[log] robale atakują laptopa a antywirusy nie działają

[dunhill]

Bardzo proszę o pomoc bo boję się o moją pracę magisterską, a robale panoszą mi się na kompie. Antyświrusy nie działają... help!

to log z combofix'a

ComboFix 08-07-21.2 - Administrator 2008-07-22 15:15:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1305 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 13:04 . 2008-07-22 13:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 13:04 . 2008-07-22 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\AskSBar
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-22 11:49 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-22 11:49 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-22 11:49 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-22 11:49 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-22 11:48 . 2008-07-22 11:48 160 --a------ C:\install.dat
2008-07-22 11:41 . 2008-07-22 11:41 <DIR> d--hs---- C:\AVSystemCare
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Chaos Group
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBUKEY
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-07-21 23:48 . 2006-11-23 05:20 1,253,376 --a------ C:\WINDOWS\system32\WibuKe32.cpl
2008-07-21 23:48 . 2006-11-17 06:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-07-21 23:48 . 2006-11-02 05:20 479,232 --a------ C:\WINDOWS\system32\wibuKJni.dll
2008-07-21 23:48 . 2006-11-22 05:20 348,160 --a------ C:\WINDOWS\system32\WkExt32.dll
2008-07-21 23:48 . 2006-11-22 05:20 159,744 --a------ C:\WINDOWS\system32\WkWin32.dll
2008-07-21 23:48 . 2006-11-22 05:20 72,704 --a------ C:\WINDOWS\system32\drivers\WibuKey.sys
2008-07-21 23:48 . 2000-10-18 02:00 57,552 --a------ C:\WINDOWS\system32\WkDos.exe
2008-07-21 23:48 . 2006-03-06 05:10 54,336 --a------ C:\WINDOWS\system\WkWin.dll
2008-07-21 23:48 . 2006-11-09 05:20 16,384 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2008-07-21 22:37 . 2008-07-21 22:37 25,991 --a------ C:\WINDOWS\system32\epfwdata.bin
2008-07-21 19:26 . 2008-07-21 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 02:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-20 02:53 . 2008-07-20 02:53 <DIR> d-------- C:\Program Files\Panda Security
2008-07-20 02:43 . 2008-07-20 02:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 01:08 . 2008-07-20 01:08 728,576 --a------ C:\WINDOWS\system32\CSRLT.EXE
2008-07-20 01:08 . 2008-07-20 01:08 728,576 --a------ C:\WINDOWS\MSBLT.EXE
2008-07-20 01:07 . 2008-07-20 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ESET
2008-07-20 01:07 . 2008-07-20 01:07 728,576 --a------ C:\WINDOWS\ rpl.exe
2008-07-20 01:07 . 2008-07-22 14:41 2,999 --a------ C:\WINDOWS\system32\sc01.sc
2008-07-20 01:03 . 2008-07-22 11:36 <DIR> d-------- C:\Program Files\ESET
2008-07-20 00:20 . 2008-07-20 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\rt73.sys
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-07-19 23:29 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-07-19 23:29 . 2005-11-03 17:41 32,768 --a------ C:\WINDOWS\system32\GTGina.dll
2008-07-19 23:29 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-07-19 23:29 . 2008-07-19 23:29 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2008-07-19 23:29 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Program Files\Linksys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-07-19 23:28 . 2008-07-19 23:28 960 --a------ C:\WINDOWS\system32\WLAN.INI
2008-07-01 21:52 . 2008-07-01 21:52 <DIR> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 09:43 --------- d-----w C:\Program Files\Odkurzacz
2008-07-19 23:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\SolidWorks
2008-07-19 22:13 --------- d-----w C:\Program Files\Java
2008-07-19 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 11:53 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLbz.DAT
2008-07-10 11:53 --------- d-----w C:\Program Files\Common Files\Nikon
2008-06-22 10:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-06-21 21:37 --------- d-----w C:\Program Files\Cell Phone Manager
2008-06-21 14:57 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nikon
2008-06-21 14:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trance Pad
2008-06-21 13:01 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
2008-06-20 22:30 --------- d-----w C:\Program Files\mp3DirectCut
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:01 --------- d-----w C:\Program Files\PhotomatixPro3
2008-06-16 14:43 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-16 13:58 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-06-16 13:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-10 14:08 --------- d-----w C:\Program Files\SolidWorks
2008-06-09 20:01 --------- d-----w C:\Program Files\CyberLink
2008-05-31 11:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 11:02 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-31 10:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-31 00:29 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\F-Secure
2008-05-31 00:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-05-30 23:33 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Symantec
2008-05-30 19:06 45,768 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-26 22:59 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-23 22:10 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Avant Profiles
2008-05-23 21:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Avant Profiles
2008-05-11 20:26 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:27 64,672 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-06 20:27 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-02 11:21 36 ----a-w C:\Documents and Settings\Administrator\klextlock.dat
2008-05-02 10:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-13 21:54 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-22 11:49 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-22 11:49 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 15:25 1093632]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CSRLT.EXE"="C:\WINDOWS\system32\CSRLT.EXE" [2008-07-20 01:08 728576]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"IMJPMIG8.2"="msime82.exe" [BU]

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
S1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
S3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 22:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30221a6e-1854-11dd-b304-00c09fe15bb0}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 09:49:51 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 15:17:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-22 15:17:57
ComboFix-quarantined-files.txt 2008-07-22 13:17:50
ComboFix2.txt 2008-07-22 12:43:46

Pre-Run: 5,005,262,848 bajtów wolnych
Post-Run: 5,028,376,576 bajtów wolnych

194 --- E O F --- 2008-07-21 18:13:25

[ Dodano: Dzisiaj o 12:49 ]
a to log z HiJack'a

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57, on 08-07-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\CSRLT.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PL
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\RunOnce: [MSBLT.EXE] C:\WINDOWS\MSBLT.EXE
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] "C:\Program Files\Odkurzacz\odk_mcd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 8266 bytes

[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[dunhill]

ok worms cleaner nie działa nakładka na windows też... i teraz z tego co rozumiem mam w trybie awaryjnym usuwać coś w HiJacku?? tylko co??

[Magik]

i teraz z tego co rozumiem mam w trybie awaryjnym usuwać coś w HiJacku?? tylko co??

jedziesz po kolei

odpalasz Sdfix, wklejasz log
nastepnie wklejasz log jeszcze raz z combofix i HJT--->czekasz na instrukcje

[dunhill]

oto Report.txt

SDFix: Version 1.207
Run by Administrator on 08-07-23 at 13:24

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed
Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 13:34:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:f6df915a
"s1"=dword:751d975b
"s2"=dword:42b50ed6
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:dd,2d,5a,10,e4,f4,21,91,b4,ce,8d,2a,49,67,3f,17,2a,53,0a,9d,cb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,00,80,05,0d,81,60,27,05,28,fb,1d,75,94,bf,e1,e3,56,..
"khjeh"=hex:f8,44,88,73,b3,ee,aa,e8,1c,b7,b9,46,6b,4f,61,e7,48,13,52,f5,a9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:35,d6,58,f4,13,5e,f9,ad,5e,1b,dc,d1,84,c3,d6,66,fb,88,ae,a9,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:dd,2d,5a,10,e4,f4,21,91,b4,ce,8d,2a,49,67,3f,17,2a,53,0a,9d,cb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,00,80,05,0d,81,60,27,05,28,fb,1d,75,94,bf,e1,e3,56,..
"khjeh"=hex:f8,44,88,73,b3,ee,aa,e8,1c,b7,b9,46,6b,4f,61,e7,48,13,52,f5,a9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:35,d6,58,f4,13,5e,f9,ad,5e,1b,dc,d1,84,c3,d6,66,fb,88,ae,a9,5b,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E48A889C-FE5B-DC4A-DB6E-73C13860B866}]
"abfbpndkokbjhaekbppabgeemkapojgckp"=hex:69,61,6a,6e,69,66,68,66,6f,63,62,67,6e,6d,69,68,6f,67,00,00
"pahbjbbdjcpjhmdkfijbeaclanicbcci"=hex:69,61,6a,6e,69,66,68,66,6f,63,62,67,6e,6d,69,68,6f,67,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain]
"y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="C:\WINDOWS\Twain_32\CNQL35\CISDS.DS"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"="C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 17 Aug 2001 24,448 A.SHR --- "C:\NTBOOTDD.SYS"
Mon 13 Mar 2006 560,640 A.SH. --- "C:\Program Files\Cell Phone Manager\MobCfg.dll"
Sat 11 Mar 2006 615,424 A.SH. --- "C:\Program Files\Cell Phone Manager\MobSvr.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 23 May 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Finished!

[ Dodano: Dzisiaj o 13:54 ]
to log z Combo

ComboFix 08-07-21.2 - Administrator 2008-07-23 13:47:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1412 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 13:18 . 2008-07-23 13:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-23 13:13 . 2008-07-23 13:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Webroot
2008-07-23 13:08 . 2008-07-23 13:35 <DIR> d-------- C:\SDFix
2008-07-22 13:04 . 2008-07-22 13:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 13:04 . 2008-07-22 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\AskSBar
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-22 11:49 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-22 11:49 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-22 11:49 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-22 11:49 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-22 11:48 . 2008-07-22 11:48 160 --a------ C:\install.dat
2008-07-22 11:41 . 2008-07-22 11:41 <DIR> d--hs---- C:\AVSystemCare
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Chaos Group
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBUKEY
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-07-21 23:48 . 2006-11-23 05:20 1,253,376 --a------ C:\WINDOWS\system32\WibuKe32.cpl
2008-07-21 23:48 . 2006-11-17 06:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-07-21 23:48 . 2006-11-02 05:20 479,232 --a------ C:\WINDOWS\system32\wibuKJni.dll
2008-07-21 23:48 . 2006-11-22 05:20 348,160 --a------ C:\WINDOWS\system32\WkExt32.dll
2008-07-21 23:48 . 2006-11-22 05:20 159,744 --a------ C:\WINDOWS\system32\WkWin32.dll
2008-07-21 23:48 . 2006-11-22 05:20 72,704 --a------ C:\WINDOWS\system32\drivers\WibuKey.sys
2008-07-21 23:48 . 2000-10-18 02:00 57,552 --a------ C:\WINDOWS\system32\WkDos.exe
2008-07-21 23:48 . 2006-03-06 05:10 54,336 --a------ C:\WINDOWS\system\WkWin.dll
2008-07-21 23:48 . 2006-11-09 05:20 16,384 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2008-07-21 22:37 . 2008-07-21 22:37 25,991 --a------ C:\WINDOWS\system32\epfwdata.bin
2008-07-21 19:26 . 2008-07-21 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 02:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-20 02:53 . 2008-07-20 02:53 <DIR> d-------- C:\Program Files\Panda Security
2008-07-20 02:43 . 2008-07-20 02:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 01:08 . 2008-07-20 01:08 728,576 --a------ C:\WINDOWS\system32\CSRLT.EXE
2008-07-20 01:08 . 2008-07-20 01:08 728,576 --a------ C:\WINDOWS\MSBLT.EXE
2008-07-20 01:07 . 2008-07-20 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ESET
2008-07-20 01:07 . 2008-07-20 01:07 728,576 --a------ C:\WINDOWS\ rpl.exe
2008-07-20 01:07 . 2008-07-23 13:42 2,999 --a------ C:\WINDOWS\system32\sc01.sc
2008-07-20 01:03 . 2008-07-22 11:36 <DIR> d-------- C:\Program Files\ESET
2008-07-20 00:20 . 2008-07-20 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\rt73.sys
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-07-19 23:29 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-07-19 23:29 . 2005-11-03 17:41 32,768 --a------ C:\WINDOWS\system32\GTGina.dll
2008-07-19 23:29 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-07-19 23:29 . 2008-07-19 23:29 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2008-07-19 23:29 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Program Files\Linksys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-07-19 23:28 . 2008-07-19 23:28 960 --a------ C:\WINDOWS\system32\WLAN.INI
2008-07-01 21:52 . 2008-07-01 21:52 <DIR> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 09:43 --------- d-----w C:\Program Files\Odkurzacz
2008-07-19 23:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\SolidWorks
2008-07-19 22:13 --------- d-----w C:\Program Files\Java
2008-07-19 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 11:53 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLbz.DAT
2008-07-10 11:53 --------- d-----w C:\Program Files\Common Files\Nikon
2008-06-22 10:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-06-21 21:37 --------- d-----w C:\Program Files\Cell Phone Manager
2008-06-21 14:57 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nikon
2008-06-21 14:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trance Pad
2008-06-21 13:01 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
2008-06-20 22:30 --------- d-----w C:\Program Files\mp3DirectCut
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:01 --------- d-----w C:\Program Files\PhotomatixPro3
2008-06-16 14:43 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-16 13:58 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-06-16 13:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-10 14:08 --------- d-----w C:\Program Files\SolidWorks
2008-06-09 20:01 --------- d-----w C:\Program Files\CyberLink
2008-05-31 11:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 11:02 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-31 10:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-31 00:29 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\F-Secure
2008-05-31 00:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-05-30 23:33 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Symantec
2008-05-30 19:06 45,768 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-26 22:59 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-23 22:10 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Avant Profiles
2008-05-23 21:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Avant Profiles
2008-05-11 20:26 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:27 64,672 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-06 20:27 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-02 11:21 36 ----a-w C:\Documents and Settings\Administrator\klextlock.dat
2008-05-02 10:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-13 21:54 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-22_14.42.50.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-02-24 18:36:08 16,096 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
+ 2005-02-25 03:36:06 16,096 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
- 2005-02-24 18:36:08 212,704 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
+ 2005-02-25 03:36:06 212,704 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
- 2005-02-24 18:36:08 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
+ 2005-02-25 03:36:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
- 2005-02-24 18:36:08 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
+ 2005-02-25 03:36:06 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
- 2005-02-24 18:36:08 387,296 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
+ 2005-02-25 03:36:07 387,296 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
+ 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-23 11:19:55 5,173,248 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-07-23 11:19:55 417,792 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-23 11:19:16 5,173,248 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-07-23 11:19:16 417,792 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-22 11:49 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-22 11:49 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 15:25 1093632]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CSRLT.EXE"="C:\WINDOWS\system32\CSRLT.EXE" [2008-07-20 01:08 728576]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"IMJPMIG8.2"="msime82.exe" [BU]

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
S1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
S3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 22:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30221a6e-1854-11dd-b304-00c09fe15bb0}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 09:49:51 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 13:49:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 13:51:01
ComboFix-quarantined-files.txt 2008-07-23 11:50:31
ComboFix2.txt 2008-07-22 13:17:58
ComboFix3.txt 2008-07-22 12:43:46

Pre-Run: 4,879,056,896 bajtów wolnych
Post-Run: 4,872,470,528 bajtów wolnych

217 --- E O F --- 2008-07-21 18:13:25

[ Dodano: Dzisiaj o 13:55 ]
i log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52, on 08-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CSRLT.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PL
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] "C:\Program Files\Odkurzacz\odk_mcd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 8290 bytes

[ Dodano: Dzisiaj o 14:02 ]
właśnie wyczytałem z tych logów że ktoś łaził na moim kompie na jakieś stronki z gołymi doopami musze pogadać z ojcem zeby tego nie robił

[gloni]

na fix w hijackThis

Kod: Zaznacz wszystko


R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKCU\..\Run: [MsServer] msfun80.exe

[Magik]

redtube

jak sie smiga po takich stronkach nic dziwnego ze trojanki do kompa sie laduja

ten plik

Kod: Zaznacz wszystko

C:\WINDOWS\system32\CSRLT.EXE

przeskanuj na http://www.virustotal.com/cs/ i wklej raport




w trybie awaryjnym dajesz an fix w HiJackThis

Kod: Zaznacz wszystko

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKCU\..\Run: [MsServer] msfun80.exe


wklej do notatnika

Kod: Zaznacz wszystko

FILE::
C:\WINDOWS\MSBLT.EXE
C:\WINDOWS\ rpl.exe

zapisz jako CFScript.txt, przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe.wklej log ktory sie wygeneruje

+
http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html

[dunhill]

to z www.virustotal.com - usuwać plik CSRLT.EXE w HiJacku razem z tymi co napisałeś??

Plik CSRLT.EXE otrzymany 2008.07.23 14:16:13 (CET)
Obecny status: Ładowanie ... w kolejce oczekuje skanowanie zakończono NIE ZNALEZIONO ZATRZYMANE
Wynik: 3/35 (8.58%)
Ładowanie informacji serwera...
Twój plik czeka w kolejce na pozycji: 2.
Oczekiwany czas rozpoczęcia zawiera się między 42 i 60 sekundy.
Nie zamykaj tego okna, dopóki skanowanie nie zostanie ukończone.
Skaner nie odpowiada, trwają próby odzyskania wyników skanowania.
Jeśli potrwa to dłużej niż 5 minut, wyślik plik ponownie.
Twój plik jest obecnie skanowany, wyniki będą pojawiać się stopniowo.
Zwięzły Zwięzły
Drukuj wyniki Drukuj wyniki
Twój plik wygasł lub nie istnieje.
Usługa została wstrzymana. Twój plik będzie czekać na skanowanie (na pozycji: ) przez nieokreślony czas.

Możesz czekać na odpowiedź (automatyczne przeładowanie) lub podać swój email poniżej i kliknąć "przypomnij", wtedy system poinformuje Cię o zakończeniu skanowania wysyłając email.
Przypomnij:

Antywirus Wersja Ostatnia aktualizacja Wynik
AhnLab-V3 2008.7.23.0 2008.07.22 -
AntiVir 7.8.1.11 2008.07.23 TR/Dldr.Agen.728576
Authentium 5.1.0.4 2008.07.23 -
Avast 4.8.1195.0 2008.07.23 -
AVG 8.0.0.130 2008.07.23 -
BitDefender 7.2 2008.07.23 -
CAT-QuickHeal 9.50 2008.07.22 -
ClamAV 0.93.1 2008.07.23 -
DrWeb 4.44.0.09170 2008.07.23 -
eSafe 7.0.17.0 2008.07.22 -
eTrust-Vet 31.6.5976 2008.07.23 -
Ewido 4.0 2008.07.23 -
F-Prot 4.4.4.56 2008.07.22 -
F-Secure 7.60.13501.0 2008.07.23 -
Fortinet 3.14.0.0 2008.07.23 -
GData 2.0.7306.1023 2008.07.23 -
Ikarus T3.1.1.34.0 2008.07.23 -
Kaspersky 7.0.0.125 2008.07.23 -
McAfee 5344 2008.07.22 -
Microsoft 1.3704 2008.07.23 -
NOD32v2 3291 2008.07.23 -
Norman 5.80.02 2008.07.22 -
Panda 9.0.0.4 2008.07.23 -
PCTools 4.4.2.0 2008.07.22 -
Prevx1 V2 2008.07.23 -
Rising 20.54.22.00 2008.07.23 -
Sophos 4.31.0 2008.07.23 -
Sunbelt 3.1.1536.1 2008.07.18 VIPRE.Suspicious
Symantec 10 2008.07.23 -
TheHacker 6.2.96.387 2008.07.23 -
TrendMicro 8.700.0.1004 2008.07.23 -
VBA32 3.12.8.1 2008.07.22 -
VIRobot 2008.7.23.1307 2008.07.23 -
VirusBuster 4.5.11.0 2008.07.22 -
Webwasher-Gateway 6.6.2 2008.07.23 Trojan.Dldr.Agen.728576
Dodatkowe informacje
File size: 728576 bytes
MD5...: 667efaf4bedc872c93ae46c6d984b7d7
SHA1..: 8155cc77ff751c061fa2cc485d04b1414d6e261d
SHA256: cd7111264e1300e3ccd1b6dd603ba3ad9a0b54e7caefe188c580399711cac394
SHA512: 48cd3dc8d5f9603d12d5d89ed5757dc05d92ad3160fb6891741afba7748d15f9
29fa89f257889d8475ae250448a1ae03a738f2abbf1e1f3ae3d6f9ec24ae3801
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x99990
timedatestamp.....: 0x487e1d3c (Wed Jul 16 16:09:32 2008)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x87184 0x87200 6.59 aaa0b9f0a584762f97b5408283ad3bb2
.itext 0x89000 0xa00 0xa00 6.34 11b38a2eb904ebf35d128a9d7644a629
.data 0x8a000 0x2870 0x2a00 4.28 414b4b93bc7ab4cc26378ca4fe622768
.bss 0x8d000 0x5040 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x93000 0x30a8 0x3200 5.03 11e622523dd42b35b0c80b15ad75c9e9
.tls 0x97000 0x34 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x98000 0x18 0x200 0.21 bc9bc5dfb767cf0d1226f77cda25b9b8
.rsrc 0x99000 0x24000 0x24000 6.80 bdc688b5dbbcaacad8b06ca1d939d5c0

( 21 imports )
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> user32.dll: CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnpackDDElParam, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenuEx, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetDlgItemTextA, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, SendDlgItemMessageA, ScrollWindow, ScreenToClient, ReuseDDElParam, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MoveWindow, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadMenuA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassLongA, GetClassInfoA, GetCapture, GetAsyncKeyState, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> kernel32.dll: lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalLock, GlobalGetAtomNameA, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetSystemDirectoryA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetComputerNameA, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegFlushKey, RegEnumValueA, RegEnumKeyExA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey
> oleaut32.dll: GetErrorInfo, GetActiveObject, VariantClear, VariantInit, SafeArrayCreateVector, SysFreeString
> ole32.dll: CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
> kernel32.dll: Sleep
> ole32.dll: IsEqualGUID, CLSIDFromString, CoTaskMemFree, StringFromCLSID
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> comctl32.dll: _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
> URLMON.DLL: CoInternetCreateZoneManager, CoInternetCreateSecurityManager
> wininet.dll: InternetSetOptionA, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetConnectA, InternetCloseHandle
> shell32.dll: ShellExecuteExA, ShellExecuteA
> shell32.dll: SHGetMalloc
> shell32.dll: Shell_NotifyIconA

( 0 exports )

[Okocza]

tak, skasuj go.

Wykonaj to co jest podane w tym temacie

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

[dunhill]

ok oto log po wykonaniu polecen emo Magika

ComboFix 08-07-21.2 - Administrator 2008-07-23 14:44:10.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1652 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\ rpl.exe
C:\WINDOWS\MSBLT.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\MSBLT.EXE

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 13:18 . 2008-07-23 13:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-23 13:13 . 2008-07-23 13:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Webroot
2008-07-23 13:08 . 2008-07-23 13:35 <DIR> d-------- C:\SDFix
2008-07-22 13:04 . 2008-07-22 13:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 13:04 . 2008-07-22 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\AskSBar
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-22 11:49 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-22 11:49 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-22 11:49 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-22 11:49 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-22 11:48 . 2008-07-22 11:48 160 --a------ C:\install.dat
2008-07-22 11:41 . 2008-07-22 11:41 <DIR> d--hs---- C:\AVSystemCare
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Chaos Group
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBUKEY
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-07-21 23:48 . 2006-11-23 05:20 1,253,376 --a------ C:\WINDOWS\system32\WibuKe32.cpl
2008-07-21 23:48 . 2006-11-17 06:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-07-21 23:48 . 2006-11-02 05:20 479,232 --a------ C:\WINDOWS\system32\wibuKJni.dll
2008-07-21 23:48 . 2006-11-22 05:20 348,160 --a------ C:\WINDOWS\system32\WkExt32.dll
2008-07-21 23:48 . 2006-11-22 05:20 159,744 --a------ C:\WINDOWS\system32\WkWin32.dll
2008-07-21 23:48 . 2006-11-22 05:20 72,704 --a------ C:\WINDOWS\system32\drivers\WibuKey.sys
2008-07-21 23:48 . 2000-10-18 02:00 57,552 --a------ C:\WINDOWS\system32\WkDos.exe
2008-07-21 23:48 . 2006-03-06 05:10 54,336 --a------ C:\WINDOWS\system\WkWin.dll
2008-07-21 23:48 . 2006-11-09 05:20 16,384 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2008-07-21 22:37 . 2008-07-21 22:37 25,991 --a------ C:\WINDOWS\system32\epfwdata.bin
2008-07-21 19:26 . 2008-07-21 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 02:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-20 02:53 . 2008-07-20 02:53 <DIR> d-------- C:\Program Files\Panda Security
2008-07-20 02:43 . 2008-07-20 02:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 01:08 . 2008-07-20 01:08 728,576 --a------ C:\WINDOWS\system32\CSRLT.EXE
2008-07-20 01:07 . 2008-07-20 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ESET
2008-07-20 01:07 . 2008-07-20 01:07 728,576 --a------ C:\WINDOWS\ rpl.exe
2008-07-20 01:07 . 2008-07-23 13:42 2,999 --a------ C:\WINDOWS\system32\sc01.sc
2008-07-20 01:03 . 2008-07-22 11:36 <DIR> d-------- C:\Program Files\ESET
2008-07-20 00:20 . 2008-07-20 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\rt73.sys
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-07-19 23:29 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-07-19 23:29 . 2005-11-03 17:41 32,768 --a------ C:\WINDOWS\system32\GTGina.dll
2008-07-19 23:29 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-07-19 23:29 . 2008-07-19 23:29 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2008-07-19 23:29 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Program Files\Linksys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-07-19 23:28 . 2008-07-19 23:28 960 --a------ C:\WINDOWS\system32\WLAN.INI
2008-07-01 21:52 . 2008-07-01 21:52 <DIR> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 09:43 --------- d-----w C:\Program Files\Odkurzacz
2008-07-19 23:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\SolidWorks
2008-07-19 22:13 --------- d-----w C:\Program Files\Java
2008-07-19 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 11:53 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLbz.DAT
2008-07-10 11:53 --------- d-----w C:\Program Files\Common Files\Nikon
2008-06-22 10:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-06-21 21:37 --------- d-----w C:\Program Files\Cell Phone Manager
2008-06-21 14:57 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nikon
2008-06-21 14:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trance Pad
2008-06-21 13:01 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
2008-06-20 22:30 --------- d-----w C:\Program Files\mp3DirectCut
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:01 --------- d-----w C:\Program Files\PhotomatixPro3
2008-06-16 14:43 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-16 13:58 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-06-16 13:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-10 14:08 --------- d-----w C:\Program Files\SolidWorks
2008-06-09 20:01 --------- d-----w C:\Program Files\CyberLink
2008-05-31 11:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 11:02 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-31 10:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-31 00:29 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\F-Secure
2008-05-31 00:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-05-30 23:33 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Symantec
2008-05-30 19:06 45,768 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-26 22:59 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-23 22:10 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Avant Profiles
2008-05-23 21:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Avant Profiles
2008-05-11 20:26 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:27 64,672 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-06 20:27 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-02 11:21 36 ----a-w C:\Documents and Settings\Administrator\klextlock.dat
2008-05-02 10:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-13 21:54 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-22_14.42.50.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-02-24 18:36:08 16,096 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
+ 2005-02-25 03:36:06 16,096 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
- 2005-02-24 18:36:08 212,704 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
+ 2005-02-25 03:36:06 212,704 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
- 2005-02-24 18:36:08 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
+ 2005-02-25 03:36:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
- 2005-02-24 18:36:08 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
+ 2005-02-25 03:36:06 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
- 2005-02-24 18:36:08 387,296 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
+ 2005-02-25 03:36:07 387,296 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
+ 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-23 11:19:55 5,173,248 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-07-23 11:19:55 417,792 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-23 11:19:16 5,173,248 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-07-23 11:19:16 417,792 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-22 11:49 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 15:25 1093632]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"IMJPMIG8.2"="msime82.exe" [BU]

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=

R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
S0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
S1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
S3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 22:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30221a6e-1854-11dd-b304-00c09fe15bb0}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 09:49:51 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 14:48:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 14:50:15
ComboFix-quarantined-files.txt 2008-07-23 12:49:59
ComboFix2.txt 2008-07-23 11:51:02
ComboFix3.txt 2008-07-22 13:17:58
ComboFix4.txt 2008-07-22 12:43:46

Pre-Run: 4,857,933,824 bajtów wolnych
Post-Run: 4,848,730,112 bajtów wolnych

215 --- E O F --- 2008-07-21 18:13:25

[ Dodano: Dzisiaj o 15:25 ]
a jak mam dodac screeny?? bo wykonałem tez polecenia okocza. przy czym problem nadal istnieje w takim samym natężeniu

[Magik]

W OTMoveIt, ktory juz powinienes miec, jesli zrobiles co napisal okocza wyzej

w okienku Paste List of Files/Folders to be Moved wklej

Kod: Zaznacz wszystko

C:\WINDOWS\ rpl.exe

Naciskasz - MoveIt! i nastepnie restart

[dunhill]

pokazuje mi

File/Folder C:\WINDOWS\ rpl.exe not found.

[ Dodano: Dzisiaj o 15:46 ]
help...

[ Dodano: Dzisiaj o 15:51 ]
mam zrobić jeszcze raz to samo co napisał okocza??

[Magik]

pokazuje mi

File/Folder C:\WINDOWS\ rpl.exe not found.

sprawdz jeszcze recznie//jesli nie ma tego pliku to ok


wklej do notatnika

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30221a6e-1854-11dd-b304-00c09fe15bb0}]

zapisz jako fix.reg i odpal

Kod: Zaznacz wszystko

C:\WINDOWS\system32\CSRLT.EXE

ten plik nadal siedzi//daj go w HJT na fix lub


wklej do notatnika

Kod: Zaznacz wszystko

FILE::
C:\WINDOWS\system32\CSRLT.EX

zapisz jako CFScript.txt, przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

[dunhill]

ok wykonałem polecenie z Combofixa i daje log

ComboFix 08-07-22.4 - Administrator 2008-07-23 16:40:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1451 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\CSRLT.EX
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 15:28 . 2008-07-23 15:28 <DIR> d-------- C:\_OTMoveIt
2008-07-23 14:53 . 2008-07-23 14:53 728,576 --a------ C:\WINDOWS\MSBLT.EXE
2008-07-23 13:18 . 2008-07-23 13:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-23 13:13 . 2008-07-23 13:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Webroot
2008-07-22 13:04 . 2008-07-22 13:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 13:04 . 2008-07-22 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\AskSBar
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-22 11:49 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-22 11:49 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-22 11:49 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-22 11:49 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-22 11:48 . 2008-07-22 11:48 160 --a------ C:\install.dat
2008-07-22 11:41 . 2008-07-22 11:41 <DIR> d--hs---- C:\AVSystemCare
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Chaos Group
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBUKEY
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-07-21 23:48 . 2006-11-23 05:20 1,253,376 --a------ C:\WINDOWS\system32\WibuKe32.cpl
2008-07-21 23:48 . 2006-11-17 06:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-07-21 23:48 . 2006-11-02 05:20 479,232 --a------ C:\WINDOWS\system32\wibuKJni.dll
2008-07-21 23:48 . 2006-11-22 05:20 348,160 --a------ C:\WINDOWS\system32\WkExt32.dll
2008-07-21 23:48 . 2006-11-22 05:20 159,744 --a------ C:\WINDOWS\system32\WkWin32.dll
2008-07-21 23:48 . 2006-11-22 05:20 72,704 --a------ C:\WINDOWS\system32\drivers\WibuKey.sys
2008-07-21 23:48 . 2000-10-18 02:00 57,552 --a------ C:\WINDOWS\system32\WkDos.exe
2008-07-21 23:48 . 2006-03-06 05:10 54,336 --a------ C:\WINDOWS\system\WkWin.dll
2008-07-21 23:48 . 2006-11-09 05:20 16,384 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2008-07-21 22:37 . 2008-07-21 22:37 25,991 --a------ C:\WINDOWS\system32\epfwdata.bin
2008-07-21 19:26 . 2008-07-21 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 02:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-20 02:53 . 2008-07-20 02:53 <DIR> d-------- C:\Program Files\Panda Security
2008-07-20 02:43 . 2008-07-20 02:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 01:08 . 2008-07-20 01:08 728,576 --a------ C:\WINDOWS\system32\CSRLT.EXE
2008-07-20 01:07 . 2008-07-20 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ESET
2008-07-20 01:07 . 2008-07-20 01:07 728,576 --a------ C:\WINDOWS\ rpl.exe
2008-07-20 01:07 . 2008-07-23 16:34 2,999 --a------ C:\WINDOWS\system32\sc01.sc
2008-07-20 01:03 . 2008-07-22 11:36 <DIR> d-------- C:\Program Files\ESET
2008-07-20 00:20 . 2008-07-20 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\rt73.sys
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-07-19 23:29 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-07-19 23:29 . 2005-11-03 17:41 32,768 --a------ C:\WINDOWS\system32\GTGina.dll
2008-07-19 23:29 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-07-19 23:29 . 2008-07-19 23:29 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2008-07-19 23:29 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Program Files\Linksys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-07-19 23:28 . 2008-07-19 23:28 960 --a------ C:\WINDOWS\system32\WLAN.INI
2008-07-01 21:52 . 2008-07-01 21:52 <DIR> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 09:43 --------- d-----w C:\Program Files\Odkurzacz
2008-07-19 23:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\SolidWorks
2008-07-19 22:13 --------- d-----w C:\Program Files\Java
2008-07-19 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 11:53 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLbz.DAT
2008-07-10 11:53 --------- d-----w C:\Program Files\Common Files\Nikon
2008-06-22 10:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-06-21 21:37 --------- d-----w C:\Program Files\Cell Phone Manager
2008-06-21 14:57 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nikon
2008-06-21 14:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trance Pad
2008-06-21 13:01 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
2008-06-20 22:30 --------- d-----w C:\Program Files\mp3DirectCut
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:01 --------- d-----w C:\Program Files\PhotomatixPro3
2008-06-16 14:43 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-16 13:58 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-06-16 13:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-10 14:08 --------- d-----w C:\Program Files\SolidWorks
2008-06-09 20:01 --------- d-----w C:\Program Files\CyberLink
2008-05-31 11:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 11:02 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-31 10:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-31 00:29 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\F-Secure
2008-05-31 00:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-05-30 23:33 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Symantec
2008-05-30 19:06 45,768 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-26 22:59 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-23 22:10 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Avant Profiles
2008-05-23 21:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Avant Profiles
2008-05-11 20:26 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:27 64,672 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-06 20:27 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-02 11:21 36 ----a-w C:\Documents and Settings\Administrator\klextlock.dat
2008-05-02 10:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-13 21:54 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-22 11:49 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-22 11:49 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 15:25 1093632]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"CSRLT.EXE"="C:\WINDOWS\system32\CSRLT.EXE" [2008-07-20 01:08 728576]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 00:44 159744]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
S1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
S3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 22:42]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 09:49:51 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IMJPMIG8.2 - msime82.exe
MSConfigStartUp-MsServer - msfun80.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 16:42:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [3532] 0x88FBAC68

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 16:43:30
ComboFix-quarantined-files.txt 2008-07-23 14:43:07

Pre-Run: 5,387,501,568 bajtów wolnych
Post-Run: 5,379,383,296 bajtów wolnych

197 --- E O F --- 2008-07-21 18:13:25

[Okocza]

otwórz notatnik i wklej w nim:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\CSRLT.EXE

zapisz jako CFScript.txt, przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

nowy log po tej operacji

[Magik]

FILE::
C:\WINDOWS\system32\CSRLT.EX

wybacz stary ale widze nie wychwyciles ze zjadlem "e" na koncu

Kod: Zaznacz wszystko


FILE::
C:\WINDOWS\system32\CSRLT.EXE

reszta j/w

i jak to zrobisz i przeskanowales kompa tym
http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html

i wszystkie wpisy w HJT dales na fix to w kompie juz nic nie bedzie

[dunhill]

heh tak Ci ufam, że nawet nie zwróciłem uwagi przy kopiowaniu
oto log

ComboFix 08-07-22.4 - Administrator 2008-07-23 16:56:12.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1411 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\CSRLT.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\CSRLT.EXE

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 15:28 . 2008-07-23 15:28 <DIR> d-------- C:\_OTMoveIt
2008-07-23 14:53 . 2008-07-23 14:53 728,576 --a------ C:\WINDOWS\MSBLT.EXE
2008-07-23 13:18 . 2008-07-23 13:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-23 13:13 . 2008-07-23 13:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Webroot
2008-07-22 13:04 . 2008-07-22 13:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 13:04 . 2008-07-22 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Program Files\AskSBar
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-07-22 11:49 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Webroot
2008-07-22 11:49 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-22 11:49 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-22 11:49 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-22 11:49 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-22 11:49 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-22 11:48 . 2008-07-22 11:48 160 --a------ C:\install.dat
2008-07-22 11:41 . 2008-07-22 11:41 <DIR> d--hs---- C:\AVSystemCare
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2008-07-21 23:51 . 2008-07-21 23:51 <DIR> d-------- C:\Program Files\Chaos Group
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBUKEY
2008-07-21 23:48 . 2008-07-21 23:48 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-07-21 23:48 . 2006-11-23 05:20 1,253,376 --a------ C:\WINDOWS\system32\WibuKe32.cpl
2008-07-21 23:48 . 2006-11-17 06:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-07-21 23:48 . 2006-11-02 05:20 479,232 --a------ C:\WINDOWS\system32\wibuKJni.dll
2008-07-21 23:48 . 2006-11-22 05:20 348,160 --a------ C:\WINDOWS\system32\WkExt32.dll
2008-07-21 23:48 . 2006-11-22 05:20 159,744 --a------ C:\WINDOWS\system32\WkWin32.dll
2008-07-21 23:48 . 2006-11-22 05:20 72,704 --a------ C:\WINDOWS\system32\drivers\WibuKey.sys
2008-07-21 23:48 . 2000-10-18 02:00 57,552 --a------ C:\WINDOWS\system32\WkDos.exe
2008-07-21 23:48 . 2006-03-06 05:10 54,336 --a------ C:\WINDOWS\system\WkWin.dll
2008-07-21 23:48 . 2006-11-09 05:20 16,384 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2008-07-21 22:37 . 2008-07-21 22:37 25,991 --a------ C:\WINDOWS\system32\epfwdata.bin
2008-07-21 19:26 . 2008-07-21 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-21 19:21 . 2008-07-21 19:29 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 02:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-20 02:53 . 2008-07-20 02:53 <DIR> d-------- C:\Program Files\Panda Security
2008-07-20 02:43 . 2008-07-20 02:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 01:07 . 2008-07-20 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ESET
2008-07-20 01:07 . 2008-07-20 01:07 728,576 --a------ C:\WINDOWS\ rpl.exe
2008-07-20 01:07 . 2008-07-23 16:34 2,999 --a------ C:\WINDOWS\system32\sc01.sc
2008-07-20 01:03 . 2008-07-22 11:36 <DIR> d-------- C:\Program Files\ESET
2008-07-20 00:20 . 2008-07-20 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\rt73.sys
2008-07-19 23:29 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-07-19 23:29 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-07-19 23:29 . 2005-11-03 17:41 32,768 --a------ C:\WINDOWS\system32\GTGina.dll
2008-07-19 23:29 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-07-19 23:29 . 2008-07-19 23:29 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2008-07-19 23:29 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2008-07-19 23:29 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Program Files\Linksys
2008-07-19 23:28 . 2008-07-19 23:28 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-07-19 23:28 . 2008-07-19 23:28 960 --a------ C:\WINDOWS\system32\WLAN.INI
2008-07-01 21:52 . 2008-07-01 21:52 <DIR> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 09:43 --------- d-----w C:\Program Files\Odkurzacz
2008-07-19 23:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\SolidWorks
2008-07-19 22:13 --------- d-----w C:\Program Files\Java
2008-07-19 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 11:53 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLbz.DAT
2008-07-10 11:53 --------- d-----w C:\Program Files\Common Files\Nikon
2008-06-22 10:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-06-21 21:37 --------- d-----w C:\Program Files\Cell Phone Manager
2008-06-21 14:57 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nikon
2008-06-21 14:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trance Pad
2008-06-21 13:01 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
2008-06-20 22:30 --------- d-----w C:\Program Files\mp3DirectCut
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:01 --------- d-----w C:\Program Files\PhotomatixPro3
2008-06-16 14:43 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-16 13:58 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-06-16 13:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-10 14:08 --------- d-----w C:\Program Files\SolidWorks
2008-06-09 20:01 --------- d-----w C:\Program Files\CyberLink
2008-05-31 11:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 11:02 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-31 10:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-31 00:29 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\F-Secure
2008-05-31 00:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-05-30 23:33 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Symantec
2008-05-30 19:06 45,768 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-05-26 22:59 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-23 22:10 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Avant Profiles
2008-05-23 21:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Avant Profiles
2008-05-11 20:26 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:27 64,672 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-06 20:27 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-02 11:21 36 ----a-w C:\Documents and Settings\Administrator\klextlock.dat
2008-05-02 10:56 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-13 21:54 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-22 11:49 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-22 11:49 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 15:25 1093632]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 00:44 159744]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
S1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
S3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 22:42]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 09:49:51 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CSRLT.EXE - C:\WINDOWS\system32\CSRLT.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 16:57:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 16:57:52
ComboFix-quarantined-files.txt 2008-07-23 14:57:44
ComboFix2.txt 2008-07-23 14:43:32

Pre-Run: 5,357,785,088 bajtów wolnych
Post-Run: 5,369,753,600 bajtów wolnych

198 --- E O F --- 2008-07-21 18:13:25

i raport z FixIEdef

********************************************************************************
* *
* FixIEDef Log *
* Version 1.5.1.6012 *
* *
********************************************************************************

Created at 17:02:18 on Wednesday, July 23, 2008

Time Zone :

Logged On User : Administrator

Operating System : Microsoft Windows XP Professional Dodatek Service Pack 2
OS Version : 5.1.2600
System Langauge : Polish
Keyboard Layout : Polish
Processor : X86 Intel(R) Celeron(R) M processor 1.60GHz

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

Total Physical Memory : 1964184 KB
Free Physical Memory : 1484256 KB
Total Virtual Memory : 2097024 KB
Free Virtual Memory : 2018236 KB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

[Okocza]

Kod: Zaznacz wszystko

C:\WINDOWS\ rpl.exe

usun to killboxem

http://www.forum.programosy.pl/narzedzia-do-usuwania-plikow-vt96629.html

[dunhill]

WIELKIE DZIĘKI!!! podziwiam wiedzę i cierpliwość

Wygląda na to, że z kompem wszystko jest w porządku.

[ Dodano: Dzisiaj o 17:24 ]
chyba, że o czymś nie wiem i mam go jeszcze czymś sprawdzić??

[ Dodano: Dzisiaj o 17:35 ]
no i najważniejsze czy jak podłączę mój dysk przenośny to będzie to samo? czym mam go przeskanować?? wiem że to może nie w tym temacie ale tu bedziecie wiedzieli od razu co bylo nie tak i nie bede musiał tłumaczyć na innym temacie.

[Magik]

Wygląda na to, że z kompem wszystko jest w porządku.

to ok

chyba, że o czymś nie wiem i mam go jeszcze czymś sprawdzić??

dla pewnosci
http://www.programosy.pl/program,avg-anti-spyware.html

no i najważniejsze czy jak podłączę mój dysk przenośny to będzie to samo? czym mam go przeskanować??

strzezonego..........