problem z wirusem "gxvpasfm" , yahoo toolbar"

[romanienko]

Witam ostatnio komputer zainfekowal mi sie takimi swinstwami i nie da sie w ogole na nim pracowac. Strony internetowe zamiast sie zaladowac to co jakis czas wyskakuje informacja ze jest zainfekowany komputer.
ponizej log z combo fixa

Kod: Zaznacz wszystko

ComboFix 08-06-20.4 - Darek 2008-06-29 20:42:57.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.289 [GMT 2:00]
Running from: C:\Documents and Settings\Darek\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Darek\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-29  )))))))))))))))))))))))))))))))
.

2008-06-29 15:25 . 2008-06-29 20:33   474   ---hs----   C:\WINDOWS\system32\odkxkimy.ini
2008-06-29 15:10 . 2008-06-29 15:10   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-06-29 15:07 . 2008-06-29 15:07   <DIR>   d--------   C:\Program Files\Yahoo!
2008-06-29 15:07 . 2008-06-29 15:08   <DIR>   d--------   C:\Program Files\CCleaner
2008-06-29 14:53 . 2008-06-29 14:53   87,040   --a------   C:\WINDOWS\system32\ymikxkdo.dll
2008-06-29 14:48 . 2008-06-29 14:57   <DIR>   d--------   C:\Program Files\SkanerOnline
2008-06-29 14:48 . 2008-06-29 20:42   41,803   --a------   C:\WINDOWS\msvecurity.config
2008-06-29 14:45 . 2008-06-29 10:49   303,104   --a------   C:\WINDOWS\gfetqaxsrob.dll
2008-06-29 14:45 . 2008-06-29 10:49   155,648   --a------   C:\WINDOWS\gxvpsaf22.dll
2008-06-29 14:45 . 2008-06-29 14:45   116,736   --a------   C:\WINDOWS\msvecurity.exe
2008-06-29 14:45 . 2008-06-29 10:49   81,920   --a------   C:\WINDOWS\tovafrnm.exe
2008-06-29 14:45 . 2008-06-29 20:43   68,018   --a------   C:\WINDOWS\system32\drivers\8d44e467.sys
2008-06-29 14:45 . 2008-06-29 14:47   5,120   --a------   C:\WINDOWS\system32\ftpdll.dll(1).VIR
2008-06-29 14:44 . 2008-06-29 14:44   33,280   --a------   C:\WINDOWS\system32\iifefDvt.dll
2008-06-29 14:37 . 2008-06-29 14:37   <DIR>   d--------   C:\Program Files\Xilisoft
2008-06-29 14:37 . 2008-06-29 14:37   <DIR>   d--------   C:\Program Files\QuickTime
2008-06-29 13:50 . 2008-06-29 14:25   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\Vso
2008-06-29 13:50 . 2006-09-29 13:24   217,127   --a------   C:\WINDOWS\system32\drv43260.dll
2008-06-29 13:50 . 2006-09-29 13:25   208,935   --a------   C:\WINDOWS\system32\drv33260.dll
2008-06-29 13:50 . 2006-09-29 13:26   176,165   --a------   C:\WINDOWS\system32\drv23260.dll
2008-06-29 13:50 . 2008-06-29 13:50   47,360   --a------   C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-29 13:50 . 2008-06-29 14:24   47,360   --a------   C:\Documents and Settings\Darek\Dane aplikacji\pcouffin.sys
2008-06-29 12:32 . 2008-06-29 13:33   <DIR>   d--------   C:\Program Files\SubEdit-Player
2008-06-29 12:05 . 2008-06-29 14:24   <DIR>   d--------   C:\Program Files\vso
2008-06-29 11:36 . 2008-06-29 11:37   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2008-06-28 16:19 . 2008-06-28 16:19   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\BlackBean
2008-06-28 16:04 . 2008-06-28 16:04   <DIR>   d--------   C:\WINDOWS\Logs
2008-06-26 18:07 . 2008-06-29 15:12   <DIR>   d--------   C:\Program Files\DAEMON Tools
2008-06-26 16:38 . 2008-06-26 16:39   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\Media Player Classic
2008-06-26 16:37 . 2008-06-26 16:37   <DIR>   d--------   C:\Program Files\totalcmd
2008-06-26 16:37 . 2008-04-22 07:03   545   --a------   C:\WINDOWS\UC.PIF
2008-06-26 16:37 . 2008-04-22 07:03   545   --a------   C:\WINDOWS\RAR.PIF
2008-06-26 16:37 . 2008-04-22 07:03   545   --a------   C:\WINDOWS\PKZIP.PIF
2008-06-26 16:37 . 2008-04-22 07:03   545   --a------   C:\WINDOWS\PKUNZIP.PIF
2008-06-26 16:37 . 2008-04-22 07:03   545   --a------   C:\WINDOWS\NOCLOSE.PIF
2008-06-26 16:37 . 2008-04-22 07:03   545   --a------   C:\WINDOWS\LHA.PIF
2008-06-26 16:37 . 2008-04-22 07:03   545   --a------   C:\WINDOWS\ARJ.PIF
2008-06-26 16:37 . 2008-06-29 11:40   525   --a------   C:\WINDOWS\wincmd.ini
2008-06-25 20:30 . 2008-06-25 20:30   <DIR>   d--------   C:\Program Files\DNA
2008-06-25 20:30 . 2008-06-25 20:30   <DIR>   d--------   C:\Program Files\BitTorrent
2008-06-25 20:30 . 2008-06-29 20:43   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\DNA
2008-06-25 20:30 . 2008-06-29 14:43   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\BitTorrent
2008-06-23 12:59 . 2006-09-18 14:59   18,704   -ra------   C:\WINDOWS\system32\drivers\se27nd5.sys
2008-06-23 12:56 . 2006-09-18 14:59   90,800   -ra------   C:\WINDOWS\system32\drivers\se27unic.sys
2008-06-23 12:56 . 2006-09-18 14:58   88,688   -ra------   C:\WINDOWS\system32\drivers\SE27mgmt.sys
2008-06-23 12:56 . 2006-09-18 14:59   86,560   -ra------   C:\WINDOWS\system32\drivers\SE27obex.sys
2008-06-23 12:56 . 2006-09-18 14:58   4,128   -ra------   C:\WINDOWS\system32\drivers\se27cr.sys
2008-06-23 12:44 . 2006-09-18 14:58   97,184   -ra------   C:\WINDOWS\system32\drivers\SE27mdm.sys
2008-06-23 12:44 . 2006-09-18 14:58   9,360   -ra------   C:\WINDOWS\system32\drivers\SE27mdfl.sys
2008-06-23 12:44 . 2006-09-18 14:58   6,240   -ra------   C:\WINDOWS\system32\drivers\SE27cmnt.sys
2008-06-23 12:44 . 2006-09-18 14:58   6,240   -ra------   C:\WINDOWS\system32\drivers\SE27cm.sys
2008-06-23 12:41 . 2008-06-23 12:41   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\Teleca
2008-06-23 12:40 . 2008-06-23 12:40   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\Sony Ericsson
2008-06-23 12:39 . 2008-06-23 12:39   <DIR>   d--------   C:\Program Files\Sony Ericsson
2008-06-23 12:39 . 2008-06-23 12:39   <DIR>   d--------   C:\Program Files\Common Files\Teleca Shared
2008-06-23 12:39 . 2008-06-23 12:39   <DIR>   d--------   C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-23 12:39 . 2008-06-23 12:39   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-06-23 12:39 . 2008-06-23 12:39   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-06-23 12:36 . 2008-06-23 12:36   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-06-23 12:36 . 2008-06-23 12:36   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-06-23 11:29 . 2008-06-29 13:47   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-06-19 02:01 . 2008-06-24 15:34   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\The Bat! Pwd
2008-06-19 02:00 . 2008-06-19 02:00   <DIR>   d--------   C:\Program Files\The Bat!
2008-06-19 00:15 . 2008-06-19 00:15   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\Nero
2008-06-19 00:13 . 2008-06-19 00:14   <DIR>   d--------   C:\Program Files\Nero
2008-06-19 00:13 . 2008-06-19 00:14   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-06-19 00:13 . 2008-06-19 00:13   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-19 00:13 . 2006-03-17 11:45   1,757,184   --a------   C:\WINDOWS\system32\imagX7.dll
2008-06-19 00:13 . 2006-03-17 11:45   802,816   --a------   C:\WINDOWS\system32\imagXRA7.dll
2008-06-19 00:13 . 2006-03-17 11:45   497,296   --a------   C:\WINDOWS\system32\imagXpr7.dll
2008-06-19 00:13 . 2006-03-17 14:49   368,640   --a------   C:\WINDOWS\system32\TwnLib4.dll
2008-06-19 00:13 . 2006-03-17 11:45   258,048   --a------   C:\WINDOWS\system32\imagXR7.dll
2008-06-15 00:51 . 2008-06-29 13:35   20   --a------   C:\WINDOWS\VplayerINI.vpl
2008-06-15 00:45 . 2008-06-29 13:35   3,249   --a------   C:\WINDOWS\VPlayer.INI
2008-06-14 23:44 . 2008-06-14 23:44   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-06-14 14:31 . 2008-06-23 15:44   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\GanymedeNet
2008-06-14 14:28 . 2008-06-14 14:29   <DIR>   d--------   C:\Program Files\Ganymede
2008-06-13 15:12 . 2005-05-17 15:24   311,296   --a------   C:\WINDOWS\system32\AegisI5.exe
2008-06-13 15:12 . 2006-01-18 13:55   290,918   --a------   C:\WINDOWS\system32\Install7x.dll
2008-06-13 15:12 . 2006-03-08 17:28   255,232   --a------   C:\WINDOWS\system32\drivers\rt73.sys
2008-06-13 15:12 . 2005-10-17 19:50   245,376   --a------   C:\WINDOWS\system32\drivers\rt2500usb.SYS
2008-06-13 15:12 . 2008-06-13 15:12   20,747   --a------   C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-13 15:12 . 2005-11-30 11:33   2,048   --a------   C:\WINDOWS\system32\drivers\rt73.bin
2008-06-13 15:12 . 2005-08-19 15:51   138   --a------   C:\WINDOWS\filespec7x
2008-06-13 15:11 . 2008-06-13 15:12   <DIR>   d--------   C:\Program Files\RALINK
2008-06-12 16:43 . 2008-06-23 16:03   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\skypePM
2008-06-12 16:43 . 2008-06-13 16:54   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-06-12 16:42 . 2008-06-12 16:42   <DIR>   d--------   C:\Program Files\Skype
2008-06-12 16:42 . 2008-06-12 16:42   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-06-12 16:42 . 2008-06-23 23:27   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\Skype
2008-06-12 16:41 . 2008-06-12 16:42   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-06-12 16:40 . 2008-06-12 16:40   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\Gadu-Gadu
2008-06-12 16:39 . 2008-06-12 16:39   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-06-12 16:39 . 2008-06-12 16:40   <DIR>   d--------   C:\Documents and Settings\Darek\Gadu-Gadu
2008-06-12 15:15 . 2008-06-12 15:15   <DIR>   d---s----   C:\Documents and Settings\Darek\UserData
2008-06-12 15:11 . 2008-06-12 15:11   <DIR>   d--------   C:\Program Files\SAGEM WiFi manager
2008-06-12 15:11 . 2008-06-12 15:11   <DIR>   d--------   C:\Program Files\SAGEM
2008-06-12 15:11 . 2008-06-12 15:11   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\InstallShield
2008-06-12 15:11 . 2007-01-16 13:52   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-06-12 15:11 . 2007-01-16 13:52   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-06-12 15:10 . 2007-01-10 10:14   450,560   --a------   C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-06-12 15:09 . 2005-06-17 10:26   114,688   --a------   C:\WINDOWS\system32\WLANUTL.dll
2008-06-12 15:09 . 2005-06-17 10:26   61,440   --a------   C:\WINDOWS\system32\W32N50.dll
2008-06-09 10:45 . 2008-06-09 10:45   0   --a------   C:\WINDOWS\msicpl.ini
2008-06-09 10:41 . 2008-06-09 10:41   <DIR>   d--------   C:\Documents and Settings\Darek\Dane aplikacji\Image Zone Express
2008-06-09 00:05 . 2008-06-09 00:05   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-06-09 00:05 . 2008-06-09 00:05   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-06-09 00:05 . 2008-06-09 00:05   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-06-09 00:04 . 2007-11-14 15:18   553   --a------   C:\WINDOWS\USetup.iss
2008-06-09 00:03 . 2008-06-09 00:03   <DIR>   d--------   C:\Program Files\Realtek
2008-06-09 00:01 . 2006-01-06 10:26   1,409,024   -ra------   C:\WINDOWS\system32\msicpl.dll
2008-06-09 00:01 . 2006-01-03 04:58   208,896   -ra------   C:\WINDOWS\system32\sw20.exe
2008-06-09 00:01 . 2005-12-14 08:51   180,224   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-06-09 00:01 . 2005-04-01 17:58   114,688   -ra------   C:\WINDOWS\system32\sysinfo.dll
2008-06-09 00:01 . 2006-01-03 04:59   69,632   -ra------   C:\WINDOWS\system32\sw24.exe
2008-06-09 00:01 . 2008-06-29 20:33   61,465   --a------   C:\WINDOWS\system32\nvapps.xml
2008-06-09 00:01 . 2005-09-09 02:32   53,248   -ra------   C:\WINDOWS\system32\Nvgpio.dll
2008-06-09 00:01 . 2006-01-03 04:23   17,029   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-06-09 00:01 . 2004-09-11 13:36   9,728   -ra------   C:\WINDOWS\system32\sysinfoX64.sys
2008-06-09 00:01 . 2002-06-01 14:07   8,883   -ra------   C:\WINDOWS\system32\sysinfo.vxd
2008-06-09 00:01 . 2005-02-02 19:30   8,192   -ra------   C:\WINDOWS\system32\sysinfo.sys
2008-06-09 00:00 . 2005-12-14 15:52   180,224   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-06-08 23:54 . 2008-06-08 23:54   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-06-08 23:35 . 2002-09-29 00:00   13,463,552   --a--c---   C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-08 23:34 . 2002-05-14 12:08   872,557   --a--c---   C:\WINDOWS\system32\dllcache\fp4awel.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 13:12   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-06-12 13:09   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-06-08 21:34   558,142   ----a-w   C:\WINDOWS\java\Packages\WGKMEVN3.ZIP
2008-06-08 21:34   155,995   ----a-w   C:\WINDOWS\java\Packages\YE2X3FX7.ZIP
2008-06-08 21:03   ---------   d-----w   C:\Program Files\Usługi online
2008-06-08 13:33   ---------   d-----w   C:\Program Files\VIA
2008-06-08 13:26   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-06-02 16:10   4,752,384   ----a-w   C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-05-30 12:19   507,400   ----a-w   C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17   65,032   ----a-w   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11   3,850,760   ----a-w   C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-30 12:01   80,896   ----a-w   C:\WINDOWS\system32\dxdllreg.exe
2008-05-28 12:52   16,862,720   ----a-w   C:\WINDOWS\RTHDCPL.exe
2008-04-02 07:27   1,196,032   ----a-w   C:\WINDOWS\RtlUpd.exe
2002-09-28 22:00   4,608   ----a-w   C:\Documents and Settings\Darek\explorer.dll
2002-09-28 22:00   13,824   ----a-w   C:\Documents and Settings\Darek\ms_tcp.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{565e374a-23fd-4fa2-aed5-5209a37a544b}]
2008-06-29 14:44   33280   --a------   C:\WINDOWS\System32\iifefDvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{843daeb1-a153-4f65-8475-0b53a505931c}]
2008-06-29 10:49   303104   --a------   C:\WINDOWS\gfetqaxsrob.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B1E0C6DC-BBEA-4DE1-BFCA-70362CD86579}"= "C:\WINDOWS\gxvpsafm.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{b1e0c6dc-bbea-4de1-bfca-70362cd86579}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{14B8149C-A16B-429E-A48E-D00166B0B74B}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-29 00:00 13312]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-25 20:30 289088]
"msvecurity"="C:\WINDOWS\msvecurity.exe" [2008-06-29 14:45 116736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-12-14 08:51 7323648]
"68f9faba"="C:\WINDOWS\System32\ymikxkdo.dll" [2008-06-29 14:53 87040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-29 00:00 13312]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-06-12 15:11:44 950272]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-06-13 15:13:10 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{565E374A-23FD-4FA2-AED5-5209A37A544B}"= C:\WINDOWS\System32\iifefDvt.dll [2008-06-29 14:44 33280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qegbdmwf"= {B422879B-0643-42E6-BBD9-8B7E6A400E06} - C:\WINDOWS\qegbdmwf.dll [ ]
"pntqkflv"= {B01F010E-8DF1-4A85-BD49-5CC79AECC62B} - C:\WINDOWS\pntqkflv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifefDvt]
iifefDvt.dll 2008-06-29 14:44 33280 C:\WINDOWS\system32\iifefDvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\System32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []

*Newly Created Service* - catchme
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 20:43:33
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iifefDvt.dll
.
Completion time: 2008-06-29 20:43:50
ComboFix-quarantined-files.txt  2008-06-29 18:43:49
ComboFix2.txt  2008-06-29 18:38:53
ComboFix3.txt  2008-06-29 13:26:46

Pre-Run: 50,436,079,616 bajtów wolnych
Post-Run: 50,425,008,128 bajtów wolnych

229


i kod z hjackthis 2.02

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:46, on 2008-06-30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\msvecurity.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: gxvpsafm - {B1E0C6DC-BBEA-4DE1-BFCA-70362CD86579} - C:\WINDOWS\gxvpsafm.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BM6bcac926] Rundll32.exe "C:\WINDOWS\System32\tagbypjo.dll",s
O4 - HKLM\..\Run: [68f9faba] rundll32.exe "C:\WINDOWS\System32\aabhrsmk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68282c51-9459-467b-95bf-3c0e89627e55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O21 - SSODL: qegbdmwf - {B422879B-0643-42E6-BBD9-8B7E6A400E06} - C:\WINDOWS\qegbdmwf.dll (file missing)
O21 - SSODL: pntqkflv - {B01F010E-8DF1-4A85-BD49-5CC79AECC62B} - C:\WINDOWS\pntqkflv.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 4214 bytes


Czy moze ktos mi pomoc to swinstwo usunac
z gory dziekuje i pozdrawiam

[Okocza]

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)


potem nowy log z combofixa i hj

[Magik]

romanienko dlaczego nie edytowales poprzedneigo topicku tylko stawiasz nowy...malo tego stawiasz 2, slownie DWA nowe takie same topicki



okocza tutaj sobie odpuszcze bo ktos kto chcialby byc pomocnikiem w tym dziale posty moglby zglaszac to raz, dwa nie pisze slepo byle napisac i sobie pojsc

co mnie to obchodzi prawda

do autora na fix w trybie awaryjnym:

Kod: Zaznacz wszystko

O4 - HKLM\..\Run: [BM6bcac926] Rundll32.exe "C:\WINDOWS\System32\tagbypjo.dll",s
O4 - HKLM\..\Run: [68f9faba] rundll32.exe "C:\WINDOWS\System32\aabhrsmk.dll",b
O21 - SSODL: qegbdmwf - {B422879B-0643-42E6-BBD9-8B7E6A400E06} - C:\WINDOWS\qegbdmwf.dll (file missing)
O21 - SSODL: pntqkflv - {B01F010E-8DF1-4A85-BD49-5CC79AECC62B} - C:\WINDOWS\pntqkflv.dll (file missing)
O3 - Toolbar: gxvpsafm - {B1E0C6DC-BBEA-4DE1-BFCA-70362CD86579} - C:\WINDOWS\gxvpsafm.dll (file missing)
O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe