

2009-01-04 16:46 . 2009-01-04 16:46 <DIR> d-------- C:\thread-1395_pliki
2009-01-04 16:46 . 2009-01-04 16:46 36,055 --a------ C:\thread-1395.html

c:\program files\bataty.bat
c:\program files\shutdown.lnk
c:\program files\szut.lnk

2009-01-03 c:\windows\Tasks\shutdown_test.job
2007-01-13 c:\windows\Tasks\sf.job
2009-01-03 c:\windows\Tasks\shutdown.job
2009-01-03 c:\windows\Tasks\shutdown.job

Znasz te obiekty?

Jeśli nie znasz, to:
Sprawdź je na --> JOTTI/
albo na VIRUSTOTAL.

Nic więcej podejrzanego nie widzę.

ordynat

  • 0


Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych