Prosze o sprawdzenie (nie uruchamia sie w normalnym trybie)

[fonos]

Witam,

Komputer nie uruchamia sie w normalnym trybie. Po zaladowaniu tla pulpita zawiesza sie (nie laduje sie ani pasek startowy ani ikony na pulpicie)
W trybie awaryjnym udalo sie za ktoryms razem uruchomic ale nie wszystko dzialalo. ComboFix znalazl i pousuwal jakies trojanki
ale nadal nie wszystko dziala. W trybie awaryjnym nie dziala IE i nie wiem czy mimo wszystko nie zostalo cos w systemie
Wczesniej jeszcze mks-vir znajdowal trojany.
Zamieszam logi z Compo i hjck

Kod: Zaznacz wszystko

ComboFix 08-09-27.03 - User 2008-09-28 14:55:30.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.366 [GMT 2:00]
Running from: E:\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\Winps86.sys
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\LocalService\svchost.exe
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\User\Desktop\Antivirus 2009.lnk
C:\Documents and Settings\User\Start Menu\Antivirus 2009
C:\Documents and Settings\User\Start Menu\Antivirus 2009\Antivirus 2009.lnk
C:\Documents and Settings\User\Start Menu\Programs\Startup\userinit.exe
C:\Documents and Settings\User\svchost.exe
C:\WINDOWS\BM0f3054b2.txt
C:\WINDOWS\BM0f3054b2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dcfPYJjl.ini
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\k86.bin
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\oembios.exe
C:\WINDOWS\system32\qjcieqdc.ini
C:\WINDOWS\system32\wincreate.exe
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
E:\RECYCLER\desktop.ini
E:\RECYCLER\UcHelp.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINPS86
-------\Service_Winps86


(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-28  )))))))))))))))))))))))))))))))
.

2008-09-28 14:05 . 2008-09-28 14:08   <DIR>   d--------   C:\Documents and Settings\TEMP
2008-09-28 13:40 . 2008-09-28 14:44   0   --a------   C:\WINDOWS\system32\adsnwx.sys
2008-09-28 13:31 . 2008-09-28 13:31   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2008-09-28 13:31 . 2008-09-28 13:35   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-09-28 13:24 . 2008-09-28 13:24   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-09-28 13:03 . 2008-09-28 14:45   5,982,073   --ahs----   C:\WINDOWS\system32\accwizj.sys
2008-09-28 13:03 . 2008-09-28 13:03   21,504   --ahs----   C:\WINDOWS\system32\2488169437t.dll
2008-09-28 12:54 . 2008-09-28 12:54   194,048   --a------   C:\WINDOWS\system32\drivers\SUTSVOKQ.sys
2008-09-28 12:51 . 2008-09-28 13:32   336   --a-s----   C:\WINDOWS\system32\982832941.dat
2008-09-28 12:30 . 2008-09-28 12:30   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-19 23:46 . 2008-09-19 23:46   32   --a-s----   C:\WINDOWS\system32\2488169437.dat
2008-09-19 23:46 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Winnq32.sys
2008-09-19 23:46 . 2008-09-18 11:36   0   --a------   C:\WINDOWS\system32\drivers\Winkr67.sys
2008-09-19 23:38 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Windi61.sys
2008-09-19 23:38 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Winat35.sys
2008-09-19 11:14 . 2008-09-19 11:14   113,664   --a------   C:\WINDOWS\system32\ieexplorer32.exe
2008-09-19 11:09 . 2008-09-19 11:09   <DIR>   d--------   C:\Program Files\AV9
2008-09-18 17:05 . 2008-09-18 17:05   5,136   --a------   C:\WINDOWS\system32\imod3.dll
2008-09-18 11:36 . 2008-09-18 11:36   21,597   --a------   C:\WINDOWS\system32\sbrige.dll(1).VIR
2008-09-18 11:36 . 2008-09-18 11:36   0   --a------   C:\WINDOWS\system32\sbunit.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\VcommMgr.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\VComm.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\vbtenum.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\btnetdrv.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\BTHidMgr.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\blueletaudio.sys
2008-09-17 18:45 . 2008-09-17 18:45   21,613   --a------   C:\WINDOWS\system32\hpstp.dll
2008-09-17 18:45 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\dmram.sys
2008-09-17 18:12 . 2008-09-19 23:38   370,042   --ahs----   C:\WINDOWS\system32\dcfPYJjl.ini2
2008-09-17 18:08 . 2008-09-17 18:08   <DIR>   d--------   C:\Program Files\mibujrb
2008-09-17 18:08 . 2008-09-17 18:08   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\tabajspk
2008-09-16 10:52 . 2008-09-16 10:52   37,888   --a------   C:\WINDOWS\system32\smsogdhc.dll
2008-09-15 20:41 . 2008-09-15 20:41   194,048   --a------   C:\WINDOWS\system32\drivers\TVVPLJRX.sys
2008-09-15 20:41 . 2008-09-15 20:41   29   --a------   C:\WINDOWS\system32\uoifdefi.tmp
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\en
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-09-12 22:11 . 2008-09-12 22:16   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-09-12 20:17 . 2008-04-14 02:12   276,992   ---------   C:\WINDOWS\system32\wmphoto.dll
2008-09-12 20:15 . 2008-04-14 02:12   1,737,856   ---------   C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 20:14 . 2004-08-03 22:41   1,041,536   ---------   C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-12 20:13 . 2008-04-14 02:11   1,888,992   ---------   C:\WINDOWS\system32\ati3duag.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 10:42   ---------   d-----w   C:\Documents and Settings\User\Application Data\Skype
2008-09-20 10:41   ---------   d-----w   C:\Documents and Settings\User\Application Data\skypePM
2008-08-03 19:07   ---------   d-----w   C:\Program Files\Picasa2
.

------- Sigcheck -------

2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8c8   C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44  360960  744e57c99232201ae98c49168b918f48   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59  361600  ad978a1b783b5719720cff204b666c8e   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45  360320  2a5554fc5b1e04e131230e3ce035c3f9   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-10 14:00  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51  359808  1dbf125862891817f374f407626967f4   C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20  361344  93ea8d04ec73a85db02eb8805988f733   C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b178   C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20  361344  accf5a9a1ffaa490f33dba1c632b95e1   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20  361344  93ea8d04ec73a85db02eb8805988f733   C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 961024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"Gadu-Gadu"="C:\Documents and Settings\User\Desktop\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"28114838897846415771145348725246"="C:\Program Files\AV9\av2009.exe" [2008-09-19 1062400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 7110656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2005-05-17 520464]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-07-20 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"6tiZ07fQZo"="C:\Documents and Settings\All Users\Application Data\tabajspk\vqtwpalo.exe" [2008-09-17 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-01 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hpstp]
2008-09-17 18:45 21613 C:\WINDOWS\system32\hpstp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\imod3]
2008-09-18 17:05 5136 C:\WINDOWS\system32\imod3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\smsogdhc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmram.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbunit.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winat35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S1 dmram;MDRAM Connector;C:\WINDOWS\system32\dmram.sys [2008-09-17 0]
S1 sbunit;Automated Power Control Unit;C:\WINDOWS\system32\sbunit.sys [2008-09-18 0]
S1 Winat35;Winat35;C:\WINDOWS\system32\Drivers\Winat35.sys [2008-09-17 0]
S1 Windi61;Windi61;C:\WINDOWS\system32\Drivers\Windi61.sys [2008-09-17 0]
S1 Winkr67;Winkr67;C:\WINDOWS\system32\Drivers\Winkr67.sys [2008-09-18 0]
S1 Winnq32;Winnq32;C:\WINDOWS\system32\Drivers\Winnq32.sys [2008-09-17 0]
S2 nicsk32.sys;nicsk32.sys;C:\WINDOWS\system32\drivers\nicsk32.sys [2008-04-13 19840]
S2 SUTSVOKQ;SUTSVOKQ;C:\WINDOWS\system32\drivers\SUTSVOKQ.sys [2008-09-28 194048]
S2 TVVPLJRX;TVVPLJRX;C:\WINDOWS\system32\drivers\TVVPLJRX.sys [2008-09-15 194048]
S3 PAC7302;PAC7302 VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems]
"Windows"= basemuh32.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-[system] - C:\WINDOWS\system32\drivers\services.exe
HKLM-Run-[system] - C:\WINDOWS\system32\drivers\services.exe
HKU-Default-Run-[system] - C:\WINDOWS\system32\drivers\services.exe
HKU-Default-Run-winlogon - C:\Documents and Settings\LocalService\svchost.exe
ShellExecuteHooks-{09C72999-5C10-41A3-A524-24661D942003} - C:\WINDOWS\system32\opnomnkj.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 14:58:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunchAresChatServer]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InoTaskaspnet_state]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcTrkWks]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonMessenger]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspxmlprov]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvcInoRT]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SpoolerBrowser]
"ImagePath"=" srv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hpstp.dll
-> C:\WINDOWS\system32\imod3.dll
.
------------------------ Other Running Processes ------------------------
.
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 15:01:19 - machine was rebooted [User]
ComboFix-quarantined-files.txt  2008-09-28 13:01:14

Pre-Run: 110,641,770,496 bytes free
Post-Run: 110,623,936,512 bajt˘w wolnych

250   --- E O F ---   2008-09-13 20:02:56



Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:40, on 2008-09-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\User\Desktop\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [28114838897846415771145348725246] C:\Program Files\AV9\av2009.exe
O4 - HKLM\..\Policies\Explorer\Run: [6tiZ07fQZo] C:\Documents and Settings\All Users\Application Data\tabajspk\vqtwpalo.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\smsogdhc.dll
O20 - Winlogon Notify: hpstp - C:\WINDOWS\SYSTEM32\hpstp.dll
O20 - Winlogon Notify: imod3 - C:\WINDOWS\SYSTEM32\imod3.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: DCOM Server Process Launcher DcomLaunchAresChatServer (DcomLaunchAresChatServer) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serwer RPC programu eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: Serwer czasu rzeczywistego programu eTrust Antivirus (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: Serwer zadań programu eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Serwer zadań programu eTrust Antivirus InoTaskaspnet_state (InoTaskaspnet_state) - Unknown owner - .exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSs (mnmsrvcSamSs) - Unknown owner - .exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcTrkWks (mnmsrvcTrkWks) - Unknown owner - .exe (file missing)
O23 - Service: Net Logon NetlogonMessenger (NetlogonMessenger) - Unknown owner - .exe (file missing)
O23 - Service: NT LM Security Support Provider NtLmSspxmlprov (NtLmSspxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Removable Storage NtmsSvcInoRT (NtmsSvcInoRT) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler SpoolerBrowser (SpoolerBrowser) - Unknown owner - .exe (file missing)
O24 - Desktop Component 0: (no name) - http://sympatia.onet.pl/

--
End of file - 5718 bytes




i jeszcze z FIXIEDef

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.5.0.5987                              *
*                                                                              *
********************************************************************************

Created at 15:09:29 on Sunday, September 28, 2008

Time Zone         : (GMT+01:00) Sarajevo, Skopje, Warsaw, Zagreb

Logged On User    : User

Operating System  : Microsoft Windows XP Professional Service Pack 3
OS Version        : 5.1.2600
System Langauge   : English (United States)
Keyboard Layout   : English (United States)
Processor         : X86               Intel(R) Pentium(R) 4 CPU 3.06GHz

System Drive      : C:\
Windows Directory : C:\WINDOWS
System Directory  : C:\WINDOWS\system32

Total Physical Memory : 523628 KB
Free Physical Memory  : 357960 KB
Total Virtual Memory  : 2097024 KB
Free Virtual Memory   : 2015740 KB

Boot State        : Fail-safe with network boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\*.*

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!


[djarta]

C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll

Chyba czeka Cię format, te pliki są plikami wiursa SALITY, ale ratujemy!

1) Użyj --> rmsality.exe.

2) Użyj -->.Dr. Web CureIt (niżej na stronie linku)

3) Nowy log z ComboFixa.



=================================
K.

[fonos]

Zrobione

zalaczam logi

Kod: Zaznacz wszystko


ComboFix 08-09-27.05 - User 2008-09-28 20:09:04.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.280 [GMT 2:00]
Running from: E:\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-28  )))))))))))))))))))))))))))))))
.

2008-09-28 18:59 . 2008-09-28 19:01   <DIR>   d--------   C:\Documents and Settings\User\DoctorWeb
2008-09-28 13:40 . 2008-09-28 14:44   0   --a------   C:\WINDOWS\system32\adsnwx.sys
2008-09-28 13:31 . 2008-09-28 13:31   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2008-09-28 13:31 . 2008-09-28 13:35   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-09-28 13:24 . 2008-09-28 16:15   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-09-28 13:03 . 2008-09-28 14:45   5,982,073   --ahs----   C:\WINDOWS\system32\accwizj.sys
2008-09-28 13:03 . 2008-09-28 13:03   21,504   --ahs----   C:\WINDOWS\system32\2488169437t.dll
2008-09-28 12:54 . 2008-09-28 12:54   194,048   --a------   C:\WINDOWS\system32\drivers\SUTSVOKQ.sys
2008-09-28 12:51 . 2008-09-28 13:32   336   --a-s----   C:\WINDOWS\system32\982832941.dat
2008-09-28 12:30 . 2008-09-28 12:30   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-19 23:46 . 2008-09-19 23:46   32   --a-s----   C:\WINDOWS\system32\2488169437.dat
2008-09-19 23:46 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Winnq32.sys
2008-09-19 23:46 . 2008-09-18 11:36   0   --a------   C:\WINDOWS\system32\drivers\Winkr67.sys
2008-09-19 23:38 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Windi61.sys
2008-09-19 23:38 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Winat35.sys
2008-09-19 11:14 . 2008-09-19 11:14   113,664   --a------   C:\WINDOWS\system32\ieexplorer32.exe
2008-09-19 11:09 . 2008-09-19 11:09   <DIR>   d--------   C:\Program Files\AV9
2008-09-18 11:36 . 2008-09-18 11:36   0   --a------   C:\WINDOWS\system32\sbunit.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\VcommMgr.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\VComm.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\vbtenum.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\btnetdrv.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\BTHidMgr.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\blueletaudio.sys
2008-09-17 18:45 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\dmram.sys
2008-09-17 18:12 . 2008-09-19 23:38   370,042   --ahs----   C:\WINDOWS\system32\dcfPYJjl.ini2
2008-09-17 18:08 . 2008-09-17 18:08   <DIR>   d--------   C:\Program Files\mibujrb
2008-09-17 18:08 . 2008-09-17 18:08   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\tabajspk
2008-09-16 10:52 . 2008-09-16 10:52   37,888   --a------   C:\WINDOWS\system32\smsogdhc.dll
2008-09-15 20:41 . 2008-09-15 20:41   29   --a------   C:\WINDOWS\system32\uoifdefi.tmp
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\en
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-09-12 22:11 . 2008-09-12 22:16   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-09-12 20:17 . 2008-04-14 02:12   276,992   ---------   C:\WINDOWS\system32\wmphoto.dll
2008-09-12 20:15 . 2008-04-14 02:12   1,737,856   ---------   C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 20:14 . 2004-08-03 22:41   1,041,536   ---------   C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-12 20:13 . 2008-04-14 02:11   1,888,992   ---------   C:\WINDOWS\system32\ati3duag.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 17:44   ---------   d-----w   C:\Program Files\Kazaa Lite Rewolucja
2008-09-20 10:42   ---------   d-----w   C:\Documents and Settings\User\Application Data\Skype
2008-09-20 10:41   ---------   d-----w   C:\Documents and Settings\User\Application Data\skypePM
2008-08-03 19:07   ---------   d-----w   C:\Program Files\Picasa2
.

------- Sigcheck -------

2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8c8   C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44  360960  744e57c99232201ae98c49168b918f48   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59  361600  ad978a1b783b5719720cff204b666c8e   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45  360320  2a5554fc5b1e04e131230e3ce035c3f9   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-10 14:00  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51  359808  1dbf125862891817f374f407626967f4   C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20  361344  93ea8d04ec73a85db02eb8805988f733   C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b178   C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20  361344  accf5a9a1ffaa490f33dba1c632b95e1   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20  361344  93ea8d04ec73a85db02eb8805988f733   C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 961024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"Gadu-Gadu"="C:\Documents and Settings\User\Desktop\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"28114838897846415771145348725246"="C:\Program Files\AV9\av2009.exe" [2008-09-19 1062400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 7110656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2005-05-17 520464]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-07-20 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"6tiZ07fQZo"="C:\Documents and Settings\All Users\Application Data\tabajspk\vqtwpalo.exe" [2008-09-17 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-01 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\smsogdhc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmram.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbunit.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winat35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=

S1 dmram;MDRAM Connector;C:\WINDOWS\system32\dmram.sys [2008-09-17 0]
S1 sbunit;Automated Power Control Unit;C:\WINDOWS\system32\sbunit.sys [2008-09-18 0]
S1 Winat35;Winat35;C:\WINDOWS\system32\Drivers\Winat35.sys [2008-09-17 0]
S1 Windi61;Windi61;C:\WINDOWS\system32\Drivers\Windi61.sys [2008-09-17 0]
S1 Winkr67;Winkr67;C:\WINDOWS\system32\Drivers\Winkr67.sys [2008-09-18 0]
S1 Winnq32;Winnq32;C:\WINDOWS\system32\Drivers\Winnq32.sys [2008-09-17 0]
S2 nicsk32.sys;nicsk32.sys;C:\WINDOWS\system32\drivers\nicsk32.sys [2008-04-13 19840]
S2 SUTSVOKQ;SUTSVOKQ;C:\WINDOWS\system32\drivers\SUTSVOKQ.sys [2008-09-28 194048]
S3 PAC7302;PAC7302 VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems]
"Windows"= basemuh32.dll
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 20:12:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunchAresChatServer]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InoTaskaspnet_state]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcTrkWks]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonMessenger]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspxmlprov]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvcInoRT]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SpoolerBrowser]
"ImagePath"=" srv"
.
------------------------ Other Running Processes ------------------------
.
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 20:14:59 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-28 18:14:54

Pre-Run: 110 615 449 600 bytes free
Post-Run: 110,613,716,992 bajt˘w wolnych

192   --- E O F ---   2008-09-13 20:02:56



Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:01, on 2008-09-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\User\Desktop\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [28114838897846415771145348725246] C:\Program Files\AV9\av2009.exe
O4 - HKLM\..\Policies\Explorer\Run: [6tiZ07fQZo] C:\Documents and Settings\All Users\Application Data\tabajspk\vqtwpalo.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\smsogdhc.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: DCOM Server Process Launcher DcomLaunchAresChatServer (DcomLaunchAresChatServer) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serwer RPC programu eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: Serwer czasu rzeczywistego programu eTrust Antivirus (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: Serwer zadań programu eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Serwer zadań programu eTrust Antivirus InoTaskaspnet_state (InoTaskaspnet_state) - Unknown owner - .exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSs (mnmsrvcSamSs) - Unknown owner - .exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcTrkWks (mnmsrvcTrkWks) - Unknown owner - .exe (file missing)
O23 - Service: Net Logon NetlogonMessenger (NetlogonMessenger) - Unknown owner - .exe (file missing)
O23 - Service: NT LM Security Support Provider NtLmSspxmlprov (NtLmSspxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Removable Storage NtmsSvcInoRT (NtmsSvcInoRT) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler SpoolerBrowser (SpoolerBrowser) - Unknown owner - .exe (file missing)
O24 - Desktop Component 0: (no name) - http://sympatia.onet.pl/

--
End of file - 5598 bytes




[Magik]

W HJT daj na fix w trybie awaryjnym

Kod: Zaznacz wszystko

O4 - HKLM\..\Policies\Explorer\Run: [6tiZ07fQZo] C:\Documents and Settings\All Users\Application Data\tabajspk\vqtwpalo.exe
O4 - HKCU\..\Run: [28114838897846415771145348725246] C:\Program Files\AV9\av2009.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\smsogdhc.dll
O23 - Service: DCOM Server Process Launcher DcomLaunchAresChatServer (DcomLaunchAresChatServer) - Unknown owner - .exe (file missing)
O23 - Service: Serwer zadań programu eTrust Antivirus InoTaskaspnet_state (InoTaskaspnet_state) - Unknown owner - .exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSs (mnmsrvcSamSs) - Unknown owner - .exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcTrkWks (mnmsrvcTrkWks) - Unknown owner - .exe (file missing)
O23 - Service: Net Logon NetlogonMessenger (NetlogonMessenger) - Unknown owner - .exe (file missing)
O23 - Service: NT LM Security Support Provider NtLmSspxmlprov (NtLmSspxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Removable Storage NtmsSvcInoRT (NtmsSvcInoRT) - Unknown owner - .exe (file missing)
O23 - Service: Print Spooler SpoolerBrowser (SpoolerBrowser) - Unknown owner - .exe (file missing)

wklej do notatnika

Kod: Zaznacz wszystko

FILE::
C:\WINDOWS\system32\ieexplorer32.exe
C:\WINDOWS\system32\dcfPYJjl.ini2
C:\WINDOWS\system32\uoifdefi.tmp
C:\WINDOWS\system32\smsogdhc.dll
C:\WINDOWS\system32\2488169437t.dll
C:\WINDOWS\system32\accwizj.sys

FOLDER::
C:\Program Files\AV9
C:\Program Files\mibujrb

Plik zapisz jako CFScript. Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

wklej nowy log i zrob

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

[fonos]

Zrobione ... zalaczam logi

Kod: Zaznacz wszystko

ComboFix 08-09-27.05 - User 2008-09-28 21:48:56.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.364 [GMT 2:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: E:\Naprawcze\CFScript.txt

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\2488169437t.dll
C:\WINDOWS\system32\accwizj.sys
C:\WINDOWS\system32\dcfPYJjl.ini2
C:\WINDOWS\system32\ieexplorer32.exe
C:\WINDOWS\system32\smsogdhc.dll
C:\WINDOWS\system32\uoifdefi.tmp
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\User\Start Menu\Antivirus 2009
C:\Documents and Settings\User\Start Menu\Antivirus 2009\Antivirus 2009.lnk
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\mibujrb
C:\Program Files\mibujrb\genutilui.dll
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\2488169437t.dll
C:\WINDOWS\system32\accwizj.sys
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\cenzura!.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dcfPYJjl.ini2
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\ieexplorer32.exe
C:\WINDOWS\system32\ieupdates.exe.tmp
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\smsogdhc.dll
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\uoifdefi.tmp
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-28  )))))))))))))))))))))))))))))))
.

2008-09-28 21:17 . 2008-09-28 21:17   <DIR>   d--------   C:\WINDOWS\LastGood
2008-09-28 21:01 . 2008-09-28 21:01   <DIR>   d--------   C:\Program Files\vbicsqc
2008-09-28 21:01 . 2008-09-28 21:01   90,112   --a------   C:\WINDOWS\system32\fsnapanq.exe
2008-09-28 18:59 . 2008-09-28 19:01   <DIR>   d--------   C:\Documents and Settings\User\DoctorWeb
2008-09-28 13:40 . 2008-09-28 14:44   0   --a------   C:\WINDOWS\system32\adsnwx.sys
2008-09-28 13:31 . 2008-09-28 13:35   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-09-28 13:24 . 2008-09-28 16:15   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-09-28 12:54 . 2008-09-28 12:54   194,048   --a------   C:\WINDOWS\system32\drivers\SUTSVOKQ.sys
2008-09-28 12:51 . 2008-09-28 13:32   336   --a-s----   C:\WINDOWS\system32\982832941.dat
2008-09-28 12:30 . 2008-09-28 12:30   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-19 23:46 . 2008-09-19 23:46   32   --a-s----   C:\WINDOWS\system32\2488169437.dat
2008-09-19 23:46 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Winnq32.sys
2008-09-19 23:46 . 2008-09-18 11:36   0   --a------   C:\WINDOWS\system32\drivers\Winkr67.sys
2008-09-19 23:38 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Windi61.sys
2008-09-19 23:38 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Winat35.sys
2008-09-18 11:36 . 2008-09-18 11:36   0   --a------   C:\WINDOWS\system32\sbunit.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\VcommMgr.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\VComm.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\vbtenum.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\btnetdrv.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\BTHidMgr.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\blueletaudio.sys
2008-09-17 18:45 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\dmram.sys
2008-09-17 18:08 . 2008-09-17 18:08   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\tabajspk
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\en
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-09-12 22:11 . 2008-09-12 22:16   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-09-12 20:17 . 2008-04-14 02:12   276,992   ---------   C:\WINDOWS\system32\wmphoto.dll
2008-09-12 20:15 . 2008-04-14 02:12   1,737,856   ---------   C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 20:14 . 2004-08-03 22:41   1,041,536   ---------   C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-12 20:13 . 2008-04-14 02:11   1,888,992   ---------   C:\WINDOWS\system32\ati3duag.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 19:17   ---------   d-----w   C:\Documents and Settings\User\Application Data\Skype
2008-09-28 19:05   ---------   d-----w   C:\Program Files\CA
2008-09-28 19:01   ---------   d-----w   C:\Documents and Settings\User\Application Data\skypePM
2008-08-03 19:07   ---------   d-----w   C:\Program Files\Picasa2
.

------- Sigcheck -------

2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8c8   C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44  360960  744e57c99232201ae98c49168b918f48   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59  361600  ad978a1b783b5719720cff204b666c8e   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45  360320  2a5554fc5b1e04e131230e3ce035c3f9   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-10 14:00  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51  359808  1dbf125862891817f374f407626967f4   C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20  361344  93ea8d04ec73a85db02eb8805988f733   C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b178   C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20  361344  accf5a9a1ffaa490f33dba1c632b95e1   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot@2008-09-28_15.00.53.29   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:12:05   221,696   ----a-w   C:\WINDOWS\LastGood\system32\inetsrv\seo.dll
+ 2008-04-14 00:12:06   189,440   ----a-w   C:\WINDOWS\LastGood\system32\inetsrv\smtpadm.dll
+ 2008-04-14 00:12:04   9,728   ----a-w   C:\WINDOWS\LastGood\system32\rwnh.dll
+ 2008-04-14 00:12:06   10,752   ----a-w   C:\WINDOWS\LastGood\system32\smtpapi.dll
- 2008-09-13 16:36:01   54,228   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-09-28 19:17:49   53,608   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-09-13 16:36:01   383,874   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-09-28 19:17:49   383,254   ----a-w   C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 961024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"Gadu-Gadu"="C:\Documents and Settings\User\Desktop\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"hlpaplapp"="C:\WINDOWS\system32\fsnapanq.exe" [2008-09-28 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 7110656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2005-05-17 520464]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-07-20 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-01 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sysdsc"= {70478E11-A5C2-3027-EE96-050D2FD2BFCD} - C:\Program Files\vbicsqc\sysdsc.dll [2008-09-28 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmram.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbunit.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winat35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 dmram;MDRAM Connector;C:\WINDOWS\system32\dmram.sys [2008-09-17 0]
S1 sbunit;Automated Power Control Unit;C:\WINDOWS\system32\sbunit.sys [2008-09-18 0]
S1 Winat35;Winat35;C:\WINDOWS\system32\Drivers\Winat35.sys [2008-09-17 0]
S1 Windi61;Windi61;C:\WINDOWS\system32\Drivers\Windi61.sys [2008-09-17 0]
S1 Winkr67;Winkr67;C:\WINDOWS\system32\Drivers\Winkr67.sys [2008-09-18 0]
S1 Winnq32;Winnq32;C:\WINDOWS\system32\Drivers\Winnq32.sys [2008-09-17 0]
S2 nicsk32.sys;nicsk32.sys;C:\WINDOWS\system32\drivers\nicsk32.sys [2008-04-13 19840]
S2 SUTSVOKQ;SUTSVOKQ;C:\WINDOWS\system32\drivers\SUTSVOKQ.sys [2008-09-28 194048]
S3 PAC7302;PAC7302 VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems]
"Windows"= basemuh32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 22:00:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunchAresChatServer]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InoTaskaspnet_state]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcTrkWks]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonMessenger]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspxmlprov]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvcInoRT]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SpoolerBrowser]
"ImagePath"=" srv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\MLANG.dll
.
Completion time: 2008-09-28 22:06:42 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-28 20:06:30
ComboFix2.txt  2008-09-28 18:14:59

Pre-Run: 111 941 550 080 bytes free
Post-Run: 111,921,672,192 bajt˘w wolnych

267   --- E O F ---   2008-09-13 20:02:56



Kod: Zaznacz wszystko



[b]SDFix: Version 1.229 [/b]
Run by User on 2008-09-28 at 22:11

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems]

Trojan File basemuh32.dll and startup entry Found!
basemuh32.dll will be removed after reboot if registry value is repaired


Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing SharedAccess Service



[djarta]

@Magik Script powinnien wyglądać tak:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\fsnapanq.exe
C:\Program Files\vbicsqc\sysdsc.dll
C:\WINDOWS\system32\drivers\Winnq32.sys
C:\WINDOWS\system32\drivers\Winkr67.sys
C:\WINDOWS\system32\drivers\Windi61.sys
C:\WINDOWS\system32\drivers\Winat35.sys

Folder::
C:\Program Files\vbicsqc
C:\Documents and Settings\All Users\Application Data\tabajspk

Driver::
Winat35
Windi61
Winkr67
Winnq32

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hlpaplapp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sysdsc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winat35.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi61.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr67.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq32.sys]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems]
"Windows"=""


Reszta bez zmian.

2)

C:\WINDOWS\system32\dmram.sys
C:\WINDOWS\system32\sbunit.sys
C:\WINDOWS\system32\drivers\nicsk32.sys

Sprawdź je na --> http://virusscan.jotti.org/




===============================
K.

[fonos]

zrobilem jeszcze raz SDF i Combo ... zalaczam logi ....
nie wiem jak wyglada tryb normalny bo wszystko
narazie robie w awaryjnym ale komp zamulony strasznie

Kod: Zaznacz wszystko


[b]SDFix: Version 1.229 [/b]
Run by User on 2008-09-30 at 21:53

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File



Kod: Zaznacz wszystko

ComboFix 08-09-27.05 - User 2008-09-30 21:27:34.6 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.302 [GMT 2:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-30  )))))))))))))))))))))))))))))))
.

2008-09-30 18:09 . 2008-09-30 18:09   <DIR>   d--------   C:\WINDOWS\LastGood
2008-09-29 21:12 . 2008-09-29 21:12   557   --a------   C:\Pltfrm2.ini
2008-09-28 22:09 . 2008-09-28 22:09   578,560   --a--c---   C:\WINDOWS\system32\dllcache\user32.dll
2008-09-28 22:07 . 2008-09-28 22:08   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-09-28 21:17 . 2008-09-28 21:17   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2008-09-28 18:59 . 2008-09-28 19:01   <DIR>   d--------   C:\Documents and Settings\User\DoctorWeb
2008-09-28 13:40 . 2008-09-28 14:44   0   --a------   C:\WINDOWS\system32\adsnwx.sys
2008-09-28 13:31 . 2008-09-28 13:35   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-09-28 13:24 . 2008-09-28 16:15   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-09-28 12:54 . 2008-09-28 12:54   194,048   --a------   C:\WINDOWS\system32\drivers\SUTSVOKQ.sys
2008-09-28 12:51 . 2008-09-28 13:32   336   --a-s----   C:\WINDOWS\system32\982832941.dat
2008-09-19 23:46 . 2008-09-19 23:46   32   --a-s----   C:\WINDOWS\system32\2488169437.dat
2008-09-19 23:46 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Winnq32.sys
2008-09-19 23:46 . 2008-09-18 11:36   0   --a------   C:\WINDOWS\system32\drivers\Winkr67.sys
2008-09-19 23:38 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Windi61.sys
2008-09-19 23:38 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\Winat35.sys
2008-09-18 11:36 . 2008-09-18 11:36   0   --a------   C:\WINDOWS\system32\sbunit.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\VcommMgr.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\VComm.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\vbtenum.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\btnetdrv.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\BTHidMgr.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
2008-09-18 09:58 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\drivers\blueletaudio.sys
2008-09-17 18:45 . 2008-09-17 18:45   0   --a------   C:\WINDOWS\system32\dmram.sys
2008-09-17 18:08 . 2008-09-17 18:08   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\tabajspk
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\en
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-09-12 22:15 . 2008-09-12 22:15   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-09-12 22:11 . 2008-09-12 22:16   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-09-12 20:17 . 2008-04-14 02:12   276,992   ---------   C:\WINDOWS\system32\wmphoto.dll
2008-09-12 20:15 . 2008-04-14 02:12   1,737,856   ---------   C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 20:14 . 2004-08-03 22:41   1,041,536   ---------   C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-12 20:13 . 2008-04-14 02:11   1,888,992   ---------   C:\WINDOWS\system32\ati3duag.dll
2008-08-16 21:53 . 2008-04-11 21:04   691,712   -----c---   C:\WINDOWS\system32\dllcache\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 19:17   ---------   d-----w   C:\Documents and Settings\User\Application Data\Skype
2008-09-28 19:01   ---------   d-----w   C:\Documents and Settings\User\Application Data\skypePM
2008-08-03 19:07   ---------   d-----w   C:\Program Files\Picasa2
.

------- Sigcheck -------

2004-08-10 14:00  14336  8f078ae4ed187aaabc0a305146de6716   C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 02:12  14336  27c6d03bcdb8cfeb96b716f3d8be3e18   C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 02:12  14336  27c6d03bcdb8cfeb96b716f3d8be3e18   C:\WINDOWS\system32\svchost.exe

2005-03-02 20:19  577024  1800f293bccc8ede8a70e12b88d80036   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48  578048  7aa4f6c00405dfc4b70ed4214e7d687b   C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:36  577536  b409909f6e2e8a7067076ed748abf1e7   C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-10 14:00  577024  c72661f8552ace7c5c85e16a3cf505c4   C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:09  577024  de2db164bbb35db061af0997e4499054   C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 02:12  578560  b26b135ff1b9f60c9388b4a7d16f600b   C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 02:12  578560  b26b135ff1b9f60c9388b4a7d16f600b   C:\WINDOWS\system32\user32.dll
2008-09-28 22:09  578560  b26b135ff1b9f60c9388b4a7d16f600b   C:\WINDOWS\system32\dllcache\user32.dll

2004-08-10 14:00  82944  2ed0b7f12a60f90092081c50fa0ec2b2   C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 02:12  82432  2ccc474eb85ceaa3e1fa1726580a3e5a   C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 02:12  82432  2ccc474eb85ceaa3e1fa1726580a3e5a   C:\WINDOWS\system32\ws2_32.dll

2007-02-20 11:52  665600  b258c922d22deec880b60720531d7627   C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-10-11 01:47  825344  0e5d918f87efa7d2424d66b499c7eb04   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 04:01  825344  b5b411bb229ae6ead7652a32ed47bfb9   C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 15:03  827392  6316c2f0c61271c8abdff7429174879e   C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 05:35  827392  41546b396a526918da7995a02ea04e51   C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 18:01  827904  c66402a06b83b036c195242c0c8cf83c   C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-10 14:00  656384  c0823fc5469663ba63e7db88f9919d70   C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2007-02-20 11:48  658944  30d1c47e40efbb792ff8d3c3b51ce507   C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:46  665600  4261ba03afd659de04f0a17dfbdd454d   C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:35  665600  e1a3dd68b5380b360a7310a64d9bb188   C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:55  665600  a1bc17eb3758d73c3938b2318820f5b4   C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:57  666112  80d660a49e0d118144423099b2a9f5da   C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54  818688  a4a0fc92358f39538a6494c42ef99fe9   C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:56  824832  30c1e0f34ad2972c72a01db5c74ab065   C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:21  824832  806d274c9a6c3aaea5eae8e4af841e04   C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:06  826368  ad21461aef8244edec2ef18e55e1dcf3   C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16  826368  f6589be784647cfdbc22ea51ccb1a57a   C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-14 02:12  666112  7a4f775abb2f1c97def3e73afa2faedd   C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-10-11 01:56  824832  30c1e0f34ad2972c72a01db5c74ab065   C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
2007-10-11 01:47  825344  0e5d918f87efa7d2424d66b499c7eb04   C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
2008-06-23 18:57  826368  8c13d4a7479fa0a026eda8abce82c0ed   C:\WINDOWS\system32\wininet.dll
2008-06-23 18:57  826368  8c13d4a7479fa0a026eda8abce82c0ed   C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8c8   C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44  360960  744e57c99232201ae98c49168b918f48   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59  361600  ad978a1b783b5719720cff204b666c8e   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45  360320  2a5554fc5b1e04e131230e3ce035c3f9   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-10 14:00  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51  359808  1dbf125862891817f374f407626967f4   C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20  361344  93ea8d04ec73a85db02eb8805988f733   C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b178   C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20  361344  accf5a9a1ffaa490f33dba1c632b95e1   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-10 14:00  502272  01c3346c241652f43aed8e2149881bfe   C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 02:12  507904  ed0ef0a136dec83df69f04118870003e   C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 02:12  507904  ed0ef0a136dec83df69f04118870003e   C:\WINDOWS\system32\winlogon.exe

2004-08-10 14:00  182912  558635d3af1c7546d26067d5d9b6959e   C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 21:20  182656  1df7f42665c94b825322fae71721130d   C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20  182656  1df7f42665c94b825322fae71721130d   C:\WINDOWS\system32\drivers\ndis.sys

2004-08-10 14:00  29056  4448006b6bc60e6c027932cfc38d6855   C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 20:53  36608  3bb22519a194418d5fec05d800a19ad0   C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53  36608  3bb22519a194418d5fec05d800a19ad0   C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 02:36  2056832  d8aba3eab509627e707a3b14f00fbb6b   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 11:15  2059392  4d3dbdccbf97f5ba1e74f322b155c3ba   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 10:38  2015744  a58ac1c6199ef34228abee7fc057ae09   C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-10 14:00  2015232  fb142b7007ca2eea76966c6c5cc12150   C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 02:34  2015232  3cd941e472ddf3534e53038535719771   C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-13 20:31  2065792  109f8e3e3c82e337bb71b6bc9b895d61   C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 20:31  2023936  7f653a89f6e89e3ae0d49830eece35d4   C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 03:04  2179456  28187802b7c368c0d3aef7d4c382aabb   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 11:55  2182144  5a5c8db4aa962c714c8371fbdf189fc9   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 11:08  2136064  1220faf071dea8653ee21de7dcda8bfd   C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-10 14:00  2148352  626309040459c3915997ef98ec1c8d40   C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 02:57  2135552  48b3e89af7074cee0314a3e0c7faffdb   C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-13 21:27  2188928  0c89243c7c3ee199b96fcc16990e0679   C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 21:24  2145280  40f8880122a030a7e9e1fedea833b33d   C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 02:12  1033728  12896823fb95bfb3dc9b46bcaedc9923   C:\WINDOWS\explorer.exe
2007-06-13 13:26  1033216  7712df0cdde3a5ac89843e61cd5b3658   C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 12:23  1033216  97bd6515465659ff8f3b7be375b2ea87   C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-10 14:00  1032192  a0732187050030ae399b241436565e64   C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 02:12  1033728  12896823fb95bfb3dc9b46bcaedc9923   C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-10 14:00  108032  c6ce6eec82f187615d1002bb3bb50ed4   C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-14 02:12  108544  0e776ed5f7cc9f94299e70461b7b8185   C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 02:12  108544  0e776ed5f7cc9f94299e70461b7b8185   C:\WINDOWS\system32\services.exe

2004-08-10 14:00  13312  84885f9b82f4d55c6146ebf6065d75d2   C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-14 02:12  13312  bf2466b3e18e970d8a976fb95fc1ca85   C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 02:12  13312  bf2466b3e18e970d8a976fb95fc1ca85   C:\WINDOWS\system32\lsass.exe

2004-08-10 14:00  15360  24232996a38c0b0cf151c2140ae29fc8   C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 02:12  15360  5f1d5f88303d4a4dbc8e5f97ba967cc3   C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 02:12  15360  5f1d5f88303d4a4dbc8e5f97ba967cc3   C:\WINDOWS\system32\ctfmon.exe

2005-06-11 02:17  57856  ad3d9d191aea7b5445fe1d82ffbb4788   C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f   C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-10 14:00  57856  7435b108b935e42ea92ca94f59c8e717   C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 02:12  57856  d8e14a61acc1d4a6cd0d38aebac7fa3b   C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 02:12  57856  d8e14a61acc1d4a6cd0d38aebac7fa3b   C:\WINDOWS\system32\spoolsv.exe

2008-04-14 02:12  111104  ed7262e52c31cf1625b65039102bc16c   C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-07-18 22:10  53448  d316e28958873859b88d72cf47ad1ea5   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10  53448  d316e28958873859b88d72cf47ad1ea5   C:\WINDOWS\system32\dllcache\wuauclt.exe

2004-08-10 14:00  24576  39b1ffb03c2296323832acbae50d2aff   C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 02:12  26112  a93aee1928a9d7ce3e16d24ec7380f89   C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 02:12  26112  a93aee1928a9d7ce3e16d24ec7380f89   C:\WINDOWS\system32\userinit.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 961024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"Gadu-Gadu"="C:\Documents and Settings\User\Desktop\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 7110656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-07-20 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-01 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmram.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbunit.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winat35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq32.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=

S1 dmram;MDRAM Connector;C:\WINDOWS\system32\dmram.sys [2008-09-17 0]
S1 sbunit;Automated Power Control Unit;C:\WINDOWS\system32\sbunit.sys [2008-09-18 0]
S1 Winat35;Winat35;C:\WINDOWS\system32\Drivers\Winat35.sys [2008-09-17 0]
S1 Windi61;Windi61;C:\WINDOWS\system32\Drivers\Windi61.sys [2008-09-17 0]
S1 Winkr67;Winkr67;C:\WINDOWS\system32\Drivers\Winkr67.sys [2008-09-18 0]
S1 Winnq32;Winnq32;C:\WINDOWS\system32\Drivers\Winnq32.sys [2008-09-17 0]
S2 nicsk32.sys;nicsk32.sys;C:\WINDOWS\system32\drivers\nicsk32.sys [2008-04-13 19840]
S2 SUTSVOKQ;SUTSVOKQ;C:\WINDOWS\system32\drivers\SUTSVOKQ.sys [2008-09-28 194048]
S3 PAC7302;PAC7302 VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 21:39:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunchAresChatServer]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InoTaskaspnet_state]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcTrkWks]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonMessenger]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspxmlprov]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvcInoRT]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SpoolerBrowser]
"ImagePath"=" srv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\MLANG.dll
.
Completion time: 2008-09-30 21:46:47 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-30 19:46:36
ComboFix2.txt  2008-09-29 19:48:20

Pre-Run: 111 838 822 400 bytes free
Post-Run: 111,823,228,928 bajt˘w wolnych

260   --- E O F ---   2008-09-13 20:02:56



Kod: Zaznacz wszystko


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:01, on 2008-09-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\User\Desktop\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: DCOM Server Process Launcher DcomLaunchAresChatServer (DcomLaunchAresChatServer) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serwer RPC programu eTrust Antivirus (InoRPC) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe (file missing)
O23 - Service: Serwer czasu rzeczywistego programu eTrust Antivirus (InoRT) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoRT.exe (file missing)
O23 - Service: Serwer zadań programu eTrust Antivirus (InoTask) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoTask.exe (file missing)
O23 - Service: Serwer zadań programu eTrust Antivirus InoTaskaspnet_state (InoTaskaspnet_state) - Unknown owner - .exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSs (mnmsrvcSamSs) - Unknown owner - .exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcTrkWks (mnmsrvcTrkWks) - Unknown owner - .exe (file missing)
O23 - Service: Net Logon NetlogonMessenger (NetlogonMessenger) - Unknown owner - .exe (file missing)
O23 - Service: NT LM Security Support Provider NtLmSspxmlprov (NtLmSspxmlprov) - Unknown owner - .exe (file missing)
O23 - Service: Removable Storage NtmsSvcInoRT (NtmsSvcInoRT) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler SpoolerBrowser (SpoolerBrowser) - Unknown owner - .exe (file missing)

--
End of file - 5074 bytes



[djarta]

Wykonaj moją wyżej wskazówkę.


================================
K.

[fonos]

tiaaaaa ..... no i super ..... zrobilem jak napisales .....
zapisalem to do CFScript i wzucilem do ComboFix.exe .
Efekt jest taki ze po restarcie komp juz sie wogule nie uruchamia
nawet w awaryjnym trybie ..... startuje .... wybieram
normalny albo awaryjny po czym chwile mysli i sam sie
restartuje .... i tak w kolko ..... chwile mysli i znow restart .....
jakies sugestie ???

[Okocza]

włóż płytkę windowsa - zbootuj ją. wejdź do konsoli i w niej wpisz

chkdsk x: /p

gdzie x to litera partycji systemowej.

[fonos]

hmmmm niestety nie pomoglo ... chkdsk napisal ze wykryl jakis blad na dysku ale nic wiecej ..... teraz jeszcze idzie z parametrem /R ale nie wiem czy to cos da .... jeszcze jakies sugestie ??

[djarta]

hmmmm niestety nie pomoglo ... chkdsk napisal ze wykryl jakis blad na dysku ale nic wiecej ..... teraz jeszcze idzie z parametrem /R ale nie wiem czy to cos da .... jeszcze jakies sugestie ??

Poprostu będzie trzeba sformatować dysk - na twoim komputerze ComboFix uszkadza pliki - niestety nie wiemy na jakich komputerach działa ComboFix a na których nie...


===========================
K.