Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - WWDC wykrywa syf

Rozpoczęty przez krzyhoo , 29 04 2008 21:42

Temat jest zamknięty

8 odpowiedzi w tym temacie

#1 krzyhoo

Admin

1 039 postów

Napisano 29 04 2008 - 21:42

witam. sprawdzałem sobie dzisiaj czy mam wszystkie wirusowe porty pozamykane w wwdc, a tu wyskoczył mi taki komunikat: http://img257.imageshack.us/my.php?image=wirpr0.jpg czy tu chodzi o wirusa? dodam że ostatnio zmieniałem sieciówke wifi i mam ustawione szyfrowanie WPA.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:49:58, on 2008-04-29Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXED:\Programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeD:\programy\powerstrip\pstrip.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Lexmark 3300 Series\lxccmon.exeC:\Program Files\Logitech\Gaming Software\LWEMon.exeC:\WINDOWS\system32\ctfmon.exeD:\Programy\WAPSTE~1\AQQ.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeD:\Programy\Real Desktop\Real Desktop.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Messenger\msmsgs.exeD:\Programy\eMule\emule.exeC:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exeC:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exeD:\Programy\Yahoo!\Widgets\YahooWidgets.exeC:\Program Files\Wireless Device\Wireless Keyboard\osd.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\lxcccoms.exeC:\WINDOWS\system32\WgaTray.exeD:\Programy\Yahoo!\Widgets\YahooWidgets.exeC:\WINDOWS\System32\svchost.exeD:\Programy\Mozilla Firefox 3 Beta 5\firefox.exeD:\Programy\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [CTSysVol] D:\Programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [PowerStrip] d:\programy\powerstrip\pstrip.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /nouiO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AQQ] D:\Programy\WAPSTE~1\AQQ.exeO4 - HKCU\..\Run: [Real Desktop] "D:\Programy\Real Desktop\Real Desktop.exe"O4 - HKCU\..\Run: [BitComet] "D:\Programy\BitComet\BitComet.exe" /trayO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\Programy\eMule\emule.exe -AutoStartO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Yahoo! Widgets.lnk = D:\Programy\Yahoo!\Widgets\YahooWidgets.exeO4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exeO4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dllO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe--End of file - 6928 bytes

0

Do góry

#2 mgx8

Początkujący

148 postów

Napisano 29 04 2008 - 22:02

Po Hijack'u się wszystkiego nie dowiesz. Zarzuć jeszcze raport z ComboFix

0

Do góry

#3 wncvirus

Leń !

851 postów

Napisano 30 04 2008 - 21:39

Do a system scan only Zrobi Ci się log i zaznacz kwadrat obok poniższego wpisu i daj fix

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

To raczej jest kosmetyka.Daj loga z combofixa bo po za tym czysto w tym logu.

0

Do góry

#4 krzyhoo

Admin

1 039 postów

Napisano 05 05 2008 - 18:57

sorry że długo nie odpowiadałem, ale nie miałem czasu

jak odpalam combofixa to wywala mi taki komunikat: http://img231.imageshack.us/my.php?image=dfgpz7.jpg - na pewno mam kontynuować?

0

Do góry

#5 wncvirus

Leń !

851 postów

Napisano 05 05 2008 - 20:51

Tak dajesz tak.

0

Do góry

#6 krzyhoo

Admin

1 039 postów

Napisano 06 05 2008 - 19:56

log z combofixa

ComboFix 08-05-01.3 - aaa 2008-05-06 19:52:43.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1091 [GMT 2:00]
Running from: C:\Documents and Settings\aaa\Pulpit\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-06 to 2008-05-06  )))))))))))))))))))))))))))))))
.

2008-05-06 17:17 . 2008-05-06 17:17	<DIR>	d--------	C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-05-05 19:58 . 2008-05-05 19:58	<DIR>	d--------	C:\WINDOWS\LxkSkins
2008-05-05 19:58 . 2008-05-05 19:58	<DIR>	d--------	C:\Program Files\Lexmark Skins
2008-05-02 00:56 . 2008-05-02 00:57	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\fretsonfire
2008-04-30 15:52 . 1999-11-02 10:01	6,173	--a------	C:\WINDOWS\system32\drivers\Entech.vxd
2008-04-30 15:52 . 2004-06-22 15:44	5,632	--a------	C:\WINDOWS\system32\drivers\Entech64.sys
2008-04-29 23:04 . 2008-04-29 23:04	<DIR>	d--------	C:\Program Files\Spyware Terminator
2008-04-29 23:04 . 2008-04-29 23:05	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2008-04-29 23:04 . 2008-04-29 23:05	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\Spyware Terminator
2008-04-29 23:04 . 2008-04-29 23:04	141,312	--a------	C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-28 15:19 . 2008-04-28 15:39	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\Audacity
2008-04-26 16:18 . 2005-10-20 13:05	282,240	-ra------	C:\WINDOWS\system32\drivers\rtl8185.sys
2008-04-23 00:29 . 2008-04-23 00:29	41,296	--a------	C:\WINDOWS\system32\xfcodec.dll
2008-04-23 00:01 . 2008-04-23 00:01	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\Uniblue
2008-04-21 20:56 . 2008-04-21 20:56	<DIR>	d--------	C:\Program Files\Logitech
2008-04-21 20:56 . 2008-04-21 20:56	<DIR>	d--------	C:\Program Files\Common Files\Logitech
2008-04-17 00:01 . 2008-04-17 00:03	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer
2008-04-17 00:01 . 2008-04-17 00:01	<DIR>	d--------	C:\Program Files\Reference Assemblies
2008-04-17 00:01 . 2008-04-17 00:01	<DIR>	d--------	C:\Program Files\MSBuild
2008-04-17 00:00 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll
2008-04-16 23:58 . 2008-04-16 23:58	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-04-16 14:47 . 2008-05-05 16:45	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-04-16 14:17 . 2008-04-16 14:17	<DIR>	dr-h-----	C:\Documents and Settings\aaa\Dane aplikacji\SecuROM
2008-04-16 14:16 . 2008-04-16 16:15	107,888	--a------	C:\WINDOWS\system32\CmdLineExt.dll
2008-04-12 15:38 . 2008-04-12 15:38	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\Ahead

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 18:03	623,136	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-06 18:03	14,303,776	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-06 17:50	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\SiteAdvisor
2008-05-06 14:38	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-05 22:10	61,712	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-05 22:10	196,508	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-02 20:22	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-01 15:40	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\Xfire
2008-04-30 13:51	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-17 13:37	96,645	----a-w	C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 13:37	87,941	----a-w	C:\WINDOWS\system32\drivers\klick.dat
2008-04-08 18:03	103,736	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2008-04-05 12:25	413,696	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-04-05 12:25	110,592	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-04-05 12:25	---------	d-----w	C:\Program Files\OpenAL
2008-04-04 14:07	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\Creative
2008-04-02 12:01	---------	d-----w	C:\Program Files\Lexmark 3300 Series
2008-03-29 23:24	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\Media Player Classic
2008-03-29 20:06	---------	d-----w	C:\Program Files\SystemRequirementsLab
2008-03-29 20:05	---------	d-----w	C:\Program Files\Java
2008-03-29 20:02	---------	d-----w	C:\Program Files\Common Files\Java
2008-03-29 18:51	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\Winamp
2008-03-29 17:36	---------	d-----w	C:\Program Files\Yahoo!
2008-03-29 16:37	2,560	----a-w	C:\WINDOWS\system32\bitcometres.dll
2008-03-29 15:18	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor
2008-03-29 15:18	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2008-03-29 14:54	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
2008-03-29 14:54	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-29 14:54	---------	d-----w	C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-03-29 14:41	---------	d-----w	C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-03-29 14:36	22,328	----a-w	C:\Documents and Settings\aaa\Dane aplikacji\PnkBstrK.sys
2008-03-26 21:34	---------	d-----w	C:\Program Files\Kaspersky Lab
2008-03-26 21:34	---------	d-----w	C:\Program Files\AviSynth 2.5
2008-03-26 17:56	---------	d-----w	C:\Program Files\Creative
2008-03-26 17:50	---------	d-----w	C:\Program Files\Common Files\Ahead
2008-03-26 17:31	---------	d--h--w	C:\Program Files\Creative Installation Information
2008-03-26 17:31	---------	d-----w	C:\Program Files\Common Files\Creative
2008-03-26 17:29	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-03-26 17:23	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-26 17:23	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\InterTrust
2008-03-26 17:17	---------	d-----w	C:\Program Files\VID_0E8F&PID_0012
2008-03-26 17:16	---------	d-----w	C:\Program Files\Wireless Device
2008-03-26 17:10	---------	d-----w	C:\Program Files\VIA
2008-03-26 17:08	---------	d-----w	C:\Program Files\Realtek Sound Manager
2008-03-26 17:08	---------	d-----w	C:\Program Files\Realtek AC97
2008-03-26 17:08	---------	d-----w	C:\Program Files\AvRack
2008-03-26 17:07	---------	d-----w	C:\Program Files\S3
2008-03-26 15:57	---------	d-----w	C:\Program Files\microsoft frontpage
2008-03-26 15:55	---------	d-----w	C:\Program Files\Usługi online
2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-04 11:33	7,680	----a-w	C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 13:02	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 15:15	408,576	----a-w	C:\WINDOWS\system32\Smab.dll
2006-05-03 10:06	163,328	--sh--r	C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47	31,232	--sh--r	C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43	27,648	--sh--w	C:\WINDOWS\system32\Smab0.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"AQQ"="D:\Programy\WAPSTE~1\AQQ.exe" [2008-02-23 21:36 1170416]
"Real Desktop"="D:\Programy\Real Desktop\Real Desktop.exe" [2007-09-07 15:24 5271845]
"BitComet"="D:\Programy\BitComet\BitComet.exe" [2008-03-25 08:38 2196280]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"eMuleAutoStart"="D:\Programy\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 11:30 81920]
"CTSysVol"="D:\Programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"PowerStrip"="d:\programy\powerstrip\pstrip.exe" [2008-02-17 01:09 802552]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:17 192512]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\aaa\Menu Start\Programy\Autostart\
Yahoo! Widgets.lnk - D:\Programy\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [2008-03-26 19:16:03 180224]
Enable Wireless Mouse Driver.lnk - C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe [2008-03-26 19:16:03 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 D:\Programy\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCAudioIni]
D:\Programy\One-click Audio Converter\OCAudioIni.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-04-02 09:49 1885464 D:\Programy\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-16 00:54 37376 D:\Programy\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\WapSter AQQ\\AQQ.exe"=
"D:\\Programy\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\GRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\GRY\\EA GAMES\\Battlefield 2\\BF2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18100:TCP"= 18100:TCP:BitComet 18100 TCP
"18100:UDP"= 18100:UDP:BitComet 18100 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 04:37]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 20:03:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 20:04:50
ComboFix-quarantined-files.txt  2008-05-06 18:04:45

Pre-Run: 2,914,488,320 bajtów wolnych
Post-Run: 3,011,039,232 bajtów wolnych

187	--- E O F ---	2008-04-17 23:02:51

0

Do góry

#7 wncvirus

Leń !

851 postów

Napisano 09 05 2008 - 11:31

wkej do notatnika

FILE ::
 C:\WINDOWS\system32\Smab0.dll

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku --> Dołączona grafika

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.

Po wykonaniu tego usuwania daj nowego logaz combofixa

0

Do góry

#8 krzyhoo

Admin

1 039 postów

Napisano 09 05 2008 - 16:31

zrobione

ComboFix 08-05-01.3 - aaa 2008-05-09 16:30:07.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.780 [GMT 2:00]
Running from: C:\Documents and Settings\aaa\Pulpit\Nowy folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\aaa\Pulpit\Nowy folder\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-09 to 2008-05-09  )))))))))))))))))))))))))))))))
.

2008-05-06 17:17 . 2008-05-06 17:17	<DIR>	d--------	C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-05-05 19:58 . 2008-05-05 19:58	<DIR>	d--------	C:\WINDOWS\LxkSkins
2008-05-05 19:58 . 2008-05-05 19:58	<DIR>	d--------	C:\Program Files\Lexmark Skins
2008-05-02 00:56 . 2008-05-02 00:57	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\fretsonfire
2008-04-30 15:52 . 1999-11-02 10:01	6,173	--a------	C:\WINDOWS\system32\drivers\Entech.vxd
2008-04-30 15:52 . 2004-06-22 15:44	5,632	--a------	C:\WINDOWS\system32\drivers\Entech64.sys
2008-04-29 23:04 . 2008-04-29 23:04	<DIR>	d--------	C:\Program Files\Spyware Terminator
2008-04-29 23:04 . 2008-04-29 23:05	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2008-04-29 23:04 . 2008-04-29 23:05	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\Spyware Terminator
2008-04-29 23:04 . 2008-04-29 23:04	141,312	--a------	C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-28 15:19 . 2008-04-28 15:39	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\Audacity
2008-04-26 16:18 . 2005-10-20 13:05	282,240	-ra------	C:\WINDOWS\system32\drivers\rtl8185.sys
2008-04-23 00:29 . 2008-04-23 00:29	41,296	--a------	C:\WINDOWS\system32\xfcodec.dll
2008-04-23 00:01 . 2008-04-23 00:01	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\Uniblue
2008-04-21 20:56 . 2008-04-21 20:56	<DIR>	d--------	C:\Program Files\Logitech
2008-04-21 20:56 . 2008-04-21 20:56	<DIR>	d--------	C:\Program Files\Common Files\Logitech
2008-04-17 00:01 . 2008-04-17 00:03	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer
2008-04-17 00:01 . 2008-04-17 00:01	<DIR>	d--------	C:\Program Files\Reference Assemblies
2008-04-17 00:01 . 2008-04-17 00:01	<DIR>	d--------	C:\Program Files\MSBuild
2008-04-17 00:00 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll
2008-04-16 23:58 . 2008-04-16 23:58	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-04-16 14:47 . 2008-05-05 16:45	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-04-16 14:17 . 2008-04-16 14:17	<DIR>	dr-h-----	C:\Documents and Settings\aaa\Dane aplikacji\SecuROM
2008-04-16 14:16 . 2008-04-16 16:15	107,888	--a------	C:\WINDOWS\system32\CmdLineExt.dll
2008-04-12 15:38 . 2008-04-12 15:38	<DIR>	d--------	C:\Documents and Settings\aaa\Dane aplikacji\Ahead

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 14:38	645,152	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-09 14:38	15,144,224	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-09 14:25	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\SiteAdvisor
2008-05-09 05:58	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-08 23:00	64,016	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-08 23:00	207,764	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-02 20:22	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-01 15:40	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\Xfire
2008-04-30 13:51	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-17 13:37	96,645	----a-w	C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 13:37	87,941	----a-w	C:\WINDOWS\system32\drivers\klick.dat
2008-04-08 18:03	103,736	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2008-04-05 12:25	413,696	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-04-05 12:25	110,592	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-04-05 12:25	---------	d-----w	C:\Program Files\OpenAL
2008-04-04 14:07	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\Creative
2008-04-02 12:01	---------	d-----w	C:\Program Files\Lexmark 3300 Series
2008-03-29 23:24	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\Media Player Classic
2008-03-29 20:06	---------	d-----w	C:\Program Files\SystemRequirementsLab
2008-03-29 20:05	---------	d-----w	C:\Program Files\Java
2008-03-29 20:02	---------	d-----w	C:\Program Files\Common Files\Java
2008-03-29 18:51	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\Winamp
2008-03-29 17:36	---------	d-----w	C:\Program Files\Yahoo!
2008-03-29 16:37	2,560	----a-w	C:\WINDOWS\system32\bitcometres.dll
2008-03-29 15:18	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor
2008-03-29 15:18	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2008-03-29 14:54	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
2008-03-29 14:54	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-29 14:54	---------	d-----w	C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-03-29 14:41	---------	d-----w	C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-03-29 14:36	22,328	----a-w	C:\Documents and Settings\aaa\Dane aplikacji\PnkBstrK.sys
2008-03-26 21:34	---------	d-----w	C:\Program Files\Kaspersky Lab
2008-03-26 21:34	---------	d-----w	C:\Program Files\AviSynth 2.5
2008-03-26 17:56	---------	d-----w	C:\Program Files\Creative
2008-03-26 17:50	---------	d-----w	C:\Program Files\Common Files\Ahead
2008-03-26 17:31	---------	d--h--w	C:\Program Files\Creative Installation Information
2008-03-26 17:31	---------	d-----w	C:\Program Files\Common Files\Creative
2008-03-26 17:29	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-03-26 17:23	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-26 17:23	---------	d-----w	C:\Documents and Settings\aaa\Dane aplikacji\InterTrust
2008-03-26 17:17	---------	d-----w	C:\Program Files\VID_0E8F&PID_0012
2008-03-26 17:16	---------	d-----w	C:\Program Files\Wireless Device
2008-03-26 17:10	---------	d-----w	C:\Program Files\VIA
2008-03-26 17:08	---------	d-----w	C:\Program Files\Realtek Sound Manager
2008-03-26 17:08	---------	d-----w	C:\Program Files\Realtek AC97
2008-03-26 17:08	---------	d-----w	C:\Program Files\AvRack
2008-03-26 17:07	---------	d-----w	C:\Program Files\S3
2008-03-26 15:57	---------	d-----w	C:\Program Files\microsoft frontpage
2008-03-26 15:55	---------	d-----w	C:\Program Files\Usługi online
2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-04 11:33	7,680	----a-w	C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 13:02	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2006-05-03 10:06	163,328	--sh--r	C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47	31,232	--sh--r	C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43	27,648	--sh--w	C:\WINDOWS\system32\Smab0.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-05-06_20.04.01,93   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-06 14:37:42	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-05-09 05:53:05	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
- 2008-05-04 10:16:53	16,384	----a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-09 05:53:25	16,384	----a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-04 10:16:53	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-05-09 05:53:25	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-05-04 10:16:53	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 05:53:25	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"AQQ"="D:\Programy\WAPSTE~1\AQQ.exe" [2008-02-23 21:36 1170416]
"Real Desktop"="D:\Programy\Real Desktop\Real Desktop.exe" [2007-09-07 15:24 5271845]
"BitComet"="D:\Programy\BitComet\BitComet.exe" [2008-03-25 08:38 2196280]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"eMuleAutoStart"="D:\Programy\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 11:30 81920]
"CTSysVol"="D:\Programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"PowerStrip"="d:\programy\powerstrip\pstrip.exe" [2008-02-17 01:09 802552]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:17 192512]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\aaa\Menu Start\Programy\Autostart\
Yahoo! Widgets.lnk - D:\Programy\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [2008-03-26 19:16:03 180224]
Enable Wireless Mouse Driver.lnk - C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe [2008-03-26 19:16:03 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 D:\Programy\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCAudioIni]
D:\Programy\One-click Audio Converter\OCAudioIni.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-04-02 09:49 1885464 D:\Programy\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-16 00:54 37376 D:\Programy\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\WapSter AQQ\\AQQ.exe"=
"D:\\Programy\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\GRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\GRY\\EA GAMES\\Battlefield 2\\BF2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18100:TCP"= 18100:TCP:BitComet 18100 TCP
"18100:UDP"= 18100:UDP:BitComet 18100 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 04:37]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 16:38:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-09 16:39:41
ComboFix-quarantined-files.txt  2008-05-09 14:39:35
ComboFix2.txt  2008-05-06 18:04:51

Pre-Run: 2,996,203,520 bajtów wolnych
Post-Run: 2,975,916,032 bajtów wolnych

198	--- E O F ---	2008-04-17 23:02:51

ale jak widać ten plik dalej został :/