proszę o sprawdzenie loga - wirus

[Budrys86]

Prosze o sprawdzenie loga, przy uruchamianiu przeglądarki wyskakuje komunikat o zarażeniu systemu. Przy skanowaniu sysytemu standardowymi antywirusami znajduje mnóstwo zarażonych plików które po usunięciu znowu się pojawiają.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:22, on 2008-03-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\logi wirusa\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{31D09724-0D56-4E10-BB91-4385E5F45C69}: NameServer = 192.168.25.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A61B9D4-9D2C-4DF7-A12F-B66D18F80A82}: NameServer = 192.168.25.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8282 bytes

[Dzi@dek]

Usuń ten wpis w hijack:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Daj nowe logi z Combofix oraz Hijackthis.

[Budrys86]

ComboFix 08-03-17.1 - x 2008-03-18 15:11:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1481 [GMT 1:00]
Running from: C:\logi wirusa\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\whAgent.ini
C:\Program Files\webhancer\Programs\whSurvey.ini
C:\Program Files\webhancer\whAgent_update.exe
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER


((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-18 14:18 . 2008-03-18 15:10 <DIR> d-------- C:\logi wirusa
2008-03-16 17:54 . 2008-03-16 17:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 17:54 . 2008-03-16 17:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 17:52 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2008-03-16 17:52 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2008-03-16 17:52 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2008-03-16 17:01 . 2008-03-16 17:01 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-16 17:01 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-16 17:01 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-16 17:01 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-16 17:01 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-16 17:01 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-16 17:01 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-16 17:01 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-16 17:01 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-16 16:54 . 2008-03-16 16:54 <DIR> d-------- C:\Program Files\ToniArts
2008-03-16 16:35 . 2008-03-16 16:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-15 12:11 . 2008-03-15 12:17 1,392 --a------ C:\WINDOWS\mozver.dat
2008-03-12 12:22 . 2008-03-12 12:22 220,160 --a------ C:\WINDOWS\wmpdxm.dll
2008-03-12 12:22 . 2008-03-12 12:22 44 --a------ C:\amp.bat
2008-03-09 16:42 . 2008-03-09 16:42 <DIR> dr-hs---- C:\Recycled
2008-03-01 23:28 . 2008-03-01 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-03-01 10:35 . 2008-03-01 23:28 <DIR> d-------- C:\Documents and Settings\x\Dane aplikacji\Creative
2008-02-29 20:17 . 2006-06-18 18:01 282,624 -ra------ C:\WINDOWS\system32\V0250Cvw.dll
2008-02-29 20:15 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-02-29 20:15 . 1999-10-10 18:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-02-29 20:15 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-02-29 20:14 . 2008-02-29 20:14 <DIR> d-------- C:\WINDOWS\CtDrvInstall
2008-02-29 20:06 . 2008-02-29 20:14 <DIR> d-------- C:\Program Files\SightSpeed
2008-02-29 20:06 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-29 20:03 . 2008-02-29 20:14 <DIR> d-------- C:\Program Files\Creative
2008-02-29 17:34 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2008-02-29 17:34 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2008-02-29 17:34 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2008-02-29 17:34 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2008-02-29 17:34 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2008-02-29 17:34 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2008-02-29 17:30 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-02-29 17:30 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-02-29 17:30 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-02-29 14:29 . 2008-03-18 14:12 <DIR> d-------- C:\Documents and Settings\x\Dane aplikacji\skypePM
2008-02-29 14:29 . 2008-02-29 14:29 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-29 13:22 . 2008-03-18 15:10 <DIR> d-------- C:\Documents and Settings\x\Dane aplikacji\Skype
2008-02-28 21:18 . 2008-02-28 21:18 <DIR> d-------- C:\Program Files\Skype
2008-02-28 21:18 . 2008-02-28 21:18 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-28 21:18 . 2008-02-28 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-27 18:55 . 2008-03-16 16:27 <DIR> d-------- C:\Program Files\Winamp
2008-02-25 21:33 . 2008-02-25 21:33 6,663,744 --a------ C:\WINDOWS\system32\A0047180.EXE.VBTMP
2008-02-25 19:06 . 2008-02-25 19:06 6,663,744 --a------ C:\WINDOWS\system32\msaccess.exe.VBTMP
2008-02-25 19:05 . 2008-03-16 17:02 <DIR> d-------- C:\Program Files\Google
2008-02-25 19:05 . 2008-03-16 16:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-24 18:52 . 2008-02-24 18:52 50 --a------ C:\WINDOWS\Winamp.ini
2008-02-24 18:52 . 2008-02-24 18:52 41 --a------ C:\WINDOWS\winampa.ini
2008-02-24 18:19 . 2008-02-24 18:19 <DIR> d-------- C:\Program Files\Ares
2008-02-23 20:28 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\x\Dane aplikacji\Gadu-Gadu
2008-02-23 20:24 . 2008-02-23 20:24 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-02-23 20:24 . 2008-03-10 18:47 <DIR> d-------- C:\Documents and Settings\x\Gadu-Gadu
2008-02-23 13:08 . 2008-02-23 13:08 <DIR> d-------- C:\Program Files\ZyDAS Technology Corporation
2008-02-23 13:08 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-02-23 13:08 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-02-23 13:08 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-02-23 13:08 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-02-23 13:08 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-02-23 13:08 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-02-23 13:08 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-02-23 13:08 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-02-23 13:08 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-02-23 13:08 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-02-19 17:27 . 2008-02-19 20:22 <DIR> d-------- C:\Program Files\Starcars - Demo Version
2008-02-18 20:49 . 2008-02-22 13:15 <DIR> d-------- C:\Program Files\Chicken Invaders 2 Christmas Edition demo
2008-02-18 20:47 . 2008-02-19 12:11 <DIR> d-------- C:\Program Files\Realore
2008-02-18 20:13 . 2008-03-17 16:42 <DIR> d-------- C:\Program Files\TESCOLANDIA - Archipelag Magii
2008-02-18 20:13 . 2008-03-17 16:45 920 --a------ C:\WINDOWS\Tescolandia.iix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:15 --------- d-----w C:\Program Files\whInstall
2008-03-16 16:06 --------- d-----w C:\Program Files\NavExcel Search Toolbar
2008-03-16 15:58 --------- d-----w C:\Program Files\Funny Racer
2008-03-16 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 20:35 327,680 ----a-w C:\WINDOWS\nxstinst.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2008-02-25 18:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-02-25 18:09 233,472 ----a-w C:\WINDOWS\InstIt.exe
2008-02-25 18:09 2,162,688 ------r C:\WINDOWS\MicCal.exe
2008-02-25 18:09 1,191,936 ------r C:\WINDOWS\RtlUpd.exe
2008-02-25 18:07 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-19 11:10 --------- d-----w C:\Program Files\Pinokio
2008-02-18 16:24 --------- d-----w C:\Program Files\JPEGCrops
2008-01-31 20:34 --------- d-----w C:\Program Files\Trickshot
2008-01-30 22:42 --------- d-----w C:\Program Files\Absolute Mastermind
2008-01-26 20:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-26 20:06 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-01-26 19:55 --------- d-----w C:\Program Files\DivX
2008-01-25 19:45 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Leadertech
2008-01-25 19:43 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\AdobeUM
2008-01-20 21:18 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-20 21:18 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-20 21:18 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-20 21:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-01-20 21:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-12-27 20:40 57,344 ----a-w C:\WINDOWS\remover.dll
2007-12-25 21:03 24 ----a-w C:\Documents and Settings\x\Config.dat
2007-12-23 21:44 15,600 ----a-w C:\WINDOWS\gdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"= C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 15:33 963072]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioCentre"="C:\Genius\ioCentre\gTaskBar.exe" [2006-12-08 21:09 241664]
"CHotkey"="mHotkey.exe" [2006-12-08 17:01 547840 C:\WINDOWS\mHotkey.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-25 19:16 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 07:49 16377344 C:\WINDOWS\RTHDCPL.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-15 22:57 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-15 19:04 35328]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [2006-06-07 18:00 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-02-23 13:08:53 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 gMouPS2;PS2 Scroll Mouse Device;C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 04:48]
R3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 04:25]
R3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 09:24]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-23 22:44]
S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fcf1060-edee-11dc-baee-001aff015ae0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - J:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a38deb2-cc48-11dc-ba58-001a4df4dff3}]
\Shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2632728-f27f-11dc-bb04-001aff015ae0}]
\Shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 15:14:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-03-18 15:15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 14:15:53

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:21, on 2008-03-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Genius\ioCentre\gZoom.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Program Files\QuickTime\qttask.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\logi wirusa\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{31D09724-0D56-4E10-BB91-4385E5F45C69}: NameServer = 192.168.25.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A61B9D4-9D2C-4DF7-A12F-B66D18F80A82}: NameServer = 192.168.25.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8177 bytes

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\wmpdxm.dll
C:\amp.bat
C:\WINDOWS\remover.dll
C:\WINDOWS\nxstinst.exe

Folder::
C:\Program Files\NavExcel Search Toolbar
C:\Program Files\whInstall

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"=-
[-HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[-HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]
[-HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[-HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fcf1060-edee-11dc-baee-001aff015ae0}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[Budrys86]

ComboFix 08-03-17.1 - x 2008-03-19 15:07:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1401 [GMT 1:00]
Running from: C:\logi wirusa\ComboFix.exe
Command switches used :: C:\logi wirusa\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\amp.bat
C:\WINDOWS\nxstinst.exe
C:\WINDOWS\remover.dll
C:\WINDOWS\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\amp.bat
C:\Program Files\NavExcel Search Toolbar
C:\Program Files\NavExcel Search Toolbar\settings.dat
C:\Program Files\whInstall
C:\Program Files\whInstall\license.txt
C:\Program Files\whInstall\readme.txt
C:\Program Files\whInstall\Sporder.dll
C:\Program Files\whInstall\whAgent.inf
C:\Program Files\whInstall\whAgent.ini
C:\Program Files\whInstall\whInstaller.ini
C:\WINDOWS\nxstinst.exe
C:\WINDOWS\remover.dll
C:\WINDOWS\wmpdxm.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-18 14:18 . 2008-03-19 15:07 <DIR> d-------- C:\logi wirusa
2008-03-16 17:54 . 2008-03-16 17:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 17:54 . 2008-03-16 17:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 17:52 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2008-03-16 17:52 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2008-03-16 17:52 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2008-03-16 17:01 . 2008-03-16 17:01 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-16 17:01 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-16 17:01 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-16 17:01 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-16 17:01 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-16 17:01 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-16 17:01 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-16 17:01 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-16 17:01 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-16 16:54 . 2008-03-16 16:54 <DIR> d-------- C:\Program Files\ToniArts
2008-03-16 16:35 . 2008-03-16 16:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-15 12:11 . 2008-03-15 12:17 1,392 --a------ C:\WINDOWS\mozver.dat
2008-03-09 16:42 . 2008-03-09 16:42 <DIR> dr-hs---- C:\Recycled
2008-03-01 23:28 . 2008-03-01 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-03-01 10:35 . 2008-03-01 23:28 <DIR> d-------- C:\Documents and Settings\x\Dane aplikacji\Creative
2008-02-29 20:17 . 2006-06-18 18:01 282,624 -ra------ C:\WINDOWS\system32\V0250Cvw.dll
2008-02-29 20:15 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-02-29 20:15 . 1999-10-10 18:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-02-29 20:15 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-02-29 20:14 . 2008-02-29 20:14 <DIR> d-------- C:\WINDOWS\CtDrvInstall
2008-02-29 20:06 . 2008-02-29 20:14 <DIR> d-------- C:\Program Files\SightSpeed
2008-02-29 20:06 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-29 20:03 . 2008-02-29 20:14 <DIR> d-------- C:\Program Files\Creative
2008-02-29 17:34 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2008-02-29 17:34 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2008-02-29 17:34 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2008-02-29 17:34 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2008-02-29 17:34 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2008-02-29 17:34 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2008-02-29 17:30 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-02-29 17:30 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-02-29 17:30 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-02-29 14:29 . 2008-03-19 08:24 <DIR> d-------- C:\Documents and Settings\x\Dane aplikacji\skypePM
2008-02-29 14:29 . 2008-02-29 14:29 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-29 13:22 . 2008-03-19 14:50 <DIR> d-------- C:\Documents and Settings\x\Dane aplikacji\Skype
2008-02-28 21:18 . 2008-02-28 21:18 <DIR> d-------- C:\Program Files\Skype
2008-02-28 21:18 . 2008-02-28 21:18 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-28 21:18 . 2008-02-28 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-27 18:55 . 2008-03-16 16:27 <DIR> d-------- C:\Program Files\Winamp
2008-02-25 21:33 . 2008-02-25 21:33 6,663,744 --a------ C:\WINDOWS\system32\A0047180.EXE.VBTMP
2008-02-25 19:06 . 2008-02-25 19:06 6,663,744 --a------ C:\WINDOWS\system32\msaccess.exe.VBTMP
2008-02-25 19:05 . 2008-03-16 17:02 <DIR> d-------- C:\Program Files\Google
2008-02-25 19:05 . 2008-03-16 16:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-24 18:52 . 2008-02-24 18:52 50 --a------ C:\WINDOWS\Winamp.ini
2008-02-24 18:52 . 2008-02-24 18:52 41 --a------ C:\WINDOWS\winampa.ini
2008-02-24 18:19 . 2008-02-24 18:19 <DIR> d-------- C:\Program Files\Ares
2008-02-23 20:28 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\x\Dane aplikacji\Gadu-Gadu
2008-02-23 20:24 . 2008-02-23 20:24 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-02-23 20:24 . 2008-03-10 18:47 <DIR> d-------- C:\Documents and Settings\x\Gadu-Gadu
2008-02-23 13:08 . 2008-02-23 13:08 <DIR> d-------- C:\Program Files\ZyDAS Technology Corporation
2008-02-23 13:08 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-02-23 13:08 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-02-23 13:08 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-02-23 13:08 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-02-23 13:08 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-02-23 13:08 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-02-23 13:08 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-02-23 13:08 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-02-23 13:08 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-02-23 13:08 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-02-19 17:27 . 2008-02-19 20:22 <DIR> d-------- C:\Program Files\Starcars - Demo Version

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 15:42 --------- d-----w C:\Program Files\TESCOLANDIA - Archipelag Magii
2008-03-16 15:58 --------- d-----w C:\Program Files\Funny Racer
2008-03-16 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 16:58 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe
2008-03-09 16:58 356,352 ----a-w C:\WINDOWS\system32\nvunrm.exe
2008-03-09 16:56 778,240 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-25 18:10 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2008-02-25 18:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-02-25 18:10 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2008-02-25 18:10 189,952 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
2008-02-25 18:10 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2008-02-25 18:09 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2008-02-25 18:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-02-25 18:09 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2008-02-25 18:09 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2008-02-25 18:09 233,472 ----a-w C:\WINDOWS\InstIt.exe
2008-02-25 18:09 2,162,688 ------r C:\WINDOWS\MicCal.exe
2008-02-25 18:09 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2008-02-25 18:09 1,191,936 ------r C:\WINDOWS\RtlUpd.exe
2008-02-25 18:07 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-22 16:19 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-22 12:15 --------- d-----w C:\Program Files\Chicken Invaders 2 Christmas Edition demo
2008-02-19 11:11 --------- d-----w C:\Program Files\Realore
2008-02-19 11:10 --------- d-----w C:\Program Files\Pinokio
2008-02-18 16:24 --------- d-----w C:\Program Files\JPEGCrops
2008-01-31 20:34 --------- d-----w C:\Program Files\Trickshot
2008-01-30 22:42 --------- d-----w C:\Program Files\Absolute Mastermind
2008-01-26 20:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-26 20:06 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-01-26 19:55 --------- d-----w C:\Program Files\DivX
2008-01-25 19:45 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Leadertech
2008-01-25 19:43 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\AdobeUM
2008-01-20 21:18 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-20 21:18 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-20 21:18 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-20 21:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-01-20 21:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-12-25 21:03 24 ----a-w C:\Documents and Settings\x\Config.dat
2007-12-23 21:44 15,600 ----a-w C:\WINDOWS\gdrv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_15.15.47.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 13:28:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 15:33 963072]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioCentre"="C:\Genius\ioCentre\gTaskBar.exe" [2006-12-08 21:09 241664]
"CHotkey"="mHotkey.exe" [2006-12-08 17:01 547840 C:\WINDOWS\mHotkey.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-25 19:16 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 07:49 16377344 C:\WINDOWS\RTHDCPL.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-15 22:57 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-15 19:04 35328]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [2006-06-07 18:00 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-02-23 13:08:53 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 gMouPS2;PS2 Scroll Mouse Device;C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 04:48]
R3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 04:25]
R3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 09:24]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-23 22:44]
S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a38deb2-cc48-11dc-ba58-001a4df4dff3}]
\Shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2632728-f27f-11dc-bb04-001aff015ae0}]
\Shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 15:08:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-19 15:08:40
ComboFix-quarantined-files.txt 2008-03-19 14:08:38
ComboFix2.txt 2008-03-18 14:15:56

[wojtas]

te plik/i :

C:\WINDOWS\system32\A0047180.EXE.VBTMP
C:\WINDOWS\system32\msaccess.exe.VBTMP

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow