trojan-spy.win32@mx pomocy!!!!!

**Posty:** 4 · przez **karolina1617** 27 Lis 2007, 00:48

Bardzo prosze o pomoc nęka mnie ten wirus: Trojan-Spy.win32@mx. Próbowałam już różnych antywirusów i nic.

Podaje moje logi:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 09:08:39, on 2007-11-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\iPlus\iPlusFlashSkin.exe c:\documents and settings\karolina\pulpit\szczepionki.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\KAROLINA\Pulpit\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.18.100.7:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINDOWS\SYSTEM32\jkkiffe.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dzwotnbr.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O2 - BHO: {1abdbdc7-fa0c-1c4b-09f4-429ae35293eb} - {be39253e-a924-4f90-b4c1-c0af7cdbdba1} - C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\jkgpiueg.dll (file missing) O2 - BHO: (no name) - {EEA2EA33-D6B8-49A4-9B75-7110A599A634} - C:\WINDOWS\system32\ssqro.dll (file missing) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file) O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dzwotnbr.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\ireivpmb.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\KAROLINA\Pulpit\rapget128\rapget.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DAD5564-7E0F-4B40-962B-A7929D4055CB}: NameServer = 212.2.96.51 212.2.96.52 O20 - Winlogon Notify: awtstts - awtstts.dll (file missing) O20 - Winlogon Notify: dzwotnbr - C:\WINDOWS\SYSTEM32\dzwotnbr.dll O20 - Winlogon Notify: jkkiffe - jkkiffe.dll (file missing) O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 12821 bytes

**Posty:** 7838 · przez **Lukesh** 27 Lis 2007, 00:52

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line www.ewido.com
:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html - PRZED UZYCIEM COFNIJ DATE SYSTEMOWA, NP O ROK - inaczej program nie ruszy

na sam koniec wstaw CALE logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 395 · przez **arcziQ** 27 Lis 2007, 00:54

Najpierw proponuję
SmitFraudFix

Użyj go z opcji "Clean", czyli wpisz 2 i naciśnij ENTER

Instrukcja obsługi:
1. Zastartuj komputer do trybu awaryjnego co jest opisane TUTAJ.
(można spróbować najpierw usuwać w Trybie Normalnym -często to się udaje)
2.Uruchom SmitfraudFix.exe ( podwójnie go kliknij)
3. Zainicjuje się linia komend i dostaniesz pierwszy z ekranów z prośbą o "wciśniecie jakiegokolwiek klawisza by kontynuować" więc z klawiatury ENTER:
4. Dostaniesz menu wyboru opcji na niebieskim ekranie: wpisz 2 i naciśnij ENTER
5. Zostanie uruchomione czyszczenie właściwe rozpoczęte od zabicia procesu explorer.exe (zniknie Pulpit i pasek zadań).
Następnie padnie pytanie Do you want to clean the registry? - wpisz z klawiatury Y i ENTER,
co zainicjuje usuwania kluczyków i restrykcji tapetek.
6.W dalszej kolejności narzędzie sprawdzi czy plik wininet.dll jest zainfekowany a jeśli tak, to może paść pytanie o podmianę pliku,
o ile czystą kopię znaleziono: Replace infected file? = Y i ENTER. Jeśli „wininet” nie jest zarażony, to to zostanie pominięte.
7.Finalnie może być wymagany reset komputera by ukończyć sprzątanie

A następnie daj logi hjt + combofix

**Posty:** 4 · przez **karolina1617** 27 Lis 2007, 18:45

arcziQ zarobiłam wszystko jak napisałeś tylko że nie w trybie awaryjnym .
podaje logi:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 09:01:48, on 2007-11-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\KAROLINA\Pulpit\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.18.100.7:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINDOWS\SYSTEM32\jkkiffe.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dzwotnbr.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O2 - BHO: {1abdbdc7-fa0c-1c4b-09f4-429ae35293eb} - {be39253e-a924-4f90-b4c1-c0af7cdbdba1} - C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\jkgpiueg.dll (file missing) O2 - BHO: (no name) - {EEA2EA33-D6B8-49A4-9B75-7110A599A634} - C:\WINDOWS\system32\ssqro.dll (file missing) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file) O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dzwotnbr.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\ireivpmb.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\KAROLINA\Pulpit\rapget128\rapget.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: awtstts - awtstts.dll (file missing) O20 - Winlogon Notify: dzwotnbr - C:\WINDOWS\SYSTEM32\dzwotnbr.dll O20 - Winlogon Notify: jkkiffe - jkkiffe.dll (file missing) O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 11910 bytes

Kod: Zaznacz wszystko: ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk C:\Documents and Settings\KAROLINA\Pulpit\Live Safety Center.lnk C:\Documents and Settings\KAROLINA\Pulpit\Online Security Guide.lnk C:\Documents and Settings\KAROLINA\Ulubione\Online Security Guide.lnk C:\WINDOWS\system32\dzwotnbr.dllbox . ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))) . 2007-11-25 09:55 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\Vso 2007-11-25 09:55 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-25 09:55 47,360 --a------ C:\Documents and Settings\KAROLINA\Dane aplikacji\pcouffin.sys 2007-11-25 09:53 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\Grisoft 2007-11-25 09:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-25 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-11-25 09:45 <DIR> d-------- C:\Program Files\NoAdware5.0 2007-11-25 09:20 4,256 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-25 09:19 <DIR> d-------- C:\Program Files\Steganos Internet Anonym Pro 7 2007-11-25 09:19 <DIR> d-------- C:\Program Files\Secure Surfing Engine 2007-11-25 09:19 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-25 09:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-25 09:19 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-25 09:19 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-25 09:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-25 09:13 <DIR> d-------- C:\DivX 2007-11-25 09:13 177,241 --a------ C:\WINDOWS\system32\APmpg4v1.apl 2007-11-25 09:12 <DIR> d-------- C:\Program Files\XP Codec Pack 2007-11-25 09:12 <DIR> d-------- C:\Program Files\Real Alternative 2007-11-25 09:12 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2007-11-25 09:11 416,304 --a------ C:\WINDOWS\system\MPG4C32.DLL 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.018 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.017 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.016 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.015 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.014 2007-11-16 09:05 <DIR> d-------- C:\Program Files\IBP 9 2007-11-16 08:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-16 08:49 <DIR> d--hs---- C:\FOUND.013 2007-11-16 08:44 <DIR> d-------- C:\Program Files\laughnetwork 2007-11-16 08:39 0 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-16 08:33 <DIR> d-------- C:\Documents and Settings\KAROLINA\DoctorWeb 2007-11-16 08:32 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-16 08:32 <DIR> d-------- C:\Program Files\Free Monitor for Google 2007-11-16 08:32 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\PC Tools 2007-11-16 08:32 79,424 --a------ C:\WINDOWS\system32\jkgpiueg.dll 2007-11-16 08:32 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-11-16 08:32 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-11-16 08:29 1,334,402 ---hs---- C:\WINDOWS\system32\bmpvieri.ini 2007-11-16 08:27 85,056 --a------ C:\WINDOWS\system32\ireivpmb.dll 2007-11-16 08:26 678,400 ---hs---- C:\WINDOWS\system32\vivyxevi.ini 2007-11-16 08:26 101,514 --ahs---- C:\WINDOWS\system32\orqss.ini2 2007-11-16 08:23 82,496 --a------ C:\WINDOWS\system32\drhnkjgd.dll 2007-11-16 08:23 79,424 --a------ C:\WINDOWS\system32\jsdqmicy.dll 2007-11-16 08:21 145,984 --a------ C:\WINDOWS\system32\dzwotnbr.dll 2007-11-16 08:20 <DIR> d--hs---- C:\FOUND.012 2007-11-16 08:20 145,984 --a------ C:\WINDOWS\system32\rslsvkri.dll 2007-11-16 08:18 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\IBP 2007-11-16 08:18 294 ---hs---- C:\WINDOWS\system32\tofiveml.ini 2007-11-16 08:17 85,056 --a------ C:\WINDOWS\system32\lmevifot.dll 2007-11-16 08:17 82,496 --a------ C:\WINDOWS\system32\hdspfxfs.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 08:11 905 ----a-w C:\Program Files\uninstal.log 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-10-20 10:19 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\MXPLAY 2007-10-20 10:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MXPLAY 2007-10-20 10:17 --------- d-----w C:\Program Files\Hide IP Platinum 2007-10-20 10:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-20 10:15 --------- d--h--r C:\Documents and Settings\KAROLINA\Dane aplikacji\SecuROM 2007-10-20 10:14 --------- d-----w C:\Program Files\Your Memory! Część 1 2007-10-20 10:13 --------- d-----w C:\Program Files\Your Memory! Część 2 2007-10-20 10:00 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Media Player Classic 2007-10-20 09:51 --------- d-----w C:\Program Files\kED 2007-10-20 09:50 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Anonymizer 2007-10-20 09:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Anonymizer 2007-10-20 09:39 --------- d-----w C:\Program Files\Guitar Pro 5 2007-10-20 09:27 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-20 09:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2007-10-20 09:24 --------- d-----w C:\Program Files\Opera 2007-10-20 09:24 --------- d-----w C:\Program Files\Ahead 2007-09-30 07:57 --------- d-----w C:\Program Files\Ulead Systems 2007-09-30 07:57 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Ulead Systems 2007-09-30 07:50 --------- d-----w C:\Program Files\Polish Your English 2007-09-30 07:50 --------- d-----w C:\Program Files\Common Files\YDP 2007-09-30 07:50 --------- d-----w C:\Program Files\Common Files\GraphBoard 2.00 2007-09-30 07:49 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-09-30 07:19 --------- d-----w C:\Program Files\Klik Online 2007-09-22 23:11 15,872 ------w C:\WINDOWS\system32\winskfr.dll 2007-09-03 13:35 966,656 ----a-w C:\WINDOWS\system32\VSFilter.dll 2007-09-03 11:02 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\Living Beaches Wallpaper #2.exe 2007-05-05 14:12 88 --sh--r C:\WINDOWS\system32\E7A3E4E97D.sys 2007-05-05 14:12 14,084 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-01-10 18:47 56 --sh--r C:\WINDOWS\system32\E702994375.sys 2007-01-10 18:19 8 --sh--r C:\WINDOWS\system32\E702994375.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-25_ 9.04.28.34 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\ERDNT\subs\F3M\ERDNT.EXE + 2007-11-25 08:03:22 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_688.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}] C:\WINDOWS\SYSTEM32\jkkiffe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-16 08:21 145984 --a------ C:\WINDOWS\system32\dzwotnbr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{be39253e-a924-4f90-b4c1-c0af7cdbdba1}] C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\jkgpiueg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEA2EA33-D6B8-49A4-9B75-7110A599A634}] C:\WINDOWS\system32\ssqro.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\dzwotnbr.dll [2007-11-16 08:21 145984] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 19:57] "Videos"="C:\Program Files\laughnetwork\update.exe" [2007-11-13 23:35] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-09-06 17:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17] "LaunchApp"="Alaunch" [] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:44 C:\WINDOWS\system32\bthprops.cpl] "DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-09-23 10:33] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "09541673"="C:\WINDOWS\system32\ireivpmb.dll" [2007-11-16 08:29] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-09-06 17:22] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:20:56] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-09 14:16:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atomic.exe] 2004-06-17 10:46 524288 --a------ C:\Program Files\Atomic Clock Sync\Atomic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] C:\Program Files\DAP\DAP.EXE /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager] 2007-10-02 14:03 385024 --a------ C:\Program Files\iPlus\iPlusChecker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-02-23 15:45 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2004-09-15 15:36 148992 --a------ C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 20:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2005-07-28 08:32 94208 --------- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker] 2005-08-22 09:10 69632 --a------ C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online] C:\Program Files\VS Online\VSOnline.exe /tray R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys R3 GTEDGWModem;Option NV GTEDGWModem;C:\WINDOWS\system32\DRIVERS\GTEDG.sys R3 GTEDGWWNIC;Option NV GTEDGWWNIC;C:\WINDOWS\system32\DRIVERS\GTEDGNet.sys R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys R3 OptionWWSC;GT EDGE SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GTEDGSC.sys S3 Ser2pl;Nokia CA-42 USB;C:\WINDOWS\system32\DRIVERS\ser2pl.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - AVGASCLN *Newly Created Service* - INT15.SYS . Contents of the 'Scheduled Tasks' folder "2007-08-15 14:42:04 C:\WINDOWS\Tasks\rpc.job" - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe .

**Posty:** 18165 · przez **wojtas** 27 Lis 2007, 19:30

zastosuj te skanery po kilka razy

VundoFix

VirtumundoBeGone

FixVundo

wroc z logiem z hijacka oraz calym z combofixa

**Posty:** 4 · przez **karolina1617** 27 Lis 2007, 21:47

Przeskanowałam kompa tymi programami i podaje logi:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 09:49, on 2007-11-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\admtray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\admServ.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\RtkBtMnt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\KAROLINA\Pulpit\HiJackThis_v2.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\ComboFix\vfind.cfexe C:\WINDOWS\system32\cmd.exe C:\ComboFix\vfind.cfexe C:\ComboFix\swreg.cfexe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.113.119.188:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O2 - BHO: {1abdbdc7-fa0c-1c4b-09f4-429ae35293eb} - {be39253e-a924-4f90-b4c1-c0af7cdbdba1} - C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\jkgpiueg.dll (file missing) O2 - BHO: (no name) - {EEA2EA33-D6B8-49A4-9B75-7110A599A634} - C:\WINDOWS\system32\ssqro.dll (file missing) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file) O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\ireivpmb.dll",b O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\KAROLINA\Pulpit\rapget128\rapget.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: awtstts - awtstts.dll (file missing) O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 11747 bytes

Kod: Zaznacz wszystko: ComboFix 07-11-19.4 - KAROLINA 2007-11-25 9:49:35.5 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.191 [GMT 1:00] Running from: C:\Documents and Settings\KAROLINA\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))) . 2007-11-25 09:55 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\Vso 2007-11-25 09:55 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-25 09:55 47,360 --a------ C:\Documents and Settings\KAROLINA\Dane aplikacji\pcouffin.sys 2007-11-25 09:53 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\Grisoft 2007-11-25 09:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-25 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-11-25 09:45 <DIR> d-------- C:\Program Files\NoAdware5.0 2007-11-25 09:20 4,256 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-25 09:19 <DIR> d-------- C:\Program Files\Steganos Internet Anonym Pro 7 2007-11-25 09:19 <DIR> d-------- C:\Program Files\Secure Surfing Engine 2007-11-25 09:19 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-25 09:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-25 09:19 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-25 09:19 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-25 09:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-25 09:13 <DIR> d-------- C:\DivX 2007-11-25 09:13 177,241 --a------ C:\WINDOWS\system32\APmpg4v1.apl 2007-11-25 09:12 <DIR> d-------- C:\Program Files\XP Codec Pack 2007-11-25 09:12 <DIR> d-------- C:\Program Files\Real Alternative 2007-11-25 09:12 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2007-11-25 09:11 416,304 --a------ C:\WINDOWS\system\MPG4C32.DLL 2007-11-25 09:05 <DIR> d-------- C:\VundoFix Backups 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.018 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.017 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.016 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.015 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.014 2007-11-16 09:05 <DIR> d-------- C:\Program Files\IBP 9 2007-11-16 08:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-16 08:49 <DIR> d--hs---- C:\FOUND.013 2007-11-16 08:44 <DIR> d-------- C:\Program Files\laughnetwork 2007-11-16 08:33 <DIR> d-------- C:\Documents and Settings\KAROLINA\DoctorWeb 2007-11-16 08:32 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-16 08:32 <DIR> d-------- C:\Program Files\Free Monitor for Google 2007-11-16 08:32 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\PC Tools 2007-11-16 08:32 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-11-16 08:32 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-11-16 08:20 <DIR> d--hs---- C:\FOUND.012 2007-11-16 08:18 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\IBP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 08:11 905 ----a-w C:\Program Files\uninstal.log 2007-11-16 08:03 101,514 --sha-w C:\WINDOWS\system32\orqss.ini2 2007-11-16 07:34 79,424 ----a-w C:\WINDOWS\system32\jkgpiueg.dll 2007-11-16 07:29 85,056 ----a-w C:\WINDOWS\system32\ireivpmb.dll 2007-11-16 07:25 82,496 ----a-w C:\WINDOWS\system32\drhnkjgd.dll 2007-11-16 07:23 79,424 ----a-w C:\WINDOWS\system32\jsdqmicy.dll 2007-11-16 07:17 85,056 ----a-w C:\WINDOWS\system32\lmevifot.dll 2007-11-16 07:17 82,496 ----a-w C:\WINDOWS\system32\hdspfxfs.dll 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-10-20 10:19 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\MXPLAY 2007-10-20 10:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MXPLAY 2007-10-20 10:17 --------- d-----w C:\Program Files\Hide IP Platinum 2007-10-20 10:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-20 10:15 --------- d--h--r C:\Documents and Settings\KAROLINA\Dane aplikacji\SecuROM 2007-10-20 10:14 --------- d-----w C:\Program Files\Your Memory! Część 1 2007-10-20 10:13 --------- d-----w C:\Program Files\Your Memory! Część 2 2007-10-20 10:00 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Media Player Classic 2007-10-20 09:51 --------- d-----w C:\Program Files\kED 2007-10-20 09:50 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Anonymizer 2007-10-20 09:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Anonymizer 2007-10-20 09:39 --------- d-----w C:\Program Files\Guitar Pro 5 2007-10-20 09:27 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-20 09:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2007-10-20 09:24 --------- d-----w C:\Program Files\Opera 2007-10-20 09:24 --------- d-----w C:\Program Files\Ahead 2007-09-30 07:57 --------- d-----w C:\Program Files\Ulead Systems 2007-09-30 07:57 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Ulead Systems 2007-09-30 07:50 --------- d-----w C:\Program Files\Polish Your English 2007-09-30 07:50 --------- d-----w C:\Program Files\Common Files\YDP 2007-09-30 07:50 --------- d-----w C:\Program Files\Common Files\GraphBoard 2.00 2007-09-30 07:49 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-09-30 07:19 --------- d-----w C:\Program Files\Klik Online 2007-09-22 23:11 15,872 ------w C:\WINDOWS\system32\winskfr.dll 2007-09-03 13:35 966,656 ----a-w C:\WINDOWS\system32\VSFilter.dll 2007-09-03 11:02 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\Living Beaches Wallpaper #2.exe 2007-05-05 14:12 88 --sh--r C:\WINDOWS\system32\E7A3E4E97D.sys 2007-05-05 14:12 14,084 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-01-10 18:47 56 --sh--r C:\WINDOWS\system32\E702994375.sys 2007-01-10 18:19 8 --sh--r C:\WINDOWS\system32\E702994375.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-25_ 9.04.28.34 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\ERDNT\subs\F3M\ERDNT.EXE + 2007-11-25 07:59:28 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_698.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{be39253e-a924-4f90-b4c1-c0af7cdbdba1}] C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\jkgpiueg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEA2EA33-D6B8-49A4-9B75-7110A599A634}] C:\WINDOWS\system32\ssqro.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 19:57] "Videos"="C:\Program Files\laughnetwork\update.exe" [2007-11-13 23:35] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-09-06 17:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17] "LaunchApp"="Alaunch" [] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:44 C:\WINDOWS\system32\bthprops.cpl] "DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-09-23 10:33] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "09541673"="C:\WINDOWS\system32\ireivpmb.dll" [2007-11-16 08:29] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-09-06 17:22] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:20:56] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-09 14:16:11] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtstts] awtstts.dll [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atomic.exe] 2004-06-17 10:46 524288 --a------ C:\Program Files\Atomic Clock Sync\Atomic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] C:\Program Files\DAP\DAP.EXE /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager] 2007-10-02 14:03 385024 --a------ C:\Program Files\iPlus\iPlusChecker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-02-23 15:45 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2004-09-15 15:36 148992 --a------ C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 20:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2005-07-28 08:32 94208 --------- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker] 2005-08-22 09:10 69632 --a------ C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online] C:\Program Files\VS Online\VSOnline.exe /tray R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys R3 GTEDGWModem;Option NV GTEDGWModem;C:\WINDOWS\system32\DRIVERS\GTEDG.sys R3 GTEDGWWNIC;Option NV GTEDGWWNIC;C:\WINDOWS\system32\DRIVERS\GTEDGNet.sys R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys R3 OptionWWSC;GT EDGE SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GTEDGSC.sys S3 Ser2pl;Nokia CA-42 USB;C:\WINDOWS\system32\DRIVERS\ser2pl.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - INT15.SYS . Contents of the 'Scheduled Tasks' folder "2007-08-15 14:42:04 C:\WINDOWS\Tasks\rpc.job" - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 09:54:54 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-25 9:57:32 C:\ComboFix3.txt ... 2007-11-25 09:06 C:\ComboFix2.txt ... 2007-11-25 09:09 . --- E O F ---

**Posty:** 18165 · przez **wojtas** 28 Lis 2007, 20:23

uzyj narzedzia:

http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe

skasuj wpisy:

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: {1abdbdc7-fa0c-1c4b-09f4-429ae35293eb} - {be39253e-a924-4f90-b4c1-c0af7cdbdba1} - C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\jkgpiueg.dll (file missing)
O2 - BHO: (no name) - {EEA2EA33-D6B8-49A4-9B75-7110A599A634} - C:\WINDOWS\system32\ssqro.dll (file missing)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\ireivpmb.dll",b
O20 - Winlogon Notify: awtstts - awtstts.dll (file missing)

Otworz notatnik i wklej w nim to:

File::
C:\Program Files\uninstal.log
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\jkgpiueg.dll
C:\WINDOWS\system32\ireivpmb.dll
C:\WINDOWS\system32\drhnkjgd.dll
C:\WINDOWS\system32\jsdqmicy.dll
C:\WINDOWS\system32\lmevifot.dll
C:\WINDOWS\system32\hdspfxfs.dll
C:\WINDOWS\system32\winskfr.dll
C:\WINDOWS\Web\Wallpaper\Living Beaches Wallpaper #2.exe

Folder::
C:\Program Files\Multi_Media

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

**Posty:** 4 · przez **karolina1617** 29 Lis 2007, 00:01

Zrobiłam wszystko jak napisałeś podaje logi:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 09:05, on 2007-11-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iPlus\iPlusFlashSkin.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\DOCUME~1\KAROLINA\USTAWI~1\Temp\RtkBtMnt.exe C:\Program Files\Ares\Ares.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Hide IP Platinum\hideippla.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\KAROLINA\Pulpit\HiJackThis_v2.exe C:\ComboFix\swreg.cfexe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\KAROLINA\Pulpit\rapget128\rapget.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DAD5564-7E0F-4B40-962B-A7929D4055CB}: NameServer = 212.2.96.51 212.2.96.52 O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 11001 bytes

Kod: Zaznacz wszystko: ComboFix 07-11-19.4 - KAROLINA 2007-11-25 9:04:08.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.106 [GMT 1:00] Running from: C:\Documents and Settings\KAROLINA\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\KAROLINA\Pulpit\CFScript.txt * Created a new restore point FILE C:\Program Files\uninstal.log C:\WINDOWS\system32\drhnkjgd.dll C:\WINDOWS\system32\hdspfxfs.dll C:\WINDOWS\system32\ireivpmb.dll C:\WINDOWS\system32\jkgpiueg.dll C:\WINDOWS\system32\jsdqmicy.dll C:\WINDOWS\system32\lmevifot.dll C:\WINDOWS\system32\orqss.ini2 C:\WINDOWS\system32\winskfr.dll C:\WINDOWS\Web\Wallpaper\Living Beaches Wallpaper #2.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Multi_Media C:\Program Files\Multi_Media\INSTALL.LOG C:\Program Files\Multi_Media\toolbar.cfg C:\Program Files\Multi_Media\UNWISE.EXE C:\Program Files\uninstal.log C:\WINDOWS\system32\drhnkjgd.dll C:\WINDOWS\system32\hdspfxfs.dll C:\WINDOWS\system32\ireivpmb.dll C:\WINDOWS\system32\jkgpiueg.dll C:\WINDOWS\system32\jsdqmicy.dll C:\WINDOWS\system32\lmevifot.dll C:\WINDOWS\system32\orqss.ini2 C:\WINDOWS\system32\winskfr.dll C:\WINDOWS\Web\Wallpaper\Living Beaches Wallpaper #2.exe . ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))) . 2007-11-25 09:55 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\Vso 2007-11-25 09:55 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-25 09:55 47,360 --a------ C:\Documents and Settings\KAROLINA\Dane aplikacji\pcouffin.sys 2007-11-25 09:53 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\Grisoft 2007-11-25 09:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-25 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-11-25 09:45 <DIR> d-------- C:\Program Files\NoAdware5.0 2007-11-25 09:43 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-25 09:20 4,256 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-25 09:19 <DIR> d-------- C:\Program Files\Steganos Internet Anonym Pro 7 2007-11-25 09:19 <DIR> d-------- C:\Program Files\Secure Surfing Engine 2007-11-25 09:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-25 09:13 <DIR> d-------- C:\DivX 2007-11-25 09:12 <DIR> d-------- C:\Program Files\XP Codec Pack 2007-11-25 09:12 <DIR> d-------- C:\Program Files\Real Alternative 2007-11-25 09:11 416,304 --a------ C:\WINDOWS\system\MPG4C32.DLL 2007-11-25 09:05 <DIR> d-------- C:\VundoFix Backups 2007-11-25 09:04 <DIR> d-------- C:\Program Files\NetConceal Anonymizer 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.018 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.017 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.016 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.015 2007-11-25 09:02 <DIR> d--hs---- C:\FOUND.014 2007-11-16 09:05 <DIR> d-------- C:\Program Files\IBP 9 2007-11-16 08:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-16 08:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-16 08:49 <DIR> d--hs---- C:\FOUND.013 2007-11-16 08:44 <DIR> d-------- C:\Program Files\laughnetwork 2007-11-16 08:33 <DIR> d-------- C:\Documents and Settings\KAROLINA\DoctorWeb 2007-11-16 08:32 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-16 08:32 <DIR> d-------- C:\Program Files\Free Monitor for Google 2007-11-16 08:32 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\PC Tools 2007-11-16 08:32 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-11-16 08:32 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-11-16 08:29 1,335,062 ---hs---- C:\WINDOWS\system32\bmpvieri.ini 2007-11-16 08:20 <DIR> d--hs---- C:\FOUND.012 2007-11-16 08:18 <DIR> d-------- C:\Documents and Settings\KAROLINA\Dane aplikacji\IBP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-10-20 10:19 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\MXPLAY 2007-10-20 10:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MXPLAY 2007-10-20 10:17 --------- d-----w C:\Program Files\Hide IP Platinum 2007-10-20 10:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-20 10:15 --------- d--h--r C:\Documents and Settings\KAROLINA\Dane aplikacji\SecuROM 2007-10-20 10:14 --------- d-----w C:\Program Files\Your Memory! Część 1 2007-10-20 10:13 --------- d-----w C:\Program Files\Your Memory! Część 2 2007-10-20 10:00 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Media Player Classic 2007-10-20 09:51 --------- d-----w C:\Program Files\kED 2007-10-20 09:50 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Anonymizer 2007-10-20 09:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Anonymizer 2007-10-20 09:39 --------- d-----w C:\Program Files\Guitar Pro 5 2007-10-20 09:27 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-20 09:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2007-10-20 09:24 --------- d-----w C:\Program Files\Opera 2007-10-20 09:24 --------- d-----w C:\Program Files\Ahead 2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-09-30 07:57 --------- d-----w C:\Program Files\Ulead Systems 2007-09-30 07:57 --------- d-----w C:\Documents and Settings\KAROLINA\Dane aplikacji\Ulead Systems 2007-09-30 07:50 --------- d-----w C:\Program Files\Polish Your English 2007-09-30 07:50 --------- d-----w C:\Program Files\Common Files\YDP 2007-09-30 07:50 --------- d-----w C:\Program Files\Common Files\GraphBoard 2.00 2007-09-30 07:49 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-09-30 07:19 --------- d-----w C:\Program Files\Klik Online 2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe 2007-09-03 13:35 966,656 ----a-w C:\WINDOWS\system32\VSFilter.dll 2007-05-05 14:12 88 --sh--r C:\WINDOWS\system32\E7A3E4E97D.sys 2007-05-05 14:12 14,084 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-01-10 18:47 56 --sh--r C:\WINDOWS\system32\E702994375.sys 2007-01-10 18:19 8 --sh--r C:\WINDOWS\system32\E702994375.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-25_ 9.04.28.34 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\ERDNT\subs\F3M\ERDNT.EXE + 2007-11-25 07:59:36 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 19:57] "Videos"="C:\Program Files\laughnetwork\update.exe" [2007-11-13 23:35] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-09-06 17:22] "ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17] "LaunchApp"="Alaunch" [] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:44 C:\WINDOWS\system32\bthprops.cpl] "DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-09-23 10:33] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-09-06 17:22] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:20:56] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-09 14:16:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atomic.exe] 2004-06-17 10:46 524288 --a------ C:\Program Files\Atomic Clock Sync\Atomic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] C:\Program Files\DAP\DAP.EXE /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager] 2007-10-02 14:03 385024 --a------ C:\Program Files\iPlus\iPlusChecker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-02-23 15:45 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2004-09-15 15:36 148992 --a------ C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 20:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2005-07-28 08:32 94208 --------- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker] 2005-08-22 09:10 69632 --a------ C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online] C:\Program Files\VS Online\VSOnline.exe /tray R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys R3 GTEDGWModem;Option NV GTEDGWModem;C:\WINDOWS\system32\DRIVERS\GTEDG.sys R3 GTEDGWWNIC;Option NV GTEDGWWNIC;C:\WINDOWS\system32\DRIVERS\GTEDGNet.sys R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys R3 OptionWWSC;GT EDGE SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GTEDGSC.sys S3 Ser2pl;Nokia CA-42 USB;C:\WINDOWS\system32\DRIVERS\ser2pl.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - INT15.SYS . Contents of the 'Scheduled Tasks' folder "2007-08-15 14:42:04 C:\WINDOWS\Tasks\rpc.job" - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 09:00:19 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-25 9:06:36 - machine was rebooted C:\ComboFix2.txt ... 2007-11-25 09:57 C:\ComboFix3.txt ... 2007-11-25 09:09 . --- E O F ---

**Posty:** 18165 · przez **wojtas** 29 Lis 2007, 16:49

znasz to:

O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background

jesli nie to kasujesz wpis w hijacku + pogrubiony folder do kosza

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\WINDOWS\system32\bmpvieri.ini

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

trojan-spy.win32@mx pomocy!!!!!

Trojan-Spy.win32@mx POMOCY!!!!!

Kto jest na forum