prosze o sprawdzenie

**Posty:** 340 · przez **Rev@n** 06 Lip 2007, 23:23

Witam. Wchodze dzis na mojego drugiego kompa i odrazu zauwazylem cos dziwnego. GG/czat/irc jest tak jakby zablokowany. Tzn pisze z kims na ggpare minut, po czym albo mnie wywala,albo moje wiadomosci nei dochodza, czat sie wiesza po kilku minutach,a z irca mnei wywala. Skanowalem kompa avastem, wykrylo duzo plikow zarazonych Trojan-gen (dalem w kwarantanne poniewaz nei dalo sie wyleczyc).Glownie chodzi mi o te komunikatory... Daje loga:

Logfile of HijackThis v1.99.1
Scan saved at 00:08:17, on 2007-07-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Neostrada TP\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\DeCe\dc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gadu-Gadu7.0\gg.exe
C:\Documents and Settings\Damian\Pulpit\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LANChatPro] C:\Program Files\LANChat Pro\LANChat.exe /q
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Configuration Loader] svchost2.exe
O4 - HKCU\..\Run: [Uruchamianie DeCe] C:\Program Files\DeCe\dc.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C2C0AF3-7895-4BC0-B1C7-A08317CA34BC}: NameServer = 194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B280B288-C990-42F1-9BF8-F99709320241}: NameServer = 80.85.224.50,80.85.224.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

**Posty:** 156 · przez **Error74** 07 Lip 2007, 00:31

Log niepełny , daj nowy.

**Posty:** 340 · przez **Rev@n** 07 Lip 2007, 00:35

Bardzo przepraszam, ucielo mi poczatek loga przy wklejaniu. Juz poprawione, prosze o sprawdzenie

**Posty:** 18165 · przez **wojtas** 07 Lip 2007, 09:26

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera.

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKCU\..\Run: [Configuration Loader] svchost2.exe
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku
potem nowe logi z Hijack This oraz Silent runners

**Posty:** 156 · przez **Error74** 07 Lip 2007, 09:28

W awaryjnym z wyłączonym przywracaniem systemu fix:

Kod: Zaznacz wszystko: O4 - HKCU\..\Run: [Configuration Loader] svchost2.exe

robal

i dalej:

Kod: Zaznacz wszystko: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

Pliki .dll usuń "ręcznie" .

**Posty:** 340 · przez **Rev@n** 07 Lip 2007, 12:00

Logfile of HijackThis v1.99.1
Scan saved at 11:33:03, on 2007-07-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Neostrada TP\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\DeCe\dc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damian\Pulpit\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LANChatPro] C:\Program Files\LANChat Pro\LANChat.exe /q
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Uruchamianie DeCe] C:\Program Files\DeCe\dc.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C2C0AF3-7895-4BC0-B1C7-A08317CA34BC}: NameServer = 194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B280B288-C990-42F1-9BF8-F99709320241}: NameServer = 80.85.224.50,80.85.224.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Niestety przy uruchamianiu Silent Runner wyskakuje mi taki blad:

http://img263.imageshack.us/img263/6281/bllya0.gif

**Posty:** 18165 · przez **wojtas** 07 Lip 2007, 13:12

Start>uruchom>msconfig>zakladka uruchamianie> wylacz progsy które nie chcesz żeby startowaly z systemem przyspieszy Ci to wlaczanie kompa

daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Posty:** 340 · przez **Rev@n** 07 Lip 2007, 13:45

Kod: Zaznacz wszystko: "Damian" - 2007-07-07 12:58:25 - ComboFix 07-07-07.3 - Dodatek Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\alexa toolbar C:\Program Files\alexa toolbar\uninstall.exe C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\004AD3C3 C:\Program Files\myglobalsearch\bar\Cache\00599634.bin C:\Program Files\myglobalsearch\bar\Cache\00599960.bin C:\Program Files\myglobalsearch\bar\Cache\00599B25.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\system32\alxres.dll C:\WINDOWS\system32\AlxTB2.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 ))))))))))))))))))))))))))))))) 2007-07-07 12:57 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-06 00:09 <DIR> d-------- C:\Program Files\Ganymede 2007-07-05 13:04 <DIR> d-------- C:\DOCUME~1\Damian\DANEAP~1\Gadu-Gadu 2007-07-05 12:40 <DIR> d-------- C:\Program Files\Gadu-Gadu7.0 2007-07-04 19:55 <DIR> d-------- C:\DOCUME~1\Damian\DANEAP~1\Hamachi 2007-07-04 19:54 <DIR> d-------- C:\Program Files\Hamachi 2007-06-24 15:23 <DIR> d-------- C:\Program Files\Last.fm (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-07 11:12:06 -------- d-----w C:\Program Files\Microsoft AntiSpyware 2007-07-07 11:07:51 12 ----a-w C:\WINDOWS\bthservsdp.dat 2007-07-07 09:32:28 -------- d-----w C:\Program Files\mIRC 2007-07-06 20:17:49 -------- d-----w C:\Program Files\DAEMON Tools 2007-07-06 20:11:36 -------- d-----w C:\Program Files\Common Files\GMT 2007-07-06 20:08:34 -------- d-----w C:\Program Files\Common Files\CMEII 2007-07-04 17:54:43 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-06-22 11:36:02 -------- d-----w C:\Program Files\Quake III Arena 2007-06-22 11:35:26 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-22 11:31:15 -------- d-----w C:\DOCUME~1\Damian\DANEAP~1\Lionhead Studios 2007-06-16 10:54:27 -------- d-----w C:\Program Files\EA GAMES 2007-06-05 19:13:14 -------- d-----w C:\Program Files\MarkSoft 2007-06-05 19:03:18 -------- d-----w C:\Program Files\Activision 2007-05-31 12:07:15 -------- d-----w C:\Program Files\Kelvin 2007-05-24 17:17:18 -------- d-----w C:\Program Files\Worms_arm 2007-05-24 17:02:27 -------- d-----w C:\Program Files\Zegarmistrz 2007-05-13 14:25:50 4 ----a-w C:\WINDOWS\system32\Vbe.dll 2007-05-13 14:25:38 -------- d-----w C:\Program Files\Pharaohs' Curse Gold Demo 2007-05-07 18:51:46 -------- d-----w C:\Program Files\Worms_wp 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-29 14:53:41 1,618,783 ----a-w C:\WINDOWS\Richard Burns Rally.exe 2007-04-29 14:53:40 40,960 ----a-w C:\WINDOWS\Richard Burns Rally.dll 2007-04-29 14:53:40 399,252 ----a-w C:\WINDOWS\Richard Burns Rally.scr 2007-04-29 14:53:40 18,192 ----a-w C:\WINDOWS\Richard Burns Rally.dat 2007-04-29 14:51:48 192,000 ----a-w C:\WINDOWS\shark_saver1.scr 2007-04-29 14:51:40 535,040 ----a-w C:\WINDOWS\flashax.exe 2007-04-29 14:51:40 12,288 ----a-w C:\WINDOWS\impborl.dll 2006-06-25 16:23:32 5 --sha-w C:\WINDOWS\system32\dbaecdbe8_s.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] 2006-05-16 15:19 81920 --a------ C:\PROGRA~1\FlashGet\jccatch.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] 2007-06-13 18:57 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}] 2004-12-03 05:14 100864 --a------ C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 22:32] "nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:44 C:\WINDOWS\system32\bthprops.cpl] "LANChatPro"="C:\Program Files\LANChat Pro\LANChat.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07] "WOOTASKBARICON"="C:\Program Files\Neostrada TP\taskbaricon.exe" [2003-10-16 18:07] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-05-20 12:13] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-10-27 01:01] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-06 23:52] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34] "Uruchamianie DeCe"="C:\Program Files\DeCe\dc.exe" [2005-03-03 19:56] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-02-10 22:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] AutoRun\command- I:\Installer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] AutoRun\command- J:\Installer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{900ce6e6-4df8-11da-b273-806d6172696f}] AutoRun\command- F:\launcher.exe ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-07 13:11:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-07 13:14:25 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-07 13:14 --- E O F ---

**Posty:** 18165 · przez **wojtas** 07 Lip 2007, 13:49

te pliki

C:\WINDOWS\system32\dbaecdbe8_s.dll
C:\WINDOWS\system32\Vbe.dll
C:\WINDOWS\bthservsdp.dat

przeskanuj tu:

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty

**Posty:** 340 · przez **Rev@n** 07 Lip 2007, 14:10

Nie mam tych plikow wogule na dysku. Mam ustawione zeby pokazywalo ukryte, poprostu ich nei ma :1:

. Albo usunalem gdzies juz wczesniej, albo sa w calkiem innej lokalizacji...

a gg/irc/czaty dzialaja tak samo, czyli wiadomosci nie dochodza po paru minutach lub mnie wylogowywuje

**Posty:** 18165 · przez **wojtas** 07 Lip 2007, 14:17

wklej do notatnika:

ATTRIB -R -S -H C:\WINDOWS\system32\dbaecdbe8_s.dll
ATTRIB -R -S -H C:\WINDOWS\system32\Vbe.dll
ATTRIB -R -S -H C:\WINDOWS\bthservsdp.dat

Plik >>> zapisz jako >>> zmien rozszerzenie z TXT na wszystkie typy plików >>> zapisz pod nazwa FIX.BAT i uruchom potem poszukaj tych plikow

**Posty:** 340 · przez **Rev@n** 07 Lip 2007, 14:28

Nadal nie ma tych plikow :1:

Moge nawet dac screena...

**Posty:** 18165 · przez **wojtas** 07 Lip 2007, 14:31

daj jeszcze jeden log z combofixa

**Posty:** 340 · przez **Rev@n** 10 Lip 2007, 13:00

po ponownym przeskanowaniu ComboFixem pliki
ATTRIB -R -S -H C:\WINDOWS\bthservsdp.dat
ATTRIB -R -S -H C:\WINDOWS\system32\dbaecdbe8_s.dll

sie pojawily, Vbe.dat nadal nie ma. Skany z Virustotal:

Complete scanning result of "bthservsdp.dat", received in VirusTotal at 07.10.2007, 11:59:54 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.10.2007 no virus found
AntiVir 7.4.0.39 07.10.2007 no virus found
Authentium 4.93.8 07.09.2007 no virus found
Avast 4.7.997.0 07.09.2007 no virus found
AVG 7.5.0.476 07.09.2007 no virus found
BitDefender 7.2 07.10.2007 no virus found
CAT-QuickHeal 9.00 07.09.2007 no virus found
ClamAV devel-20070416 07.10.2007 no virus found
DrWeb 4.33 07.10.2007 no virus found
eSafe 7.0.15.0 07.08.2007 no virus found
eTrust-Vet 30.8.3777 07.10.2007 no virus found
Ewido 4.0 07.10.2007 no virus found
FileAdvisor 1 07.10.2007 no virus found
Fortinet 2.91.0.0 07.10.2007 no virus found
F-Prot 4.3.2.48 07.09.2007 no virus found
Ikarus T3.1.1.8 07.10.2007 no virus found
Kaspersky 4.0.2.24 07.10.2007 no virus found
McAfee 5070 07.09.2007 no virus found
Microsoft 1.2704 07.10.2007 no virus found
NOD32v2 2389 07.10.2007 no virus found
Norman 5.80.02 07.09.2007 no virus found
Panda 9.0.0.4 07.10.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.07.2007 no virus found
Symantec 10 07.10.2007 no virus found
TheHacker 6.1.6.144 07.09.2007 no virus found
VBA32 3.12.0.2 07.09.2007 no virus found
VirusBuster 4.3.23:9 07.09.2007 no virus found
Webwasher-Gateway 6.0.1 07.10.2007 no virus found

Aditional Information
File size: 12 bytes
MD5: 873ea3362aa6ac9b704f6c27d2cc7445
SHA1: a976f67131c514248465a6ca3f544d296e708e58

Complete scanning result of "dbaecdbe8_s.dll", received in VirusTotal at 07.10.2007, 12:05:55 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.10.2007 no virus found
AntiVir 7.4.0.39 07.10.2007 no virus found
Authentium 4.93.8 07.09.2007 no virus found
Avast 4.7.997.0 07.09.2007 no virus found
AVG 7.5.0.476 07.09.2007 no virus found
BitDefender 7.2 07.10.2007 no virus found
CAT-QuickHeal 9.00 07.09.2007 no virus found
ClamAV devel-20070416 07.10.2007 no virus found
DrWeb 4.33 07.10.2007 no virus found
eSafe 7.0.15.0 07.08.2007 no virus found
eTrust-Vet 30.8.3777 07.10.2007 no virus found
Ewido 4.0 07.10.2007 no virus found
FileAdvisor 1 07.10.2007 no virus found
Fortinet 2.91.0.0 07.10.2007 no virus found
F-Prot 4.3.2.48 07.09.2007 no virus found
Ikarus T3.1.1.8 07.10.2007 no virus found
Kaspersky 4.0.2.24 07.10.2007 no virus found
McAfee 5070 07.09.2007 no virus found
Microsoft 1.2704 07.10.2007 no virus found
NOD32v2 2389 07.10.2007 no virus found
Norman 5.80.02 07.09.2007 no virus found
Panda 9.0.0.4 07.10.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.07.2007 no virus found
Symantec 10 07.10.2007 no virus found
TheHacker 6.1.6.144 07.09.2007 no virus found
VBA32 3.12.0.2 07.09.2007 no virus found
VirusBuster 4.3.23:9 07.09.2007 no virus found
Webwasher-Gateway 6.0.1 07.10.2007 no virus found

Aditional Information
File size: 5 bytes
MD5: 934c7e76dc103af3ef585bbcf0296656
SHA1: 96c1767e58cb7ef6b95323420f3d1ec8a6c847a8

Skany z Virusscan:

Service load:
0% 100%
File: dbaecdbe8_s.dll
Status:
OK
MD5: 934c7e76dc103af3ef585bbcf0296656
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 10 Jul 2007 10:15:01 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

w pliku bthservsdp.dat tez czysto )przez przypadek usunalem skana, a server zapchany niesamowicie sie zrobil

ponowny log z ComboFixa

"Damian" - 2007-07-10 11:44:52 - ComboFix 07-07-10.1 - Dodatek Service Pack 2

((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))

2007-07-08 18:42 <DIR> d-------- C:\DOCUME~1\Klaudia\DANEAP~1\Gadu-Gadu
2007-07-08 01:57 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-07-07 12:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-06 00:09 <DIR> d-------- C:\Program Files\Ganymede
2007-07-05 13:04 <DIR> d-------- C:\DOCUME~1\Damian\DANEAP~1\Gadu-Gadu
2007-07-05 12:40 <DIR> d-------- C:\Program Files\Gadu-Gadu7.0
2007-07-04 19:55 <DIR> d-------- C:\DOCUME~1\Damian\DANEAP~1\Hamachi
2007-07-04 19:54 <DIR> d-------- C:\Program Files\Hamachi
2007-06-24 15:23 <DIR> d-------- C:\Program Files\Last.fm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 09:44:32 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-07-09 20:27:24 -------- d-----w C:\Program Files\mIRC
2007-07-06 20:17:49 -------- d-----w C:\Program Files\DAEMON Tools
2007-07-06 20:11:36 -------- d-----w C:\Program Files\Common Files\GMT
2007-07-06 20:08:34 -------- d-----w C:\Program Files\Common Files\CMEII
2007-07-04 17:54:43 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-22 11:36:02 -------- d-----w C:\Program Files\Quake III Arena
2007-06-22 11:35:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-22 11:31:15 -------- d-----w C:\DOCUME~1\Damian\DANEAP~1\Lionhead Studios
2007-06-16 10:54:27 -------- d-----w C:\Program Files\EA GAMES
2007-06-05 19:13:14 -------- d-----w C:\Program Files\MarkSoft
2007-06-05 19:03:18 -------- d-----w C:\Program Files\Activision
2007-05-31 12:07:15 -------- d-----w C:\Program Files\Kelvin
2007-05-24 17:17:18 -------- d-----w C:\Program Files\Worms_arm
2007-05-24 17:02:27 -------- d-----w C:\Program Files\Zegarmistrz
2007-05-13 14:25:38 -------- d-----w C:\Program Files\Pharaohs' Curse Gold Demo
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-29 14:53:41 1,618,783 ----a-w C:\WINDOWS\Richard Burns Rally.exe
2007-04-29 14:53:40 40,960 ----a-w C:\WINDOWS\Richard Burns Rally.dll
2007-04-29 14:53:40 399,252 ----a-w C:\WINDOWS\Richard Burns Rally.scr
2007-04-29 14:53:40 18,192 ----a-w C:\WINDOWS\Richard Burns Rally.dat
2007-04-29 14:51:48 192,000 ----a-w C:\WINDOWS\shark_saver1.scr
2007-04-29 14:51:40 535,040 ----a-w C:\WINDOWS\flashax.exe
2007-04-29 14:51:40 12,288 ----a-w C:\WINDOWS\impborl.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2006-05-16 15:19 81920 --a------ C:\PROGRA~1\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-13 18:57 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}]
2004-12-03 05:14 100864 --a------ C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 22:32]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:44 C:\WINDOWS\system32\bthprops.cpl]
"LANChatPro"="C:\Program Files\LANChat Pro\LANChat.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" []
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="C:\Program Files\Neostrada TP\taskbaricon.exe" [2003-10-16 18:07]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-05-20 12:13]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-10-27 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-06 23:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34]
"Uruchamianie DeCe"="C:\Program Files\DeCe\dc.exe" [2005-03-03 19:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 18:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-02-10 22:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{900ce6e6-4df8-11da-b273-806d6172696f}]
AutoRun\command- F:\launcher.exe

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 11:51:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 11:53:21
C:\ComboFix-quarantined-files.txt ... 2007-07-10 11:52

--- E O F ---

**Posty:** 18165 · przez **wojtas** 10 Lip 2007, 13:52

log masz czysty

Autor postu otrzymał pochwałę

**Posty:** 340 · przez **Rev@n** 10 Lip 2007, 14:08

Dzieki za pomoc

EOT

prosze o sprawdzenie

prosze o sprawdzenie

Kto jest na forum