proszę o sprawdzenie loga

**Posty:** 9 · przez **Endriuu** 10 Mar 2008, 14:25

Proszę o sprawdzenie loga na pulpicie pokazują mi się 3 ikonki :
- Privacy Protector
- Error Cleaner
- Spyware&Malware Protection
Ponadto otwierają mi się różne strony z programami do skanowania
Zaznaczam, że troszeczkę poczytałem o podobnych problemach, jednak dalej jestem zielona. Wykonałem wszystkie polecenia ze strony http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html, jednak bez zamierzonego efektu. Proszę o pomoc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:50, on 2008-03-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\winlugan.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\DOCUME~1\Endriu\USTAWI~1\Temp\winlogan.exe
C:\DOCUME~1\Endriu\USTAWI~1\Temp\winlogan.exe
C:\DOCUME~1\Endriu\USTAWI~1\Temp\lsass.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Endriu\ie_updates3r.exe
C:\Documents and Settings\Endriu\Moje dokumenty\Tlen.pl\tlen.exe
C:\WINDOWS\system32\~.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.clickteam.com/unregistered_IMP.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RDL Rolex - {0CB4765E-BF84-461A-B820-E61D8CD7A9E2} - C:\WINDOWS\dkxrstqqlx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: C:\WINDOWS\system32\Hjd94fg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Hjd94fg.dll
O2 - BHO: C:\WINDOWS\system32\Kf93jfg.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Kf93jfg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: enlfxgw - {B01B1DB1-AEBB-4920-A353-88E1C97BCA2E} - C:\WINDOWS\enlfxgw.dll
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\DOCUME~1\Endriu\USTAWI~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\DOCUME~1\Endriu\USTAWI~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Gsfjefefue9fidjfod] C:\DOCUME~1\Endriu\USTAWI~1\Temp\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1BC340A-51E2-4B68-8563-C773DF5CF711}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2369A9-1E95-47CA-A1C8-76361805F20B}: NameServer = 217.30.137.200,217.30.129.149
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
O21 - SSODL: apdqnxp - {F5938AFC-02E8-4E85-AA8B-97111C430552} - C:\WINDOWS\apdqnxp.dll
O21 - SSODL: btrklfr - {E168A270-D526-4631-84C2-D36F112CE7E6} - C:\WINDOWS\btrklfr.dll
O21 - SSODL: SetupSetup - {d9c1cd4e-2c61-4100-b6ac-1dc7068d1d26} - C:\WINDOWS\Installer\{d9c1cd4e-2c61-4100-b6ac-1dc7068d1d26}\SetupSetup.dll
O21 - SSODL: zip - {b78a6ee6-464b-47c0-9508-bf4ac0335e24} - C:\WINDOWS\Installer\{b78a6ee6-464b-47c0-9508-bf4ac0335e24}\zip.dll
O21 - SSODL: MonVolume - {161b2349-f190-481f-9d78-8c53119ee78f} - C:\WINDOWS\Installer\{161b2349-f190-481f-9d78-8c53119ee78f}\MonVolume.dll
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Hjd94fg.dll
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Kf93jfg.dll
O23 - Service: 1Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlugan.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 8977 bytes

**Posty:** 18165 · przez **wojtas** 10 Mar 2008, 16:44

Wykonaj to co jest podane w tym temacie

zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

**Posty:** 9 · przez **Endriuu** 10 Mar 2008, 21:22

Użyłem smitfraudfix i sdefixa. Nie wiem czy wszystko zostało zrobione poprawnie, ponieważ przez cały czas, praca blokowana byla przez komunikaty pod tytułem "zły obraz". Na koniec smitfraudfixa pojawił się komunikat, że rejestr został zablokowany przez administratora.
Po zakończeniu Sdfixa, komputer sam nie zrestarował. Uczyniłem to sam. W ogóle to co się dzieje z kompem to trudno opisać. Próbuję wysłać tę wiadomość od kilku godzin. Z każdą godziną jest co raz trudniej zrobić co kolwiek. Nie mogę znaleźć w pliku sdfixa Report.txt. NIe bardzo wiem, gdzi znajduje się log z combofixa. Przesyłam log z hijacka

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20, on 2008-03-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\winlugan.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\DOCUME~1\Endriu\USTAWI~1\Temp\lsass.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.clickteam.com/unregistered_IMP.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RDL Rolex - {0CB4765E-BF84-461A-B820-E61D8CD7A9E2} - C:\WINDOWS\dkxrstqqlx.dll (file missing)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: C:\WINDOWS\system32\Hjd94fg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Hjd94fg.dll
O2 - BHO: C:\WINDOWS\system32\Kf93jfg.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Kf93jfg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1205157916.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: enlfxgw - {B01B1DB1-AEBB-4920-A353-88E1C97BCA2E} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [advap32] c:\cwwkxwu.exe/r
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Gsfjefefue9fidjfod] C:\DOCUME~1\Endriu\USTAWI~1\Temp\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Gsfjefefue9fidjfod] C:\WINDOWS\TEMP\lsass.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1BC340A-51E2-4B68-8563-C773DF5CF711}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2369A9-1E95-47CA-A1C8-76361805F20B}: NameServer = 217.30.137.200,217.30.129.149
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: apdqnxp - {F5938AFC-02E8-4E85-AA8B-97111C430552} - C:\WINDOWS\apdqnxp.dll (file missing)
O21 - SSODL: btrklfr - {E168A270-D526-4631-84C2-D36F112CE7E6} - C:\WINDOWS\btrklfr.dll (file missing)
O21 - SSODL: SetupSetup - {d9c1cd4e-2c61-4100-b6ac-1dc7068d1d26} - C:\WINDOWS\Installer\{d9c1cd4e-2c61-4100-b6ac-1dc7068d1d26}\SetupSetup.dll (file missing)
O21 - SSODL: zip - {b78a6ee6-464b-47c0-9508-bf4ac0335e24} - C:\WINDOWS\Installer\{b78a6ee6-464b-47c0-9508-bf4ac0335e24}\zip.dll (file missing)
O21 - SSODL: MonVolume - {161b2349-f190-481f-9d78-8c53119ee78f} - C:\WINDOWS\Installer\{161b2349-f190-481f-9d78-8c53119ee78f}\MonVolume.dll (file missing)
O21 - SSODL: PrxKernel - {651418ae-e80d-4dd5-bb1a-f1d284ce7111} - C:\WINDOWS\Installer\{651418ae-e80d-4dd5-bb1a-f1d284ce7111}\PrxKernel.dll (file missing)
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Hjd94fg.dll
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Kf93jfg.dll
O23 - Service: 1Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlugan.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Harmonogram zadań (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 11858 bytes

**Posty:** 18165 · przez **wojtas** 10 Mar 2008, 22:20

Wykonaj to co jest podane w tym temacie

Uruchamiasz HijackThis => klikasz Do a system scan only => pokaże się lista wpisów => stawiasz ptaszek przy wpisach, które wymieniłem => klikasz Fix checked i potwierdzasz usunięcie.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.clickteam.com/unregistered_IMP.html
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: RDL Rolex - {0CB4765E-BF84-461A-B820-E61D8CD7A9E2} - C:\WINDOWS\dkxrstqqlx.dll (file missing)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: C:\WINDOWS\system32\Hjd94fg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Hjd94fg.dll
O2 - BHO: C:\WINDOWS\system32\Kf93jfg.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Kf93jfg.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1205157916.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: enlfxgw - {B01B1DB1-AEBB-4920-A353-88E1C97BCA2E} - C:\WINDOWS\enlfxgw.dll (file missing)
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Gsfjefefue9fidjfod] C:\DOCUME~1\Endriu\USTAWI~1\Temp\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Gsfjefefue9fidjfod] C:\WINDOWS\TEMP\lsass.exe (User 'SYSTEM')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: apdqnxp - {F5938AFC-02E8-4E85-AA8B-97111C430552} - C:\WINDOWS\apdqnxp.dll (file missing)
O21 - SSODL: btrklfr - {E168A270-D526-4631-84C2-D36F112CE7E6} - C:\WINDOWS\btrklfr.dll (file missing)
O21 - SSODL: SetupSetup - {d9c1cd4e-2c61-4100-b6ac-1dc7068d1d26} - C:\WINDOWS\Installer\{d9c1cd4e-2c61-4100-b6ac-1dc7068d1d26}\SetupSetup.dll (file missing)
O21 - SSODL: zip - {b78a6ee6-464b-47c0-9508-bf4ac0335e24} - C:\WINDOWS\Installer\{b78a6ee6-464b-47c0-9508-bf4ac0335e24}\zip.dll (file missing)
O21 - SSODL: MonVolume - {161b2349-f190-481f-9d78-8c53119ee78f} - C:\WINDOWS\Installer\{161b2349-f190-481f-9d78-8c53119ee78f}\MonVolume.dll (file missing)
O21 - SSODL: PrxKernel - {651418ae-e80d-4dd5-bb1a-f1d284ce7111} - C:\WINDOWS\Installer\{651418ae-e80d-4dd5-bb1a-f1d284ce7111}\PrxKernel.dll (file missing)
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Hjd94fg.dll
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Kf93jfg.dll
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\marwin32.dll
c:\cwwkxwu.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
C:\DOCUME~1\Endriu\USTAWI~1\Temp\lsass.exe
C:\WINDOWS\system32\spoolvs.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\wowfx.dll
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
C:\WINDOWS\SYSTEM32\WLCtrl32.dll
C:\WINDOWS\system32\Hjd94fg.dll
C:\WINDOWS\system32\Kf93jfg.dll
C:\WINDOWS\system32\winlugan.exe
C:\WINDOWS\System32\CbEvtSvc.exe

Folder::
C:\Program Files\BraveSentry

Driver::
Schedule
ICF
CbEvtSvc
1Google Online Search Service
CcEvtSvc

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum (bedzie na dysku C ) oraz nowy log z Hijacka

**Posty:** 9 · przez **Endriuu** 10 Mar 2008, 23:41

ComboFix 08-03-10.1 - Endriu 2008-03-10 22:08:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.34 [GMT 1:00]
Running from: C:\Documents and Settings\Endriu\Pulpit\ściąga\ComboFix.exe
Command switches used :: C:\Documents and Settings\Endriu\Pulpit\ťci¦ga\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Endriu\Dane aplikacji\printer.exe
C:\Documents and Settings\Endriu\iexplorer.exe
C:\Documents and Settings\Ira\Pulpit\Error Cleaner.url
C:\Documents and Settings\Ira\Pulpit\Privacy Protector.url
C:\Documents and Settings\Ira\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\Ira\Ulubione\Error Cleaner.url
C:\Documents and Settings\Ira\Ulubione\Privacy Protector.url
C:\Documents and Settings\Ira\Ulubione\Spyware&Malware Protection.url
C:\Documents and Settings\LocalService\Dane aplikacji\Install.dat
C:\Documents and Settings\LocalService\Dane aplikacji\microsoft\internet explorer\Desktop.htt
C:\Documents and Settings\LocalService\Dane aplikacji\printer.exe
C:\Documents and Settings\Szymek\Ulubione\Error Cleaner.url
C:\Documents and Settings\Szymek\Ulubione\Privacy Protector.url
C:\Documents and Settings\Szymek\Ulubione\Spyware&Malware Protection.url
C:\WINDOWS\mrofinu27.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\config\48384220.Evt
C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Brave-Sentry
C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Brave-Sentry\BraveSentry.lnk
C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Brave-Sentry\Uninstall.lnk
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\Uwt53.sys
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\wowfx.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_ASC3550P
-------\LEGACY_CCEVTSVC
-------\LEGACY_CSC50
-------\LEGACY_ICF
-------\asc3550p
-------\CcEvtSvc
-------\ICF

((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.

2008-03-10 18:49 . 2008-03-10 18:50 <DIR> d-------- C:\SDFix
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-03-10 17:01 . 2005-11-12 19:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-03-10 17:01 . 2008-03-10 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-03-10 16:48 . 2008-03-10 16:48 2,850 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-10 16:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-10 16:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-10 16:47 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-10 16:47 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-10 16:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-10 16:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-10 16:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-10 16:24 . 2008-03-10 16:27 <DIR> d-------- C:\Documents and Settings\Endriu\SmitfraudFix
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\zango
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\stc
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\180solutions
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\180search assistant
2008-03-10 15:36 . 2008-03-10 15:36 21,504 --a------ C:\WINDOWS\didduid.ini
2008-03-10 15:35 . 2008-03-10 15:35 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-10 15:24 . 2008-03-10 15:24 167,936 --a------ C:\WINDOWS\system32\drivers\Csc50.sys
2008-03-10 15:22 . 2008-03-10 15:22 86,528 --a------ C:\Documents and Settings\LocalService\Dane aplikacji\1336109139.exe
2008-03-10 15:21 . 2008-03-10 15:22 155,648 --a------ C:\Documents and Settings\LocalService\Dane aplikacji\1346529998.exe
2008-03-10 15:21 . 2008-03-10 15:21 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-03-10 15:07 . 2008-03-10 15:08 129,920 --a------ C:\WINDOWS\system32\diperto7f41-8b4.sys
2008-03-10 15:06 . 2008-03-10 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-03-10 15:06 . 2008-03-10 15:04 60,928 --a------ C:\WINDOWS\system32\CbEvtSvc.exe
2008-03-10 15:06 . 2008-03-10 17:13 45,625 --a------ C:\WINDOWS\system32\diperto.ini
2008-03-10 15:04 . 2008-03-10 15:03 78,848 --a------ C:\WINDOWS\taskmon.exe
2008-03-10 15:02 . 2008-03-10 15:02 167,936 --a------ C:\WINDOWS\system32\drivers\riode32.sys
2008-03-10 15:02 . 2008-03-10 21:59 26,240 --a------ C:\WINDOWS\system32\drivers\Hnr47.sys
2008-03-10 15:02 . 2008-03-10 15:02 13,824 --a------ C:\WINDOWS\system32\m1ax1d121322116143v.exe
2008-03-10 15:02 . 2008-03-10 15:02 12,796 --a------ C:\WINDOWS\system32\n2ewma1xxsv2234.exe
2008-03-10 15:02 . 2008-03-10 15:02 2 --a------ C:\-1402250405
2008-03-10 15:01 . 2008-03-10 15:03 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-03-10 15:01 . 2008-03-10 15:01 58,368 --a------ C:\rdwavag.exe
2008-03-10 15:01 . 2008-03-10 15:01 25,727 --a------ C:\WINDOWS\system32\winmed.exe
2008-03-10 15:01 . 2008-03-10 15:00 16,848 --a------ C:\WINDOWS\system32\wind32.exe
2008-03-10 15:01 . 2008-03-10 22:16 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-10 15:01 . 2008-03-10 15:01 11,776 --a------ C:\cwwkxwu.exe
2008-03-10 15:01 . 2005-07-08 01:04 9,728 --a------ C:\findfast.exe
2008-03-10 15:01 . 2008-03-10 21:57 5,120 --a------ C:\Documents and Settings\LocalService\ftpdll.dll
2008-03-10 15:00 . 2008-03-10 15:00 85,660 --a------ C:\WINDOWS\system32\msgk414.exe
2008-03-10 15:00 . 2008-03-10 15:01 6,144 --a------ C:\mmhkj.exe
2008-03-10 12:00 . 2008-03-10 12:00 29 --a------ C:\WINDOWS\system32\sggwwtts.tmp
2008-03-10 11:58 . 2008-03-10 11:58 47,000 ---hs---- C:\WINDOWS\system32\drivers\spools.exe
2008-03-10 11:58 . 2008-03-10 21:57 5,120 --a------ C:\WINDOWS\system32\ftpdll.dll
2008-03-10 11:58 . 2008-03-10 11:58 5,120 --a------ C:\Documents and Settings\Endriu\ftpdll.dll
2008-03-10 11:56 . 2008-03-10 11:56 10,000 --a------ C:\WINDOWS\system32\Kf93jfg.dll
2008-03-10 11:55 . 2008-03-10 11:55 17,920 --a------ C:\WINDOWS\system32\msgk374.exe
2008-03-10 11:55 . 2008-03-10 11:55 17,920 --a------ C:\WINDOWS\system32\msgk230.exe
2008-03-10 11:55 . 2008-03-10 11:55 10,000 --a------ C:\WINDOWS\system32\Hjd94fg.dll
2008-03-10 11:54 . 2008-03-10 11:54 143,360 --a------ C:\WINDOWS\system32\msgk421.exe
2008-03-10 11:54 . 2008-03-10 15:01 32 --a------ C:\WINDOWS\system32\svchost.t__
2008-03-10 11:53 . 2008-03-10 11:53 3,301 --a------ C:\WINDOWS\system32\winlugan.exe
2008-03-10 11:53 . 2008-03-10 12:35 3,301 --a------ C:\Documents and Settings\Endriu\ie_updates3r.exe
2008-03-10 11:53 . 2008-03-10 21:46 248 --a------ C:\WINDOWS\system32\winlogans.tmp
2008-03-09 16:49 . 2008-03-09 16:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-09 11:14 . 2008-03-09 11:14 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ulead Systems
2008-03-08 18:17 . 2008-03-08 12:27 98,304 --a------ C:\WINDOWS\fqspogw.exe
2008-03-08 18:14 . 2008-03-08 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-03-08 18:14 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-08 18:14 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-08 18:14 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-08 18:14 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-08 18:10 . 2008-03-08 18:10 <DIR> d-------- C:\Program Files\Ulead Systems
2008-03-08 18:10 . 2008-03-08 18:12 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-07 15:51 . 2008-03-07 15:51 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-07 15:49 . 2008-03-07 15:49 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Program Files\MainConcept
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\MCMPEGEnc
2008-03-06 13:33 . 2008-03-06 13:38 119 --a------ C:\WINDOWS\LSXDEMO.INI
2008-03-05 19:08 . 2008-03-05 19:20 <DIR> d-------- C:\Program Files\Pegasus Imaging
2008-03-04 20:53 . 2008-03-04 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-04 17:53 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-03-04 17:53 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-03-04 17:53 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-03-04 17:53 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-03-04 17:53 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-03-04 13:24 . 2008-03-04 13:30 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-04 13:24 . 2008-03-04 13:24 <DIR> d--h----- C:\Documents and Settings\Endriu\InstallAnywhere
2008-03-04 10:16 . 2008-03-04 10:40 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\Tlen.pl
2008-03-02 16:58 . 2008-03-02 17:43 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ahead
2008-03-02 16:53 . 2008-03-02 16:53 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\DivX
2008-03-02 15:17 . 2008-03-02 15:17 83 --a------ C:\WINDOWS\Wwp.INI
2008-03-01 12:35 . 2008-03-01 12:35 <DIR> d-------- C:\WINDOWS\Mozilla
2008-03-01 11:19 . 2008-03-02 16:51 <DIR> d-------- C:\Program Files\DivX
2008-03-01 11:10 . 2008-03-01 11:11 <DIR> d-------- C:\Program Files\VD
2008-02-28 09:42 . 2008-02-28 09:42 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 21:16 --------- d-----w C:\Program Files\DialNet
2008-03-10 14:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 17:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-07 14:58 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Ulead Systems
2008-03-05 18:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 11:52 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\CyberLink
2008-02-28 08:46 --------- d-----w C:\Program Files\SubEdit-Player
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-14 13:17 --------- d-----w C:\Program Files\Serious Sam 2
2008-01-27 14:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-01-27 14:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 12:55 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-01-25 18:56 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Thunderbird
2008-01-25 18:32 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\ACD Systems
2008-01-22 20:18 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\ABBYY
2008-01-21 20:30 30,992 ----a-w C:\Documents and Settings\Endriu\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-01-21 18:57 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Corel
2008-01-21 12:08 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Corel
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 08:40 405504]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-07-11 17:11 561152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 13:59 59016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"advap32"="c:\cwwkxwu.exe/r" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]
"Hhjg5jfd93dftdf"="C:\WINDOWS\TEMP\winlogan.exe" [ ]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [ ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll 2008-03-10 11:55 13573 C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-10 22:16 11776 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.protected]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^autorun.exe]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^.protected]
path=C:\Documents and Settings\Endriu\Menu Start\Programy\Autostart\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^findfast.exe]
path=C:\Documents and Settings\Endriu\Menu Start\Programy\Autostart\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gsfjefefue9fidjfod]
C:\DOCUME~1\Endriu\USTAWI~1\Temp\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhjg5jfd93dftdf]
C:\DOCUME~1\Endriu\USTAWI~1\Temp\winlogan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2007-12-17 10:00 249856 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
---hs---- 2008-03-10 11:58 47000 C:\WINDOWS\system32\drivers\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]
C:\WINDOWS\system32\printer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu27.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
C:\WINDOWS\system32\spoolvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-11-12 21:22 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
--a------ 2008-03-10 15:00 16848 C:\WINDOWS\system32\wind32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemSv121]
--a------ 2008-03-10 15:02 12796 C:\WINDOWS\system32\n2ewma1xxsv2234.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMed]
--a------ 2008-03-10 15:01 25727 C:\WINDOWS\system32\winmed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\winav.exe"=
"C:\\WINDOWS\\system32\\winmed.exe"=

R0 Hnr47;Hnr47;C:\WINDOWS\system32\Drivers\Hnr47.sys [2008-03-10 21:59]
R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 12:43]
R2 1Google Online Search Service;1Google Online Search Service;C:\WINDOWS\system32\winlugan.exe [2008-03-10 11:53]
R2 diperto7f41-8b4;diperto7f41-8b4;C:\WINDOWS\system32\diperto7f41-8b4.sys [2008-03-10 15:08]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 16:27]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 16:27]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 16:27]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]
S4 CbEvtSvc;CbEvtSvc;C:\WINDOWS\System32\CbEvtSvc.exe [2008-03-10 15:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 19:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - Endriu.job"
- C:\PROGRA~1\NORTON~1\Navw32.exef/task:
"2008-03-10 11:09:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 22:17:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rqksgpu]
"ImagePath"="\??\C:\WINDOWS\Cursors\rqksgpu.cur"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DialNet\WrOS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-03-10 22:27:09 - machine was rebooted [Endriu]
ComboFix-quarantined-files.txt 2008-03-10 21:27:03
.
2007-12-31 13:51:09 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:18, on 2008-03-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\winlugan.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\DialNet\WrOS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [advap32] c:\cwwkxwu.exe/r
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1BC340A-51E2-4B68-8563-C773DF5CF711}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2369A9-1E95-47CA-A1C8-76361805F20B}: NameServer = 217.30.137.200,217.30.129.149
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: 1Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlugan.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 7028 bytes

**Posty:** 18165 · przez **wojtas** 11 Mar 2008, 16:51

sciagnij ATF_Cleaner
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\drivers\Csc50.sys
C:\Documents and Settings\LocalService\Dane aplikacji\1336109139.exe
C:\Documents and Settings\LocalService\Dane aplikacji\1346529998.exe
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\marwin32.dll
C:\WINDOWS\system32\diperto7f41-8b4.sys
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\diperto.ini
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\drivers\Hnr47.sys
C:\WINDOWS\system32\m1ax1d121322116143v.exe
C:\WINDOWS\system32\n2ewma1xxsv2234.exe
C:\-1402250405
C:\rdwavag.exe
C:\WINDOWS\system32\winmed.exe
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\WLCtrl32.dll
C:\cwwkxwu.exe
C:\findfast.exe
C:\Documents and Settings\LocalService\ftpdll.dll
C:\WINDOWS\system32\msgk414.exe
C:\mmhkj.exe
C:\WINDOWS\system32\sggwwtts.tmp
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\ftpdll.dll
C:\Documents and Settings\Endriu\ftpdll.dll
C:\WINDOWS\system32\Kf93jfg.dll
C:\WINDOWS\system32\msgk374.exe
C:\WINDOWS\fqspogw.exe
C:\WINDOWS\system32\msgk230.exe
C:\WINDOWS\system32\Hjd94fg.dll
C:\WINDOWS\system32\msgk421.exe
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\winlugan.exe
C:\Documents and Settings\Endriu\ie_updates3r.exe
C:\WINDOWS\system32\winlogans.tmp
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll

Folder::
C:\WINDOWS\FLEOK
C:\Program Files\zango
C:\Program Files\stc
C:\Program Files\180solutions
C:\Program Files\180searchassistant
C:\Program Files\180search assistant

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"advap32"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Hhjg5jfd93dftdf"=-
"Spoolsv"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\winav.exe"=-
"C:\\WINDOWS\\system32\\winmed.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.protected]
[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^autorun.exe]
[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^.protected]
[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^findfast.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gsfjefefue9fidjfod]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhjg5jfd93dftdf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemSv121]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMed]

Driver::
Hnr47
1Google Online Search Service
diperto7f41-8b4
CbEvtSvc

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 9 · przez **Endriuu** 11 Mar 2008, 19:01

ComboFix 08-03-10.1 - Endriu 2008-03-11 17:30:10.3 - NTFSx86
Running from: C:\Documents and Settings\Endriu\Pulpit\ściąga\ComboFix.exe
Command switches used :: C:\Documents and Settings\Endriu\Pulpit\ťci¦ga\CFScript.txt.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\symavc32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_FLRG61

((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-11 17:28 . 2008-03-11 17:28 167,936 --a------ C:\WINDOWS\system32\drivers\Flrg61.sys
2008-03-10 18:49 . 2008-03-10 18:50 <DIR> d-------- C:\SDFix
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-03-10 17:01 . 2005-11-12 19:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-03-10 17:01 . 2008-03-10 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-03-10 16:48 . 2008-03-10 16:48 2,850 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-10 16:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-10 16:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-10 16:47 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-10 16:47 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-10 16:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-10 16:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-10 16:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-10 16:24 . 2008-03-10 16:27 <DIR> d-------- C:\Documents and Settings\Endriu\SmitfraudFix
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\zango
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\stc
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\180solutions
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-10 15:36 . 2008-03-10 15:36 <DIR> d-------- C:\Program Files\180search assistant
2008-03-10 15:36 . 2008-03-10 15:36 21,504 --a------ C:\WINDOWS\didduid.ini
2008-03-10 15:35 . 2008-03-10 15:35 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-10 15:22 . 2008-03-10 15:22 86,528 --a------ C:\Documents and Settings\LocalService\Dane aplikacji\1336109139.exe
2008-03-10 15:21 . 2008-03-10 15:22 155,648 --a------ C:\Documents and Settings\LocalService\Dane aplikacji\1346529998.exe
2008-03-10 15:21 . 2008-03-10 15:21 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-03-10 15:07 . 2008-03-10 15:08 129,920 --a------ C:\WINDOWS\system32\diperto7f41-8b4.sys
2008-03-10 15:06 . 2008-03-10 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-03-10 15:06 . 2008-03-10 15:04 60,928 --a------ C:\WINDOWS\system32\CbEvtSvc.exe
2008-03-10 15:06 . 2008-03-10 17:13 45,625 --a------ C:\WINDOWS\system32\diperto.ini
2008-03-10 15:04 . 2008-03-10 15:03 78,848 --a------ C:\WINDOWS\taskmon.exe
2008-03-10 15:02 . 2008-03-10 15:02 167,936 --a------ C:\WINDOWS\system32\drivers\riode32.sys
2008-03-10 15:02 . 2008-03-11 17:14 26,240 --a------ C:\WINDOWS\system32\drivers\Hnr47.sys
2008-03-10 15:02 . 2008-03-10 15:02 13,824 --a------ C:\WINDOWS\system32\m1ax1d121322116143v.exe
2008-03-10 15:02 . 2008-03-10 15:02 12,796 --a------ C:\WINDOWS\system32\n2ewma1xxsv2234.exe
2008-03-10 15:02 . 2008-03-10 15:02 2 --a------ C:\-1402250405
2008-03-10 15:01 . 2008-03-10 15:03 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-03-10 15:01 . 2008-03-10 15:01 58,368 --a------ C:\rdwavag.exe
2008-03-10 15:01 . 2008-03-10 15:01 25,727 --a------ C:\WINDOWS\system32\winmed.exe
2008-03-10 15:01 . 2008-03-10 15:00 16,848 --a------ C:\WINDOWS\system32\wind32.exe
2008-03-10 15:01 . 2008-03-11 17:38 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-10 15:01 . 2008-03-10 15:01 11,776 --a------ C:\cwwkxwu.exe
2008-03-10 15:01 . 2005-07-08 01:04 9,728 --a------ C:\findfast.exe
2008-03-10 15:01 . 2008-03-10 21:57 5,120 --a------ C:\Documents and Settings\LocalService\ftpdll.dll
2008-03-10 15:00 . 2008-03-10 15:00 85,660 --a------ C:\WINDOWS\system32\msgk414.exe
2008-03-10 15:00 . 2008-03-10 15:01 6,144 --a------ C:\mmhkj.exe
2008-03-10 12:00 . 2008-03-10 12:00 29 --a------ C:\WINDOWS\system32\sggwwtts.tmp
2008-03-10 11:58 . 2008-03-10 11:58 47,000 ---hs---- C:\WINDOWS\system32\drivers\spools.exe
2008-03-10 11:58 . 2008-03-10 21:57 5,120 --a------ C:\WINDOWS\system32\ftpdll.dll
2008-03-10 11:58 . 2008-03-10 11:58 5,120 --a------ C:\Documents and Settings\Endriu\ftpdll.dll
2008-03-10 11:56 . 2008-03-10 11:56 10,000 --a------ C:\WINDOWS\system32\Kf93jfg.dll
2008-03-10 11:55 . 2008-03-10 11:55 17,920 --a------ C:\WINDOWS\system32\msgk374.exe
2008-03-10 11:55 . 2008-03-10 11:55 17,920 --a------ C:\WINDOWS\system32\msgk230.exe
2008-03-10 11:55 . 2008-03-10 11:55 10,000 --a------ C:\WINDOWS\system32\Hjd94fg.dll
2008-03-10 11:54 . 2008-03-10 11:54 143,360 --a------ C:\WINDOWS\system32\msgk421.exe
2008-03-10 11:54 . 2008-03-11 17:27 36 --a------ C:\WINDOWS\system32\svchost.t__
2008-03-10 11:53 . 2008-03-10 11:53 3,301 --a------ C:\WINDOWS\system32\winlugan.exe
2008-03-10 11:53 . 2008-03-10 12:35 3,301 --a------ C:\Documents and Settings\Endriu\ie_updates3r.exe
2008-03-10 11:53 . 2008-03-11 17:27 1 --a------ C:\WINDOWS\system32\winlogans.tmp
2008-03-09 16:49 . 2008-03-09 16:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-09 11:14 . 2008-03-09 11:14 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ulead Systems
2008-03-08 18:17 . 2008-03-08 12:27 98,304 --a------ C:\WINDOWS\fqspogw.exe
2008-03-08 18:14 . 2008-03-08 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-03-08 18:14 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-08 18:14 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-08 18:14 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-08 18:14 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-08 18:10 . 2008-03-08 18:10 <DIR> d-------- C:\Program Files\Ulead Systems
2008-03-08 18:10 . 2008-03-08 18:12 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-07 15:51 . 2008-03-07 15:51 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-07 15:49 . 2008-03-07 15:49 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Program Files\MainConcept
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\MCMPEGEnc
2008-03-06 13:33 . 2008-03-06 13:38 119 --a------ C:\WINDOWS\LSXDEMO.INI
2008-03-05 19:08 . 2008-03-05 19:20 <DIR> d-------- C:\Program Files\Pegasus Imaging
2008-03-04 20:53 . 2008-03-04 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-04 17:53 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-03-04 17:53 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-03-04 17:53 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-03-04 17:53 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-03-04 17:53 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-03-04 13:24 . 2008-03-04 13:30 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-04 13:24 . 2008-03-04 13:24 <DIR> d--h----- C:\Documents and Settings\Endriu\InstallAnywhere
2008-03-04 10:16 . 2008-03-04 10:40 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\Tlen.pl
2008-03-02 16:58 . 2008-03-02 17:43 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ahead
2008-03-02 16:53 . 2008-03-02 16:53 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\DivX
2008-03-02 15:17 . 2008-03-02 15:17 83 --a------ C:\WINDOWS\Wwp.INI
2008-03-01 12:35 . 2008-03-01 12:35 <DIR> d-------- C:\WINDOWS\Mozilla
2008-03-01 11:19 . 2008-03-02 16:51 <DIR> d-------- C:\Program Files\DivX
2008-03-01 11:10 . 2008-03-01 11:11 <DIR> d-------- C:\Program Files\VD
2008-02-28 09:42 . 2008-02-28 09:42 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 16:39 --------- d-----w C:\Program Files\DialNet
2008-03-11 11:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 17:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-07 14:58 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Ulead Systems
2008-03-05 18:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 11:52 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\CyberLink
2008-02-28 08:46 --------- d-----w C:\Program Files\SubEdit-Player
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-14 13:17 --------- d-----w C:\Program Files\Serious Sam 2
2008-02-10 21:46 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Symantec
2008-01-27 14:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-01-27 14:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 12:55 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-01-25 18:56 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Thunderbird
2008-01-25 18:32 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\ACD Systems
2008-01-22 20:18 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\ABBYY
2008-01-21 20:30 30,992 ----a-w C:\Documents and Settings\Endriu\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-01-21 18:57 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Corel
2008-01-21 12:08 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Corel
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 08:40 405504]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-07-11 17:11 561152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 13:59 59016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]
"Hhjg5jfd93dftdf"="C:\WINDOWS\TEMP\winlogan.exe" [ ]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [ ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll 2008-03-10 11:55 13573 C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-11 17:38 11776 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.protected]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^autorun.exe]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^.protected]
path=C:\Documents and Settings\Endriu\Menu Start\Programy\Autostart\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^findfast.exe]
path=C:\Documents and Settings\Endriu\Menu Start\Programy\Autostart\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
c:\cwwkxwu.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gsfjefefue9fidjfod]
C:\DOCUME~1\Endriu\USTAWI~1\Temp\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhjg5jfd93dftdf]
C:\DOCUME~1\Endriu\USTAWI~1\Temp\winlogan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2007-12-17 10:00 249856 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
---hs---- 2008-03-10 11:58 47000 C:\WINDOWS\system32\drivers\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]
C:\WINDOWS\system32\printer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu27.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
C:\WINDOWS\system32\spoolvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-11-12 21:22 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
--a------ 2008-03-10 15:00 16848 C:\WINDOWS\system32\wind32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemSv121]
--a------ 2008-03-10 15:02 12796 C:\WINDOWS\system32\n2ewma1xxsv2234.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMed]
--a------ 2008-03-10 15:01 25727 C:\WINDOWS\system32\winmed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\winav.exe"=
"C:\\WINDOWS\\system32\\winmed.exe"=

R0 Hnr47;Hnr47;C:\WINDOWS\system32\Drivers\Hnr47.sys [2008-03-11 17:14]
R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 12:43]
R2 1Google Online Search Service;1Google Online Search Service;C:\WINDOWS\system32\winlugan.exe [2008-03-10 11:53]
R2 diperto7f41-8b4;diperto7f41-8b4;C:\WINDOWS\system32\diperto7f41-8b4.sys [2008-03-10 15:08]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 16:27]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 16:27]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 16:27]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]
S4 CbEvtSvc;CbEvtSvc;C:\WINDOWS\System32\CbEvtSvc.exe [2008-03-10 15:04]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 19:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - Endriu.job"
- C:\PROGRA~1\NORTON~1\Navw32.exef/task:
"2008-03-11 11:15:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 17:40:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rqksgpu]
"ImagePath"="\??\C:\WINDOWS\Cursors\rqksgpu.cur"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DialNet\WrOS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-03-11 17:58:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-11 16:46:25
.
2007-12-31 13:51:09 --- E O F ---

**Posty:** 18165 · przez **wojtas** 12 Mar 2008, 13:15

sciagnij dafta i go zastosuj

Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\drivers\Csc50.sys
C:\Documents and Settings\LocalService\Dane aplikacji\1336109139.exe
C:\Documents and Settings\LocalService\Dane aplikacji\1346529998.exe
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\marwin32.dll
C:\WINDOWS\system32\diperto7f41-8b4.sys
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\diperto.ini
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\drivers\Hnr47.sys
C:\WINDOWS\system32\m1ax1d121322116143v.exe
C:\WINDOWS\system32\n2ewma1xxsv2234.exe
C:\-1402250405
C:\rdwavag.exe
C:\WINDOWS\system32\winmed.exe
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\WLCtrl32.dll
C:\cwwkxwu.exe
C:\findfast.exe
C:\Documents and Settings\LocalService\ftpdll.dll
C:\WINDOWS\system32\msgk414.exe
C:\mmhkj.exe
C:\WINDOWS\system32\sggwwtts.tmp
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\ftpdll.dll
C:\Documents and Settings\Endriu\ftpdll.dll
C:\WINDOWS\system32\Kf93jfg.dll
C:\WINDOWS\system32\msgk374.exe
C:\WINDOWS\fqspogw.exe
C:\WINDOWS\system32\msgk230.exe
C:\WINDOWS\system32\Hjd94fg.dll
C:\WINDOWS\system32\msgk421.exe
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\winlugan.exe
C:\Documents and Settings\Endriu\ie_updates3r.exe
C:\WINDOWS\system32\winlogans.tmp
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll

Folders to delete:

C:\WINDOWS\FLEOK
C:\Program Files\zango
C:\Program Files\stc
C:\Program Files\180solutions
C:\Program Files\180searchassistant
C:\Program Files\180search assistant

Drivers to unload:

Hnr47
1Google Online Search Service
diperto7f41-8b4
CbEvtSvc

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

wklej do notatnika

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"advap32"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Hhjg5jfd93dftdf"=-
"Spoolsv"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\winav.exe"=-
"C:\\WINDOWS\\system32\\winmed.exe"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.protected]

[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^autorun.exe]

[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^.protected]

[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^findfast.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gsfjefefue9fidjfod]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhjg5jfd93dftdf]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemSv121]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Windows update loader]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMed]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z combofixa

**Posty:** 9 · przez **Endriuu** 12 Mar 2008, 17:26

po uruchomieniu The Avanger otworzyło się okno, które nie miało nic wspólnego ze wskazówkami podanymi przez Ciebie. Zrobiłem więc wszystko na "czuja". Załączam log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\system32\drivers\Csc50.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\Csc50.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\LocalService\Dane aplikacji\1336109139.exe" deleted successfully.
File "C:\Documents and Settings\LocalService\Dane aplikacji\1346529998.exe" deleted successfully.
File "C:\WINDOWS\didduid.ini" deleted successfully.
File "C:\WINDOWS\system32\marwin32.dll" deleted successfully.
File "C:\WINDOWS\system32\diperto7f41-8b4.sys" deleted successfully.
File "C:\WINDOWS\system32\CbEvtSvc.exe" deleted successfully.
File "C:\WINDOWS\system32\diperto.ini" deleted successfully.
File "C:\WINDOWS\system32\drivers\riode32.sys" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\riode32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\riode32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\Hnr47.sys" deleted successfully.
File "C:\WINDOWS\system32\m1ax1d121322116143v.exe" deleted successfully.
File "C:\WINDOWS\system32\n2ewma1xxsv2234.exe" deleted successfully.
File "C:\-1402250405" deleted successfully.
File "C:\rdwavag.exe" deleted successfully.
File "C:\WINDOWS\system32\winmed.exe" deleted successfully.
File "C:\WINDOWS\system32\wind32.exe" deleted successfully.
File "C:\WINDOWS\system32\WLCtrl32.dll" deleted successfully.
File "C:\cwwkxwu.exe" deleted successfully.
File "C:\findfast.exe" deleted successfully.
File "C:\Documents and Settings\LocalService\ftpdll.dll" deleted successfully.
File "C:\WINDOWS\system32\msgk414.exe" deleted successfully.
File "C:\mmhkj.exe" deleted successfully.
File "C:\WINDOWS\system32\sggwwtts.tmp" deleted successfully.
File "C:\WINDOWS\system32\drivers\spools.exe" deleted successfully.
File "C:\WINDOWS\system32\ftpdll.dll" deleted successfully.
File "C:\Documents and Settings\Endriu\ftpdll.dll" deleted successfully.
File "C:\WINDOWS\system32\Kf93jfg.dll" deleted successfully.
File "C:\WINDOWS\system32\msgk374.exe" deleted successfully.
File "C:\WINDOWS\fqspogw.exe" deleted successfully.
File "C:\WINDOWS\system32\msgk230.exe" deleted successfully.
File "C:\WINDOWS\system32\Hjd94fg.dll" deleted successfully.
File "C:\WINDOWS\system32\msgk421.exe" deleted successfully.
File "C:\WINDOWS\system32\svchost.t__" deleted successfully.
File "C:\WINDOWS\system32\winlugan.exe" deleted successfully.
File "C:\Documents and Settings\Endriu\ie_updates3r.exe" deleted successfully.
File "C:\WINDOWS\system32\winlogans.tmp" deleted successfully.
File "C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll" deleted successfully.
Folder "C:\WINDOWS\FLEOK" deleted successfully.
Folder "C:\Program Files\zango" deleted successfully.
Folder "C:\Program Files\stc" deleted successfully.
Folder "C:\Program Files\180solutions" deleted successfully.
Folder "C:\Program Files\180searchassistant" deleted successfully.
Folder "C:\Program Files\180search assistant" deleted successfully.
Driver "Hnr47" deleted successfully.
Driver "1Google Online Search Service" deleted successfully.
Driver "diperto7f41-8b4" deleted successfully.
Driver "CbEvtSvc" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix 08-03-10.1 - Endriu 2008-03-12 15:49:43.4 - NTFSx86
Running from: C:\Documents and Settings\Endriu\Pulpit\ściąga\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\Flrg61.sys

.
((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-11 21:55 . 2008-03-11 21:55 47,872 --a------ C:\WINDOWS\system32\drivers\kbd.sys
2008-03-10 18:49 . 2008-03-10 18:50 <DIR> d-------- C:\SDFix
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-03-10 17:01 . 2005-11-12 19:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-03-10 17:01 . 2008-03-10 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-03-10 16:48 . 2008-03-10 16:48 2,850 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-10 16:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-10 16:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-10 16:47 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-10 16:47 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-10 16:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-10 16:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-10 16:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-10 16:24 . 2008-03-10 16:27 <DIR> d-------- C:\Documents and Settings\Endriu\SmitfraudFix
2008-03-10 15:35 . 2008-03-10 15:35 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-10 15:06 . 2008-03-10 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-03-10 15:04 . 2008-03-10 15:03 78,848 --a------ C:\WINDOWS\taskmon.exe
2008-03-10 15:01 . 2008-03-10 15:03 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-03-09 16:49 . 2008-03-09 16:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-09 11:14 . 2008-03-09 11:14 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ulead Systems
2008-03-08 18:14 . 2008-03-08 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-03-08 18:14 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-08 18:14 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-08 18:14 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-08 18:14 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-08 18:10 . 2008-03-08 18:10 <DIR> d-------- C:\Program Files\Ulead Systems
2008-03-08 18:10 . 2008-03-08 18:12 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-07 15:51 . 2008-03-07 15:51 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-07 15:49 . 2008-03-07 15:49 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Program Files\MainConcept
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\MCMPEGEnc
2008-03-06 13:33 . 2008-03-06 13:38 119 --a------ C:\WINDOWS\LSXDEMO.INI
2008-03-05 19:08 . 2008-03-05 19:20 <DIR> d-------- C:\Program Files\Pegasus Imaging
2008-03-04 20:53 . 2008-03-04 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-04 17:53 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-03-04 17:53 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-03-04 17:53 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-03-04 17:53 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-03-04 17:53 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-03-04 13:24 . 2008-03-04 13:30 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-04 13:24 . 2008-03-04 13:24 <DIR> d--h----- C:\Documents and Settings\Endriu\InstallAnywhere
2008-03-04 10:16 . 2008-03-04 10:40 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\Tlen.pl
2008-03-02 16:58 . 2008-03-02 17:43 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ahead
2008-03-02 16:53 . 2008-03-02 16:53 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\DivX
2008-03-02 15:17 . 2008-03-02 15:17 83 --a------ C:\WINDOWS\Wwp.INI
2008-03-01 12:35 . 2008-03-01 12:35 <DIR> d-------- C:\WINDOWS\Mozilla
2008-03-01 11:19 . 2008-03-02 16:51 <DIR> d-------- C:\Program Files\DivX
2008-03-01 11:10 . 2008-03-01 11:11 <DIR> d-------- C:\Program Files\VD
2008-02-28 09:42 . 2008-02-28 09:42 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\Media Player Classic
2008-02-28 09:39 . 2008-02-28 09:39 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\CyberLink
2008-02-27 20:23 . 2008-02-27 20:23 597 --a------ C:\WINDOWS\H2_Setup.INI
2008-02-27 19:35 . 2008-02-27 20:33 18 --a------ C:\WINDOWS\avi2divx.INI
2008-02-27 19:30 . 2008-02-27 19:30 <DIR> d-------- C:\WINDOWS\system32\codec
2008-02-27 19:30 . 2008-02-27 19:30 <DIR> d-------- C:\Program Files\avi2divx
2008-02-27 19:08 . 2008-03-02 17:09 <DIR> d-------- C:\divx
2008-02-27 19:06 . 2008-02-27 19:06 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\DivX
2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-14 22:58 . 2008-02-14 23:51 <DIR> d-------- C:\Program Files\ArtMoney
2008-02-14 14:20 . 2008-02-14 14:20 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-02-14 14:20 . 2008-02-14 14:22 <DIR> d-------- C:\Program Files\Canon
2008-02-12 21:17 . 2008-02-12 21:18 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\Media Player Classic
2008-02-12 20:57 . 2008-02-12 20:57 <DIR> d-------- C:\Program Files\Real Alternative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 14:41 --------- d-----w C:\Program Files\DialNet
2008-03-11 18:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 14:01 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-03-08 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 17:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-07 14:58 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Ulead Systems
2008-03-05 18:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 11:52 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\CyberLink
2008-02-28 08:46 --------- d-----w C:\Program Files\SubEdit-Player
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-14 13:17 --------- d-----w C:\Program Files\Serious Sam 2
2008-02-10 21:46 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Symantec
2008-01-27 14:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-01-27 14:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 12:55 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-01-25 18:56 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Thunderbird
2008-01-25 18:32 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\ACD Systems
2008-01-22 20:18 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\ABBYY
2008-01-21 20:30 30,992 ----a-w C:\Documents and Settings\Endriu\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-01-21 18:57 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Corel
2008-01-21 12:08 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Corel
2007-12-28 12:01 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 08:40 405504]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-07-11 17:11 561152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 13:59 59016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"WinMed"="winmed.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.protected]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^autorun.exe]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^.protected]
path=C:\Documents and Settings\Endriu\Menu Start\Programy\Autostart\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^findfast.exe]
path=C:\Documents and Settings\Endriu\Menu Start\Programy\Autostart\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
c:\cwwkxwu.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2007-12-17 10:00 249856 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
C:\WINDOWS\system32\spoolvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-11-12 21:22 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\winav.exe"=

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 12:43]
R1 kbd;kbd;C:\WINDOWS\system32\drivers\kbd.sys [2008-03-11 21:55]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 16:27]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 16:27]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 16:27]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 19:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - Endriu.job"
- C:\PROGRA~1\NORTON~1\Navw32.exef/task:
"2008-03-11 19:27:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 16:05:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rqksgpu]
"ImagePath"="\??\C:\WINDOWS\Cursors\rqksgpu.cur"
.
Completion time: 2008-03-12 16:07:34
ComboFix-quarantined-files.txt 2008-03-12 15:07:17
ComboFix2.txt 2008-03-11 16:58:18
.
2007-12-31 13:51:09 --- E O F ---

**Posty:** 18165 · przez **wojtas** 12 Mar 2008, 18:55

te pliki:

C:\WINDOWS\system32\drivers\kbd.sys
C:\WINDOWS\taskmon.exe

przeskanuj tu i zapisz sobie raporty w notatniku z obydwu plikow

http://virusscan.jotti.org/
http://www.virustotal.com/

nastepnie:

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMed"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=-
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

nastepnie wchodzisz :

start>uruchom>regedit> przechodzisz po kolei po podanych sciezkach i usuwasz pogrubione wpisy z rejestru:

[HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.protected]

[HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^autorun.exe]

[HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^.protected]

[HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Endriu^Menu Start^Programy^Autostart^findfast.exe]

[HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\winav.exe"

nastepnie dajesz tamte raporty oraz nowy log z hijacka i combofixa

**Posty:** 9 · przez **Endriuu** 13 Mar 2008, 00:45

kbd virusscan.jotti

Scan taken on 12 Mar 2008 20:42:39 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Agent.NHJ
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found probably a variant of Win32/Agent.NHJ (probable variant)
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

kbd virustotal

Plik kbd.sys otrzymany 2008.03.11 22:45:12 (CET)
Antywirus Wersja Ostatnia aktualizacja Wynik
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - probably a variant of Win32/Agent.NHJ
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Self Modifying File
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen!88 (suspicious)
Dodatkowe informacje
MD5: 22ee0ce979a335c783a394eaddb22a78
SHA1: 46b5abb5b9f864a1db30fbcd56f221ab76247210
SHA256: fb7ae27207d110cfb7e17014d642395e40113813e80ff65fb9ee2b27bc1b2c22
SHA512: f2144f1dfa00d722e70c02701dad29ebf4355881836e30183a4c45ae3fd6fb29 aa23f167de0481dcb4a014a20b3ffdec14819225c5c4285094d5e6cafe44ddcf

taskmon virusscan.jotti

Scan taken on 12 Mar 2008 21:11:54 (GMT)
A-Squared
Found Trojan-Proxy.Win32.Agent.zd
AntiVir
Found TR/Spy.Gen
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Packed.Tibs
BitDefender
Found nothing
ClamAV
Found Trojan.Proxy-2496
CPsecure
Found Troj.Proxy.W32.Agent.zd
Dr.Web
Found Trojan.Spambot.2551
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan-Proxy.Win32.Agent.zd
Fortinet
Found W32/Heuri.E!tr
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Trojan-Proxy.Win32.Agent.zd
NOD32
Found Win32/TrojanProxy.Agent.NDJ
Norman Virus Control
Found W32/Agent.EFTF
Panda Antivirus
Found W32/Nuwar.QD.worm
Rising Antivirus
Found Trojan.Win32.Undef.cyy
Sophos Antivirus
Found Mal/Heuri-E
VirusBuster
Found Trojan.PR.Agent.CXHU
VBA32
Found Trojan-Proxy.Win32.Agent.zd

taskmon virustotal

Plik ztool4.0xt otrzymany 2008.03.11 03:26:08 (CET)
Antywirus Wersja Ostatnia aktualizacja Wynik
AhnLab-V3 - - -
AntiVir - - TR/Spy.Gen
Authentium - - -
Avast - - -
AVG - - Packed.Tibs
BitDefender - - -
CAT-QuickHeal - - TrojanProxy.Agent.zd
ClamAV - - Trojan.Proxy-2496
DrWeb - - Trojan.Spambot.2551
eSafe - - Win32.Agent.zd
eTrust-Vet - - Win32/VMalum.BXGG
Ewido - - Proxy.Agent.zd
FileAdvisor - - -
Fortinet - - W32/Heuri.E!tr
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan-Spy
Kaspersky - - Trojan-Proxy.Win32.Agent.zd
McAfee - - Generic.dx
Microsoft - - Spammer:Win32/Clodpuntor.A
NOD32v2 - - Win32/TrojanProxy.Agent.NDJ
Norman - - W32/Agent.EFTF
Panda - - W32/Nuwar.QD.worm
Prevx1 - - Rootkit.Gen
Rising - - Trojan.Win32.Undef.cyy
Sophos - - Mal/Heuri-E
Sunbelt - - Trojan.Spy.Gen
Symantec - - -
TheHacker - - Trojan/Proxy.Agent.zj
VBA32 - - Trojan-Proxy.Win32.Agent.zd
VirusBuster - - Trojan.PR.Agent.CXHU
Webwasher-Gateway - - Trojan.Spy.Gen
Dodatkowe informacje
MD5: 182ca1a2277ae5ca3062ca30df66268a
SHA1: e53b87fa6403c0a5b4f4398b8418d75b062bfdbe
SHA256: 6329627ea74bbbdc7992b449e3852bf7e4ee7b6abffb4ffb26c7648c1411dfa1
SHA512: d736dc3d36c473801b985d17c6c029696b8456c3f6c26e83af606953b6aaf522 c7279b5855b6679db3b42a99859b4038a6b0faffcf482573a4e9e006728bc679

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:58, on 2008-03-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\DialNet\WrOS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1BC340A-51E2-4B68-8563-C773DF5CF711}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2369A9-1E95-47CA-A1C8-76361805F20B}: NameServer = 217.30.137.200,217.30.129.149
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 6589 bytes

ComboFix 08-03-10.1 - Endriu 2008-03-12 23:08:31.5 - NTFSx86
Running from: C:\Documents and Settings\Endriu\Pulpit\ściąga\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-11 21:55 . 2008-03-11 21:55 47,872 --a------ C:\WINDOWS\system32\drivers\kbd.sys
2008-03-10 18:49 . 2008-03-10 18:50 <DIR> d-------- C:\SDFix
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-03-10 17:01 . 2005-11-12 19:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-03-10 17:01 . 2008-03-10 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-03-10 16:48 . 2008-03-10 16:48 2,850 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-10 16:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-10 16:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-10 16:47 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-10 16:47 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-10 16:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-10 16:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-10 16:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-10 16:24 . 2008-03-10 16:27 <DIR> d-------- C:\Documents and Settings\Endriu\SmitfraudFix
2008-03-10 15:35 . 2008-03-10 15:35 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-10 15:06 . 2008-03-10 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-03-10 15:04 . 2008-03-10 15:03 78,848 --a------ C:\WINDOWS\taskmon.exe
2008-03-10 15:01 . 2008-03-10 15:03 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-03-09 16:49 . 2008-03-09 16:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-09 11:14 . 2008-03-09 11:14 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ulead Systems
2008-03-08 18:14 . 2008-03-08 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-03-08 18:14 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-08 18:14 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-08 18:14 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-08 18:14 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-08 18:10 . 2008-03-08 18:10 <DIR> d-------- C:\Program Files\Ulead Systems
2008-03-08 18:10 . 2008-03-08 18:12 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-07 15:51 . 2008-03-07 15:51 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-07 15:49 . 2008-03-07 15:49 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Program Files\MainConcept
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\MCMPEGEnc
2008-03-06 13:33 . 2008-03-06 13:38 119 --a------ C:\WINDOWS\LSXDEMO.INI
2008-03-05 19:08 . 2008-03-05 19:20 <DIR> d-------- C:\Program Files\Pegasus Imaging
2008-03-04 20:53 . 2008-03-04 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-04 17:53 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-03-04 17:53 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-03-04 17:53 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-03-04 17:53 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-03-04 17:53 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-03-04 13:24 . 2008-03-04 13:30 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-04 13:24 . 2008-03-04 13:24 <DIR> d--h----- C:\Documents and Settings\Endriu\InstallAnywhere
2008-03-04 10:16 . 2008-03-04 10:40 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\Tlen.pl
2008-03-02 16:58 . 2008-03-02 17:43 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ahead
2008-03-02 16:53 . 2008-03-02 16:53 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\DivX
2008-03-02 15:17 . 2008-03-02 15:17 83 --a------ C:\WINDOWS\Wwp.INI
2008-03-01 12:35 . 2008-03-01 12:35 <DIR> d-------- C:\WINDOWS\Mozilla
2008-03-01 11:19 . 2008-03-02 16:51 <DIR> d-------- C:\Program Files\DivX
2008-03-01 11:10 . 2008-03-01 11:11 <DIR> d-------- C:\Program Files\VD
2008-02-28 09:42 . 2008-02-28 09:42 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\Media Player Classic
2008-02-28 09:39 . 2008-02-28 09:39 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\CyberLink
2008-02-27 20:23 . 2008-02-27 20:23 597 --a------ C:\WINDOWS\H2_Setup.INI
2008-02-27 19:35 . 2008-02-27 20:33 18 --a------ C:\WINDOWS\avi2divx.INI
2008-02-27 19:30 . 2008-02-27 19:30 <DIR> d-------- C:\WINDOWS\system32\codec
2008-02-27 19:30 . 2008-02-27 19:30 <DIR> d-------- C:\Program Files\avi2divx
2008-02-27 19:08 . 2008-03-02 17:09 <DIR> d-------- C:\divx
2008-02-27 19:06 . 2008-02-27 19:06 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\DivX
2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-14 22:58 . 2008-02-14 23:51 <DIR> d-------- C:\Program Files\ArtMoney
2008-02-14 14:20 . 2008-02-14 14:20 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-02-14 14:20 . 2008-02-14 14:22 <DIR> d-------- C:\Program Files\Canon
2008-02-12 21:17 . 2008-02-12 21:18 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\Media Player Classic
2008-02-12 20:57 . 2008-02-12 20:57 <DIR> d-------- C:\Program Files\Real Alternative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 20:11 --------- d-----w C:\Program Files\DialNet
2008-03-11 18:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 14:01 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-03-08 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 17:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-07 14:58 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Ulead Systems
2008-03-05 18:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 11:52 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\CyberLink
2008-02-28 08:46 --------- d-----w C:\Program Files\SubEdit-Player
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-14 13:17 --------- d-----w C:\Program Files\Serious Sam 2
2008-02-10 21:46 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Symantec
2008-01-27 14:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-01-27 14:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 12:55 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-01-25 18:56 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Thunderbird
2008-01-25 18:32 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\ACD Systems
2008-01-22 20:18 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\ABBYY
2008-01-21 20:30 30,992 ----a-w C:\Documents and Settings\Endriu\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-01-21 18:57 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Corel
2008-01-21 12:08 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Corel
2007-12-28 12:01 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 08:40 405504]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-07-11 17:11 561152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 13:59 59016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2007-12-17 10:00 249856 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-11-12 21:22 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\winav.exe"=

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 12:43]
R1 kbd;kbd;C:\WINDOWS\system32\drivers\kbd.sys [2008-03-11 21:55]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 16:27]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 16:27]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 16:27]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 19:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - Endriu.job"
- C:\PROGRA~1\NORTON~1\Navw32.exef/task:
"2008-03-12 19:27:45 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 23:12:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

? [13972]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rqksgpu]
"ImagePath"="\??\C:\WINDOWS\Cursors\rqksgpu.cur"
.
Completion time: 2008-03-12 23:14:02
ComboFix-quarantined-files.txt 2008-03-12 22:13:46
ComboFix2.txt 2008-03-11 16:58:18
.
2007-12-31 13:51:09 --- E O F ---

**Posty:** 18165 · przez **wojtas** 13 Mar 2008, 18:19

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\taskmon.exe

Registry::
[HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\winav.exe"=-

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 9 · przez **Endriuu** 13 Mar 2008, 20:26

ComboFix 08-03-10.1 - Endriu 2008-03-13 19:13:04.6 - NTFSx86
Running from: C:\Documents and Settings\Endriu\Pulpit\ściąga\ComboFix.exe
Command switches used :: C:\Documents and Settings\Endriu\Pulpit\ťci¦ga\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-11 21:55 . 2008-03-11 21:55 47,872 --a------ C:\WINDOWS\system32\drivers\kbd.sys
2008-03-10 18:49 . 2008-03-10 18:50 <DIR> d-------- C:\SDFix
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-03-10 17:01 . 2005-11-12 19:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-03-10 17:01 . 2008-03-10 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-03-10 16:48 . 2008-03-10 16:48 2,850 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-10 16:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-10 16:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-10 16:47 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-10 16:47 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-10 16:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-10 16:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-10 16:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-10 16:24 . 2008-03-10 16:27 <DIR> d-------- C:\Documents and Settings\Endriu\SmitfraudFix
2008-03-10 15:35 . 2008-03-10 15:35 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-10 15:06 . 2008-03-10 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-03-10 15:04 . 2008-03-10 15:03 78,848 --a------ C:\WINDOWS\taskmon.exe
2008-03-10 15:01 . 2008-03-10 15:03 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-03-09 16:49 . 2008-03-09 16:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-09 11:14 . 2008-03-09 11:14 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ulead Systems
2008-03-08 18:14 . 2008-03-08 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-03-08 18:14 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-08 18:14 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-08 18:14 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-08 18:14 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-08 18:10 . 2008-03-08 18:10 <DIR> d-------- C:\Program Files\Ulead Systems
2008-03-08 18:10 . 2008-03-08 18:12 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-07 15:51 . 2008-03-07 15:51 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-07 15:49 . 2008-03-07 15:49 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Program Files\MainConcept
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\MCMPEGEnc
2008-03-06 13:33 . 2008-03-06 13:38 119 --a------ C:\WINDOWS\LSXDEMO.INI
2008-03-05 19:08 . 2008-03-05 19:20 <DIR> d-------- C:\Program Files\Pegasus Imaging
2008-03-04 20:53 . 2008-03-04 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-04 17:53 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-03-04 17:53 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-03-04 17:53 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-03-04 17:53 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-03-04 17:53 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-03-04 13:24 . 2008-03-04 13:30 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-04 13:24 . 2008-03-04 13:24 <DIR> d--h----- C:\Documents and Settings\Endriu\InstallAnywhere
2008-03-04 10:16 . 2008-03-04 10:40 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\Tlen.pl
2008-03-02 16:58 . 2008-03-02 17:43 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ahead
2008-03-02 16:53 . 2008-03-02 16:53 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\DivX
2008-03-02 15:17 . 2008-03-02 15:17 83 --a------ C:\WINDOWS\Wwp.INI
2008-03-01 12:35 . 2008-03-01 12:35 <DIR> d-------- C:\WINDOWS\Mozilla
2008-03-01 11:19 . 2008-03-02 16:51 <DIR> d-------- C:\Program Files\DivX
2008-03-01 11:10 . 2008-03-01 11:11 <DIR> d-------- C:\Program Files\VD
2008-02-28 09:42 . 2008-02-28 09:42 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\Media Player Classic
2008-02-28 09:39 . 2008-02-28 09:39 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\CyberLink
2008-02-27 20:23 . 2008-02-27 20:23 597 --a------ C:\WINDOWS\H2_Setup.INI
2008-02-27 19:35 . 2008-02-27 20:33 18 --a------ C:\WINDOWS\avi2divx.INI
2008-02-27 19:30 . 2008-02-27 19:30 <DIR> d-------- C:\WINDOWS\system32\codec
2008-02-27 19:30 . 2008-02-27 19:30 <DIR> d-------- C:\Program Files\avi2divx
2008-02-27 19:08 . 2008-03-02 17:09 <DIR> d-------- C:\divx
2008-02-27 19:06 . 2008-02-27 19:06 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\DivX
2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-14 22:58 . 2008-02-14 23:51 <DIR> d-------- C:\Program Files\ArtMoney
2008-02-14 14:20 . 2008-02-14 14:20 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-02-14 14:20 . 2008-02-14 14:22 <DIR> d-------- C:\Program Files\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 17:59 --------- d-----w C:\Program Files\DialNet
2008-03-11 18:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 14:01 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-03-08 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 17:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-07 14:58 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Ulead Systems
2008-03-05 18:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 11:52 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\CyberLink
2008-02-28 08:46 --------- d-----w C:\Program Files\SubEdit-Player
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-14 13:17 --------- d-----w C:\Program Files\Serious Sam 2
2008-02-12 20:18 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Media Player Classic
2008-02-12 19:57 --------- d-----w C:\Program Files\Real Alternative
2008-02-10 21:46 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Symantec
2008-01-27 14:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-01-27 14:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 12:55 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-01-25 18:56 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Thunderbird
2008-01-25 18:32 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\ACD Systems
2008-01-22 20:18 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\ABBYY
2008-01-21 20:30 30,992 ----a-w C:\Documents and Settings\Endriu\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-01-21 18:57 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Corel
2008-01-21 12:08 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Corel
2007-12-28 12:01 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 08:40 405504]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-07-11 17:11 561152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 13:59 59016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2007-12-17 10:00 249856 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-11-12 21:22 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\winav.exe"=

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 12:43]
R1 kbd;kbd;C:\WINDOWS\system32\drivers\kbd.sys [2008-03-11 21:55]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 16:27]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 16:27]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 16:27]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 19:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - Endriu.job"
- C:\PROGRA~1\NORTON~1\Navw32.exef/task:
"2008-03-12 19:27:45 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 19:17:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rqksgpu]
"ImagePath"="\??\C:\WINDOWS\Cursors\rqksgpu.cur"
.
Completion time: 2008-03-13 19:19:51
ComboFix-quarantined-files.txt 2008-03-13 18:19:33
ComboFix2.txt 2008-03-12 22:14:04
ComboFix3.txt 2008-03-11 16:58:18
.
2007-12-31 13:51:09 --- E O F ---

**Posty:** 18165 · przez **wojtas** 13 Mar 2008, 21:47

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\WINDOWS\taskmon.exe

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

potem przejdz do klucza :

[HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\\system32\\winav.exe

poszukaj i skasuj pogrubiony

**Posty:** 9 · przez **Endriuu** 13 Mar 2008, 23:24

wykonałem

**Posty:** 18165 · przez **wojtas** 13 Mar 2008, 23:26

powinno byc ok

jak sytuacja z kompem?

**Posty:** 9 · przez **Endriuu** 14 Mar 2008, 23:12

ComboFix 08-03-10.1 - Endriu 2008-03-14 21:51:31.7 - NTFSx86
Running from: C:\Documents and Settings\Endriu\Pulpit\ściąga\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-11 21:55 . 2008-03-11 21:55 47,872 --a------ C:\WINDOWS\system32\drivers\kbd.sys
2008-03-10 18:49 . 2008-03-10 18:50 <DIR> d-------- C:\SDFix
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-03-10 17:01 . 2005-11-12 19:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-03-10 17:01 . 2008-03-10 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-10 17:01 . 2005-11-12 20:35 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-03-10 16:48 . 2008-03-10 16:48 2,850 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-10 16:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-10 16:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-10 16:47 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-10 16:47 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-10 16:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-10 16:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-10 16:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-10 16:24 . 2008-03-10 16:27 <DIR> d-------- C:\Documents and Settings\Endriu\SmitfraudFix
2008-03-10 15:35 . 2008-03-10 15:35 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-10 15:06 . 2008-03-10 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-03-10 15:01 . 2008-03-10 15:03 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-03-09 16:49 . 2008-03-09 16:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-09 11:14 . 2008-03-09 11:14 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ulead Systems
2008-03-08 18:14 . 2008-03-08 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-03-08 18:14 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-08 18:14 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-08 18:14 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-08 18:14 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-08 18:14 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-08 18:10 . 2008-03-08 18:10 <DIR> d-------- C:\Program Files\Ulead Systems
2008-03-08 18:10 . 2008-03-08 18:12 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-07 15:51 . 2008-03-07 15:51 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-07 15:49 . 2008-03-07 15:49 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Program Files\MainConcept
2008-03-06 13:59 . 2008-03-06 13:59 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\MCMPEGEnc
2008-03-06 13:33 . 2008-03-06 13:38 119 --a------ C:\WINDOWS\LSXDEMO.INI
2008-03-05 19:08 . 2008-03-05 19:20 <DIR> d-------- C:\Program Files\Pegasus Imaging
2008-03-04 20:53 . 2008-03-04 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-04 17:53 . 2005-02-11 10:21 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-03-04 17:53 . 2005-02-11 10:22 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-03-04 17:53 . 2005-02-11 10:24 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-03-04 17:53 . 2005-02-11 10:19 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-03-04 17:53 . 2005-02-11 10:21 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-03-04 17:53 . 2005-02-11 10:24 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-03-04 17:53 . 2005-02-11 10:19 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-03-04 13:24 . 2008-03-04 13:30 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-04 13:24 . 2008-03-04 13:24 <DIR> d--h----- C:\Documents and Settings\Endriu\InstallAnywhere
2008-03-04 10:16 . 2008-03-04 10:40 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\Tlen.pl
2008-03-02 16:58 . 2008-03-02 17:43 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\Ahead
2008-03-02 16:53 . 2008-03-02 16:53 <DIR> d-------- C:\Documents and Settings\Szymek\Dane aplikacji\DivX
2008-03-02 15:17 . 2008-03-02 15:17 83 --a------ C:\WINDOWS\Wwp.INI
2008-03-01 12:35 . 2008-03-01 12:35 <DIR> d-------- C:\WINDOWS\Mozilla
2008-03-01 11:19 . 2008-03-02 16:51 <DIR> d-------- C:\Program Files\DivX
2008-03-01 11:10 . 2008-03-01 11:11 <DIR> d-------- C:\Program Files\VD
2008-02-28 09:42 . 2008-02-28 09:42 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\Media Player Classic
2008-02-28 09:39 . 2008-02-28 09:39 <DIR> d-------- C:\Documents and Settings\Ira\Dane aplikacji\CyberLink
2008-02-27 20:23 . 2008-02-27 20:23 597 --a------ C:\WINDOWS\H2_Setup.INI
2008-02-27 19:35 . 2008-02-27 20:33 18 --a------ C:\WINDOWS\avi2divx.INI
2008-02-27 19:30 . 2008-02-27 19:30 <DIR> d-------- C:\WINDOWS\system32\codec
2008-02-27 19:30 . 2008-02-27 19:30 <DIR> d-------- C:\Program Files\avi2divx
2008-02-27 19:08 . 2008-03-02 17:09 <DIR> d-------- C:\divx
2008-02-27 19:06 . 2008-02-27 19:06 <DIR> d-------- C:\Documents and Settings\Endriu\Dane aplikacji\DivX
2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-14 22:58 . 2008-02-14 23:51 <DIR> d-------- C:\Program Files\ArtMoney
2008-02-14 14:20 . 2008-02-14 14:20 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-02-14 14:20 . 2008-02-14 14:22 <DIR> d-------- C:\Program Files\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 20:37 --------- d-----w C:\Program Files\DialNet
2008-03-13 19:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 17:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-07 14:58 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Ulead Systems
2008-03-05 18:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 11:52 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\CyberLink
2008-02-28 08:46 --------- d-----w C:\Program Files\SubEdit-Player
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-14 13:17 --------- d-----w C:\Program Files\Serious Sam 2
2008-02-12 20:18 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Media Player Classic
2008-02-12 19:57 --------- d-----w C:\Program Files\Real Alternative
2008-02-10 21:46 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Symantec
2008-01-27 14:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-01-27 14:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 12:55 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-01-25 18:56 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Thunderbird
2008-01-25 18:32 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\ACD Systems
2008-01-22 20:18 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\ABBYY
2008-01-21 20:30 30,992 ----a-w C:\Documents and Settings\Endriu\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-01-21 18:57 --------- d-----w C:\Documents and Settings\Endriu\Dane aplikacji\Corel
2008-01-21 12:08 --------- d-----w C:\Documents and Settings\Szymek\Dane aplikacji\Corel
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 08:40 405504]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-07-11 17:11 561152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 13:59 59016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2007-12-17 10:00 249856 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-11-12 21:22 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 12:43]
R1 kbd;kbd;C:\WINDOWS\system32\drivers\kbd.sys [2008-03-11 21:55]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 16:27]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 16:27]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 16:27]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 16:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 19:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - Endriu.job"
- C:\PROGRA~1\NORTON~1\Navw32.exef/task:
"2008-03-13 19:28:07 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 21:59:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rqksgpu]
"ImagePath"="\??\C:\WINDOWS\Cursors\rqksgpu.cur"
.
Completion time: 2008-03-14 22:03:11
ComboFix-quarantined-files.txt 2008-03-14 21:03:05
ComboFix2.txt 2008-03-12 22:14:04
ComboFix3.txt 2008-03-11 16:58:18
.
2007-12-31 13:51:09 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:41, on 2008-03-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1BC340A-51E2-4B68-8563-C773DF5CF711}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD2369A9-1E95-47CA-A1C8-76361805F20B}: NameServer = 217.30.137.200,217.30.129.149
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 6589 bytes

**Posty:** 18165 · przez **wojtas** 15 Mar 2008, 14:43

Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

i wiecej nic nie widac

proszę o sprawdzenie loga

Proszę o sprawdzenie loga

Kto jest na forum