kolejny problem z pseudo virusprotectpro

**Posty:** 6 · przez **m-marecki** 26 Lip 2007, 15:15

Witam też mam problem z tym spamem to moje loga

Kod: Zaznacz wszystko: "a123" - 2007-07-26 15:06:32 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\ip6fw.sys C:\WINDOWS\system32\drivers\runtime2.sys ((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 ))))))))))))))))))))))))))))))) 2007-07-26 14:26 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-26 14:16 5,022 --a------ C:\dnsbak.reg 2007-07-26 14:02 <DIR> d-------- C:\WINDOWS\pss 2007-07-24 13:27 <DIR> d-------- C:\KAV 2007-07-24 13:23 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-07-24 13:23 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-24 13:23 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-24 13:23 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-24 13:23 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-24 13:23 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-24 13:23 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-24 12:54 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP 2007-07-18 21:19 <DIR> d-------- C:\winnt 2007-07-18 21:18 <DIR> d-------- C:\apache 2007-07-18 08:52 <DIR> d-------- C:\DOCUME~1\a123\DANEAP~1\Gadu-Gadu 2007-07-18 08:49 <DIR> d-------- C:\Program Files\Gadu-Gadu 2007-07-18 08:49 <DIR> d-------- C:\DOCUME~1\a123\Gadu-Gadu 2007-07-12 16:30 <DIR> d-------- C:\Program Files\Common Files\DirectX 2007-07-12 15:53 <DIR> d-------- C:\Program Files\PowerISO 2007-07-11 20:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-07-11 20:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-07-11 20:21 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-07-11 20:21 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-07-11 20:21 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-07-11 20:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-07-11 20:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-07-11 20:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-07-11 20:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-07-10 18:39 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-07-10 18:39 20,400 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-07-10 18:39 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2007-07-10 18:39 <DIR> d-------- C:\Program Files\Futuremark 2007-07-05 20:43 <DIR> d-------- C:\Nowe 2007-06-30 18:20 <DIR> d-------- C:\Filmy 2007-06-30 13:54 65,109 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-06-30 13:53 6,112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-06-30 13:53 <DIR> d-------- C:\WINDOWS\BricoPacks 2007-06-30 13:51 <DIR> dr-hs---- C:\Recycled 2007-06-28 22:47 28,672 --a------ C:\WINDOWS\system32\SockModule.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-26 13:13:30 648 ----a-w C:\WINDOWS\system32\msdtmuiu.dat 2007-07-26 13:13:30 5,093 ----a-w C:\WINDOWS\system32\powrpryf.dat 2007-07-26 13:13:30 16,601 ----a-w C:\WINDOWS\system32\wzcdogx.dat 2007-07-26 13:13:30 0 ----a-w C:\WINDOWS\system32\wmvdmje2.dat 2007-07-26 13:12:33 504 ----a-w C:\WINDOWS\system32\msratiog.dat 2007-07-26 13:12:33 42,094 ----a-w C:\WINDOWS\system32\a3dF.dat 2007-07-26 13:12:33 3,709 ----a-w C:\WINDOWS\system32\ifmomwor.dat 2007-07-26 13:12:27 0 ----a-w C:\WINDOWS\system32\duseucw.dat 2007-07-26 12:29:57 -------- d-----w C:\Program Files\eMule 2007-07-26 12:05:19 371 ----a-w C:\WINDOWS\system32\securitk.dat 2007-07-24 13:05:06 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Skype 2007-07-24 11:17:58 -------- d-----w C:\Program Files\SubEdit-Player 2007-07-23 18:25:33 9,216 --s-a-w C:\WINDOWS\system32\wzhtjqo.dll 2007-07-19 17:10:38 -------- d-----w C:\Program Files\Cartall 2007-07-18 06:12:43 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-12 14:27:49 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-07-08 16:43:12 -------- d-----w C:\Program Files\Webteh 2007-06-30 11:55:52 -------- d-----w C:\Program Files\Movie Maker 2007-06-30 11:54:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-06-29 12:49:10 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Real 2007-06-17 15:22:45 4,096 ----a-w C:\WINDOWS\system32\popupapap5.dll 2007-06-17 15:04:39 4,096 ----a-w C:\WINDOWS\system32\popupapap3.dll 2007-06-17 14:54:41 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Media Player Classic 2007-06-17 14:49:51 -------- d-----w C:\Program Files\PowerQuest 2007-06-17 14:46:33 4,096 ----a-w C:\WINDOWS\system32\popupapap1.dll 2007-06-17 14:45:57 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-06-17 14:45:23 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Vso 2007-06-17 14:45:17 87,608 ----a-w C:\DOCUME~1\a123\DANEAP~1\inst.exe 2007-06-17 14:45:17 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-06-17 14:45:17 47,360 ----a-w C:\DOCUME~1\a123\DANEAP~1\pcouffin.sys 2007-06-17 14:45:17 -------- d-----w C:\Program Files\DVDFab Platinum 3 2007-06-17 14:43:32 -------- d-----w C:\Program Files\DAEMON Tools 2007-06-17 14:42:13 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-17 14:29:45 -------- d-----w C:\Program Files\EVEREST Ultimate Edition 2007-05-11 04:37:16 740,442 ----a-w C:\WINDOWS\system32\divx.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-05-02 18:04:20 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-05-02 18:02:08 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-28 12:54:36 593,920 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-04-27 18:59:08 4,096 ----a-w C:\WINDOWS\system32\popupapap1027.dll 2007-04-27 18:44:01 4,096 ----a-w C:\WINDOWS\system32\popupapap1025.dll 2007-04-27 18:28:53 4,096 ----a-w C:\WINDOWS\system32\popupapap1023.dll 2007-04-27 18:13:45 4,096 ----a-w C:\WINDOWS\system32\popupapap1021.dll 2007-04-27 17:58:36 4,096 ----a-w C:\WINDOWS\system32\popupapap1019.dll 2007-04-27 17:43:29 4,096 ----a-w C:\WINDOWS\system32\popupapap1017.dll 2007-04-27 17:28:21 4,096 ----a-w C:\WINDOWS\system32\popupapap1015.dll 2007-04-27 17:13:11 4,096 ----a-w C:\WINDOWS\system32\popupapap1013.dll 2007-04-27 16:58:04 4,096 ----a-w C:\WINDOWS\system32\popupapap1011.dll 2007-04-27 16:42:57 4,096 ----a-w C:\WINDOWS\system32\popupapap1009.dll 2007-04-27 16:27:49 4,096 ----a-w C:\WINDOWS\system32\popupapap1007.dll 2007-04-27 16:12:41 4,096 ----a-w C:\WINDOWS\system32\popupapap1005.dll 2007-04-27 15:57:34 4,096 ----a-w C:\WINDOWS\system32\popupapap1003.dll 2007-04-27 15:42:27 4,096 ----a-w C:\WINDOWS\system32\popupapap1001.dll 2007-04-27 15:27:19 4,096 ----a-w C:\WINDOWS\system32\popupapap999.dll 2007-04-27 15:12:11 4,096 ----a-w C:\WINDOWS\system32\popupapap997.dll 2007-04-27 14:57:04 4,096 ----a-w C:\WINDOWS\system32\popupapap995.dll 2007-04-27 14:41:56 4,096 ----a-w C:\WINDOWS\system32\popupapap993.dll 2007-04-27 14:26:49 4,096 ----a-w C:\WINDOWS\system32\popupapap991.dll 2007-04-27 14:11:39 4,096 ----a-w C:\WINDOWS\system32\popupapap989.dll 2007-04-27 13:56:32 4,096 ----a-w C:\WINDOWS\system32\popupapap987.dll 2007-04-27 13:41:24 4,096 ----a-w C:\WINDOWS\system32\popupapap985.dll 2007-04-27 13:26:17 4,096 ----a-w C:\WINDOWS\system32\popupapap983.dll 2007-04-27 13:11:09 4,096 ----a-w C:\WINDOWS\system32\popupapap981.dll 2007-04-27 12:56:01 4,096 ----a-w C:\WINDOWS\system32\popupapap979.dll 2007-04-27 12:40:48 4,096 ----a-w C:\WINDOWS\system32\popupapap977.dll 2007-04-27 12:25:41 4,096 ----a-w C:\WINDOWS\system32\popupapap975.dll 2007-04-27 12:10:28 4,096 ----a-w C:\WINDOWS\system32\popupapap973.dll 2007-04-27 11:55:16 4,096 ----a-w C:\WINDOWS\system32\popupapap971.dll 2007-04-27 11:40:08 4,096 ----a-w C:\WINDOWS\system32\popupapap969.dll 2007-04-27 11:24:56 4,096 ----a-w C:\WINDOWS\system32\popupapap967.dll 2007-04-27 11:09:49 4,096 ----a-w C:\WINDOWS\system32\popupapap965.dll 2007-04-27 10:54:42 4,096 ----a-w C:\WINDOWS\system32\popupapap963.dll 2007-04-27 10:39:30 4,096 ----a-w C:\WINDOWS\system32\popupapap961.dll 2007-04-27 10:24:23 4,096 ----a-w C:\WINDOWS\system32\popupapap959.dll 2007-04-27 10:09:16 4,096 ----a-w C:\WINDOWS\system32\popupapap957.dll 2007-04-27 09:54:08 4,096 ----a-w C:\WINDOWS\system32\popupapap955.dll 2007-04-27 09:39:01 4,096 ----a-w C:\WINDOWS\system32\popupapap953.dll 2007-04-27 09:23:54 4,096 ----a-w C:\WINDOWS\system32\popupapap951.dll 2007-04-27 09:08:47 4,096 ----a-w C:\WINDOWS\system32\popupapap949.dll 2007-04-27 08:53:40 4,096 ----a-w C:\WINDOWS\system32\popupapap947.dll 2007-04-27 08:38:32 4,096 ----a-w C:\WINDOWS\system32\popupapap945.dll 2007-04-27 08:23:25 4,096 ----a-w C:\WINDOWS\system32\popupapap943.dll 2007-04-27 08:08:18 4,096 ----a-w C:\WINDOWS\system32\popupapap941.dll 2007-04-27 07:53:11 4,096 ----a-w C:\WINDOWS\system32\popupapap939.dll 2007-04-27 07:38:03 4,096 ----a-w C:\WINDOWS\system32\popupapap937.dll 2007-04-27 07:22:54 4,096 ----a-w C:\WINDOWS\system32\popupapap935.dll 2007-04-27 07:07:47 4,096 ----a-w C:\WINDOWS\system32\popupapap933.dll 2007-04-27 06:52:40 4,096 ----a-w C:\WINDOWS\system32\popupapap931.dll 2007-04-27 06:37:33 4,096 ----a-w C:\WINDOWS\system32\popupapap929.dll 2007-04-27 06:22:25 4,096 ----a-w C:\WINDOWS\system32\popupapap927.dll 2007-04-27 06:07:18 4,096 ----a-w C:\WINDOWS\system32\popupapap925.dll 2007-04-27 05:52:10 4,096 ----a-w C:\WINDOWS\system32\popupapap923.dll 2007-04-27 05:37:02 4,096 ----a-w C:\WINDOWS\system32\popupapap921.dll 2007-04-27 05:21:55 4,096 ----a-w C:\WINDOWS\system32\popupapap919.dll 2007-04-27 05:06:46 4,096 ----a-w C:\WINDOWS\system32\popupapap917.dll 2007-04-27 04:51:38 4,096 ----a-w C:\WINDOWS\system32\popupapap915.dll 2007-04-27 04:36:31 4,096 ----a-w C:\WINDOWS\system32\popupapap913.dll 2007-04-27 04:21:24 4,096 ----a-w C:\WINDOWS\system32\popupapap911.dll 2007-04-27 04:06:17 4,096 ----a-w C:\WINDOWS\system32\popupapap909.dll 2007-04-27 03:51:10 4,096 ----a-w C:\WINDOWS\system32\popupapap907.dll 2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19] "nwiz"="nwiz.exe" [2007-03-22 04:50 C:\WINDOWS\system32\nwiz.exe] "Resume copy"="copyfstq.exe" [2002-03-24 12:54 C:\WINDOWS\COPYFSTQ.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-10-05 16:31] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38] "Vistadrv"="C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 04:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2006-06-23 19:00] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29] "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-09-14 16:15] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-11-15 22:30:15] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}"= C:\WINDOWS\system32\wzhtjqo.dll [2007-07-23 20:25 9216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\arm32reg] C:\Documents and Settings\All Users\Dokumenty\Settings\arm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST] C:\WINDOWS\MDM.EXE R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys R2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys R3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-26 15:13:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-26 15:14:35 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-26 15:14 C:\ComboFix2.txt ... 2007-07-26 14:30 --- E O F ---

co z tym zrobić

**Posty:** 18165 · przez **wojtas** 26 Lip 2007, 15:25

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

oraz te skanery po kilka razy w awaryjnym

VundoFix
http://www.atribune.org/ccount/click.php?id=4

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

FixVundo
http://securityresponse.symantec.com/avcenter/FixVundo.exe

potem daj loga jeszcze z hijacka wg.opisu oraz z combofixa

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 6 · przez **m-marecki** 27 Lip 2007, 14:57

Zrobiłem tak jak napisałeś i nic nie znalazły a to loga

Kod: Zaznacz wszystko: ogfile of HijackThis v1.99.1 Scan saved at 14:55:50, on 2007-07-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe c:\apache\APACHE.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe c:\apache\APACHE.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\eMule\emule.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\InterVideo\DVD6\WinDVD.exe C:\Documents and Settings\a123\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: arm32reg - C:\Documents and Settings\All Users\Dokumenty\Settings\arm32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

i drugi

Kod: Zaznacz wszystko: "a123" - 2007-07-27 14:59:53 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 ))))))))))))))))))))))))))))))) 2007-07-27 14:26 <DIR> d-------- C:\VundoFix Backups 2007-07-27 14:21 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-27 14:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-27 14:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-27 14:21 1,938 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-26 14:26 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-26 14:16 5,022 --a------ C:\dnsbak.reg 2007-07-26 14:02 <DIR> d-------- C:\WINDOWS\pss 2007-07-24 13:27 <DIR> d-------- C:\KAV 2007-07-24 13:23 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-07-24 13:23 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-24 13:23 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-24 13:23 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-24 13:23 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-24 13:23 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-24 13:23 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-24 12:54 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP 2007-07-18 21:19 <DIR> d-------- C:\winnt 2007-07-18 21:18 <DIR> d-------- C:\apache 2007-07-18 08:52 <DIR> d-------- C:\DOCUME~1\a123\DANEAP~1\Gadu-Gadu 2007-07-18 08:49 <DIR> d-------- C:\Program Files\Gadu-Gadu 2007-07-18 08:49 <DIR> d-------- C:\DOCUME~1\a123\Gadu-Gadu 2007-07-12 16:30 <DIR> d-------- C:\Program Files\Common Files\DirectX 2007-07-12 15:53 <DIR> d-------- C:\Program Files\PowerISO 2007-07-11 20:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-07-11 20:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-07-11 20:21 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-07-11 20:21 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-07-11 20:21 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-07-11 20:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-07-11 20:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-07-11 20:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-07-11 20:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-07-10 18:39 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-07-10 18:39 20,400 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-07-10 18:39 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2007-07-10 18:39 <DIR> d-------- C:\Program Files\Futuremark 2007-07-05 20:43 <DIR> d-------- C:\Nowe 2007-06-30 18:20 <DIR> d-------- C:\Filmy 2007-06-30 13:54 65,109 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-06-30 13:53 6,112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-06-30 13:53 <DIR> d-------- C:\WINDOWS\BricoPacks 2007-06-30 13:51 <DIR> dr-hs---- C:\Recycled 2007-06-28 22:47 28,672 --a------ C:\WINDOWS\system32\SockModule.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-27 12:20:27 528 ----a-w C:\WINDOWS\system32\msratiog.dat 2007-07-27 12:20:27 42,158 ----a-w C:\WINDOWS\system32\a3dF.dat 2007-07-27 12:20:27 3,733 ----a-w C:\WINDOWS\system32\ifmomwor.dat 2007-07-27 06:36:41 -------- d-----w C:\Program Files\eMule 2007-07-26 13:16:24 0 ----a-w C:\WINDOWS\system32\duseucw.dat 2007-07-26 13:16:12 712 ----a-w C:\WINDOWS\system32\msdtmuiu.dat 2007-07-26 13:16:12 5,117 ----a-w C:\WINDOWS\system32\powrpryf.dat 2007-07-26 13:16:12 16,625 ----a-w C:\WINDOWS\system32\wzcdogx.dat 2007-07-26 13:16:12 0 ----a-w C:\WINDOWS\system32\wmvdmje2.dat 2007-07-26 12:05:19 371 ----a-w C:\WINDOWS\system32\securitk.dat 2007-07-24 13:05:06 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Skype 2007-07-24 11:17:58 -------- d-----w C:\Program Files\SubEdit-Player 2007-07-23 18:25:33 9,216 --s-a-w C:\WINDOWS\system32\wzhtjqo.dll 2007-07-19 17:10:38 -------- d-----w C:\Program Files\Cartall 2007-07-18 06:12:43 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-12 14:27:49 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-07-08 16:43:12 -------- d-----w C:\Program Files\Webteh 2007-06-30 11:55:52 -------- d-----w C:\Program Files\Movie Maker 2007-06-30 11:54:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-06-29 12:49:10 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Real 2007-06-17 15:22:45 4,096 ----a-w C:\WINDOWS\system32\popupapap5.dll 2007-06-17 15:04:39 4,096 ----a-w C:\WINDOWS\system32\popupapap3.dll 2007-06-17 14:54:41 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Media Player Classic 2007-06-17 14:49:51 -------- d-----w C:\Program Files\PowerQuest 2007-06-17 14:46:33 4,096 ----a-w C:\WINDOWS\system32\popupapap1.dll 2007-06-17 14:45:57 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-06-17 14:45:23 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Vso 2007-06-17 14:45:17 87,608 ----a-w C:\DOCUME~1\a123\DANEAP~1\inst.exe 2007-06-17 14:45:17 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-06-17 14:45:17 47,360 ----a-w C:\DOCUME~1\a123\DANEAP~1\pcouffin.sys 2007-06-17 14:45:17 -------- d-----w C:\Program Files\DVDFab Platinum 3 2007-06-17 14:43:32 -------- d-----w C:\Program Files\DAEMON Tools 2007-06-17 14:42:13 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-17 14:29:45 -------- d-----w C:\Program Files\EVEREST Ultimate Edition 2007-05-11 04:37:16 740,442 ----a-w C:\WINDOWS\system32\divx.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-05-02 18:04:20 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-05-02 18:02:08 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-28 12:54:36 593,920 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-04-27 18:59:08 4,096 ----a-w C:\WINDOWS\system32\popupapap1027.dll 2007-04-27 18:44:01 4,096 ----a-w C:\WINDOWS\system32\popupapap1025.dll 2007-04-27 18:28:53 4,096 ----a-w C:\WINDOWS\system32\popupapap1023.dll 2007-04-27 18:13:45 4,096 ----a-w C:\WINDOWS\system32\popupapap1021.dll 2007-04-27 17:58:36 4,096 ----a-w C:\WINDOWS\system32\popupapap1019.dll 2007-04-27 17:43:29 4,096 ----a-w C:\WINDOWS\system32\popupapap1017.dll 2007-04-27 17:28:21 4,096 ----a-w C:\WINDOWS\system32\popupapap1015.dll 2007-04-27 17:13:11 4,096 ----a-w C:\WINDOWS\system32\popupapap1013.dll 2007-04-27 16:58:04 4,096 ----a-w C:\WINDOWS\system32\popupapap1011.dll 2007-04-27 16:42:57 4,096 ----a-w C:\WINDOWS\system32\popupapap1009.dll 2007-04-27 16:27:49 4,096 ----a-w C:\WINDOWS\system32\popupapap1007.dll 2007-04-27 16:12:41 4,096 ----a-w C:\WINDOWS\system32\popupapap1005.dll 2007-04-27 15:57:34 4,096 ----a-w C:\WINDOWS\system32\popupapap1003.dll 2007-04-27 15:42:27 4,096 ----a-w C:\WINDOWS\system32\popupapap1001.dll 2007-04-27 15:27:19 4,096 ----a-w C:\WINDOWS\system32\popupapap999.dll 2007-04-27 15:12:11 4,096 ----a-w C:\WINDOWS\system32\popupapap997.dll 2007-04-27 14:57:04 4,096 ----a-w C:\WINDOWS\system32\popupapap995.dll 2007-04-27 14:41:56 4,096 ----a-w C:\WINDOWS\system32\popupapap993.dll 2007-04-27 14:26:49 4,096 ----a-w C:\WINDOWS\system32\popupapap991.dll 2007-04-27 14:11:39 4,096 ----a-w C:\WINDOWS\system32\popupapap989.dll 2007-04-27 13:56:32 4,096 ----a-w C:\WINDOWS\system32\popupapap987.dll 2007-04-27 13:41:24 4,096 ----a-w C:\WINDOWS\system32\popupapap985.dll 2007-04-27 13:26:17 4,096 ----a-w C:\WINDOWS\system32\popupapap983.dll 2007-04-27 13:11:09 4,096 ----a-w C:\WINDOWS\system32\popupapap981.dll 2007-04-27 12:56:01 4,096 ----a-w C:\WINDOWS\system32\popupapap979.dll 2007-04-27 12:40:48 4,096 ----a-w C:\WINDOWS\system32\popupapap977.dll 2007-04-27 12:25:41 4,096 ----a-w C:\WINDOWS\system32\popupapap975.dll 2007-04-27 12:10:28 4,096 ----a-w C:\WINDOWS\system32\popupapap973.dll 2007-04-27 11:55:16 4,096 ----a-w C:\WINDOWS\system32\popupapap971.dll 2007-04-27 11:40:08 4,096 ----a-w C:\WINDOWS\system32\popupapap969.dll 2007-04-27 11:24:56 4,096 ----a-w C:\WINDOWS\system32\popupapap967.dll 2007-04-27 11:09:49 4,096 ----a-w C:\WINDOWS\system32\popupapap965.dll 2007-04-27 10:54:42 4,096 ----a-w C:\WINDOWS\system32\popupapap963.dll 2007-04-27 10:39:30 4,096 ----a-w C:\WINDOWS\system32\popupapap961.dll 2007-04-27 10:24:23 4,096 ----a-w C:\WINDOWS\system32\popupapap959.dll 2007-04-27 10:09:16 4,096 ----a-w C:\WINDOWS\system32\popupapap957.dll 2007-04-27 09:54:08 4,096 ----a-w C:\WINDOWS\system32\popupapap955.dll 2007-04-27 09:39:01 4,096 ----a-w C:\WINDOWS\system32\popupapap953.dll 2007-04-27 09:23:54 4,096 ----a-w C:\WINDOWS\system32\popupapap951.dll 2007-04-27 09:08:47 4,096 ----a-w C:\WINDOWS\system32\popupapap949.dll 2007-04-27 08:53:40 4,096 ----a-w C:\WINDOWS\system32\popupapap947.dll 2007-04-27 08:38:32 4,096 ----a-w C:\WINDOWS\system32\popupapap945.dll 2007-04-27 08:23:25 4,096 ----a-w C:\WINDOWS\system32\popupapap943.dll 2007-04-27 08:08:18 4,096 ----a-w C:\WINDOWS\system32\popupapap941.dll 2007-04-27 07:53:11 4,096 ----a-w C:\WINDOWS\system32\popupapap939.dll 2007-04-27 07:38:03 4,096 ----a-w C:\WINDOWS\system32\popupapap937.dll 2007-04-27 07:22:54 4,096 ----a-w C:\WINDOWS\system32\popupapap935.dll 2007-04-27 07:07:47 4,096 ----a-w C:\WINDOWS\system32\popupapap933.dll 2007-04-27 06:52:40 4,096 ----a-w C:\WINDOWS\system32\popupapap931.dll 2007-04-27 06:37:33 4,096 ----a-w C:\WINDOWS\system32\popupapap929.dll 2007-04-27 06:22:25 4,096 ----a-w C:\WINDOWS\system32\popupapap927.dll 2007-04-27 06:07:18 4,096 ----a-w C:\WINDOWS\system32\popupapap925.dll 2007-04-27 05:52:10 4,096 ----a-w C:\WINDOWS\system32\popupapap923.dll 2007-04-27 05:37:02 4,096 ----a-w C:\WINDOWS\system32\popupapap921.dll 2007-04-27 05:21:55 4,096 ----a-w C:\WINDOWS\system32\popupapap919.dll 2007-04-27 05:06:46 4,096 ----a-w C:\WINDOWS\system32\popupapap917.dll 2007-04-27 04:51:38 4,096 ----a-w C:\WINDOWS\system32\popupapap915.dll 2007-04-27 04:36:31 4,096 ----a-w C:\WINDOWS\system32\popupapap913.dll 2007-04-27 04:21:24 4,096 ----a-w C:\WINDOWS\system32\popupapap911.dll 2007-04-27 04:06:17 4,096 ----a-w C:\WINDOWS\system32\popupapap909.dll 2007-04-27 03:51:10 4,096 ----a-w C:\WINDOWS\system32\popupapap907.dll 2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19] "nwiz"="nwiz.exe" [2007-03-22 04:50 C:\WINDOWS\system32\nwiz.exe] "Resume copy"="copyfstq.exe" [2002-03-24 12:54 C:\WINDOWS\COPYFSTQ.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-10-05 16:31] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38] "Vistadrv"="C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe" [] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2006-06-23 19:00] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29] "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-09-14 16:15] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-11-15 22:30:15] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}"= C:\WINDOWS\system32\wzhtjqo.dll [2007-07-23 20:25 9216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\arm32reg] C:\Documents and Settings\All Users\Dokumenty\Settings\arm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST] C:\WINDOWS\MDM.EXE R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys R2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys R3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-27 15:01:15 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}] "StartTimeLo"=dword:e7375964 "StartTimeHi"=dword:01c7d03e "EndTimeLo"=dword:e7375964 "EndTimeHi"=dword:01c7d03e [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-27 15:01:43 C:\ComboFix-quarantined-files.txt ... 2007-07-27 15:01 C:\ComboFix2.txt ... 2007-07-26 15:14 C:\ComboFix3.txt ... 2007-07-26 14:30 --- E O F ---

**Posty:** 18165 · przez **wojtas** 27 Lip 2007, 17:16

Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\dnsbak.reg
C:\WINDOWS\system32\a3dF.dat
C:\WINDOWS\system32\SockModule.dll
C:\WINDOWS\system32\msratiog.dat
C:\WINDOWS\system32\ifmomwor.dat
C:\WINDOWS\system32\duseucw.dat
C:\WINDOWS\system32\msdtmuiu.dat
C:\WINDOWS\system32\powrpryf.dat
C:\WINDOWS\system32\wzcdogx.dat
C:\WINDOWS\system32\wmvdmje2.dat
C:\WINDOWS\system32\securitk.dat
C:\WINDOWS\system32\wzhtjqo.dll
C:\WINDOWS\system32\popupapap3.dll
C:\WINDOWS\system32\popupapap5.dll
C:\WINDOWS\system32\popupapap1.dll
C:\WINDOWS\system32\popupapap1027.dll
C:\WINDOWS\system32\popupapap1025.dll
C:\WINDOWS\system32\popupapap1023.dll
C:\WINDOWS\system32\popupapap1021.dll
C:\WINDOWS\system32\popupapap1019.dll
C:\WINDOWS\system32\popupapap1017.dll
C:\WINDOWS\system32\popupapap1015.dll
C:\WINDOWS\system32\popupapap1013.dll
C:\WINDOWS\system32\popupapap1011.dll
C:\WINDOWS\system32\popupapap1009.dll
C:\WINDOWS\system32\popupapap1007.dll
C:\WINDOWS\system32\popupapap1005.dll
C:\WINDOWS\system32\popupapap1003.dll
C:\WINDOWS\system32\popupapap1001.dll
C:\WINDOWS\system32\popupapap999.dll
C:\WINDOWS\system32\popupapap997.dll
C:\WINDOWS\system32\popupapap995.dll
C:\WINDOWS\system32\popupapap993.dll
C:\WINDOWS\system32\popupapap991.dll
C:\WINDOWS\system32\popupapap989.dll
C:\WINDOWS\system32\popupapap987.dll
C:\WINDOWS\system32\popupapap985.dll
C:\WINDOWS\system32\popupapap983.dll
C:\WINDOWS\system32\popupapap981.dll
C:\WINDOWS\system32\popupapap979.dll
C:\WINDOWS\system32\popupapap977.dll
C:\WINDOWS\system32\popupapap975.dll
C:\WINDOWS\system32\popupapap973.dll
C:\WINDOWS\system32\popupapap971.dll
C:\WINDOWS\system32\popupapap969.dll
C:\WINDOWS\system32\popupapap967.dll
C:\WINDOWS\system32\popupapap965.dll
C:\WINDOWS\system32\popupapap963.dll
C:\WINDOWS\system32\popupapap961.dll
C:\WINDOWS\system32\popupapap959.dll
C:\WINDOWS\system32\popupapap957.dll
C:\WINDOWS\system32\popupapap955.dll
C:\WINDOWS\system32\popupapap953.dll
C:\WINDOWS\system32\popupapap951.dll
C:\WINDOWS\system32\popupapap949.dll
C:\WINDOWS\system32\popupapap947.dll
C:\WINDOWS\system32\popupapap945.dll
C:\WINDOWS\system32\popupapap943.dll
C:\WINDOWS\system32\popupapap941.dll
C:\WINDOWS\system32\popupapap939.dll
C:\WINDOWS\system32\popupapap937.dll
C:\WINDOWS\system32\popupapap935.dll
C:\WINDOWS\system32\popupapap933.dll
C:\WINDOWS\system32\popupapap931.dll
C:\WINDOWS\system32\popupapap929.dll
C:\WINDOWS\system32\popupapap927.dll
C:\WINDOWS\system32\popupapap925.dll
C:\WINDOWS\system32\popupapap923.dll
C:\WINDOWS\system32\popupapap921.dll
C:\WINDOWS\system32\popupapap919.dll
C:\WINDOWS\system32\popupapap917.dll
C:\WINDOWS\system32\popupapap915.dll
C:\WINDOWS\system32\popupapap913.dll
C:\WINDOWS\system32\popupapap911.dll
C:\WINDOWS\system32\popupapap909.dll
C:\WINDOWS\system32\popupapap907.dll

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip

potem wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\arm32reg]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem ten plik: (moze byc ukryty)

C:\WINDOWS\system32\cygz.dll

przeskanuj tu i daj raporty:

http://virusscan.jotti.org/
http://www.virustotal.com/

potem nowe logi + raporty

**Posty:** 6 · przez **m-marecki** 31 Lip 2007, 14:32

Sorry, że po takim czasie, ale mój dobry kolega brał ślub i dziś dopiero wróciłem. Nie mogę znaleźć tego plik nawet po wyświetleniu ukrytych

C:\WINDOWS\system32\cygz.dll

Po reszcie czynności ikonki już znikły. Wstawić logi bez skanowania tego pliku?

**Posty:** 18165 · przez **wojtas** 31 Lip 2007, 14:59

m-marecki napisał(a):Wstawić logi bez skanowania tego pliku?

tak

**Posty:** 6 · przez **m-marecki** 31 Lip 2007, 16:04

oto loga

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:03:14, on 2007-07-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BitComet\BitComet.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\eMule\emule.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe c:\apache\APACHE.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe c:\apache\APACHE.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\a123\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

i drugie

"a123" - 2007-07-31 16:06:26 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))

2007-07-31 14:49 <DIR> d-------- C:\Program Files\Real Alternative
2007-07-31 14:49 <DIR> d-------- C:\Program Files\Media Player Classic
2007-07-27 14:26 <DIR> d-------- C:\VundoFix Backups
2007-07-27 14:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-27 14:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-27 14:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-27 14:21 1,938 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-26 14:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-26 14:02 <DIR> d-------- C:\WINDOWS\pss
2007-07-24 13:27 <DIR> d-------- C:\KAV
2007-07-24 13:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-24 13:23 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-24 13:23 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-24 13:23 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-24 13:23 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-24 13:23 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-24 13:23 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-24 12:54 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-07-18 21:19 <DIR> d-------- C:\winnt
2007-07-18 21:18 <DIR> d-------- C:\apache
2007-07-18 08:52 <DIR> d-------- C:\DOCUME~1\a123\DANEAP~1\Gadu-Gadu
2007-07-18 08:49 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-07-18 08:49 <DIR> d-------- C:\DOCUME~1\a123\Gadu-Gadu
2007-07-12 16:30 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-07-12 15:53 <DIR> d-------- C:\Program Files\PowerISO
2007-07-11 20:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-11 20:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-11 20:21 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-11 20:21 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-11 20:21 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-11 20:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-11 20:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-11 20:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-11 20:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-10 18:39 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-07-10 18:39 20,400 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-07-10 18:39 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-07-10 18:39 <DIR> d-------- C:\Program Files\Futuremark
2007-07-05 20:43 <DIR> d-------- C:\Nowe
2007-06-30 18:20 <DIR> d-------- C:\Filmy
2007-06-30 13:54 65,109 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-06-30 13:53 6,112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-30 13:53 <DIR> d-------- C:\WINDOWS\BricoPacks
2007-06-30 13:51 <DIR> dr-hs---- C:\Recycled
2007-06-17 16:54 <DIR> d-------- C:\DOCUME~1\a123\DANEAP~1\Media Player Classic
2007-06-17 16:49 <DIR> d-------- C:\Program Files\PowerQuest
2007-06-17 16:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2007-06-17 16:45 87,608 --a------ C:\DOCUME~1\a123\DANEAP~1\inst.exe
2007-06-17 16:45 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-17 16:45 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-17 16:45 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-17 16:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-06-17 16:45 47,360 --a------ C:\DOCUME~1\a123\DANEAP~1\pcouffin.sys
2007-06-17 16:45 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-17 16:45 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-17 16:45 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-17 16:45 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-17 16:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-17 16:45 <DIR> d-------- C:\Program Files\DVDFab Platinum 3
2007-06-17 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-06-17 16:45 <DIR> d-------- C:\DOCUME~1\a123\DANEAP~1\Vso
2007-06-17 16:45 <DIR> d-------- C:\DOCUME~1\a123\DANEAP~1\Real
2007-06-17 16:43 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-06-17 16:27 <DIR> d-------- C:\Program Files\EVEREST Ultimate Edition

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 13:05:06 -------- d-----w C:\DOCUME~1\a123\DANEAP~1\Skype
2007-07-24 11:17:58 -------- d-----w C:\Program Files\SubEdit-Player
2007-07-19 17:10:38 -------- d-----w C:\Program Files\Cartall
2007-07-18 06:12:43 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-12 14:27:49 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-08 16:43:12 -------- d-----w C:\Program Files\Webteh
2007-06-30 11:55:52 -------- d-----w C:\Program Files\Movie Maker
2007-06-30 11:54:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-06-17 14:42:13 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2005-10-07 14:05:32 125,440 ----a-w C:\Program Files\RarExt.dll.0.tmp
2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 04:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"nwiz"="nwiz.exe" [2007-03-22 04:50 C:\WINDOWS\system32\nwiz.exe]
"Resume copy"="copyfstq.exe" [2002-03-24 12:54 C:\WINDOWS\COPYFSTQ.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-10-05 16:31]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"Vistadrv"="C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2006-06-23 19:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-09-14 16:15]

C:\Documents and Settings\a123\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:00]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-11-15 22:30:15]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys
R2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
R3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a1e39a9-606d-11db-aa87-00173186da99}]
AutoRun\command- RavMon.exe
explore\Command- RavMon.exe -e
open\Command- RavMon.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 16:07:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-31 16:08:13
C:\ComboFix-quarantined-files.txt ... 2007-07-31 16:08
C:\ComboFix2.txt ... 2007-07-27 15:01
C:\ComboFix3.txt ... 2007-07-26 15:14

--- E O F -

--

Tak to wygląda teraz.

**Posty:** 18165 · przez **wojtas** 31 Lip 2007, 17:07

log z hijacka nie jest pelny wklej caly log

**Posty:** 6 · przez **m-marecki** 31 Lip 2007, 19:16

Sorry musiałem, źle zaznaczyć

Logfile of HijackThis v1.99.1
Scan saved at 16:03:14, on 2007-07-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\apache\APACHE.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
c:\apache\APACHE.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\a123\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\Vista\systool\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

**Posty:** 18165 · przez **wojtas** 31 Lip 2007, 20:51

system masz czysty

**Posty:** 6 · przez **m-marecki** 31 Lip 2007, 22:50

dzieki, fajnie ze sa tacy ludzie

kolejny problem z pseudo virusprotectpro

Kolejny problem z pseudo virusprotectpro

Kto jest na forum