Jak to usunąć, i co to za wirus?
[wirus]Co to za wir?
Rozpoczęty przez
FusioN822
, 01 03 2009 15:33
-
Temat jest zamknięty
5 odpowiedzi w tym temacie
#1
FusioN822
-
-
- 31 postów
Początkujący
Napisano 01 03 2009 - 15:33
Otóż, ostatnio podczas skanowania zmartwiło mnie to :
Jak to usunąć, i co to za wirus?
Jak to usunąć, i co to za wirus?
#3
FusioN822
-
-
- 31 postów
Początkujący
Napisano 01 03 2009 - 15:49
CODE-BOX
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1383 [GMT 1:00]
Uruchomiony z: e:\documents and settings\admin\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-01 do 2009-03-01 )))))))))))))))))))))))))))))))
.
2009-03-01 14:10 . 2009-03-01 14:48 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-01 14:10 . 2009-03-01 14:46 1,240,096 --ahs---- e:\windows\system32\drivers\fidbox.dat
2009-03-01 14:10 . 2009-03-01 14:48 344,096 --ahs---- e:\windows\system32\drivers\fidbox2.dat
2009-03-01 14:10 . 2009-03-01 14:16 101,287 --a------ e:\windows\system32\drivers\klin.dat
2009-03-01 14:10 . 2009-03-01 14:16 89,601 --a------ e:\windows\system32\drivers\klick.dat
2009-03-01 14:10 . 2009-03-01 14:46 12,864 --ahs---- e:\windows\system32\drivers\fidbox.idx
2009-03-01 14:10 . 2009-03-01 14:48 4,380 --ahs---- e:\windows\system32\drivers\fidbox2.idx
2009-03-01 14:05 . 2009-03-01 14:05 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-01 13:47 . 2009-03-01 13:56 881 --a------ e:\windows\ghost_config.ini
2009-03-01 13:15 . 2001-10-26 16:57 12,160 --a------ e:\windows\system32\drivers\mouhid.sys
2009-03-01 13:15 . 2001-10-26 16:57 12,160 --a--c--- e:\windows\system32\dllcache\mouhid.sys
2009-03-01 13:15 . 2008-04-14 00:15 10,368 --a------ e:\windows\system32\drivers\hidusb.sys
2009-03-01 13:15 . 2008-04-14 00:15 10,368 --a--c--- e:\windows\system32\dllcache\hidusb.sys
2009-02-28 22:44 . 2009-02-28 22:44 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-02-28 22:25 . 2009-02-28 22:25 <DIR> d-------- e:\program files\UltraVNC
2009-02-28 18:36 . 2009-02-28 18:36 <DIR> d-------- e:\program files\Bonjour
2009-02-28 18:29 . 2009-02-28 18:29 <DIR> d-------- e:\program files\Common Files\Macrovision Shared
2009-02-28 16:15 . 2009-02-28 16:15 <DIR> d-------- E:\totalcmd
2009-02-28 16:15 . 2009-02-28 21:32 2,266 --a------ e:\windows\wincmd.ini
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\UC.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\RAR.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\PKZIP.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\PKUNZIP.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\NOCLOSE.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\LHA.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\ARJ.PIF
2009-02-28 16:15 . 2009-02-28 21:26 498 --a------ e:\windows\wcx_ftp.ini
2009-02-28 12:13 . 2009-02-28 21:11 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\mIRC
2009-02-27 19:13 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools
2009-02-27 19:12 . 2009-02-27 19:12 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-02-27 19:09 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools Lite
2009-02-27 18:48 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools Pro
2009-02-27 13:06 . 2009-02-27 19:09 717,296 --a------ e:\windows\system32\drivers\sptd.sys
2009-02-26 21:21 . 2009-02-26 21:21 <DIR> d-------- e:\program files\VertrigoServ
2009-02-26 18:13 . 2009-02-26 18:13 <DIR> dr-h----- e:\documents and settings\admin\Dane aplikacji\SecuROM
2009-02-26 16:44 . 2009-02-26 16:44 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Nero
2009-02-25 21:49 . 2009-02-25 21:49 <DIR> d-------- e:\program files\WinSCP
2009-02-25 20:53 . 2009-02-25 20:53 <DIR> d-------- e:\windows\ERUNT
2009-02-25 20:53 . 2009-02-25 20:53 580,096 --a--c--- e:\windows\system32\dllcache\user32.dll
2009-02-25 20:50 . 2009-02-25 21:00 <DIR> d-------- E:\SDFix
2009-02-25 20:40 . 2009-02-25 20:40 <DIR> d-------- e:\program files\Bytescout XLS Viewer
2009-02-25 15:36 . 2009-02-25 15:36 <DIR> d-------- e:\program files\SkanerOnline
2009-02-25 15:35 . 2009-02-28 19:09 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\HPAppData
2009-02-25 12:05 . 2009-02-25 12:05 697 ---hs---- E:\comment.htt
2009-02-25 12:05 . 2009-02-25 12:05 72 ---hs---- E:\desktop.ini
2009-02-24 18:24 . 2008-04-14 00:15 26,112 --a------ e:\windows\system32\drivers\usbser.sys
2009-02-24 18:24 . 2008-04-14 00:15 26,112 --a--c--- e:\windows\system32\dllcache\usbser.sys
2009-02-24 18:24 . 2008-03-21 13:57 14,640 --------- e:\windows\system32\spmsgXP_2k3.dll
2009-02-24 18:24 . 2009-02-24 18:24 0 --ah----- e:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-24 18:24 . 2009-02-24 18:24 0 --ah----- e:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-24 18:23 . 2009-02-24 18:23 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\PC Suite
2009-02-24 18:23 . 2009-02-24 18:25 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\PC Suite
2009-02-24 18:23 . 2009-02-24 18:23 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Nokia
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\PC Connectivity Solution
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Nokia
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\DIFX
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Common Files\PCSuite
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Common Files\Nokia
2009-02-24 18:22 . 2008-09-15 07:29 1,112,288 --a------ e:\windows\system32\wdfcoinstaller01007.dll
2009-02-24 18:22 . 2008-09-15 07:56 659,968 --a------ e:\windows\system32\nmwcdcocls.dll
2009-02-24 18:22 . 2008-09-15 07:56 91,136 --a------ e:\windows\system32\nmwcdcls.dll
2009-02-24 18:22 . 2008-09-15 07:56 22,016 --a------ e:\windows\system32\drivers\ccdcmbo.sys
2009-02-24 18:22 . 2008-08-26 09:26 18,816 --a------ e:\windows\system32\drivers\pccsmcfd.sys
2009-02-24 18:22 . 2008-09-15 07:56 17,664 --a------ e:\windows\system32\drivers\ccdcmb.sys
2009-02-24 18:22 . 2008-09-15 07:56 8,064 --a------ e:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-24 18:22 . 2008-09-15 07:56 8,064 --a------ e:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-24 18:21 . 2009-02-24 18:21 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Installations
2009-02-24 16:10 . 2009-02-24 16:10 118,784 --a------ e:\windows\SeaMonkeyUninstall.exe
2009-02-24 16:09 . 2009-02-24 16:09 <DIR> d-------- e:\program files\mozilla.org
2009-02-24 16:09 . 2009-02-24 16:09 <DIR> d-------- e:\program files\Common Files\mozilla.org
2009-02-24 16:09 . 2009-02-24 16:09 118,784 --a------ e:\windows\GREUninstall.exe
2009-02-24 16:09 . 2009-02-24 16:10 7,738 --a------ e:\windows\mozver.dat
2009-02-24 10:54 . 2009-03-01 13:18 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\skypePM
2009-02-24 10:54 . 2009-02-24 10:54 56 --ah----- e:\windows\system32\ezsidmv.dat
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> dr------- e:\program files\Skype
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> d-------- e:\program files\Common Files\Skype
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-24 10:53 . 2009-03-01 14:34 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Skype
2009-02-24 09:36 . 2009-02-24 09:36 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-02-24 09:36 . 2009-02-24 09:36 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\HP
2009-02-23 16:39 . 2007-10-30 10:11 729,088 -ra------ e:\windows\system32\hpowiax7.dll
2009-02-23 16:39 . 2007-10-30 10:11 581,632 -ra------ e:\windows\system32\hpotscl6.dll
2009-02-23 16:39 . 2007-10-30 10:11 303,104 -ra------ e:\windows\system32\hpovst15.dll
2009-02-23 16:39 . 2008-04-14 00:15 15,104 --a------ e:\windows\system32\drivers\usbscan.sys
2009-02-23 16:39 . 2008-04-14 00:15 15,104 --a--c--- e:\windows\system32\dllcache\usbscan.sys
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\HP
2009-02-23 16:37 . 2009-02-23 16:37 0 --a------ e:\windows\system32\YOYO
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Hewlett-Packard
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Common Files\HP
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Common Files\Hewlett-Packard
2009-02-23 16:35 . 2009-02-23 16:37 <DIR> d-------- e:\program files\HP
2009-02-23 16:34 . 2009-02-23 16:34 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-02-23 16:34 . 2007-11-08 15:52 271,704 -ra------ e:\windows\system32\hpzids01.dll
2009-02-23 16:34 . 2009-02-24 09:36 169,233 --a------ e:\windows\hpoins27.dat
2009-02-23 16:34 . 2007-10-20 18:25 117,760 --a------ e:\windows\system32\hpzll5mu.dll
2009-02-23 16:34 . 2007-10-30 10:25 49,920 -ra------ e:\windows\system32\drivers\HPZid412.sys
2009-02-23 16:34 . 2007-10-30 10:25 16,496 -ra------ e:\windows\system32\drivers\HPZipr12.sys
2009-02-23 16:34 . 2008-01-18 16:56 932 --------- e:\windows\hpomdl27.dat
2009-02-23 16:33 . 2009-02-24 18:23 <DIR> d----c--- e:\windows\system32\DRVSTORE
2009-02-23 16:33 . 2007-10-30 10:25 372,736 -ra------ e:\windows\system32\hppldcoi.dll
2009-02-23 16:33 . 2007-10-30 10:25 309,760 -ra------ e:\windows\system32\difxapi.dll
2009-02-23 16:33 . 2008-04-14 00:17 25,856 --a------ e:\windows\system32\drivers\usbprint.sys
2009-02-23 16:33 . 2008-04-14 00:17 25,856 --a--c--- e:\windows\system32\dllcache\usbprint.sys
2009-02-23 16:33 . 2007-10-30 10:25 21,568 -ra------ e:\windows\system32\drivers\HPZius12.sys
2009-02-23 10:20 . 2009-02-23 10:20 <DIR> d-------- e:\program files\Common Files\NSV
2009-02-23 10:16 . 2009-02-23 10:18 <DIR> d-------- e:\program files\Winamp
2009-02-23 10:16 . 2009-02-23 10:20 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Winamp
2009-02-22 18:10 . 2009-02-22 18:10 <DIR> d-------- e:\windows\Sun
2009-02-22 16:42 . 2009-02-22 16:43 <DIR> d-------- e:\program files\fsfs
2009-02-21 21:15 . 2009-02-21 21:15 <DIR> d-------- e:\program files\TeamViewer
2009-02-21 21:15 . 2009-02-21 21:21 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\TeamViewer
2009-02-21 21:14 . 2009-02-21 21:14 <DIR> d-------- e:\documents and settings\admin\temp
2009-02-21 15:29 . 2008-04-14 22:51 221,184 --a------ e:\windows\system32\wmpns.dll
2009-02-21 14:50 . 2009-03-01 14:06 <DIR> d-a------ e:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-21 14:14 . 2008-04-14 00:15 32,128 --a------ e:\windows\system32\drivers\usbccgp.sys
2009-02-21 14:14 . 2008-04-14 00:15 32,128 --a--c--- e:\windows\system32\dllcache\usbccgp.sys
2009-02-21 14:14 . 2008-04-14 00:15 26,368 --a--c--- e:\windows\system32\dllcache\usbstor.sys
2009-02-21 10:42 . 2009-02-21 10:41 410,984 --a------ e:\windows\system32\deploytk.dll
2009-02-21 10:42 . 2009-02-21 10:41 73,728 --a------ e:\windows\system32\javacpl.cpl
2009-02-21 10:41 . 2009-02-21 10:41 <DIR> d-------- e:\program files\Java
2009-02-21 10:26 . 2009-02-21 10:26 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Gadu-Gadu
2009-02-21 10:23 . 2009-02-21 10:23 <DIR> d-------- e:\program files\Gadu-Gadu
2009-02-20 19:55 . 2009-02-20 19:55 <DIR> d-------- e:\program files\7-Zip
2009-02-20 19:46 . 2009-02-20 19:46 <DIR> d-------- e:\program files\MSBuild
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 13:16 33,808 ----a-w e:\windows\system32\drivers\klbg.sys
2009-02-27 19:56 --------- d--h--w e:\program files\InstallShield Installation Information
2009-02-27 18:26 278,984 ----a-w e:\windows\system32\drivers\atksgt.sys
2009-02-27 18:26 25,416 ----a-w e:\windows\system32\drivers\lirsgt.sys
2009-02-20 16:02 315,392 ----a-w e:\windows\HideWin.exe
2009-02-20 16:02 --------- d-----w e:\program files\Realtek
2009-02-20 16:01 --------- d-----w e:\program files\Common Files\InstallShield
2009-02-20 15:59 --------- d-----w e:\program files\AutoConnect
2009-02-20 15:49 --------- d-----w e:\program files\Konnekt
2009-02-20 15:46 --------- d-----w e:\program files\Thomson
2009-02-20 15:40 --------- d-----w e:\program files\AGEIA Technologies
2009-02-20 15:39 --------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-02-20 15:31 --------- d-----w e:\program files\microsoft frontpage
2009-02-20 15:30 --------- d-----w e:\program files\Usługi online
2009-01-15 07:19 6,301,248 ----a-w e:\windows\system32\drivers\nv4_mini.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Konnekt"="e:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-02 306088]
"Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"PC Suite Tray"="e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"EXPLORER.EXE"="EXPLORER.EXE" [2008-04-14 e:\windows\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SpeedTouch USB Diagnostics"="e:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-01 206088]
"nwiz"="nwiz.exe" [2009-01-15 e:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 e:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Program Files\\Steam\\steamapps\\stec_kamil\\counter-strike\\hl.exe"=
"e:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"e:\\WINDOWS\\system32\\java.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"e:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"e:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\UltraVNC\\vncviewer.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R0 klbg;Kaspersky Lab Boot Guard Driver;e:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38491f85-0322-11de-8cb0-000e50f3c6d9}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38491f86-0322-11de-8cb0-000e50f3c6d9}]
\Shell\AutoRun\command - H:\EXPLORER.EXE
\Shell\explore\Command - H:\EXPLORER.EXE
\Shell\open\Command - H:\EXPLORER.EXE
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - e:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\ri2wntka.default\
FF - component: e:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: e:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 14:48:05
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-436374069-1214440339-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:9c,bf,e0,e5,be,12,bc,e0,96,2f,84,cd,7f,98,49,9d,dc,55,7a,0c,1a,
5d,e7,b4,80,07,56,1e,81,8d,29,7c,eb,e9,78,18,6e,8a,fe,f1,5e,8b,10,5e,8c,6c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wdfmgr.exe
e:\windows\system32\rundll32.exe
d:\program files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\wscntfy.exe
e:\program files\PC Connectivity Solution\ServiceLayer.exe
e:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
e:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
e:\program files\Skype\Plugin Manager\skypePM.exe
e:\program files\HP\Digital Imaging\bin\hpqste08.exe
e:\program files\HP\Digital Imaging\bin\hpqbam08.exe
e:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
e:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-01 14:51:28 - komputer został uruchomiony ponownie [admin]
ComboFix-quarantined-files.txt 2009-03-01 13:51:25
ComboFix2.txt 2009-02-25 14:40:16
Przed: 4 557 209 600 bajtów wolnych
Po: 4,796,248,064 bajtów wolnych
276
#4
ordynat
-
-
- 804 postów
Zaawansowany użytkownik
Napisano 01 03 2009 - 20:46
Wklej do Notatnika:
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.
albo na VIRUSTOTAL.
ordynat
File::
E:\comment.htt
E:\desktop.ini
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38491f85-0322-11de-8cb0-000e50f3c6d9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38491f86-0322-11de-8cb0-000e50f3c6d9}]>>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.
Sprawdź je na --> JOTTI/e:\windows\ghost_config.ini
albo na VIRUSTOTAL.
ordynat
#5
FusioN822
-
-
- 31 postów
Początkujący
Napisano 02 03 2009 - 21:35
Ok, dzięki.
Log końcowy
ComboFix 09-02-28.01 - admin 2009-03-02 20:34:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1584 [GMT 1:00]
Uruchomiony z: e:\documents and settings\admin\Pulpit\ComboFix.exe
Użyto następujących komend :: e:\documents and settings\admin\Pulpit\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
FILE ::
E:\comment.htt
E:\desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\comment.htt
E:\desktop.ini
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-02 do 2009-03-02 )))))))))))))))))))))))))))))))
.
2009-03-02 07:53 . 2009-03-02 08:00 <DIR> d--h----- e:\windows\$hf_mig$
2009-03-01 14:10 . 2009-03-02 14:59 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-01 14:10 . 2009-03-02 15:00 1,254,432 --ahs---- e:\windows\system32\drivers\fidbox.dat
2009-03-01 14:10 . 2009-03-02 07:52 368,672 --ahs---- e:\windows\system32\drivers\fidbox2.dat
2009-03-01 14:10 . 2009-03-01 14:16 101,287 --a------ e:\windows\system32\drivers\klin.dat
2009-03-01 14:10 . 2009-03-01 14:16 89,601 --a------ e:\windows\system32\drivers\klick.dat
2009-03-01 14:10 . 2009-03-02 15:00 12,976 --ahs---- e:\windows\system32\drivers\fidbox.idx
2009-03-01 14:10 . 2009-03-02 07:52 4,436 --ahs---- e:\windows\system32\drivers\fidbox2.idx
2009-03-01 14:05 . 2009-03-01 14:05 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-01 13:15 . 2001-10-26 16:57 12,160 --a------ e:\windows\system32\drivers\mouhid.sys
2009-03-01 13:15 . 2001-10-26 16:57 12,160 --a--c--- e:\windows\system32\dllcache\mouhid.sys
2009-03-01 13:15 . 2008-04-14 00:15 10,368 --a------ e:\windows\system32\drivers\hidusb.sys
2009-03-01 13:15 . 2008-04-14 00:15 10,368 --a--c--- e:\windows\system32\dllcache\hidusb.sys
2009-02-28 22:44 . 2009-02-28 22:44 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-02-28 22:25 . 2009-02-28 22:25 <DIR> d-------- e:\program files\UltraVNC
2009-02-28 18:36 . 2009-02-28 18:36 <DIR> d-------- e:\program files\Bonjour
2009-02-28 18:29 . 2009-02-28 18:29 <DIR> d-------- e:\program files\Common Files\Macrovision Shared
2009-02-28 16:15 . 2009-02-28 16:15 <DIR> d-------- E:\totalcmd
2009-02-28 16:15 . 2009-02-28 21:32 2,266 --a------ e:\windows\wincmd.ini
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\UC.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\RAR.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\PKZIP.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\PKUNZIP.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\NOCLOSE.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\LHA.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\ARJ.PIF
2009-02-28 16:15 . 2009-02-28 21:26 498 --a------ e:\windows\wcx_ftp.ini
2009-02-28 12:13 . 2009-03-02 20:29 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\mIRC
2009-02-27 19:13 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools
2009-02-27 19:12 . 2009-02-27 19:12 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-02-27 19:09 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools Lite
2009-02-27 18:48 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools Pro
2009-02-27 13:06 . 2009-02-27 19:09 717,296 --a------ e:\windows\system32\drivers\sptd.sys
2009-02-26 21:21 . 2009-02-26 21:21 <DIR> d-------- e:\program files\VertrigoServ
2009-02-26 18:13 . 2009-02-26 18:13 <DIR> dr-h----- e:\documents and settings\admin\Dane aplikacji\SecuROM
2009-02-26 16:44 . 2009-02-26 16:44 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Nero
2009-02-25 21:49 . 2009-02-25 21:49 <DIR> d-------- e:\program files\WinSCP
2009-02-25 20:53 . 2009-02-25 20:53 <DIR> d-------- e:\windows\ERUNT
2009-02-25 20:53 . 2009-02-25 20:53 580,096 --a--c--- e:\windows\system32\dllcache\user32.dll
2009-02-25 20:50 . 2009-02-25 21:00 <DIR> d-------- E:\SDFix
2009-02-25 20:40 . 2009-02-25 20:40 <DIR> d-------- e:\program files\Bytescout XLS Viewer
2009-02-25 15:36 . 2009-02-25 15:36 <DIR> d-------- e:\program files\SkanerOnline
2009-02-25 15:35 . 2009-03-02 18:12 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\HPAppData
2009-02-24 18:24 . 2008-04-14 00:15 26,112 --a------ e:\windows\system32\drivers\usbser.sys
2009-02-24 18:24 . 2008-04-14 00:15 26,112 --a--c--- e:\windows\system32\dllcache\usbser.sys
2009-02-24 18:24 . 2008-03-21 13:57 14,640 --------- e:\windows\system32\spmsgXP_2k3.dll
2009-02-24 18:24 . 2009-02-24 18:24 0 --ah----- e:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-24 18:24 . 2009-02-24 18:24 0 --ah----- e:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-24 18:23 . 2009-02-24 18:23 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\PC Suite
2009-02-24 18:23 . 2009-02-24 18:25 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\PC Suite
2009-02-24 18:23 . 2009-02-24 18:23 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Nokia
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\PC Connectivity Solution
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Nokia
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\DIFX
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Common Files\PCSuite
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Common Files\Nokia
2009-02-24 18:22 . 2008-09-15 07:29 1,112,288 --a------ e:\windows\system32\wdfcoinstaller01007.dll
2009-02-24 18:22 . 2008-09-15 07:56 659,968 --a------ e:\windows\system32\nmwcdcocls.dll
2009-02-24 18:22 . 2008-09-15 07:56 91,136 --a------ e:\windows\system32\nmwcdcls.dll
2009-02-24 18:22 . 2008-09-15 07:56 22,016 --a------ e:\windows\system32\drivers\ccdcmbo.sys
2009-02-24 18:22 . 2008-08-26 09:26 18,816 --a------ e:\windows\system32\drivers\pccsmcfd.sys
2009-02-24 18:22 . 2008-09-15 07:56 17,664 --a------ e:\windows\system32\drivers\ccdcmb.sys
2009-02-24 18:22 . 2008-09-15 07:56 8,064 --a------ e:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-24 18:22 . 2008-09-15 07:56 8,064 --a------ e:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-24 18:21 . 2009-02-24 18:21 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Installations
2009-02-24 16:10 . 2009-02-24 16:10 118,784 --a------ e:\windows\SeaMonkeyUninstall.exe
2009-02-24 16:09 . 2009-02-24 16:09 <DIR> d-------- e:\program files\mozilla.org
2009-02-24 16:09 . 2009-02-24 16:09 <DIR> d-------- e:\program files\Common Files\mozilla.org
2009-02-24 16:09 . 2009-02-24 16:09 118,784 --a------ e:\windows\GREUninstall.exe
2009-02-24 16:09 . 2009-02-24 16:10 7,738 --a------ e:\windows\mozver.dat
2009-02-24 10:54 . 2009-03-02 14:59 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\skypePM
2009-02-24 10:54 . 2009-02-24 10:54 56 --ah----- e:\windows\system32\ezsidmv.dat
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> dr------- e:\program files\Skype
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> d-------- e:\program files\Common Files\Skype
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-24 10:53 . 2009-03-02 15:00 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Skype
2009-02-24 09:36 . 2009-02-24 09:36 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-02-24 09:36 . 2009-02-24 09:36 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\HP
2009-02-23 16:39 . 2007-10-30 10:11 729,088 -ra------ e:\windows\system32\hpowiax7.dll
2009-02-23 16:39 . 2007-10-30 10:11 581,632 -ra------ e:\windows\system32\hpotscl6.dll
2009-02-23 16:39 . 2007-10-30 10:11 303,104 -ra------ e:\windows\system32\hpovst15.dll
2009-02-23 16:39 . 2008-04-14 00:15 15,104 --a------ e:\windows\system32\drivers\usbscan.sys
2009-02-23 16:39 . 2008-04-14 00:15 15,104 --a--c--- e:\windows\system32\dllcache\usbscan.sys
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\HP
2009-02-23 16:37 . 2009-02-23 16:37 0 --a------ e:\windows\system32\YOYO
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Hewlett-Packard
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Common Files\HP
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Common Files\Hewlett-Packard
2009-02-23 16:35 . 2009-02-23 16:37 <DIR> d-------- e:\program files\HP
2009-02-23 16:34 . 2009-02-23 16:34 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-02-23 16:34 . 2007-11-08 15:52 271,704 -ra------ e:\windows\system32\hpzids01.dll
2009-02-23 16:34 . 2009-02-24 09:36 169,233 --a------ e:\windows\hpoins27.dat
2009-02-23 16:34 . 2007-10-20 18:25 117,760 --a------ e:\windows\system32\hpzll5mu.dll
2009-02-23 16:34 . 2007-10-30 10:25 49,920 -ra------ e:\windows\system32\drivers\HPZid412.sys
2009-02-23 16:34 . 2007-10-30 10:25 16,496 -ra------ e:\windows\system32\drivers\HPZipr12.sys
2009-02-23 16:34 . 2008-01-18 16:56 932 --------- e:\windows\hpomdl27.dat
2009-02-23 16:33 . 2009-02-24 18:23 <DIR> d----c--- e:\windows\system32\DRVSTORE
2009-02-23 16:33 . 2007-10-30 10:25 372,736 -ra------ e:\windows\system32\hppldcoi.dll
2009-02-23 16:33 . 2007-10-30 10:25 309,760 -ra------ e:\windows\system32\difxapi.dll
2009-02-23 16:33 . 2008-04-14 00:17 25,856 --a------ e:\windows\system32\drivers\usbprint.sys
2009-02-23 16:33 . 2008-04-14 00:17 25,856 --a--c--- e:\windows\system32\dllcache\usbprint.sys
2009-02-23 16:33 . 2007-10-30 10:25 21,568 -ra------ e:\windows\system32\drivers\HPZius12.sys
2009-02-23 10:20 . 2009-02-23 10:20 <DIR> d-------- e:\program files\Common Files\NSV
2009-02-23 10:16 . 2009-02-23 10:18 <DIR> d-------- e:\program files\Winamp
2009-02-23 10:16 . 2009-02-23 10:20 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Winamp
2009-02-22 18:10 . 2009-02-22 18:10 <DIR> d-------- e:\windows\Sun
2009-02-22 16:42 . 2009-02-22 16:43 <DIR> d-------- e:\program files\fsfs
2009-02-21 21:15 . 2009-02-21 21:15 <DIR> d-------- e:\program files\TeamViewer
2009-02-21 21:15 . 2009-02-21 21:21 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\TeamViewer
2009-02-21 21:14 . 2009-02-21 21:14 <DIR> d-------- e:\documents and settings\admin\temp
2009-02-21 15:29 . 2008-04-14 22:51 221,184 --a------ e:\windows\system32\wmpns.dll
2009-02-21 14:50 . 2009-03-01 14:06 <DIR> d-a------ e:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-21 14:14 . 2008-04-14 00:15 32,128 --a------ e:\windows\system32\drivers\usbccgp.sys
2009-02-21 14:14 . 2008-04-14 00:15 32,128 --a--c--- e:\windows\system32\dllcache\usbccgp.sys
2009-02-21 14:14 . 2008-04-14 00:15 26,368 --a--c--- e:\windows\system32\dllcache\usbstor.sys
2009-02-21 10:42 . 2009-02-21 10:41 410,984 --a------ e:\windows\system32\deploytk.dll
2009-02-21 10:42 . 2009-02-21 10:41 73,728 --a------ e:\windows\system32\javacpl.cpl
2009-02-21 10:41 . 2009-02-21 10:41 <DIR> d-------- e:\program files\Java
2009-02-21 10:26 . 2009-02-21 10:26 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Gadu-Gadu
2009-02-21 10:23 . 2009-02-21 10:23 <DIR> d-------- e:\program files\Gadu-Gadu
2009-02-20 19:55 . 2009-02-20 19:55 <DIR> d-------- e:\program files\7-Zip
2009-02-20 19:46 . 2009-02-20 19:46 <DIR> d-------- e:\program files\MSBuild
2009-02-20 19:44 . 2009-02-20 19:44 <DIR> d-------- e:\windows\system32\XPSViewer
2009-02-20 19:44 . 2009-02-20 19:44 <DIR> d-------- e:\program files\Reference Assemblies
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 13:16 33,808 ----a-w e:\windows\system32\drivers\klbg.sys
2009-02-27 19:56 --------- d--h--w e:\program files\InstallShield Installation Information
2009-02-27 18:26 278,984 ----a-w e:\windows\system32\drivers\atksgt.sys
2009-02-27 18:26 25,416 ----a-w e:\windows\system32\drivers\lirsgt.sys
2009-02-20 16:02 315,392 ----a-w e:\windows\HideWin.exe
2009-02-20 16:02 --------- d-----w e:\program files\Realtek
2009-02-20 16:01 --------- d-----w e:\program files\Common Files\InstallShield
2009-02-20 15:59 --------- d-----w e:\program files\AutoConnect
2009-02-20 15:49 --------- d-----w e:\program files\Konnekt
2009-02-20 15:46 --------- d-----w e:\program files\Thomson
2009-02-20 15:40 --------- d-----w e:\program files\AGEIA Technologies
2009-02-20 15:39 --------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-02-20 15:31 --------- d-----w e:\program files\microsoft frontpage
2009-02-20 15:30 --------- d-----w e:\program files\Usługi online
2009-01-21 16:11 473,600 ----a-w e:\windows\system32\SkanerOnline.dll
2009-01-07 10:28 453,152 ----a-w e:\windows\system32\NVUNINST.EXE
2008-12-10 08:45 70,936 ----a-w e:\windows\system32\PhysXLoader.dll
2008-12-04 08:28 24,344 ----a-w e:\windows\system32\PhysXDevice.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-01_14.51.01.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-10 19:53:06 19,320 ------w e:\windows\system32\spmsg.dll
+ 2007-11-30 12:40:46 19,320 ------w e:\windows\system32\spmsg.dll
- 2008-04-14 21:51:46 60,416 ------w e:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w e:\windows\system32\tzchange.exe
+ 2009-03-02 13:58:22 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_520.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Konnekt"="e:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-02 306088]
"Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"PC Suite Tray"="e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SpeedTouch USB Diagnostics"="e:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-01 206088]
"nwiz"="nwiz.exe" [2009-01-15 e:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 e:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Program Files\\Steam\\steamapps\\stec_kamil\\counter-strike\\hl.exe"=
"e:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"e:\\WINDOWS\\system32\\java.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"e:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"e:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\UltraVNC\\vncviewer.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Documents and Settings\\admin\\Pulpit\\SRO_L4_Full_Client_Downloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R0 klbg;Kaspersky Lab Boot Guard Driver;e:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
TCP: {E8136976-CCD6-49AC-8A98-27468187C0FC} = 194.204.159.1 217.98.63.164
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - e:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\ri2wntka.default\
FF - component: e:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: e:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:36:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-436374069-1214440339-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:9c,bf,e0,e5,be,12,bc,e0,96,2f,84,cd,7f,98,49,9d,dc,55,7a,0c,1a,
5d,e7,b4,80,07,56,1e,81,8d,29,7c,eb,e9,78,18,6e,8a,fe,f1,5e,8b,10,5e,8c,6c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Czas ukończenia: 2009-03-02 20:37:25
ComboFix-quarantined-files.txt 2009-03-02 19:37:23
ComboFix2.txt 2009-03-01 13:51:29
ComboFix3.txt 2009-02-25 14:40:16
Przed: 3 385 876 480 bajtów wolnych
Po: 3,378,352,128 bajtów wolnych
268 --- E O F --- 2009-03-02 06:53:28
Log końcowy
CODE-BOX
ComboFix 09-02-28.01 - admin 2009-03-02 20:34:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1584 [GMT 1:00]
Uruchomiony z: e:\documents and settings\admin\Pulpit\ComboFix.exe
Użyto następujących komend :: e:\documents and settings\admin\Pulpit\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
FILE ::
E:\comment.htt
E:\desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\comment.htt
E:\desktop.ini
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-02 do 2009-03-02 )))))))))))))))))))))))))))))))
.
2009-03-02 07:53 . 2009-03-02 08:00 <DIR> d--h----- e:\windows\$hf_mig$
2009-03-01 14:10 . 2009-03-02 14:59 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-01 14:10 . 2009-03-02 15:00 1,254,432 --ahs---- e:\windows\system32\drivers\fidbox.dat
2009-03-01 14:10 . 2009-03-02 07:52 368,672 --ahs---- e:\windows\system32\drivers\fidbox2.dat
2009-03-01 14:10 . 2009-03-01 14:16 101,287 --a------ e:\windows\system32\drivers\klin.dat
2009-03-01 14:10 . 2009-03-01 14:16 89,601 --a------ e:\windows\system32\drivers\klick.dat
2009-03-01 14:10 . 2009-03-02 15:00 12,976 --ahs---- e:\windows\system32\drivers\fidbox.idx
2009-03-01 14:10 . 2009-03-02 07:52 4,436 --ahs---- e:\windows\system32\drivers\fidbox2.idx
2009-03-01 14:05 . 2009-03-01 14:05 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-01 13:15 . 2001-10-26 16:57 12,160 --a------ e:\windows\system32\drivers\mouhid.sys
2009-03-01 13:15 . 2001-10-26 16:57 12,160 --a--c--- e:\windows\system32\dllcache\mouhid.sys
2009-03-01 13:15 . 2008-04-14 00:15 10,368 --a------ e:\windows\system32\drivers\hidusb.sys
2009-03-01 13:15 . 2008-04-14 00:15 10,368 --a--c--- e:\windows\system32\dllcache\hidusb.sys
2009-02-28 22:44 . 2009-02-28 22:44 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-02-28 22:25 . 2009-02-28 22:25 <DIR> d-------- e:\program files\UltraVNC
2009-02-28 18:36 . 2009-02-28 18:36 <DIR> d-------- e:\program files\Bonjour
2009-02-28 18:29 . 2009-02-28 18:29 <DIR> d-------- e:\program files\Common Files\Macrovision Shared
2009-02-28 16:15 . 2009-02-28 16:15 <DIR> d-------- E:\totalcmd
2009-02-28 16:15 . 2009-02-28 21:32 2,266 --a------ e:\windows\wincmd.ini
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\UC.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\RAR.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\PKZIP.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\PKUNZIP.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\NOCLOSE.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\LHA.PIF
2009-02-28 16:15 . 2008-08-08 07:04 545 --a------ e:\windows\ARJ.PIF
2009-02-28 16:15 . 2009-02-28 21:26 498 --a------ e:\windows\wcx_ftp.ini
2009-02-28 12:13 . 2009-03-02 20:29 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\mIRC
2009-02-27 19:13 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools
2009-02-27 19:12 . 2009-02-27 19:12 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-02-27 19:09 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools Lite
2009-02-27 18:48 . 2009-02-27 19:13 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\DAEMON Tools Pro
2009-02-27 13:06 . 2009-02-27 19:09 717,296 --a------ e:\windows\system32\drivers\sptd.sys
2009-02-26 21:21 . 2009-02-26 21:21 <DIR> d-------- e:\program files\VertrigoServ
2009-02-26 18:13 . 2009-02-26 18:13 <DIR> dr-h----- e:\documents and settings\admin\Dane aplikacji\SecuROM
2009-02-26 16:44 . 2009-02-26 16:44 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Nero
2009-02-25 21:49 . 2009-02-25 21:49 <DIR> d-------- e:\program files\WinSCP
2009-02-25 20:53 . 2009-02-25 20:53 <DIR> d-------- e:\windows\ERUNT
2009-02-25 20:53 . 2009-02-25 20:53 580,096 --a--c--- e:\windows\system32\dllcache\user32.dll
2009-02-25 20:50 . 2009-02-25 21:00 <DIR> d-------- E:\SDFix
2009-02-25 20:40 . 2009-02-25 20:40 <DIR> d-------- e:\program files\Bytescout XLS Viewer
2009-02-25 15:36 . 2009-02-25 15:36 <DIR> d-------- e:\program files\SkanerOnline
2009-02-25 15:35 . 2009-03-02 18:12 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\HPAppData
2009-02-24 18:24 . 2008-04-14 00:15 26,112 --a------ e:\windows\system32\drivers\usbser.sys
2009-02-24 18:24 . 2008-04-14 00:15 26,112 --a--c--- e:\windows\system32\dllcache\usbser.sys
2009-02-24 18:24 . 2008-03-21 13:57 14,640 --------- e:\windows\system32\spmsgXP_2k3.dll
2009-02-24 18:24 . 2009-02-24 18:24 0 --ah----- e:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-24 18:24 . 2009-02-24 18:24 0 --ah----- e:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-24 18:23 . 2009-02-24 18:23 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\PC Suite
2009-02-24 18:23 . 2009-02-24 18:25 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\PC Suite
2009-02-24 18:23 . 2009-02-24 18:23 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Nokia
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\PC Connectivity Solution
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Nokia
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\DIFX
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Common Files\PCSuite
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Common Files\Nokia
2009-02-24 18:22 . 2008-09-15 07:29 1,112,288 --a------ e:\windows\system32\wdfcoinstaller01007.dll
2009-02-24 18:22 . 2008-09-15 07:56 659,968 --a------ e:\windows\system32\nmwcdcocls.dll
2009-02-24 18:22 . 2008-09-15 07:56 91,136 --a------ e:\windows\system32\nmwcdcls.dll
2009-02-24 18:22 . 2008-09-15 07:56 22,016 --a------ e:\windows\system32\drivers\ccdcmbo.sys
2009-02-24 18:22 . 2008-08-26 09:26 18,816 --a------ e:\windows\system32\drivers\pccsmcfd.sys
2009-02-24 18:22 . 2008-09-15 07:56 17,664 --a------ e:\windows\system32\drivers\ccdcmb.sys
2009-02-24 18:22 . 2008-09-15 07:56 8,064 --a------ e:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-24 18:22 . 2008-09-15 07:56 8,064 --a------ e:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-24 18:21 . 2009-02-24 18:21 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Installations
2009-02-24 16:10 . 2009-02-24 16:10 118,784 --a------ e:\windows\SeaMonkeyUninstall.exe
2009-02-24 16:09 . 2009-02-24 16:09 <DIR> d-------- e:\program files\mozilla.org
2009-02-24 16:09 . 2009-02-24 16:09 <DIR> d-------- e:\program files\Common Files\mozilla.org
2009-02-24 16:09 . 2009-02-24 16:09 118,784 --a------ e:\windows\GREUninstall.exe
2009-02-24 16:09 . 2009-02-24 16:10 7,738 --a------ e:\windows\mozver.dat
2009-02-24 10:54 . 2009-03-02 14:59 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\skypePM
2009-02-24 10:54 . 2009-02-24 10:54 56 --ah----- e:\windows\system32\ezsidmv.dat
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> dr------- e:\program files\Skype
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> d-------- e:\program files\Common Files\Skype
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-24 10:53 . 2009-03-02 15:00 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Skype
2009-02-24 09:36 . 2009-02-24 09:36 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-02-24 09:36 . 2009-02-24 09:36 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\HP
2009-02-23 16:39 . 2007-10-30 10:11 729,088 -ra------ e:\windows\system32\hpowiax7.dll
2009-02-23 16:39 . 2007-10-30 10:11 581,632 -ra------ e:\windows\system32\hpotscl6.dll
2009-02-23 16:39 . 2007-10-30 10:11 303,104 -ra------ e:\windows\system32\hpovst15.dll
2009-02-23 16:39 . 2008-04-14 00:15 15,104 --a------ e:\windows\system32\drivers\usbscan.sys
2009-02-23 16:39 . 2008-04-14 00:15 15,104 --a--c--- e:\windows\system32\dllcache\usbscan.sys
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\HP
2009-02-23 16:37 . 2009-02-23 16:37 0 --a------ e:\windows\system32\YOYO
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Hewlett-Packard
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Common Files\HP
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Common Files\Hewlett-Packard
2009-02-23 16:35 . 2009-02-23 16:37 <DIR> d-------- e:\program files\HP
2009-02-23 16:34 . 2009-02-23 16:34 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-02-23 16:34 . 2007-11-08 15:52 271,704 -ra------ e:\windows\system32\hpzids01.dll
2009-02-23 16:34 . 2009-02-24 09:36 169,233 --a------ e:\windows\hpoins27.dat
2009-02-23 16:34 . 2007-10-20 18:25 117,760 --a------ e:\windows\system32\hpzll5mu.dll
2009-02-23 16:34 . 2007-10-30 10:25 49,920 -ra------ e:\windows\system32\drivers\HPZid412.sys
2009-02-23 16:34 . 2007-10-30 10:25 16,496 -ra------ e:\windows\system32\drivers\HPZipr12.sys
2009-02-23 16:34 . 2008-01-18 16:56 932 --------- e:\windows\hpomdl27.dat
2009-02-23 16:33 . 2009-02-24 18:23 <DIR> d----c--- e:\windows\system32\DRVSTORE
2009-02-23 16:33 . 2007-10-30 10:25 372,736 -ra------ e:\windows\system32\hppldcoi.dll
2009-02-23 16:33 . 2007-10-30 10:25 309,760 -ra------ e:\windows\system32\difxapi.dll
2009-02-23 16:33 . 2008-04-14 00:17 25,856 --a------ e:\windows\system32\drivers\usbprint.sys
2009-02-23 16:33 . 2008-04-14 00:17 25,856 --a--c--- e:\windows\system32\dllcache\usbprint.sys
2009-02-23 16:33 . 2007-10-30 10:25 21,568 -ra------ e:\windows\system32\drivers\HPZius12.sys
2009-02-23 10:20 . 2009-02-23 10:20 <DIR> d-------- e:\program files\Common Files\NSV
2009-02-23 10:16 . 2009-02-23 10:18 <DIR> d-------- e:\program files\Winamp
2009-02-23 10:16 . 2009-02-23 10:20 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Winamp
2009-02-22 18:10 . 2009-02-22 18:10 <DIR> d-------- e:\windows\Sun
2009-02-22 16:42 . 2009-02-22 16:43 <DIR> d-------- e:\program files\fsfs
2009-02-21 21:15 . 2009-02-21 21:15 <DIR> d-------- e:\program files\TeamViewer
2009-02-21 21:15 . 2009-02-21 21:21 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\TeamViewer
2009-02-21 21:14 . 2009-02-21 21:14 <DIR> d-------- e:\documents and settings\admin\temp
2009-02-21 15:29 . 2008-04-14 22:51 221,184 --a------ e:\windows\system32\wmpns.dll
2009-02-21 14:50 . 2009-03-01 14:06 <DIR> d-a------ e:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-21 14:14 . 2008-04-14 00:15 32,128 --a------ e:\windows\system32\drivers\usbccgp.sys
2009-02-21 14:14 . 2008-04-14 00:15 32,128 --a--c--- e:\windows\system32\dllcache\usbccgp.sys
2009-02-21 14:14 . 2008-04-14 00:15 26,368 --a--c--- e:\windows\system32\dllcache\usbstor.sys
2009-02-21 10:42 . 2009-02-21 10:41 410,984 --a------ e:\windows\system32\deploytk.dll
2009-02-21 10:42 . 2009-02-21 10:41 73,728 --a------ e:\windows\system32\javacpl.cpl
2009-02-21 10:41 . 2009-02-21 10:41 <DIR> d-------- e:\program files\Java
2009-02-21 10:26 . 2009-02-21 10:26 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Gadu-Gadu
2009-02-21 10:23 . 2009-02-21 10:23 <DIR> d-------- e:\program files\Gadu-Gadu
2009-02-20 19:55 . 2009-02-20 19:55 <DIR> d-------- e:\program files\7-Zip
2009-02-20 19:46 . 2009-02-20 19:46 <DIR> d-------- e:\program files\MSBuild
2009-02-20 19:44 . 2009-02-20 19:44 <DIR> d-------- e:\windows\system32\XPSViewer
2009-02-20 19:44 . 2009-02-20 19:44 <DIR> d-------- e:\program files\Reference Assemblies
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 13:16 33,808 ----a-w e:\windows\system32\drivers\klbg.sys
2009-02-27 19:56 --------- d--h--w e:\program files\InstallShield Installation Information
2009-02-27 18:26 278,984 ----a-w e:\windows\system32\drivers\atksgt.sys
2009-02-27 18:26 25,416 ----a-w e:\windows\system32\drivers\lirsgt.sys
2009-02-20 16:02 315,392 ----a-w e:\windows\HideWin.exe
2009-02-20 16:02 --------- d-----w e:\program files\Realtek
2009-02-20 16:01 --------- d-----w e:\program files\Common Files\InstallShield
2009-02-20 15:59 --------- d-----w e:\program files\AutoConnect
2009-02-20 15:49 --------- d-----w e:\program files\Konnekt
2009-02-20 15:46 --------- d-----w e:\program files\Thomson
2009-02-20 15:40 --------- d-----w e:\program files\AGEIA Technologies
2009-02-20 15:39 --------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-02-20 15:31 --------- d-----w e:\program files\microsoft frontpage
2009-02-20 15:30 --------- d-----w e:\program files\Usługi online
2009-01-21 16:11 473,600 ----a-w e:\windows\system32\SkanerOnline.dll
2009-01-07 10:28 453,152 ----a-w e:\windows\system32\NVUNINST.EXE
2008-12-10 08:45 70,936 ----a-w e:\windows\system32\PhysXLoader.dll
2008-12-04 08:28 24,344 ----a-w e:\windows\system32\PhysXDevice.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-01_14.51.01.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-10 19:53:06 19,320 ------w e:\windows\system32\spmsg.dll
+ 2007-11-30 12:40:46 19,320 ------w e:\windows\system32\spmsg.dll
- 2008-04-14 21:51:46 60,416 ------w e:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w e:\windows\system32\tzchange.exe
+ 2009-03-02 13:58:22 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_520.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Konnekt"="e:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-02 306088]
"Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"PC Suite Tray"="e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SpeedTouch USB Diagnostics"="e:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-01 206088]
"nwiz"="nwiz.exe" [2009-01-15 e:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 e:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Program Files\\Steam\\steamapps\\stec_kamil\\counter-strike\\hl.exe"=
"e:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"e:\\WINDOWS\\system32\\java.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"e:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"e:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\UltraVNC\\vncviewer.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Documents and Settings\\admin\\Pulpit\\SRO_L4_Full_Client_Downloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R0 klbg;Kaspersky Lab Boot Guard Driver;e:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
TCP: {E8136976-CCD6-49AC-8A98-27468187C0FC} = 194.204.159.1 217.98.63.164
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - e:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\ri2wntka.default\
FF - component: e:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: e:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:36:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-436374069-1214440339-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:9c,bf,e0,e5,be,12,bc,e0,96,2f,84,cd,7f,98,49,9d,dc,55,7a,0c,1a,
5d,e7,b4,80,07,56,1e,81,8d,29,7c,eb,e9,78,18,6e,8a,fe,f1,5e,8b,10,5e,8c,6c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Czas ukończenia: 2009-03-02 20:37:25
ComboFix-quarantined-files.txt 2009-03-02 19:37:23
ComboFix2.txt 2009-03-01 13:51:29
ComboFix3.txt 2009-02-25 14:40:16
Przed: 3 385 876 480 bajtów wolnych
Po: 3,378,352,128 bajtów wolnych
268 --- E O F --- 2009-03-02 06:53:28
Czy problem rozwiązany?
#6
ordynat
-
-
- 804 postów
Zaawansowany użytkownik
Napisano 02 03 2009 - 22:52
Log jest czysty.
1) Usuń ręcznie folder C:\Qoobox.
2) Usuń kopie szkodników z folderu "System Volume Information" poprzez chwilowe wyłączenie "Przywracania Systemu":
ordynat
1) Usuń ręcznie folder C:\Qoobox.
2) Usuń kopie szkodników z folderu "System Volume Information" poprzez chwilowe wyłączenie "Przywracania Systemu":
>START>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.
Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).
ordynat
