Nie działa menadżer zadań, log z dss i hijacka

[kazama]

Log z DSS

Kod: Zaznacz wszystko

DDS (Ver_09-07-30.01) - NTFSx86 
Run by M at 22:38:24,04 on 2009-09-19
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1022.288 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\M\reader_s.exe
C:\Documents and Settings\M\sys64_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe C:\WINDOWS\TEMP\VRT469.tmp
C:\WINDOWS\system32\471.tmp
C:\Documents and Settings\M\Pulpit\rmsality.exe
svchost.exe C:\WINDOWS\TEMP\VRT48D.tmp
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\M\Pulpit\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.3.28.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Pomocnik rejestracji usługi Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [reader_s] c:\documents and settings\m\reader_s.exe
uRun: [Komunikator] c:\program files\tlen.pl\tlen.exe
uRun: [sys64_nov] c:\documents and settings\m\sys64_nov.exe
mRun: [8457] c:\windows\system32\471.tmp.exe
mRun: [notapasiv] Rundll32.exe "c:\windows\system32\vosulome.dll",a
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [sys64_nov] c:\windows\system32\sys64_nov.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
StartupFolder: c:\docume~1\m\menust~1\programy\autost~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Download with &DAP - c:\progra~1\dap\dapextie.htm
IE: Download &all with DAP - c:\progra~1\dap\dapextie2.htm
IE: Download all links using BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: Download with &FileFactory Turbo - c:\program files\filefactory turbo\plugins\ie\FileFactoryIE.html
IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
AppInit_DLLs: limevifo.dll c:\windows\system32\vosulome.dll
SSODL: verisohol - {078fee5d-fd0e-4d79-93e5-8c25621a3914} - c:\windows\system32\vosulome.dll
STS: mujuzedij: {078fee5d-fd0e-4d79-93e5-8c25621a3914} - c:\windows\system32\vosulome.dll
LSA: Notification Packages = scecli dahovibo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\daneap~1\mozilla\firefox\profiles\ni6enrcj.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\m\dane aplikacji\mozilla\firefox\profiles\ni6enrcj.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dll
FF - plugin: c:\documents and settings\m\dane aplikacji\mozilla\firefox\profiles\ni6enrcj.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\m\dane aplikacji\nowe gadu-gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOggX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 EvdoServer;EvdoServer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswSP;aswSP; [x]
S1 zahclodo7;zahclodo7.sys;c:\windows\system32\drivers\zahclodo7.sys --> c:\windows\system32\drivers\zahclodo7.sys [?]
S1 zghuyqkwclt3;zghuyqkwclt3.sys;c:\windows\system32\drivers\zghuyqkwclt3.sys --> c:\windows\system32\drivers\zghuyqkwclt3.sys [?]
S1 zhtcodyeoglvs5;zhtcodyeoglvs5.sys;c:\windows\system32\drivers\zhtcodyeoglvs5.sys --> c:\windows\system32\drivers\zhtcodyeoglvs5.sys [?]
S1 zkvylbxgsl1;zkvylbxgsl1.sys;c:\windows\system32\drivers\zkvylbxgsl1.sys --> c:\windows\system32\drivers\zkvylbxgsl1.sys [?]
S2 RPCHE;Remote Procedure Call (RPCE);c:\program files\common files\microsoft shared\speech\csvd.exe [2008-12-19 11593216]
S2 sofatnet;sofatnet  Service;c:\windows\system32\sofatnet.exe --> c:\windows\system32\sofatnet.exe [?]
S2 wmplayer;Media;c:\windows\system32\wmplayer.exe --> c:\windows\system32\wmplayer.exe [?]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\m\ustawi~1\temp\TLN444.tmp [2009-9-18 18504]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-17 27904]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys --> c:\windows\system32\drivers\vmfilter323.sys [?]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys --> c:\windows\system32\drivers\usbvm323.sys [?]

=============== Created Last 30 ================

2009-09-19 22:16   45,056   a-------   c:\windows\system32\491.tmp
2009-09-19 22:16   18,944   a-------   c:\windows\system32\490.tmp
2009-09-19 22:16   132   a-------   c:\windows\system32\48E.tmp
2009-09-19 21:53   45,056   a-------   c:\windows\system32\472.tmp
2009-09-19 21:53   18,944   a-------   c:\windows\system32\471.tmp
2009-09-19 21:53   132   a-------   c:\windows\system32\46D.tmp
2009-09-19 20:04   <DIR>   --d-h---   c:\windows\system32\GroupPolicy
2009-09-19 17:48   45,056   a-------   c:\windows\system32\46F.tmp
2009-09-19 17:48   18,944   a-------   c:\windows\system32\46E.tmp
2009-09-19 17:47   132   a-------   c:\windows\system32\466.tmp
2009-09-19 17:28   59,392   a-------   c:\windows\system32\reader_s.exe
2009-09-19 16:39   45,056   a-------   c:\windows\system32\485.tmp
2009-09-19 16:39   18,944   a-------   c:\windows\system32\484.tmp
2009-09-19 16:38   132   a-------   c:\windows\system32\482.tmp
2009-09-19 16:26   45,056   a-------   c:\windows\system32\46A.tmp
2009-09-19 16:26   18,944   a-------   c:\windows\system32\468.tmp
2009-09-19 16:26   132   a-------   c:\windows\system32\45E.tmp
2009-09-19 13:34   18,944   a-------   c:\windows\system32\4C3.tmp
2009-09-19 13:34   132   a-------   c:\windows\system32\4C1.tmp
2009-09-19 12:55   18,944   a-------   c:\windows\system32\4AA.tmp
2009-09-19 12:55   132   a-------   c:\windows\system32\4A8.tmp
2009-09-19 12:35   18,944   a-------   c:\windows\system32\49F.tmp
2009-09-19 12:35   132   a-------   c:\windows\system32\49D.tmp
2009-09-19 12:04   18,944   a-------   c:\windows\system32\47C.tmp
2009-09-19 12:04   132   a-------   c:\windows\system32\47A.tmp
2009-09-19 11:43   18,944   a-------   c:\windows\system32\464.tmp
2009-09-19 11:43   132   a-------   c:\windows\system32\458.tmp
2009-09-19 11:23   37,376   a-------   c:\windows\system32\A9.tmp
2009-09-19 00:12   18,944   a-------   c:\windows\system32\456.tmp
2009-09-19 00:12   132   a-------   c:\windows\system32\31F.tmp
2009-09-18 19:57   <DIR>   --d-----   c:\program files\VirtualBus
2009-09-18 18:01   18,944   a-------   c:\windows\system32\90.tmp
2009-09-18 07:34   18,944   a-------   c:\windows\system32\86.tmp
2009-09-18 07:34   92   a-------   c:\windows\system32\3D.tmp
2009-09-17 21:11   18,944   a-------   c:\windows\system32\9F.tmp
2009-09-17 18:14   18,944   a-------   c:\windows\system32\467.tmp
2009-09-17 18:14   92   a-------   c:\windows\system32\465.tmp
2009-09-17 17:50   18,944   a-------   c:\windows\system32\463.tmp
2009-09-17 17:50   96   a-------   c:\windows\system32\45B.tmp
2009-09-17 17:30   18,944   a-------   c:\windows\system32\457.tmp
2009-09-17 17:30   96   a-------   c:\windows\system32\453.tmp
2009-09-17 16:59   18,944   a-------   c:\windows\system32\B8.tmp
2009-09-17 16:59   96   a-------   c:\windows\system32\54.tmp
2009-09-17 08:07   53,248   a-------   c:\windows\system32\455.tmp
2009-09-17 08:07   27,175   a-------   c:\windows\system32\454.tmp
2009-09-17 08:07   136   a-------   c:\windows\system32\44D.tmp
2009-09-16 18:28   53,248   a-------   c:\windows\system32\452.tmp
2009-09-16 18:28   27,174   a-------   c:\windows\system32\450.tmp
2009-09-16 18:28   19,968   a-------   c:\windows\system32\451.tmp
2009-09-16 18:28   176   a-------   c:\windows\system32\44A.tmp
2009-09-16 18:05   53,248   a-------   c:\windows\system32\C5.tmp
2009-09-16 18:05   47,360   a-------   c:\documents and settings\m\sys64_nov.exe
2009-09-16 18:05   47,360   a-------   c:\windows\system32\sys64_nov.exe(1).VIR
2009-09-16 18:05   19,968   a-------   c:\windows\system32\99.tmp
2009-09-16 08:10   53,248   a-------   c:\windows\system32\479.tmp
2009-09-16 08:10   136   a-------   c:\windows\system32\476.tmp
2009-09-16 07:38   136   a-------   c:\windows\system32\82.tmp
2009-09-15 22:54   53,248   a-------   c:\windows\system32\44B.tmp
2009-09-15 22:54   21,007   a-------   c:\windows\system32\449.tmp
2009-09-15 22:54   136   a-------   c:\windows\system32\446.tmp
2009-09-15 19:07   53,248   a-------   c:\windows\system32\460.tmp
2009-09-15 19:07   136   a-------   c:\windows\system32\459.tmp
2009-09-15 18:19   53,248   a-------   c:\windows\system32\E6.tmp
2009-09-15 18:19   136   a-------   c:\windows\system32\64.tmp
2009-09-15 07:19   136   a-------   c:\windows\system32\FF.tmp
2009-09-14 22:39   92   a-------   c:\windows\system32\AE.tmp
2009-09-14 06:38   140   a-------   c:\windows\system32\E8.tmp
2009-09-13 20:34   <DIR>   --d-----   c:\program files\Audacity
2009-09-13 19:37   53,248   a-------   c:\windows\system32\46C.tmp
2009-09-13 19:37   19,456   a-------   c:\windows\system32\46B.tmp
2009-09-13 19:37   140   a-------   c:\windows\system32\469.tmp
2009-09-13 19:18   53,248   a-------   c:\windows\system32\462.tmp
2009-09-13 19:18   19,456   a-------   c:\windows\system32\461.tmp
2009-09-13 19:18   140   a-------   c:\windows\system32\45F.tmp
2009-09-13 18:51   53,248   a-------   c:\windows\system32\45D.tmp
2009-09-13 18:51   19,456   a-------   c:\windows\system32\45C.tmp
2009-09-13 18:50   140   a-------   c:\windows\system32\45A.tmp
2009-09-13 18:07   53,248   a-------   c:\windows\system32\448.tmp
2009-09-13 18:07   19,456   a-------   c:\windows\system32\447.tmp
2009-09-13 18:07   140   a-------   c:\windows\system32\443.tmp
2009-09-13 17:37   53,248   a-------   c:\windows\system32\C7.tmp
2009-09-13 17:37   19,456   a-------   c:\windows\system32\A2.tmp
2009-09-13 11:10   53,248   a-------   c:\windows\system32\445.tmp
2009-09-13 11:10   19,456   a-------   c:\windows\system32\444.tmp
2009-09-13 11:10   140   a-------   c:\windows\system32\43E.tmp
2009-09-13 10:51   53,248   a-------   c:\windows\system32\442.tmp
2009-09-13 10:51   19,456   a-------   c:\windows\system32\441.tmp
2009-09-13 10:51   140   a-------   c:\windows\system32\434.tmp
2009-09-13 10:47   53,248   a-------   c:\windows\system32\440.tmp
2009-09-13 10:47   19,456   a-------   c:\windows\system32\43F.tmp
2009-09-13 10:47   140   a-------   c:\windows\system32\43D.tmp
2009-09-13 10:28   53,248   a-------   c:\windows\system32\43A.tmp
2009-09-13 10:28   19,456   a-------   c:\windows\system32\436.tmp
2009-09-13 10:28   140   a-------   c:\windows\system32\42E.tmp
2009-09-13 09:56   53,248   a-------   c:\windows\system32\7C.tmp
2009-09-13 09:56   19,456   a-------   c:\windows\system32\59.tmp
2009-09-13 00:03   53,248   a-------   c:\windows\system32\433.tmp
2009-09-13 00:03   19,456   a-------   c:\windows\system32\430.tmp
2009-09-13 00:03   140   a-------   c:\windows\system32\42D.tmp
2009-09-12 23:10   <DIR>   --d-----   C:\My Music
2009-09-12 20:15   53,248   a-------   c:\windows\system32\42C.tmp
2009-09-12 20:15   19,456   a-------   c:\windows\system32\424.tmp
2009-09-12 19:42   53,248   a-------   c:\windows\system32\42B.tmp
2009-09-12 19:42   19,456   a-------   c:\windows\system32\428.tmp
2009-09-12 19:42   140   a-------   c:\windows\system32\415.tmp
2009-09-12 19:22   140   a-------   c:\windows\system32\E7.tmp
2009-09-12 17:17   53,248   a-------   c:\windows\system32\43C.tmp
2009-09-12 17:17   19,456   a-------   c:\windows\system32\43B.tmp
2009-09-12 17:17   140   a-------   c:\windows\system32\437.tmp
2009-09-12 16:53   53,248   a-------   c:\windows\system32\423.tmp
2009-09-12 16:53   19,456   a-------   c:\windows\system32\421.tmp
2009-09-12 16:53   140   a-------   c:\windows\system32\411.tmp
2009-09-12 10:58   53,248   a-------   c:\windows\system32\42A.tmp
2009-09-12 10:58   19,456   a-------   c:\windows\system32\429.tmp
2009-09-12 10:58   140   a-------   c:\windows\system32\427.tmp
2009-09-12 01:09   53,248   a-------   c:\windows\system32\324.tmp
2009-09-11 23:58   <DIR>   --d-----   c:\program files\Power Tab Software
2009-09-11 22:22   53,248   a-------   c:\windows\system32\44F.tmp
2009-09-11 22:22   19,456   a-------   c:\windows\system32\44E.tmp
2009-09-11 22:22   140   a-------   c:\windows\system32\44C.tmp
2009-09-11 22:00   53,248   a-------   c:\windows\system32\432.tmp
2009-09-11 22:00   19,456   a-------   c:\windows\system32\431.tmp
2009-09-11 22:00   140   a-------   c:\windows\system32\42F.tmp
2009-09-11 21:54   <DIR>   --d-----   c:\docume~1\m\daneap~1\VitySoft
2009-09-11 21:23   140   a-------   c:\windows\system32\EB.tmp
2009-09-11 20:59   <DIR>   --d-----   c:\program files\Garena
2009-09-11 20:01   <DIR>   --d-----   c:\program files\SystemRequirementsLab
2009-09-11 20:01   <DIR>   --d-----   c:\documents and settings\m\SystemRequirementsLab
2009-09-11 16:40   53,248   a-------   c:\windows\system32\420.tmp
2009-09-11 16:40   19,456   a-------   c:\windows\system32\41A.tmp
2009-09-11 16:40   180   a-------   c:\windows\system32\40E.tmp
2009-09-11 07:22   53,248   a-------   c:\windows\system32\414.tmp
2009-09-11 07:22   18,944   a-------   c:\windows\system32\412.tmp
2009-09-11 07:21   180   a-------   c:\windows\system32\40B.tmp
2009-09-11 02:00   41,872   a-------   c:\windows\system32\xfcodec.dll
2009-09-10 20:57   53,248   a-------   c:\windows\system32\41F.tmp
2009-09-10 20:57   0   a-------   c:\windows\system32\41E.tmp
2009-09-10 20:57   0   a-------   c:\windows\system32\41D.tmp
2009-09-10 20:57   180   a-------   c:\windows\system32\419.tmp
2009-09-10 20:29   53,248   a-------   c:\windows\system32\417.tmp
2009-09-10 20:29   18,944   a-------   c:\windows\system32\416.tmp
2009-09-10 20:29   180   a-------   c:\windows\system32\413.tmp
2009-09-10 20:10   53,248   a-------   c:\windows\system32\410.tmp
2009-09-10 20:10   18,944   a-------   c:\windows\system32\40F.tmp
2009-09-10 20:10   180   a-------   c:\windows\system32\40A.tmp
2009-09-10 08:04   53,248   a-------   c:\windows\system32\40D.tmp
2009-09-10 08:04   18,944   a-------   c:\windows\system32\40C.tmp
2009-09-10 08:04   180   a-------   c:\windows\system32\407.tmp
2009-09-09 22:49   192,512   a-------   c:\windows\system32\625.exe
2009-09-09 22:49   192,512   a-------   c:\windows\system32\drivers\625.exe
2009-09-09 22:47   53,760   a-------   c:\windows\system32\409.tmp
2009-09-09 22:47   18,944   a-------   c:\windows\system32\408.tmp
2009-09-09 22:47   180   a-------   c:\windows\system32\3FF.tmp
2009-09-09 16:59   192,512   a-------   c:\windows\system32\15.exe
2009-09-09 16:59   192,512   a-------   c:\windows\system32\drivers\15.exe
2009-09-09 16:57   53,760   a-------   c:\windows\system32\404.tmp
2009-09-09 16:57   18,944   a-------   c:\windows\system32\403.tmp
2009-09-09 16:57   180   a-------   c:\windows\system32\3FC.tmp
2009-09-08 18:29   53,760   a-------   c:\windows\system32\406.tmp
2009-09-08 18:29   19,456   a-------   c:\windows\system32\405.tmp
2009-09-08 18:29   132,096   a-------   c:\windows\system32\402.tmp
2009-09-08 18:29   228   a-------   c:\windows\system32\401.tmp
2009-09-08 18:09   192,512   a-------   c:\windows\system32\406.exe
2009-09-08 18:09   192,512   a-------   c:\windows\system32\drivers\406.exe
2009-09-08 18:07   53,760   a-------   c:\windows\system32\3FE.tmp
2009-09-08 18:07   19,456   a-------   c:\windows\system32\3FD.tmp
2009-09-08 18:07   132,096   a-------   c:\windows\system32\3FA.tmp
2009-09-08 18:07   228   a-------   c:\windows\system32\3F7.tmp
2009-09-08 10:06   53,760   a-------   c:\windows\system32\439.tmp
2009-09-08 10:06   19,456   a-------   c:\windows\system32\438.tmp
2009-09-08 10:06   180   a-------   c:\windows\system32\435.tmp
2009-09-08 09:49   53,760   a-------   c:\windows\system32\426.tmp
2009-09-08 09:49   19,456   a-------   c:\windows\system32\425.tmp
2009-09-08 09:49   180   a-------   c:\windows\system32\422.tmp
2009-09-08 09:14   53,760   a-------   c:\windows\system32\3F9.tmp
2009-09-08 09:14   19,456   a-------   c:\windows\system32\3F8.tmp
2009-09-08 09:14   180   a-------   c:\windows\system32\3F3.tmp
2009-09-07 06:42   53,760   a-------   c:\windows\system32\9B.tmp
2009-09-07 06:42   18,944   a-------   c:\windows\system32\8A.tmp
2009-09-06 23:41   <DIR>   --d-----   c:\program files\common files\xing shared
2009-09-06 19:21   18,944   a-------   c:\windows\system32\F5.tmp
2009-09-06 12:15   53,760   a-------   c:\windows\system32\B6.tmp
2009-09-06 12:15   18,944   a-------   c:\windows\system32\79.tmp
2009-09-06 08:41   53,760   a-------   c:\windows\system32\B9.tmp
2009-09-06 08:41   18,944   a-------   c:\windows\system32\A7.tmp
2009-09-05 21:55   53,760   a-------   c:\windows\system32\3EB.tmp
2009-09-05 21:55   18,944   a-------   c:\windows\system32\3EA.tmp
2009-09-05 21:55   188   a-------   c:\windows\system32\3E7.tmp
2009-09-05 10:08   53,760   a-------   c:\windows\system32\49.tmp
2009-09-04 21:57   53,760   a-------   c:\windows\system32\41C.tmp
2009-09-04 21:57   18,944   a-------   c:\windows\system32\41B.tmp
2009-09-04 21:57   188   a-------   c:\windows\system32\418.tmp
2009-09-04 16:57   53,760   a-------   c:\windows\system32\CC.tmp
2009-09-04 16:57   18,944   a-------   c:\windows\system32\97.tmp
2009-09-04 07:49   53,760   a-------   c:\windows\system32\3F0.tmp
2009-09-04 07:49   18,944   a-------   c:\windows\system32\3EF.tmp
2009-09-04 07:49   188   a-------   c:\windows\system32\3E2.tmp
2009-09-03 17:50   53,760   a-------   c:\windows\system32\3E6.tmp
2009-09-03 17:50   18,944   a-------   c:\windows\system32\3E4.tmp
2009-09-03 17:50   188   a-------   c:\windows\system32\3DF.tmp
2009-09-03 08:36   53,760   a-------   c:\windows\system32\3E5.tmp
2009-09-03 08:36   18,944   a-------   c:\windows\system32\3E0.tmp
2009-09-03 08:36   228   a-------   c:\windows\system32\3DE.tmp
2009-09-02 18:47   53,760   a-------   c:\windows\system32\65.tmp
2009-09-02 18:14   53,760   a-------   c:\windows\system32\3E1.tmp
2009-09-02 18:14   18,944   a-------   c:\windows\system32\3DC.tmp
2009-09-02 18:14   228   a-------   c:\windows\system32\3D9.tmp
2009-09-02 08:04   53,760   a-------   c:\windows\system32\3DD.tmp
2009-09-02 08:04   18,944   a-------   c:\windows\system32\3D8.tmp
2009-09-02 08:04   228   a-------   c:\windows\system32\3D6.tmp
2009-09-01 15:16   53,760   a-------   c:\windows\system32\3DA.tmp
2009-09-01 15:16   184   a-------   c:\windows\system32\3D5.tmp
2009-09-01 10:46   53,760   a-------   c:\windows\system32\3D7.tmp
2009-09-01 10:46   184   a-------   c:\windows\system32\3D2.tmp
2009-09-01 07:44   0   a-------   c:\windows\system32\3D3.tmp
2009-08-31 11:02   <DIR>   --d-----   c:\docume~1\alluse~1\daneap~1\OpenFM
2009-08-31 11:02   <DIR>   --d-----   c:\docume~1\m\daneap~1\OpenFM
2009-08-31 10:35   <DIR>   --d-----   c:\docume~1\m\daneap~1\Nowe Gadu-Gadu
2009-08-31 10:35   <DIR>   --d-----   c:\program files\Nowe Gadu-Gadu
2009-08-31 10:23   53,760   a-------   c:\windows\system32\3D1.tmp
2009-08-31 10:23   136   a-------   c:\windows\system32\3CD.tmp
2009-08-31 10:17   <DIR>   --d-----   c:\program files\Trend Micro
2009-08-31 09:46   53,760   a-------   c:\windows\system32\3CF.tmp
2009-08-31 09:46   136   a-------   c:\windows\system32\3CC.tmp
2009-08-31 09:17   2,968   a-------   C:\a.jpg
2009-08-31 09:16   286,208   a-------   c:\windows\system32\qtwm.exe
2009-08-30 23:02   <DIR>   --d-----   c:\windows\ERUNT
2009-08-30 22:58   <DIR>   --d-----   C:\SDFix
2009-08-30 22:20   59,392   a-------   c:\windows\system32\reader_s.exe(1).VIR
2009-08-30 22:20   59,392   a-------   c:\documents and settings\m\reader_s.exe
2009-08-30 22:20   53,760   a-------   c:\windows\system32\3CB.tmp
2009-08-30 22:20   92   a-------   c:\windows\system32\3C9.tmp
2009-08-30 22:17   53,760   a-------   c:\windows\system32\59C.tmp
2009-08-30 22:17   0   a-------   c:\windows\system32\59D.tmp
2009-08-30 22:17   39,424   a-------   c:\windows\system32\59B.tmp
2009-08-30 22:17   92   a-------   c:\windows\system32\599.tmp
2009-08-23 19:10   244   a-------   c:\windows\_delis32.ini

==================== Find3M  ====================

2009-09-19 11:22   88,576   a--sh---   c:\windows\system32\vosulome.dll
2009-09-19 11:22   38,400   a--sh---   c:\windows\system32\rudajeki.dll
2009-09-19 00:12   359,040   a-------   c:\windows\system32\drivers\TCPIP.SYS
2009-09-18 19:45   38,400   a--sh---   c:\windows\system32\giwuwiga.dll
2009-09-18 07:45   37,376   a--sh---   c:\windows\system32\hufudame.dll
2009-09-17 19:45   37,376   a--sh---   c:\windows\system32\rezonaro.dll
2009-09-17 07:45   38,400   a--sh---   c:\windows\system32\kiyivaro.dll
2009-09-16 19:38   37,376   a--sh---   c:\windows\system32\pojevama.dll
2009-09-16 07:37   37,888   a--sh---   c:\windows\system32\wulemake.dll
2009-09-15 19:18   37,888   a--sh---   c:\windows\system32\malodoso.dll
2009-09-13 19:44   189,072   a-------   c:\windows\system32\PnkBstrB.exe
2009-09-13 19:30   138,920   a-------   c:\windows\system32\drivers\PnkBstrK.sys
2009-09-13 09:56   50,176   a--sh---   c:\windows\system32\goputomo.dll
2009-09-06 23:41   499,712   a-------   c:\windows\system32\msvcp71.dll
2009-09-06 23:41   348,160   a-------   c:\windows\system32\msvcr71.dll
2009-08-30 22:20   182,912   a-------   c:\windows\system32\drivers\ndis.sys
2009-07-31 15:23   411,368   a-------   c:\windows\system32\deploytk.dll
2009-06-20 12:02   139,152   a-------   c:\docume~1\m\daneap~1\PnkBstrK.sys
2007-09-23 15:01   169   ---sh---   c:\program files\mxlrqdc.inf
2009-05-21 21:48   56   ---shr--   c:\windows\system32\B9378289AD.sys
2009-06-13 09:57   50,176   a--sh---   c:\windows\system32\dahovibo.dll
2009-06-13 09:57   50,176   a--sh---   c:\windows\system32\gisiyojo.dll
2009-05-21 21:48   3,974   a--sh---   c:\windows\system32\KGyGaAvL.sys
2009-06-13 09:57   50,176   a--sh---   c:\windows\system32\limevifo.dll

============= FINISH: 22:38:49,71 ===============


Z hijacka

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:19, on 2009-09-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\M\reader_s.exe
C:\Documents and Settings\M\sys64_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\471.tmp
C:\Documents and Settings\M\Pulpit\rmsality.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [8457] C:\WINDOWS\system32\471.tmp.exe
O4 - HKLM\..\Run: [notapasiv] Rundll32.exe "c:\windows\system32\vosulome.dll",a
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\M\reader_s.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [sys64_nov] C:\Documents and Settings\M\sys64_nov.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: limevifo.dll c:\windows\system32\vosulome.dll
O21 - SSODL: verisohol - {078fee5d-fd0e-4d79-93e5-8c25621a3914} - c:\windows\system32\vosulome.dll
O22 - SharedTaskScheduler: mujuzedij - {078fee5d-fd0e-4d79-93e5-8c25621a3914} - c:\windows\system32\vosulome.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Karta inteligentna (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: sofatnet  Service (sofatnet) - Unknown owner - C:\WINDOWS\system32\sofatnet.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
O23 - Service: Media (wmplayer) - Unknown owner - C:\WINDOWS\system32\wmplayer.exe (file missing)

--
End of file - 8417 bytes

Komp trochę muli no i nie włącza mi się menadżer zadań, liczę na jakąś pomoc.

[Andziorka]

Wykonaj: bad-generic-host-process-for-win32-services-vt79489.html

Zastosuj SDFix: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe . Rozpakuj go, uruchom tryb awaryjny. Klik na: k RunThis.bat z folderu programu. Zatwierdź czyszczenie, daj powstałego loga, będzie w C:\SDFix

Przeskanuj komputer Combofixem i daj z niego loga

Autor postu otrzymał pochwałę

[kazama]

log z SDFixa

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2009-09-19 at 23:36

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\3.tmp - Deleted
C:\WINDOWS\system32\4.tmp - Deleted
C:\WINDOWS\system32\5.tmp - Deleted
C:\WINDOWS\system32\7.tmp - Deleted
C:\WINDOWS\system32\8.tmp - Deleted
C:\WINDOWS\system32\2.tmp - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 23:47:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,d0,08,51,5e,3b,94,4a,53,38,97,61,50,61,4b,74,06,2d,..
"hj34z0"=hex:71,65,8d,90,87,cb,77,24,3f,17,63,72,bc,d3,9e,82,f4,89,8c,31,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,d0,08,51,5e,3f,59,36,15,38,97,61,50,77,4b,74,06,2d,..
"hj34z0"=hex:67,65,8d,90,87,cb,77,24,3f,17,63,72,bc,d3,9e,82,f4,89,8c,31,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
"khjeh"=hex:20,02,00,00,d0,08,51,5e,2d,f8,65,ed,38,97,61,50,57,5a,74,06,2f,..
"hj34z0"=hex:73,64,8d,90,97,ca,77,24,3f,17,63,72,bc,d3,9e,82,f4,89,8c,31,4b,..
"hj34z1"=hex:f8,64,8d,90,ef,ca,77,24,3e,17,62,72,bd,d3,9e,82,f4,89,8c,31,3b,..
"hj34z2"=hex:f8,64,8d,90,ef,ca,77,24,3e,17,62,72,bd,d3,9e,82,f4,89,8c,31,3b,..
"hj34z3"=hex:f8,64,8d,90,ef,ca,77,24,3e,17,62,72,bd,d3,9e,82,f4,89,8c,31,3b,..
"hj34z4"=hex:f8,64,8d,90,ef,ca,77,24,3e,17,62,72,bd,d3,9e,82,f4,89,8c,31,3b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]
"khjeh"=hex:20,02,00,00,d0,08,51,5e,54,1d,ca,9d,38,97,61,50,40,4b,74,06,2d,..
"hj34z0"=hex:50,65,8d,90,87,cb,77,24,3f,17,63,72,bc,d3,9e,82,f4,89,8c,31,4b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\Program Files\\BitComet\\BitComet.exe"="G:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\Tlen.pl\\tlen.exe"="C:\\Program Files\\Tlen.pl\\tlen.exe:*:Enabled:Komunikator Tlen.pl"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\Call of Duty\\CoDUOMP.exe"="D:\\Program Files\\Call of Duty\\CoDUOMP.exe:*:Enabled:Play  Call of Duty - United Offensive Multiplayer"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\MiniRacingOnline\\MiniRacingOnLine.exe"="C:\\Program Files\\MiniRacingOnline\\MiniRacingOnLine.exe:*:Enabled:MiniRacingOnLine"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed  4 Aug 2004       147,456 ...H. --- "C:\WINDOWS\Fonts\services.exe"
Thu 21 May 2009            56 ..SHR --- "C:\WINDOWS\system32\B9378289AD.sys"
Sat 13 Jun 2009        50,176 A.SH. --- "C:\WINDOWS\system32\dahovibo.dll"
Sat 13 Jun 2009        50,176 A.SH. --- "C:\WINDOWS\system32\gisiyojo.dll"
Fri 18 Sep 2009        38,400 A.SH. --- "C:\WINDOWS\system32\giwuwiga.dll"
Sun 13 Sep 2009        50,176 A.SH. --- "C:\WINDOWS\system32\goputomo.dll"
Fri 18 Sep 2009        37,376 A.SH. --- "C:\WINDOWS\system32\hufudame.dll"
Thu 21 May 2009         3,974 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 19 Sep 2009        37,888 A.SH. --- "C:\WINDOWS\system32\kimurori.dll"
Thu 17 Sep 2009        38,400 A.SH. --- "C:\WINDOWS\system32\kiyivaro.dll"
Sat 13 Jun 2009        50,176 A.SH. --- "C:\WINDOWS\system32\limevifo.dll"
Tue 15 Sep 2009        37,888 A.SH. --- "C:\WINDOWS\system32\malodoso.dll"
Wed 16 Sep 2009        37,376 A.SH. --- "C:\WINDOWS\system32\pojevama.dll"
Thu 17 Sep 2009        37,376 A.SH. --- "C:\WINDOWS\system32\rezonaro.dll"
Sat 19 Sep 2009        38,400 A.SH. --- "C:\WINDOWS\system32\rudajeki.dll"
Sat 19 Sep 2009        88,576 A.SH. --- "C:\WINDOWS\system32\vosulome.dll"
Sat 19 Sep 2009        89,088 A.SH. --- "C:\WINDOWS\system32\wiwuyafu.dll"
Wed 16 Sep 2009        37,888 A.SH. --- "C:\WINDOWS\system32\wulemake.dll"
Sat 23 Jun 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 19 Dec 2008    11,593,216 ..SHR --- "C:\Program Files\Common Files\Microsoft Shared\Speech\csvd.exe"

[b]Finished![/b]

Combofix nie chce sie uruchomić

[Andziorka]

zmień nazwę combofixa na abc.exe i spróbuj uruchomić

[kazama]

Wyskakuje coś takiego: "Uwaga! Kontynuacja nie jest bezpiecza! Zawartość programu została naruszona. Proszę ściągnąć nową kopię programu z... Uwaga: Twój komputer może być zainfekowany wirusem modyfikującym pliki Virut"

[Andziorka]

Wykonaj III metodę: http://helpc.eu/usuwanie-virut-t1674.html

[kazama]

Ok, zaraz spróbuje, mam tylko pytanie czy mogę wcześniej bezpiecznie wysłać maila z załącznikiem z dokumentem z worda czy tez może być zainfekowany?

[wojtas]

mozesz