3 dziwne ikonki na pulpicie [prosze o sprawdzenie loga]

[Hideki]

A wiec ostatnio zauwayzlem 3 dziwne ikonki na pulpicie, a po paru dniach to po prostu tragedia...dostep do menedzera zadan zostal zablokowany...do wlasciwosc systemu tez...dyski twarde sa niewidoczne...znaczy nie widac ich w moim komputerze (folder)....oto log z hijackthis:

EDIT - dzialalem troche na wlasna reke...i nie pojawiaja sie juz 3 ikonki...ale pozostał napis "VIRUS ALERT!" w pasku zadan przy zegarku oraz dalej nie widze Dyskow twardych w "moim komputerze" oraz "wszystkie programy w starcie, a oto aktualny log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:52: VIRUS ALERT!, on 2008-06-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F43DFC1-6946-4BC4-9EDD-FF18C70CF597}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6791 bytes

[huber2t]

Pokaż log z combofix

[Hideki]

Hmmm, po combofix'ie wszystko wrociło do normy...ale moze jeszcze cos sie ukryło. LOG:

ComboFix 08-06-20.4 - user 2008-06-29 12:17:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.139 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Marcin\Ulubione\Error Cleaner.url
C:\Documents and Settings\Marcin\Ulubione\Privacy Protector.url
C:\Documents and Settings\Marcin\Ulubione\Spyware&Malware Protection.url
C:\WINDOWS\eqwt.exe
C:\WINDOWS\system32\CKQpYJlm.ini
C:\WINDOWS\system32\CKQpYJlm.ini2
C:\WINDOWS\system32\ijTENqru.ini
C:\WINDOWS\system32\ijTENqru.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkfelwgg.ini
C:\WINDOWS\system32\mlJYpQKC.dll
C:\WINDOWS\system32\mmctvnun.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ulllsqra.ini
C:\WINDOWS\system32\urqNETji.dll
C:\WINDOWS\system32\xbccywsg.ini

----- BITS: Possible infected sites -----

hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 03:25 . 2008-06-29 03:25 92,032 --a------ C:\WINDOWS\system32\ggwlefkm.dll
2008-06-29 01:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-29 01:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-29 01:36 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-29 01:36 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-29 01:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 01:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-28 20:32 . 2008-06-28 20:32 92,032 --a------ C:\WINDOWS\system32\gswyccbx.dll
2008-06-28 12:29 . 2008-06-28 12:29 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\TmpRecentIcons
2008-06-27 20:44 . 2008-06-27 20:44 91,520 --a------ C:\WINDOWS\system32\nunvtcmm.dll
2008-06-27 14:33 . 2008-06-27 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ADSL Software Ltd
2008-06-27 14:33 . 2008-06-27 14:33 28,288 --a------ C:\WINDOWS\system32\rqRJDuUl.dll
2008-06-27 14:32 . 2008-06-27 10:06 307,200 --a------ C:\WINDOWS\gfetqaxsvgb.dll
2008-06-27 14:32 . 2008-06-27 10:06 286,720 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-27 14:32 . 2008-06-27 10:06 258,048 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-27 14:32 . 2008-06-27 10:06 188,416 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-27 14:32 . 2008-06-27 10:06 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-26 19:27 . 2008-06-26 19:27 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools
2008-06-26 17:34 . 2008-06-26 17:34 106,496 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-26 17:34 . 2008-06-27 18:30 35,673 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-26 17:34 . 2008-06-26 17:34 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-26 16:40 . 2008-06-26 16:40 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-26 16:20 . 2008-06-26 16:20 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\DAEMON Tools
2008-06-26 16:04 . 2008-06-26 16:04 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-06-26 09:15 . 2008-06-26 10:43 545 --a------ C:\WINDOWS\eReg.dat
2008-06-22 17:04 . 2008-06-22 17:09 <DIR> d-------- C:\Program Files\The Add-on Handler
2008-06-22 17:00 . 2008-06-22 17:00 104 --a------ C:\WINDOWS\Please Download and Install The Sims RugOMatic.url
2008-06-22 17:00 . 2008-06-22 17:00 0 --a------ C:\WINDOWS\Transmogrifier.INI
2008-06-22 16:44 . 2008-06-22 16:46 109 --a------ C:\WINDOWS\Please Download and Install The Sims Transmogrifier.url
2008-06-22 16:44 . 2008-06-22 16:44 102 --a------ C:\WINDOWS\Please Purchase and Install The Sims.url
2008-06-21 22:58 . 1998-06-24 00:00 209,192 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-06-11 17:42 . 2008-06-27 15:05 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Skype
2008-06-10 21:52 . 2008-06-10 21:52 <DIR> d-------- C:\Documents and Settings\Marcin\.jpi_cache
2008-06-10 21:52 . 2008-06-10 21:52 <DIR> d-------- C:\Documents and Settings\Marcin\.java
2008-06-09 20:00 . 2008-06-09 20:00 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\teamspeak2
2008-06-09 20:00 . 2008-06-09 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SiComponents
2008-06-07 15:37 . 2008-06-07 15:37 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Teleca
2008-06-06 21:13 . 2008-06-06 21:13 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Ambient Design
2008-06-04 19:22 . 2008-06-04 19:22 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Windows Messenger
2008-06-04 19:21 . 2008-06-04 19:21 <DIR> d-------- C:\Documents and Settings\Marcin\Contacts
2008-06-04 19:21 . 2008-06-04 19:21 268 --ah----- C:\sqmdata17.sqm
2008-06-04 19:21 . 2008-06-04 19:21 244 --ah----- C:\sqmnoopt17.sqm
2008-06-04 19:20 . 2008-06-04 19:20 268 --ah----- C:\sqmdata16.sqm
2008-06-04 19:20 . 2008-06-04 19:20 244 --ah----- C:\sqmnoopt16.sqm
2008-06-04 18:42 . 2008-06-04 18:42 <DIR> d-------- C:\Documents and Settings\Marcin\Gadu-Gadu
2008-06-04 18:23 . 2008-06-04 18:23 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Winamp
2008-06-04 18:02 . 2008-06-08 12:43 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-06-04 18:01 . 2008-06-04 18:01 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\stamina
2008-06-04 18:00 . 2008-06-04 19:01 <DIR> d--h----- C:\Documents and Settings\Marcin\Ustawienia lokalne
2008-06-04 18:00 . 2008-06-29 12:19 <DIR> dr------- C:\Documents and Settings\Marcin\Ulubione
2008-06-04 18:00 . 2006-12-27 16:55 <DIR> d--h----- C:\Documents and Settings\Marcin\Szablony
2008-06-04 18:00 . 2008-06-29 03:05 <DIR> d-------- C:\Documents and Settings\Marcin\Pulpit
2008-06-04 18:00 . 2008-06-27 15:30 <DIR> dr------- C:\Documents and Settings\Marcin\Moje dokumenty
2008-06-04 18:00 . 2006-12-27 17:47 <DIR> dr------- C:\Documents and Settings\Marcin\Menu Start
2008-06-04 18:00 . 2008-06-28 12:29 <DIR> dr-h----- C:\Documents and Settings\Marcin\Dane aplikacji
2008-06-04 18:00 . 2008-06-25 22:10 <DIR> d-------- C:\Documents and Settings\Marcin
2008-05-30 16:55 . 2008-05-30 16:55 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 10:16 --------- d-----w C:\Program Files\Neostrada TP
2008-06-29 00:24 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Winamp
2008-06-28 12:59 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\MegauploadToolbar
2008-06-27 16:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-27 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 12:14 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-06-27 12:14 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-06-27 12:14 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-26 14:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-25 20:31 --------- d-----w C:\Program Files\eMule
2008-06-11 16:02 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Skype
2008-06-04 19:36 --------- d-----w C:\Program Files\Last.fm
2008-06-04 16:25 --------- d-----w C:\Program Files\MSN Messenger
2008-05-30 12:34 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-28 20:00 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-27 14:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
2008-05-23 18:06 --------- d-----w C:\Program Files\SESoftware
2008-05-19 20:19 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Hamachi
2008-05-15 18:56 --------- d-----w C:\Program Files\IrfanView
2008-05-08 11:13 --------- d-----w C:\Program Files\Konnekt
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2007-12-15 18:19 15 ----a-w C:\Documents and Settings\user\lol.bat
2007-01-28 10:52 56 --sh--r C:\WINDOWS\system32\589F22BD57.sys
2007-01-28 10:52 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\explorer.exe
2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\icon_TMP\explorer.exe
2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\system_backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B2585FF-02FA-413C-906F-9672F4DF821A}]
2008-06-27 14:33 28288 --a------ C:\WINDOWS\system32\rqRJDuUl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA00DCFD-75B6-48F2-889A-56595E335AA1}]
2008-06-27 10:06 307200 --a------ C:\WINDOWS\gfetqaxsvgb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-30 17:50 58992]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-01-14 12:35 100056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"dc4d19e6"="C:\WINDOWS\system32\ggwlefkm.dll" [2008-06-29 03:25 92032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-01-05 16:46:32 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6B2585FF-02FA-413C-906F-9672F4DF821A}"= C:\WINDOWS\system32\rqRJDuUl.dll [2008-06-27 14:33 28288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJDuUl]
rqRJDuUl.dll 2008-06-27 14:33 28288 C:\WINDOWS\system32\rqRJDuUl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VP60"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"vidc.VP61"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"vidc.VP62"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.MPG4"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.DIV3"= D:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= D:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= D:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP70"= D:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= D:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.MP43"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"msacm.ac3acm"= D:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= D:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.divxa32"= D:\PROGRA~1\K-LITE~1\codecs\divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15389:TCP"= 15389:TCP:BitComet 15389 TCP
"15389:UDP"= 15389:UDP:BitComet 15389 UDP
"58516:TCP"= 58516:TCP:*:Disabled:SolidNetworkManager
"58516:UDP"= 58516:UDP:*:Disabled:SolidNetworkManager
"25468:TCP"= 25468:TCP:*:Disabled:SolidNetworkManager
"25468:UDP"= 25468:UDP:*:Disabled:SolidNetworkManager
"24487:TCP"= 24487:TCP:*:Disabled:SolidNetworkManager
"24487:UDP"= 24487:UDP:*:Disabled:SolidNetworkManager
"35207:TCP"= 35207:TCP:*:Disabled:SolidNetworkManager
"35207:UDP"= 35207:UDP:*:Disabled:SolidNetworkManager

S3 XDva132;XDva132;C:\WINDOWS\system32\XDva132.sys []
S3 XDva147;XDva147;C:\WINDOWS\system32\XDva147.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - user.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exef/task:
"2008-06-27 19:18:55 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 12:23:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\4ana3w95.TMP 616448 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rqRJDuUl.dll

PROCESS: C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ggwlefkm.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-06-29 12:31:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 10:31:11

Pre-Run: 9,561,997,312 bajtów wolnych
Post-Run: 9,763,799,040 bajt˘w wolnych

246

[bartisz]

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\ggwlefkm.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\gswyccbx.dll
C:\WINDOWS\system32\nunvtcmm.dll
C:\WINDOWS\system32\rqRJDuUl.dll
C:\WINDOWS\gfetqaxsvgb.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\tovafrnm.exe
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\Documents and Settings\user\lol.bat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B2585FF-02FA-413C-906F-9672F4DF821A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA00DCFD-75B6-48F2-889A-56595E335AA1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJDuUl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dc4d19e6"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6B2585FF-02FA-413C-906F-9672F4DF821A}"=-


Plik-->Zapisz jako... -->CFScript
Przeciągnij plik CFScript.txt na plik ComboFix.exe

Podczas usuwanie powstanie log. Wrzuć go na forum.
Po restarcie usuń folder C:\Qoobox.

[Hideki]

ComboFix 08-06-20.4 - user 2008-06-29 16:23:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.98 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\user\lol.bat
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\WINDOWS\gfetqaxsvgb.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\system32\ggwlefkm.dll
C:\WINDOWS\system32\gswyccbx.dll
C:\WINDOWS\system32\nunvtcmm.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\rqRJDuUl.dll
C:\WINDOWS\tovafrnm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\lol.bat
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\WINDOWS\gfetqaxsvgb.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\system32\AJPXxyxx.ini
C:\WINDOWS\system32\AJPXxyxx.ini2
C:\WINDOWS\system32\gswyccbx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nunvtcmm.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\rqRJDuUl.dll
C:\WINDOWS\system32\xxyxXPJA.dll
C:\WINDOWS\system32\ygorsvsb.ini
C:\WINDOWS\tovafrnm.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 13:20 . 2008-06-29 14:21 <DIR> d-------- C:\Documents and Settings\Marcin\Contacts
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Windows Messenger
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Winamp
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\TmpRecentIcons
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Teleca
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\teamspeak2
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\stamina
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Skype
2008-06-29 13:06 . 2008-06-29 13:06 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\DAEMON Tools
2008-06-29 13:06 . 2008-06-29 13:06 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Ambient Design
2008-06-29 13:03 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-06-29 13:01 . 2008-01-07 00:04 <DIR> d--h----- C:\Documents and Settings\Marcin\Ustawienia lokalne
2008-06-29 13:01 . 2008-06-29 13:01 <DIR> dr------- C:\Documents and Settings\Marcin\Ulubione
2008-06-29 13:01 . 2006-12-27 16:55 <DIR> d--h----- C:\Documents and Settings\Marcin\Szablony
2008-06-29 13:01 . 2008-06-29 16:16 <DIR> d-------- C:\Documents and Settings\Marcin\Pulpit
2008-06-29 13:01 . 2008-06-29 13:37 <DIR> dr------- C:\Documents and Settings\Marcin\Moje dokumenty
2008-06-29 13:01 . 2006-12-27 17:47 <DIR> dr------- C:\Documents and Settings\Marcin\Menu Start
2008-06-29 13:01 . 2008-06-29 13:07 <DIR> dr-h----- C:\Documents and Settings\Marcin\Dane aplikacji
2008-06-29 13:01 . 2008-06-29 13:20 <DIR> d-------- C:\Documents and Settings\Marcin
2008-06-29 12:40 . 2008-06-29 12:40 92,032 --a------ C:\WINDOWS\system32\bsvsrogy.dll
2008-06-29 12:31 . 2008-06-29 12:34 354 ---hs---- C:\WINDOWS\system32\mkfelwgg.ini
2008-06-29 01:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-29 01:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-29 01:36 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-29 01:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 01:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-27 14:33 . 2008-06-27 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ADSL Software Ltd
2008-06-26 19:27 . 2008-06-26 19:27 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools
2008-06-26 17:34 . 2008-06-26 17:34 106,496 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-26 17:34 . 2008-06-27 18:30 35,673 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-26 17:34 . 2008-06-26 17:34 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-26 16:40 . 2008-06-26 16:40 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-26 16:04 . 2008-06-26 16:04 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-06-26 09:15 . 2008-06-26 10:43 545 --a------ C:\WINDOWS\eReg.dat
2008-06-22 17:04 . 2008-06-22 17:09 <DIR> d-------- C:\Program Files\The Add-on Handler
2008-06-22 17:00 . 2008-06-22 17:00 104 --a------ C:\WINDOWS\Please Download and Install The Sims RugOMatic.url
2008-06-22 17:00 . 2008-06-22 17:00 0 --a------ C:\WINDOWS\Transmogrifier.INI
2008-06-22 16:44 . 2008-06-22 16:46 109 --a------ C:\WINDOWS\Please Download and Install The Sims Transmogrifier.url
2008-06-22 16:44 . 2008-06-22 16:44 102 --a------ C:\WINDOWS\Please Purchase and Install The Sims.url
2008-06-21 22:58 . 1998-06-24 00:00 209,192 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-06-09 20:00 . 2008-06-09 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SiComponents
2008-05-30 16:55 . 2008-05-30 16:55 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 14:26 --------- d-----w C:\Program Files\Neostrada TP
2008-06-29 00:24 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Winamp
2008-06-28 12:59 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\MegauploadToolbar
2008-06-27 16:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-27 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 12:14 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-06-27 12:14 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-06-27 12:14 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-26 14:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-25 20:31 --------- d-----w C:\Program Files\eMule
2008-06-11 16:02 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Skype
2008-06-04 19:36 --------- d-----w C:\Program Files\Last.fm
2008-06-04 16:25 --------- d-----w C:\Program Files\MSN Messenger
2008-05-30 12:34 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-28 20:00 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-27 14:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
2008-05-23 18:06 --------- d-----w C:\Program Files\SESoftware
2008-05-19 20:19 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Hamachi
2008-05-15 18:56 --------- d-----w C:\Program Files\IrfanView
2008-05-08 11:13 --------- d-----w C:\Program Files\Konnekt
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2007-01-28 10:52 56 --sh--r C:\WINDOWS\system32\589F22BD57.sys
2007-01-28 10:52 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\explorer.exe
2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\icon_TMP\explorer.exe
2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\system_backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-30 17:50 58992]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-01-14 12:35 100056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-01-05 16:46:32 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VP60"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"vidc.VP61"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"vidc.VP62"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.MPG4"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.DIV3"= D:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= D:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= D:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP70"= D:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= D:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.MP43"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"msacm.ac3acm"= D:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= D:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.divxa32"= D:\PROGRA~1\K-LITE~1\codecs\divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15389:TCP"= 15389:TCP:BitComet 15389 TCP
"15389:UDP"= 15389:UDP:BitComet 15389 UDP
"58516:TCP"= 58516:TCP:*:Disabled:SolidNetworkManager
"58516:UDP"= 58516:UDP:*:Disabled:SolidNetworkManager
"25468:TCP"= 25468:TCP:*:Disabled:SolidNetworkManager
"25468:UDP"= 25468:UDP:*:Disabled:SolidNetworkManager
"24487:TCP"= 24487:TCP:*:Disabled:SolidNetworkManager
"24487:UDP"= 24487:UDP:*:Disabled:SolidNetworkManager
"35207:TCP"= 35207:TCP:*:Disabled:SolidNetworkManager
"35207:UDP"= 35207:UDP:*:Disabled:SolidNetworkManager

S3 XDva132;XDva132;C:\WINDOWS\system32\XDva132.sys []
S3 XDva147;XDva147;C:\WINDOWS\system32\XDva147.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - user.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exef/task:
"2008-06-29 11:18:53 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 16:28:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-29 16:31:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 14:31:28
ComboFix2.txt 2008-06-29 10:31:20

Pre-Run: 9,828,319,232 bajtów wolnych
Post-Run: 9,841,238,016 bajt˘w wolnych

230

[bartisz]

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\bsvsrogy.dll
C:\WINDOWS\system32\mkfelwgg.ini
C:\WINDOWS\Transmogrifier.INI
C:\WINDOWS\Please Download and Install The Sims Transmogrifier.url
C:\WINDOWS\Please Purchase and Install The Sims.url
C:\WINDOWS\system32\589F22BD57.sys


Plik-->Zapisz jako... -->CFScript
Przeciągnij plik CFScript.txt na plik ComboFix.exe

Podczas usuwanie powstanie log. Wrzuć go na forum.
Po restarcie usuń folder C:\Qoobox.

[Hideki]

ComboFix 08-06-20.4 - user 2008-06-30 12:17:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.147 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Please Download and Install The Sims Transmogrifier.url
C:\WINDOWS\Please Purchase and Install The Sims.url
C:\WINDOWS\system32\589F22BD57.sys
C:\WINDOWS\system32\bsvsrogy.dll
C:\WINDOWS\system32\mkfelwgg.ini
C:\WINDOWS\Transmogrifier.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Please Download and Install The Sims Transmogrifier.url
C:\WINDOWS\Please Purchase and Install The Sims.url
C:\WINDOWS\system32\589F22BD57.sys
C:\WINDOWS\system32\bsvsrogy.dll
C:\WINDOWS\system32\mkfelwgg.ini
C:\WINDOWS\Transmogrifier.INI

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-29 17:13 . 2008-06-29 17:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-29 17:13 . 2008-06-29 17:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 13:20 . 2008-06-29 14:21 <DIR> d-------- C:\Documents and Settings\Marcin\Contacts
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Windows Messenger
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Winamp
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\TmpRecentIcons
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Teleca
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\teamspeak2
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\stamina
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Skype
2008-06-29 13:06 . 2008-06-29 13:06 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\DAEMON Tools
2008-06-29 13:06 . 2008-06-29 13:06 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Ambient Design
2008-06-29 13:03 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-06-29 13:01 . 2008-06-30 12:19 <DIR> d--h----- C:\Documents and Settings\Marcin\Ustawienia lokalne
2008-06-29 13:01 . 2008-06-29 13:01 <DIR> dr------- C:\Documents and Settings\Marcin\Ulubione
2008-06-29 13:01 . 2006-12-27 16:55 <DIR> d--h----- C:\Documents and Settings\Marcin\Szablony
2008-06-29 13:01 . 2008-06-29 22:59 <DIR> d-------- C:\Documents and Settings\Marcin\Pulpit
2008-06-29 13:01 . 2008-06-29 19:33 <DIR> dr------- C:\Documents and Settings\Marcin\Moje dokumenty
2008-06-29 13:01 . 2006-12-27 17:47 <DIR> dr------- C:\Documents and Settings\Marcin\Menu Start
2008-06-29 13:01 . 2008-06-29 13:07 <DIR> dr-h----- C:\Documents and Settings\Marcin\Dane aplikacji
2008-06-29 13:01 . 2008-06-29 13:20 <DIR> d-------- C:\Documents and Settings\Marcin
2008-06-29 01:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-29 01:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-29 01:36 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-29 01:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 01:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-27 14:33 . 2008-06-27 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ADSL Software Ltd
2008-06-26 19:27 . 2008-06-29 22:03 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools
2008-06-26 17:34 . 2008-06-26 17:34 106,496 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-26 17:34 . 2008-06-27 18:30 35,673 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-26 17:34 . 2008-06-26 17:34 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-26 16:40 . 2008-06-26 16:40 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-26 16:04 . 2008-06-26 16:04 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-06-26 09:15 . 2008-06-26 10:43 545 --a------ C:\WINDOWS\eReg.dat
2008-06-22 17:04 . 2008-06-22 17:09 <DIR> d-------- C:\Program Files\The Add-on Handler
2008-06-22 17:00 . 2008-06-22 17:00 104 --a------ C:\WINDOWS\Please Download and Install The Sims RugOMatic.url
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-06-11 18:36 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-06-09 20:00 . 2008-06-09 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SiComponents
2008-05-30 16:55 . 2008-05-30 16:55 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\InstallShield
2008-05-27 16:41 . 2008-05-27 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
2008-05-27 16:39 . 2008-06-04 21:36 <DIR> d-------- C:\Program Files\Last.fm
2008-05-23 20:06 . 2008-05-23 20:06 <DIR> d-------- C:\Program Files\SESoftware
2008-05-21 13:51 . 2008-06-25 22:31 <DIR> d-------- C:\Program Files\eMule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 10:16 --------- d-----w C:\Program Files\Neostrada TP
2008-06-29 16:23 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-29 16:23 249,856 ------w C:\WINDOWS\Setup1.exe
2008-06-29 00:24 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Winamp
2008-06-28 12:59 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\MegauploadToolbar
2008-06-27 16:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-27 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 12:14 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-06-27 12:14 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-06-27 12:14 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-26 14:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-11 16:02 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Skype
2008-06-04 16:25 --------- d-----w C:\Program Files\MSN Messenger
2008-05-30 12:34 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-28 20:00 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-19 20:19 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Hamachi
2008-05-15 18:56 --------- d-----w C:\Program Files\IrfanView
2008-05-08 11:13 --------- d-----w C:\Program Files\Konnekt
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2007-01-28 10:52 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\explorer.exe
2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\icon_TMP\explorer.exe
2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\system_backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-30 17:50 58992]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-01-14 12:35 100056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-01-05 16:46:32 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VP60"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"vidc.VP61"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"vidc.VP62"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.MPG4"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.DIV3"= D:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= D:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= D:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP70"= D:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= D:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.MP43"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"msacm.ac3acm"= D:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= D:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.divxa32"= D:\PROGRA~1\K-LITE~1\codecs\divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15389:TCP"= 15389:TCP:BitComet 15389 TCP
"15389:UDP"= 15389:UDP:BitComet 15389 UDP
"58516:TCP"= 58516:TCP:*:Disabled:SolidNetworkManager
"58516:UDP"= 58516:UDP:*:Disabled:SolidNetworkManager
"25468:TCP"= 25468:TCP:*:Disabled:SolidNetworkManager
"25468:UDP"= 25468:UDP:*:Disabled:SolidNetworkManager
"24487:TCP"= 24487:TCP:*:Disabled:SolidNetworkManager
"24487:UDP"= 24487:UDP:*:Disabled:SolidNetworkManager
"35207:TCP"= 35207:TCP:*:Disabled:SolidNetworkManager
"35207:UDP"= 35207:UDP:*:Disabled:SolidNetworkManager

S3 XDva132;XDva132;C:\WINDOWS\system32\XDva132.sys []
S3 XDva147;XDva147;C:\WINDOWS\system32\XDva147.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - user.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exef/task:
"2008-06-29 19:24:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 12:19:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 12:20:17
ComboFix-quarantined-files.txt 2008-06-30 10:20:11
ComboFix2.txt 2008-06-29 14:31:36

Pre-Run: 9,730,142,208 bajtów wolnych
Post-Run: 9,738,420,224 bajtów wolnych

188

[bartisz]

Log jest czysty
1. Usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.
2. Przeczyść system Ccleanerem
3. Wykonaj optymalizację autostartu: http://instalki.pl/forum/viewtopic.php?t=10892
4. Wyłącz przywracanie systemu na wszystkich dyskach
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE), daj raport z niego na forum lub Dr.Web CureIT
6. Włącz przywracanie systemu.

[Hideki]

Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
1 lipiec 2008 12:46
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus 1/07/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus901288
-------------------------------------------------------------------------------

Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Statystyki skanowania:
Liczba skanowanych obiektów: 107029
Liczba wykrytych wirusów: 2
Liczba zainfekowanych obiektów: 4
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 01:54:57

Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Common Client\Confid.log Object is locked pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Common Client\Content.log Object is locked pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Common Client\Privacy.log Object is locked pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Common Client\Restrict.log Object is locked pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Common Client\settings.dat Object is locked pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Common Client\WebHist.log Object is locked pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\user\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\user\Moje dokumenty\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Zainfekowanych: not-a-virus:RiskTool.Win32.Reboot.f pominięty
C:\Documents and Settings\user\Moje dokumenty\SmitfraudFix.exe RAR: zainfekowany - 1 pominięty
C:\Documents and Settings\user\ntuser.dat Object is locked pominięty
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Last.fm\Client\WinampPlugin.log Object is locked pominięty
C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\user\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked pominięty
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked pominięty
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked pominięty
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked pominięty
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked pominięty
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\418D11D6.tmp Zainfekowanych: Virus.Win32.Tenga.a pominięty
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41C45B99.tmp Zainfekowanych: Virus.Win32.Tenga.a pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

Proces skanowania został zakończony.

[huber2t]

Usuń to:

C:\Documents and Settings\user\Moje dokumenty\SmitfraudFix.exe

Usuń pliki z tego folderu:

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine

[Hideki]

Usuń to:

C:\Documents and Settings\user\Moje dokumenty\SmitfraudFix.exe

Usuń pliki z tego folderu:

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine

Hmmm od tamtego czasu komp śmiga, ale ostatnio coś chyba znowu sie stało....a mianowicie internet troche spowolnił...strony wolniej sie laduja i w testach predkosci łacza widac roznice w szybkosci w stosunku do moich poprzednich testow...w razie czego wklejam log z hijack this, jezeli to cos w ogoe moze zmienic:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:34, on 2008-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7300 bytes

[huber2t]

W logu nic nie widze

Pokaż log z Combofix

[Hideki]

W logu nic nie widze

Pokaż log z Combofix

ComboFix 08-07-22.4 - Marcin 2008-07-23 21:14:37.4 - NTFSx86
Running from: C:\Documents and Settings\Marcin\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 20:53 . 2008-07-23 20:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-20 22:59 . 2008-07-20 22:59 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-20 22:58 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-07-20 22:58 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-07-18 16:47 . 2008-07-18 17:05 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\gtk-2.0
2008-07-18 16:46 . 2008-07-18 17:05 <DIR> d-------- C:\Documents and Settings\user\.gimp-2.4
2008-07-15 18:11 . 2008-07-15 18:11 3,908 --a------ C:\WINDOWS\system32\ST5UNST.000
2008-07-11 13:48 . 2008-07-23 15:44 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\gtk-2.0
2008-07-11 13:47 . 2008-07-11 13:47 <DIR> d-------- C:\Documents and Settings\Marcin\.thumbnails
2008-07-11 13:43 . 2008-07-23 21:01 <DIR> d-------- C:\Documents and Settings\Marcin\.gimp-2.4
2008-07-07 13:34 . 2008-07-07 13:34 160,289 --a------ C:\WINDOWS\Sqirlz Morph Uninstaller.exe
2008-07-03 11:30 . 2008-07-18 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-07-03 11:28 . 1995-07-26 02:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-07-03 11:28 . 1995-07-26 02:00 89,600 --a------ C:\WINDOWS\system32\grid32.ocx
2008-07-03 11:28 . 1995-07-26 02:00 78,848 --a------ C:\WINDOWS\system32\msoutl32.ocx
2008-07-03 11:28 . 1997-01-16 11:11 75,536 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-07-01 20:27 . 2008-07-01 20:27 <DIR> d-------- C:\Documents and Settings\Marcin\.jpi_cache
2008-07-01 20:27 . 2008-07-01 20:27 <DIR> d-------- C:\Documents and Settings\Marcin\.java
2008-07-01 10:28 . 2008-07-01 10:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-01 10:28 . 2008-07-01 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-30 17:25 . 2008-06-30 19:10 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Audacity
2008-06-29 17:13 . 2008-06-29 17:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-29 17:13 . 2008-06-29 17:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 13:20 . 2008-06-29 14:21 <DIR> d-------- C:\Documents and Settings\Marcin\Contacts
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Windows Messenger
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Winamp
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Teleca
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\teamspeak2
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\stamina
2008-06-29 13:07 . 2008-06-29 13:07 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Skype
2008-06-29 13:06 . 2008-06-29 13:06 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\DAEMON Tools
2008-06-29 13:06 . 2008-06-29 13:06 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Ambient Design
2008-06-29 13:03 . 2008-07-04 11:31 <DIR> d-------- C:\Documents and Settings\Marcin\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-06-29 13:01 . 2008-07-23 21:16 <DIR> d--h----- C:\Documents and Settings\Marcin\Ustawienia lokalne
2008-06-29 13:01 . 2008-06-29 13:01 <DIR> dr------- C:\Documents and Settings\Marcin\Ulubione
2008-06-29 13:01 . 2006-12-27 16:55 <DIR> d--h----- C:\Documents and Settings\Marcin\Szablony
2008-06-29 13:01 . 2008-07-23 21:16 <DIR> d-------- C:\Documents and Settings\Marcin\Pulpit
2008-06-29 13:01 . 2008-07-23 13:29 <DIR> dr------- C:\Documents and Settings\Marcin\Moje dokumenty
2008-06-29 13:01 . 2006-12-27 17:47 <DIR> dr------- C:\Documents and Settings\Marcin\Menu Start
2008-06-29 13:01 . 2008-07-23 21:16 <DIR> dr-h----- C:\Documents and Settings\Marcin\Dane aplikacji
2008-06-29 13:01 . 2008-07-23 21:01 <DIR> d-------- C:\Documents and Settings\Marcin
2008-06-29 01:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-29 01:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-29 01:36 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-29 01:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 01:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-27 14:33 . 2008-06-27 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ADSL Software Ltd
2008-06-26 19:27 . 2008-06-29 22:03 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools
2008-06-26 16:40 . 2008-06-26 16:40 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-26 16:04 . 2008-06-26 16:04 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-06-26 09:15 . 2008-06-26 10:43 545 --a------ C:\WINDOWS\eReg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 19:13 --------- d-----w C:\Program Files\Neostrada TP
2008-07-23 19:08 --------- d-----w C:\Program Files\eMule
2008-07-23 18:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-23 11:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 09:31 --------- d-----w C:\Program Files\MegauploadToolbar
2008-07-01 08:26 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\MegauploadToolbar
2008-06-29 16:23 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-29 00:24 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Winamp
2008-06-27 12:14 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-06-27 12:14 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-06-27 12:14 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-26 14:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-22 15:09 --------- d-----w C:\Program Files\The Add-on Handler
2008-06-11 16:02 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Skype
2008-06-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SiComponents
2008-06-04 19:36 --------- d-----w C:\Program Files\Last.fm
2008-06-04 16:25 --------- d-----w C:\Program Files\MSN Messenger
2008-05-30 14:55 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\InstallShield
2008-05-30 12:34 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-28 20:00 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-27 14:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
2008-05-23 18:06 --------- d-----w C:\Program Files\SESoftware
2007-01-28 10:52 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\explorer.exe
2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\icon_TMP\explorer.exe
2004-08-04 02:44 1224704 a09e5271d2737ca1b5aa98a1f68d4be5 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\system_backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-30 17:50 58992]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-01-14 12:35 100056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VP60"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"vidc.VP61"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"vidc.VP62"= D:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.MPG4"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.DIV3"= D:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= D:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= D:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP70"= D:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= D:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.MP43"= D:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"msacm.ac3acm"= D:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= D:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.divxa32"= D:\PROGRA~1\K-LITE~1\codecs\divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15389:TCP"= 15389:TCP:BitComet 15389 TCP
"15389:UDP"= 15389:UDP:BitComet 15389 UDP
"58516:TCP"= 58516:TCP:*:Disabled:SolidNetworkManager
"58516:UDP"= 58516:UDP:*:Disabled:SolidNetworkManager
"25468:TCP"= 25468:TCP:*:Disabled:SolidNetworkManager
"25468:UDP"= 25468:UDP:*:Disabled:SolidNetworkManager
"24487:TCP"= 24487:TCP:*:Disabled:SolidNetworkManager
"24487:UDP"= 24487:UDP:*:Disabled:SolidNetworkManager
"35207:TCP"= 35207:TCP:*:Disabled:SolidNetworkManager
"35207:UDP"= 35207:UDP:*:Disabled:SolidNetworkManager
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - user.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exef/task:
"2008-07-23 17:42:57 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.neostrada.pl
O8 -: Download all links using BitComet - D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: Download all videos using BitComet - D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: Download link using &BitComet - D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 -: { - C:\Program Files\Messenger\msmsgs.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 21:16:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 21:17:25
ComboFix-quarantined-files.txt 2008-07-23 19:17:20
ComboFix2.txt 2008-06-30 10:20:18

Pre-Run: 10,470,084,608 bajtów wolnych
Post-Run: 10,461,073,408 bajtów wolnych

175




Hmmm, zrobilem tez test predkosci internetu
Download: 176 kbps
Upload: 135 kbps
Latency: 127 ms

Mam Neostrade 512 no i to nie jest za dobry wynik

[huber2t]

W logu nic nie widze

To moze byc wina sprzętowa