prosze o sprawdzenie

[kepa416]

Strasznie zmulony system wole otwieranie programów, dziwne procesy; unsecapp.exe ; wmiprvse.exe ; długie czekanie na ołączenie z internetem (neostrada 1mb +autoconect ) częsty błąd 721

Logfile of HijackThis v1.99.1
Scan saved at 14:18:42, on 2007-08-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\KePa\Pulpit\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\swreg.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C92E45B-FE76-4F39-AE16-F8681975E89F}: NameServer = 194.204.159.1 217.98.63.164
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[/quote]

[wojtas]

skasuj ten wpis:

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

i daj loga z combofixa

[kepa416]

ComboFix 07-08-04.3 - "KePa" 2007-08-04 16:08:59.2 BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs". - NTFS
BˆĄd wej˜cia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".


((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))


2007-08-04 14:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-04 14:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-04 01:46 <DIR> d--hs---- C:\WINDOWS\CSC
2007-07-31 11:59 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-31 11:59 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-31 11:59 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-31 11:59 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-31 11:59 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-31 11:59 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-31 11:59 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-31 11:58 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-30 21:29 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\WinRAR
2007-07-30 21:11 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-30 21:08 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-30 12:56 425,984 --a------ C:\WINDOWS\system32\stmcfg32.dll
2007-07-30 12:56 151,552 --a------ C:\WINDOWS\system32\stmctrl.dll
2007-07-30 12:56 <DIR> d-------- C:\WINDOWS\system32\InsFiles
2007-07-30 12:55 684,265 --a------ C:\WINDOWS\system32\drivers\torususb.sys
2007-07-30 12:55 65,536 --a------ C:\WINDOWS\DSLTest.exe
2007-07-30 12:55 60,255 --a------ C:\WINDOWS\system32\drivers\stmatm.sys
2007-07-30 12:55 36,864 --a------ C:\WINDOWS\system32\stmclean.exe
2007-07-30 12:55 102,400 --a------ C:\WINDOWS\stmtrace.exe
2007-07-30 12:55 <DIR> d-------- C:\Program Files\ZTE ZXDSL 852
2007-07-26 20:22 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-26 20:22 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-07-26 20:22 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 20:22 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-26 20:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 20:22 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-26 20:22 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-26 20:22 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-07-26 20:22 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-07-26 11:41 <DIR> d-------- C:\Program Files\FTP Commander Pro
2007-07-25 13:17 314,368 --a------ C:\WINDOWS\IsUninst.exe
2007-07-25 13:17 <DIR> d-------- C:\DOCUME~1\KePa\WINDOWS
2007-07-22 22:05 <DIR> d--hs---- C:\DOCUME~1\KePa\Phone Browser
2007-07-22 22:01 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\Nokia
2007-07-22 22:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Suite
2007-07-22 22:00 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-07-22 22:00 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-07-22 21:59 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-07-22 21:59 <DIR> d-------- C:\Program Files\DIFX
2007-07-22 21:59 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\PC Suite
2007-07-22 21:58 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-07-22 21:58 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-07-22 21:58 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-07-22 21:58 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-07-22 21:58 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-07-22 21:58 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-07-22 21:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-22 21:58 <DIR> d-------- C:\Program Files\Nokia
2007-07-22 16:34 <DIR> d-------- C:\Program Files\Throttle
2007-07-22 15:24 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\Apple Computer
2007-07-22 15:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2007-07-20 04:41 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-07-20 04:35 <DIR> d-------- C:\Program Files\OO Software
2007-07-20 04:30 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-20 04:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-20 04:25 23 --ahs---- C:\WINDOWS\system32\accba2_r.dll
2007-07-20 01:12 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\COWON
2007-07-19 22:07 <DIR> d-------- C:\Program Files\PhotoFiltre
2007-07-19 21:59 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-07-19 21:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-19 21:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 21:50 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-18 21:59 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\uTorrent
2007-07-17 16:05 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-16 16:07 36,441 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-07-16 16:07 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-16 16:06 <DIR> d-------- C:\Program Files\Illustrate
2007-07-15 15:40 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\OpenOffice.org2
2007-07-12 18:44 <DIR> d-------- C:\Program Files\Real Alternative
2007-07-12 18:44 <DIR> d-------- C:\Program Files\Media Player Classic
2007-07-12 18:44 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\Real
2007-07-12 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-07-11 16:26 <DIR> d-------- C:\Program Files\Tasker
2007-07-10 21:45 <DIR> d-------- C:\Program Files\QuickTime
2007-07-10 21:44 <DIR> d-------- C:\Program Files\ImTOO
2007-07-10 21:23 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-07-10 21:23 337 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-07-10 21:23 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-07-10 21:23 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2007-07-10 21:23 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2007-07-10 21:22 32,768 --a------ C:\WINDOWS\system32\osclpthread.dll
2007-07-10 15:56 <DIR> d-------- C:\WINDOWS\Cache
2007-07-09 23:24 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-09 23:20 <DIR> d-------- C:\DOCUME~1\KePa\DANEAP~1\foobar2000
2007-07-09 22:32 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-09 22:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-07-09 22:31 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-09 22:30 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-09 22:30 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-07-09 22:30 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-07-09 22:30 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-07-09 22:28 <DIR> d--hs---- C:\WINDOWS\Installer
2007-07-09 22:28 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-09 22:27 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-07-09 22:27 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-07-09 22:27 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-07-09 22:27 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 05:00 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-07-19 22:00 49492 --a------ C:\WINDOWS\system32\perfc015.dat
2007-07-19 22:00 355486 --a------ C:\WINDOWS\system32\perfh015.dat
2007-06-07 21:10 20480 --a------ C:\WINDOWS\system32\ac3config.exe
--------- C:\Program Files\Usługi online


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 05:15]
"Cmaudio"="cmicnfg.cpl" []
"AdslTaskBar"="stmctrl.dll" [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-07-28 00:03]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-17 13:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiscSpaceChecks"=000000000000f03f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
"C:\WINDOWS\system32\MRT.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0\bin\jusched.exe"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64b17b29-2e58-11dc-9527-806d6172696f}]
AutoRun\command- E:\Bin\assetup.exe


Contents of the 'Scheduled Tasks' folder
2007-07-26 14:05:53 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 16:14:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

source file error: C:\Documents and Settings\KePa\ntuser.dat

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 16:16:52

--- E O F ---

[wojtas]

log jest czysty