proszę o sprawdzenie loga

**Posty:** 10 · przez **Iluvatar** 24 Sie 2007, 12:44

Witam. Mam problem z plikiem vcmgcd32.dll. Próbowałem już różnych metod z tego forum, ale niestety nie pomagało, dlatego proszę o pomoc, gdyz może coś innego jeszcze mi "siedzi" w kompie. Z góry dziękuje za pomoc.

Log z HijackThis

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 12:27:54, on 2007-08-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe K:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe K:\Program Files\Konnekt\konnekt.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe K:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Trol\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] K:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVP] "K:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Konnekt] "K:\Program Files\Konnekt\konnekt.exe" /autostart O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - K:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1FF549FD-29CB-493A-B4A9-7E36A90FE97B}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{1FF549FD-29CB-493A-B4A9-7E36A90FE97B}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{1FF549FD-29CB-493A-B4A9-7E36A90FE97B}: NameServer = 194.204.159.1 217.98.63.164 O20 - AppInit_DLLs: K:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - K:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

Oraz log z Silent Runners

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Konnekt" = ""K:\Program Files\Konnekt\konnekt.exe" /autostart" ["Stamina"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."] "AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."] "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string] "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"] "QuickTime Task" = ""C:\WINDOWS\system32\qttask.exe" -atboottime" ["Apple Computer, Inc."] "WinampAgent" = "K:\Program Files\Winamp\winampa.exe" [null data] "AVP" = ""K:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind" -> {HKLM...CLSID} = "Microsoft Office Binder Unbind" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW" -> {HKLM...CLSID} = "Statystyki dla ochrony WWW" \InProcServer32\(Default) = "K:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "K:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "K:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "K:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Trol\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "Trol" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "K:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Statystyki dla ochrony WWW" Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] ---------- (launch time: 2007-08-24 12:28:16) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 51 seconds, including 7 seconds for message boxes)

Jeszcze raz z góry dziękuję.

Zdravim

**Posty:** 18165 · przez **wojtas** 24 Sie 2007, 16:47

daj loga z combofixa

**Posty:** 10 · przez **Iluvatar** 24 Sie 2007, 16:57

Mówisz-masz.

Log z ComboFix

Kod: Zaznacz wszystko: ComboFix 07-08-17.2 - "Trol" 2007-08-24 16:46:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.656 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 ))))))))))))))))))))))))))))))) 2007-08-24 16:46 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-24 15:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-08-24 14:03 545,280 --a------ C:\WINDOWS\system32\win26616.dll 2007-08-24 13:47 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-08-24 13:47 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-08-24 13:47 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-08-24 13:47 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-08-24 13:47 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-08-24 13:47 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll 2007-08-24 13:36 <DIR> d-------- C:\Program Files\HP 2007-08-24 13:36 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-08-24 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab 2007-08-24 11:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab Setup Files 2007-08-24 10:30 545,280 --a------ C:\WINDOWS\system32\win20326.dll 2007-08-23 22:07 545,280 --a------ C:\WINDOWS\system32\win59571.dll 2007-08-23 18:43 545,280 --a------ C:\WINDOWS\system32\win36503.dll 2007-08-23 18:43 39,936 --a------ C:\WINDOWS\system32\winresponse32.exe 2007-08-23 18:43 14,829 --a------ C:\WINDOWS\winddlll.exe 2007-08-20 07:31 714 --a------ C:\WINDOWS\unins000.dat 2007-08-19 20:57 <DIR> d-------- C:\DOCUME~1\Trol\DANEAP~1\Help 2007-08-19 20:26 36,864 --a------ C:\WINDOWS\system32\vcmgcd32.dll 2007-08-19 19:43 1,156 --a------ C:\WINDOWS\mozver.dat 2007-08-19 17:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-08-19 17:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-08-19 17:58 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-08-19 17:58 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-08-19 17:58 356,352 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-08-19 17:58 267,776 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-08-19 17:58 2,820,544 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-08-19 17:58 1,986,560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-08-19 17:58 1,315,712 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-08-19 17:57 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-08-19 17:56 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-08-19 17:56 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-08-19 17:56 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-08-19 17:56 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-08-19 17:56 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-08-19 17:56 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-08-19 17:56 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-08-19 17:56 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-08-19 17:56 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-08-19 17:56 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-08-19 17:56 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-08-19 17:56 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-08-19 17:56 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-08-19 17:56 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-08-19 17:56 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-08-19 17:56 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-08-19 17:56 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-08-19 17:56 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-08-19 17:56 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-08-19 17:56 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-08-19 17:56 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-08-19 17:56 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-08-19 17:56 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-08-19 17:56 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-08-19 17:56 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-08-19 17:56 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-08-19 17:56 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne 2007-08-19 17:56 <DIR> dr------- C:\Program Files 2007-08-19 17:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start 2007-08-19 17:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty 2007-08-19 17:56 <DIR> d--hs---- C:\WINDOWS\Installer 2007-08-19 17:56 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony 2007-08-19 17:56 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines 2007-08-19 17:56 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-08-19 17:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione 2007-08-19 17:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit 2007-08-19 17:55 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji 2007-08-19 17:55 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji 2007-08-19 17:55 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start 2007-08-19 17:55 <DIR> d--hs---- C:\System Volume Information 2007-08-19 17:55 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony 2007-08-19 17:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-08-19 17:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-08-19 17:55 <DIR> d-------- C:\Documents and Settings 2007-08-19 17:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-24 14:03 359040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-08-24 12:12 364544 --a------ C:\WINDOWS\system32\atiptaxx.exe 2007-08-20 12:32 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-08-19 16:54 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-08-19 16:51 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-08-19 16:50 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-08-24 12:12 C:\WINDOWS\SOUNDMAN.EXE] "AtiPTA"="atiptaxx.exe" [2007-08-24 12:12 C:\WINDOWS\system32\atiptaxx.exe] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2007-08-24 12:08] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-08-24 12:21] "WinampAgent"="K:\Program Files\Winamp\winampa.exe" [2007-08-24 12:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44] "Konnekt"="K:\Program Files\Konnekt\konnekt.exe" [2007-08-24 12:08] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-19 16:53:56] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56] R1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys S3 GMSIPCI;GMSIPCI;\??\M:\INSTALL\GMSIPCI.SYS ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-24 16:47:04 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-24 16:47:32 --- E O F ---

Zdravim

**Posty:** 18165 · przez **wojtas** 24 Sie 2007, 20:07

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\win26616.dll
C:\WINDOWS\system32\win20326.dll
C:\WINDOWS\system32\win59571.dll
C:\WINDOWS\system32\win36503.dll
C:\WINDOWS\system32\winresponse32.exe
C:\WINDOWS\winddlll.exe
C:\WINDOWS\system32\vcmgcd32.dll

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z combofixa

**Posty:** 10 · przez **Iluvatar** 24 Sie 2007, 21:03

Wykonane. oto logi:

Avenger

Kod: Zaznacz wszystko: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xbjirkey ******************* Script file located at: \??\C:\Documents and Settings\aoovsemj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\win26616.dll deleted successfully. File C:\WINDOWS\system32\win20326.dll deleted successfully. File C:\WINDOWS\system32\win59571.dll deleted successfully. File C:\WINDOWS\system32\win36503.dll deleted successfully. File C:\WINDOWS\system32\winresponse32.exe deleted successfully. File C:\WINDOWS\winddlll.exe deleted successfully. File C:\WINDOWS\system32\vcmgcd32.dll deleted successfully. Completed script processing. ******************* Finished! Terminate.

Log z ComboFix

Kod: Zaznacz wszystko: ComboFix 07-08-17.2 - "Trol" 2007-08-24 20:44:18.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.744 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 ))))))))))))))))))))))))))))))) 2007-08-24 16:46 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-24 15:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-08-24 13:47 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-08-24 13:47 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-08-24 13:47 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-08-24 13:47 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-08-24 13:47 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-08-24 13:47 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll 2007-08-24 13:36 <DIR> d-------- C:\Program Files\HP 2007-08-24 13:36 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-08-24 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab 2007-08-24 11:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab Setup Files 2007-08-20 07:31 714 --a------ C:\WINDOWS\unins000.dat 2007-08-19 20:57 <DIR> d-------- C:\DOCUME~1\Trol\DANEAP~1\Help 2007-08-19 20:26 36,864 --a------ C:\WINDOWS\system32\vcmgcd32.dll 2007-08-19 19:43 1,156 --a------ C:\WINDOWS\mozver.dat 2007-08-19 17:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-08-19 17:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-08-19 17:58 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-08-19 17:58 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-08-19 17:58 356,352 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-08-19 17:58 267,776 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-08-19 17:58 2,820,544 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-08-19 17:58 1,986,560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-08-19 17:58 1,315,712 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-08-19 17:57 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-08-19 17:56 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-08-19 17:56 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-08-19 17:56 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-08-19 17:56 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-08-19 17:56 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-08-19 17:56 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-08-19 17:56 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-08-19 17:56 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-08-19 17:56 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-08-19 17:56 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-08-19 17:56 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-08-19 17:56 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-08-19 17:56 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-08-19 17:56 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-08-19 17:56 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-08-19 17:56 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-08-19 17:56 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-08-19 17:56 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-08-19 17:56 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-08-19 17:56 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-08-19 17:56 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-08-19 17:56 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-08-19 17:56 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-08-19 17:56 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-08-19 17:56 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-08-19 17:56 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-08-19 17:56 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne 2007-08-19 17:56 <DIR> dr------- C:\Program Files 2007-08-19 17:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start 2007-08-19 17:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty 2007-08-19 17:56 <DIR> d--hs---- C:\WINDOWS\Installer 2007-08-19 17:56 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony 2007-08-19 17:56 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines 2007-08-19 17:56 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-08-19 17:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione 2007-08-19 17:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit 2007-08-19 17:55 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji 2007-08-19 17:55 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji 2007-08-19 17:55 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start 2007-08-19 17:55 <DIR> d--hs---- C:\System Volume Information 2007-08-19 17:55 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony 2007-08-19 17:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-08-19 17:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-08-19 17:55 <DIR> d-------- C:\Documents and Settings 2007-08-19 17:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione 2007-08-19 17:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit 2007-08-19 17:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty 2007-08-19 17:49 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache 2007-08-19 17:49 <DIR> dr--s---- C:\WINDOWS\Fonts 2007-08-19 17:49 <DIR> dr------- C:\WINDOWS\Web 2007-08-19 17:49 <DIR> d--h----- C:\WINDOWS\inf (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-24 14:03 359040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-08-24 12:12 364544 --a------ C:\WINDOWS\system32\atiptaxx.exe 2007-08-20 12:32 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-08-19 16:54 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-08-19 16:51 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-08-19 16:50 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-08-24 12:12 C:\WINDOWS\SOUNDMAN.EXE] "AtiPTA"="atiptaxx.exe" [2007-08-24 12:12 C:\WINDOWS\system32\atiptaxx.exe] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2007-08-24 12:08] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-08-24 12:21] "WinampAgent"="K:\Program Files\Winamp\winampa.exe" [2007-08-24 12:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44] "Konnekt"="K:\Program Files\Konnekt\konnekt.exe" [2007-08-24 12:08] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-19 16:53:56] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56] R1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys S3 GMSIPCI;GMSIPCI;\??\M:\INSTALL\GMSIPCI.SYS ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-24 20:44:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [2616] 0x8626C808 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-24 20:45:05 --- E O F ---

Zdravim

**Posty:** 18165 · przez **wojtas** 24 Sie 2007, 21:08

C:\WINDOWS\system32\vcmgcd32.dll

ten plik jest od wirusa Sality, który zabija wszystkie exeki wszystkich partycji.. zlapanie tego wirusa konczy sie niestety formatem... ale sprobujmy

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\WINDOWS\system32\vcmgcd32.dll

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

potem nowy log z combo oraz z gmera:

sciagnij gmera:

http://gmer.net/gmer.zip

Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

**Posty:** 10 · przez **Iluvatar** 25 Sie 2007, 13:53

Zrobione. Oto logi:

Log z ComboFix

Kod: Zaznacz wszystko: ComboFix 07-08-17.2 - "Trol" 2007-08-25 13:35:44.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.735 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 ))))))))))))))))))))))))))))))) 2007-08-25 13:12 <DIR> d-------- C:\!KillBox 2007-08-25 12:58 <DIR> d-------- C:\DOCUME~1\Trol\DANEAP~1\Gadu-Gadu 2007-08-25 12:54 <DIR> d-------- C:\DOCUME~1\Trol\Gadu-Gadu 2007-08-25 11:15 545,280 --a------ C:\WINDOWS\system32\win14807.dll 2007-08-24 21:01 545,280 --a------ C:\WINDOWS\system32\win8557.dll 2007-08-24 21:01 39,936 --a------ C:\WINDOWS\system32\winresponse32.exe 2007-08-24 21:01 34,816 --a------ C:\WINDOWS\winddlll.exe 2007-08-24 16:46 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-24 15:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-08-24 13:47 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2007-08-24 13:47 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2007-08-24 13:47 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2007-08-24 13:47 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2007-08-24 13:47 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2007-08-24 13:47 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll 2007-08-24 13:36 <DIR> d-------- C:\Program Files\HP 2007-08-24 13:36 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-08-24 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab 2007-08-24 11:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab Setup Files 2007-08-20 07:31 714 --a------ C:\WINDOWS\unins000.dat 2007-08-19 20:57 <DIR> d-------- C:\DOCUME~1\Trol\DANEAP~1\Help 2007-08-19 20:26 36,864 --a------ C:\WINDOWS\system32\vcmgcd32.dll 2007-08-19 19:43 1,156 --a------ C:\WINDOWS\mozver.dat 2007-08-19 17:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-08-19 17:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-08-19 17:58 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-08-19 17:58 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-08-19 17:58 356,352 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-08-19 17:58 267,776 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-08-19 17:58 2,820,544 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-08-19 17:58 1,986,560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-08-19 17:58 1,315,712 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-08-19 17:57 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-08-19 17:56 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-08-19 17:56 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-08-19 17:56 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-08-19 17:56 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-08-19 17:56 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-08-19 17:56 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-08-19 17:56 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-08-19 17:56 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-08-19 17:56 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-08-19 17:56 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-08-19 17:56 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-08-19 17:56 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-08-19 17:56 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-08-19 17:56 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-08-19 17:56 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-08-19 17:56 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-08-19 17:56 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-08-19 17:56 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-08-19 17:56 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-08-19 17:56 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-08-19 17:56 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-08-19 17:56 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-08-19 17:56 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-08-19 17:56 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-08-19 17:56 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-08-19 17:56 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-08-19 17:56 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-08-19 17:56 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-08-19 17:56 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-08-19 17:56 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne 2007-08-19 17:56 <DIR> dr------- C:\Program Files 2007-08-19 17:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start 2007-08-19 17:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty 2007-08-19 17:56 <DIR> d--hs---- C:\WINDOWS\Installer 2007-08-19 17:56 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony 2007-08-19 17:56 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines 2007-08-19 17:56 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-08-19 17:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione 2007-08-19 17:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit 2007-08-19 17:55 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji 2007-08-19 17:55 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji 2007-08-19 17:55 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start 2007-08-19 17:55 <DIR> d--hs---- C:\System Volume Information 2007-08-19 17:55 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony 2007-08-19 17:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-08-19 17:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-08-19 17:55 <DIR> d-------- C:\Documents and Settings (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 11:15 359040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-08-24 12:12 364544 --a------ C:\WINDOWS\system32\atiptaxx.exe 2007-08-20 12:32 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-08-19 16:54 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-08-19 16:51 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-08-19 16:50 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-08-24 12:12 C:\WINDOWS\SOUNDMAN.EXE] "AtiPTA"="atiptaxx.exe" [2007-08-24 12:12 C:\WINDOWS\system32\atiptaxx.exe] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2007-08-24 12:08] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-08-24 12:21] "WinampAgent"="K:\Program Files\Winamp\winampa.exe" [2007-08-24 12:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44] "Konnekt"="K:\Program Files\Konnekt\konnekt.exe" [2007-08-24 12:08] "Gadu-Gadu"="K:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-19 16:53:56] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56] R1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys S3 GMSIPCI;GMSIPCI;\??\M:\INSTALL\GMSIPCI.SYS ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-25 13:36:19 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-25 13:36:43 --- E O F ---

Log z gmer

Kod: Zaznacz wszystko: GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-08-25 13:39:06 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.13 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI Service [DISABLED] ACPIEC Service C:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [SYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\Ati2evxx.exe [AUTO] Ati HotKey Poller Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag Service Atierecord Service C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [SYSTEM] atitray Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [SYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service C:\DOCUME~1\Trol\USTAWI~1\Temp\catchme.sys [MANUAL] catchme Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [SYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [SYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr Service [SYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service M:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [BOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [SYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass Service [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [SYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [BOOT] Mup Service [BOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [SYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [SYSTEM] Null Service nv4 Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [BOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI Service [SYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial Service C:\WINDOWS\System32\drivers\sfdrv01.sys [BOOT] sfdrv01 Service C:\WINDOWS\System32\drivers\sfhlp02.sys [BOOT] sfhlp02 Service [SYSTEM] Sfloppy Service C:\WINDOWS\System32\drivers\sfsync02.sys [BOOT] sfsync02 Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] usbstor Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys [BOOT] viaagp1 Service C:\WINDOWS\system32\DRIVERS\viaide.sys [BOOT] ViaIde Service [BOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service [SYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov ---- EOF - GMER 1.0.13 ----

Mam nadzieję, że format nie będzie konieczny. Co ciekawe robiłem jakiś tydzień temu formata, neta nie miałem, więc się nie łączyłem, a ten wredny vcmgcd32.dll siedział w kompie. nie jest to na 100% pewne, ale gdzieś na 90%. I jeszcze jedna rzecz, którą zauważyłem wczoraj. Czasem, gdy jestem podłączony do neta (mam NeoTP) głośniczek od kompa wydaje znajome piiiiiii, które trwa ok. 0.5 sek, i neo sie rozłącza w taki sposób, że żeby się znów połączyć, to trzeba program od neostrady uruchomić na nowo. To na razie tyle.

Zdravim

**Posty:** 18165 · przez **wojtas** 25 Sie 2007, 16:58

niestety nic sie nie da zrobic wirus ciagle powraca jedym rozwiazaniem jest format wszystkich partycji :cry:

**Posty:** 10 · przez **Iluvatar** 26 Sie 2007, 20:01

No nic. Mówi się trudno. Ale mam nadzieję, że takie rzeczy, jak dokumenty z Worda, Excela, własne strony internetowe i programiki oraz zdjęcia mogę spokojnie zgrać na płytki?

Zdravim

**Posty:** 18165 · przez **wojtas** 26 Sie 2007, 20:38

Iluvatar napisał(a):jak dokumenty z Worda, Excela, własne strony internetowe i programiki oraz zdjęcia mogę spokojnie zgrać na płytki?

no wlasnie tu jest problem bo mozesz nagrac zainfekowane exe i znowu wirus wroci....

**Posty:** 10 · przez **Iluvatar** 27 Sie 2007, 13:26

Ale mam nadzieje, że wszystkie pliki, nie będące .exe mogę spokojnie zgrywać?

Zdravim

**Posty:** 18165 · przez **wojtas** 27 Sie 2007, 15:55

Iluvatar napisał(a):.exe mogę spokojnie zgrywać?

sadze ze raczej tak

Autor postu otrzymał pochwałę

**Posty:** 10 · przez **Iluvatar** 28 Sie 2007, 12:26

Wielkie dzięki za pomoc.

Zdravim

proszę o sprawdzenie loga

proszę o sprawdzenie loga

Kto jest na forum