trojan.vundo

**Posty:** 43 · przez **pasta271** 13 Lis 2007, 19:12

Witam!
Mam problem z usunięciem Trojan.Vundo skanowałem Prevx CSI v1.0.100.179 i wykrył mi to
http://img159.imageshack.us/img159/4962/aawz8.png

Użyłem więc programów (uruchomione w trybie awaryjnym window):
Trojan.Vundo Removal Tool 1.5
VundoFix 6.5.10
VirtumundoBeGone 1.5

Jednak żaden z nich nie usunął Trojan.Vundo.
Mam nadzieje że dacie jakiś sposób.

Log z HijackThis v2.0.2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:50, on 2007-11-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
G:\_download - FlashGet\Prevx CSI v1.0.100.179.exe
C:\Temp\Tmp___27475\prevxcsi.exe
F:\StrongDC++\StrongDC.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\CorelPP.exe
E:\_program no install\HijackThis v2.0.2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://test.catalog.update.microsoft.com/v7/site/Home.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.wro.vectranet.pl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [9836c1fd] rundll32.exe "C:\WINDOWS\system32\sgsywrry.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tag Page using FeedGhost - C:\Documents and Settings\usr\Ustawienia lokalne\Dane aplikacji\BinaryComponents\FeedGhost\Externals\IE_Tag.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190829263421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184770932906
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O23 - Service: Usługa licencjonowania programu ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7963 bytes

**Posty:** 237 · przez **Kuba1** 13 Lis 2007, 19:17

Pobierz narzędzie SDFix

*Klikamy 2 krotknie na ikonę SDFix.exe,program wypakuje się domyślnie do lokalizacji C:\SDFix

*Wchodzimy do trybu awaryjnego z obsługą sieci:
>>>>>>Jak wejść do trybu awaryjnego z obsługą sieci?

*F8 podczas bootowania systemu.
*Używamy narzędzia BootSafe.exe zaznaczamy opcje Safe Mode- Networking i klikamy reboot

*Gdy już jesteśmy w trybie awaryjnym,wchodzimy do folderu SDFix i uruchamiamy narzędzie klikająć
2-krotnie na plik RunThis.bat lewym przyciskiem myszy.

*Wciskamy Y co uruchomi proces usuwania

*Kiedy proces usuwania się zakończy wciskamy dowolny klawisz>>nastąpi restart.

*Po restarcie SDFix dokończy proces usuwania,kiedy w oknie narzędzia SDFix pojawi się napis Finished
klikamy dowolny klawisz,narzędzie zakończy swoją pracę,na pulpicie załadują się ikony.

*Wchodzimy do folderu SDFix i kopiujemy zawartość pliku tekstowego Report.txt i wklejamy go na forum

Następnie zastosuj ComboFix

Wracasz z raportem z SDFix, logiem z ComboFix, oraz logami z Hijackthis, Silentrunners.

**Posty:** 43 · przez **pasta271** 13 Lis 2007, 20:03

Ok zrobiłem

Raport z SDFix:

SDFix: Version 1.114

Run by usr on 2007-11-13 at 18:25

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
core

Path:
system32\drivers\core.sys

core - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 18:28:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9d,d2,79,50,4d,fb,62,1a,39,54,1c,a9,8b,df,2f,3d,00,18,04,07,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,92,3e,3a,f6,ab,9a,94,b3,26,e9,26,07,d2,7c,ba,8d,24,..
"khjeh"=hex:69,3d,e8,87,a1,55,21,ae,0a,41,8a,21,e8,d5,21,f6,49,68,f0,5b,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ce,86,9a,f5,f3,13,96,32,e6,7f,83,14,e3,d8,e0,68,79,7d,bd,0a,fc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fa,5e,bb,a9,f0,a8,dc,82,54,ab,d4,04,67,68,c0,e4,51,37,a2,6a,3b,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:8e,e4,06,01,13,1a,31,33,4d,22,9c,73,25,53,db,6f,96,86,3d,27,83,..
"a0"=hex:20,01,00,00,cf,b3,e8,62,b4,7d,dc,37,23,c9,ec,60,31,99,30,c8,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ca,db,f6,33,0e,37,5c,e3,ed,50,93,26,40,51,2b,80,f7,3f,f3,68,34,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:66b287ec
"s2"=dword:551574bf
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:3d,ad,a9,9b,97,3f,97,aa,96,5b,b9,9e,ca,3d,d2,4a,5c,1d,2d,a1,89,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:79,e1,fb,f4,b8,44,9b,6d,26,72,4a,09,c8,dc,ac,ac,32,14,37,1a,72,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:8e,e4,06,01,13,1a,31,33,4d,22,9c,73,25,53,db,6f,96,86,3d,27,83,..
"a0"=hex:20,01,00,00,c7,ed,aa,d0,1c,5f,f0,52,9b,37,b7,4c,59,9d,b1,b3,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3a,a3,51,ef,ba,a2,a3,cd,bf,8d,ad,44,dc,66,8e,fb,80,32,5e,44,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control]
"WaitToKillServiceTimeout"="2000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Watchdog\Display]
"ShutdownCount"=dword:0000018f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\ACPI\PNPA000\4&5f332423&0]
"Service"="a9b7n8dp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CORE\0000]
"Service"="core"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="core"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\core]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"abcdefg"=dword:0000015c
"ImagePath"="system32\drivers\core.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\core\custom]
"Publisher"=hex:43,45
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:3d,ad,a9,9b,97,3f,97,aa,96,5b,b9,9e,ca,3d,d2,4a,5c,1d,2d,a1,89,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:79,e1,fb,f4,b8,44,9b,6d,26,72,4a,09,c8,dc,ac,ac,32,14,37,1a,72,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:8e,e4,06,01,13,1a,31,33,4d,22,9c,73,25,53,db,6f,96,86,3d,27,83,..
"a0"=hex:20,01,00,00,c7,ed,aa,d0,1c,5f,f0,52,9b,37,b7,4c,59,9d,b1,b3,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3a,a3,51,ef,ba,a2,a3,cd,bf,8d,ad,44,dc,66,8e,fb,80,32,5e,44,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\srservice]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters]
"DhcpNameServer"="88.156.63.9 88.156.80.2"
"DhcpDomain"="wro.vectranet.pl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{0CC35D79-51AB-4128-998C-DF17838C28BB}]
"LeaseObtainedTime"=dword:4739c8a9
"T1"=dword:4739c928
"T2"=dword:4739c988
"LeaseTerminatesTime"=dword:4739c9a8

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{3DE30EF3-67D0-4731-BCAA-5090A7B93CD0}]
"LeaseObtainedTime"=dword:4739c8a9
"T1"=dword:473a7169
"T2"=dword:473aeff9
"LeaseTerminatesTime"=dword:473b1a29
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wuauserv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\{0CC35D79-51AB-4128-998C-DF17838C28BB}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:4739c8a9
"T1"=dword:4739c928
"T2"=dword:4739c988
"LeaseTerminatesTime"=dword:4739c9a8
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\{3DE30EF3-67D0-4731-BCAA-5090A7B93CD0}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:4739c8a9
"T1"=dword:473a7169
"T2"=dword:473aeff9
"LeaseTerminatesTime"=dword:473b1a29
[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9]

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\27*\xe9\x107\r\x2039\x158H\x15fW]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:28,8c,50,15,94,8d,c7,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\x00d72\x17a(:d\xa4N\x104:\xb8\x81\no\x17e\x88]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:28,8c,50,15,94,8d,c7,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\x0143Av`~\xb8pL\xa6\16\x201d\x13eo*\x17c\xc7]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:28,8c,50,15,94,8d,c7,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\x00b1b\16\x164.\x104mL\x17c`m\x148\36\x16f\x165\xc2]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:28,8c,50,15,94,8d,c7,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\xd4\x201aS\xc4{&yE\x20217\f-\x17d\v[3]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:ce,29,4e,15,94,8d,c7,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\x163\x164\x16e\x2c7\xc4\x83`C\x81\3\xb7V|\27\xf7]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:28,8c,50,15,94,8d,c7,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\34\x2c7\xb0\x01397\x013a3M\x105\x00aba\x144\x2026\xf4\5\xac]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:ce,29,4e,15,94,8d,c7,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\}\xa7\x2013xe\37\x017bD\x00b80\x106\a\x15e\31Y\x2d8]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:ce,29,4e,15,94,8d,c7,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\x15e\x143\xf7W\26\x10e\x154G\x017aA\x2c7Nq\x2ddU#]
"\x163\x2d9??\x2d9\x2d9\t\x154"=hex:1c,a1,b0,c5,37,e5,33,4d,b9,ab,61,f1,85,f4,05,ac,01,00,00,00,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\x144\x111\x163\x2d9\\34\x16e\x11b\x0144A\x104\x2021G\x15a|\x17ev\xa7\x160\xb7h]
"\x163\x2d9??\x2d9\x2d9\20\x154"=hex:28,8c,50,15,94,8d,c7,01,02,00,00,00,01,00,00,00

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
"StartTimeLo"=dword:1875522a
"EndTimeLo"=dword:187c7938
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-220523388-926492609-839522115-1001\Extension-List\{00000000-0000-0000-0000-000000000000}]
"StartTimeLo"=dword:187c7938
"EndTimeLo"=dword:187edb92
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="815B402
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB02DF3C-E167-6C6B-4815-C03532086983}]
"nagenjighbecdeohfahcaeikbpip"=hex:69,61,6c,6b,6c,6a,6d,65,6f,67,64,65,65,63,6c,62,65,6d,00,00
"kaodhahfkokiknmccgbjam"=hex:62,61,6b,6b,00,00
"pamdbbffjimenabhlfdknladleengpjj"=hex:69,61,63,6c,6d,64,6c,61,68,6f,66,65,69,68,6c,6e,67,6b,00,00
"oagenjighbecdeohfahcaeallanobp"=hex:69,61,63,6c,6d,64,6c,61,68,6f,66,65,69,68,6c,6e,67,6b,00,00
"pamdbbffjimenabhlfdknladlednldej"=hex:69,61,63,6c,6d,64,6c,61,68,6f,66,65,69,68,6c,6e,67,6b,00,00
"oagenjighbecdeohfahcaealmakoga"=hex:69,61,63,6c,6d,64,6c,61,68,6f,66,65,69,68,6c,6e,67,6b,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\73exmodul32f.c.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\73exmodul32f.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\86exmodul32f.c.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\86exmodul32f.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\43exmodul32f.c.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\43exmodul32f.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\65exmodul32f.c.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\65exmodul32f.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\82exmodul32f.c.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\82exmodul32f.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\11exmodul32f.c.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\11exmodul32f.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\3exmodul32f.c.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\3exmodul32f.c.exe:*:Enabled:Microsoft Update"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\99exmodul32f.l.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\99exmodul32f.l.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\1exmodul32f.n.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\1exmodul32f.n.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\43exmodul32f.n.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\43exmodul32f.n.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\84exmodul32f.o.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\84exmodul32f.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\77exmodul32f.o.exe"="C:\\DOCUME~1\\usr\\USTAWI~1\\Temp\\77exmodul32f.o.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 21 Jan 2007 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 10 Nov 2007 6,505 ..SH. --- "C:\WINDOWS\system32\nqtwa.bak1"
Tue 13 Nov 2007 125,702 ..SH. --- "C:\WINDOWS\system32\nqtwa.bak2"
Fri 17 Aug 2007 888 ...HR --- "C:\Documents and Settings\usr\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

Finished!

Log z ComboFix:

Kod: Zaznacz wszystko: ComboFix 07-11-08.1 - usr 2007-11-13 18:46:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.272 [GMT 1:00] Running from: G:\_download - FlashGet\ComboFix.exe . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awtqn.dll . ---- Previous Run ------- . C:\Documents and Settings\usr\Dane aplikacji\inst.exe C:\temp\tn3 C:\WINDOWS\system32\nqtwa.bak1 C:\WINDOWS\system32\nqtwa.bak2 C:\WINDOWS\system32\nqtwa.ini C:\WINDOWS\system32\nqtwa.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 18:36 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 18:25 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-13 17:09 80,448 --a------ C:\WINDOWS\system32\neiaxoty.dll 2007-11-13 17:03 88,128 --a------ C:\WINDOWS\system32\sgsywrry.dll 2007-11-12 23:02 <DIR> d-------- C:\Temp 2007-11-12 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Prevx 2007-11-12 22:36 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-11-12 20:42 <DIR> d-------- C:\Program Files\Uniblue 2007-11-12 20:42 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Uniblue 2007-11-12 19:34 <DIR> d-------- C:\Program Files\Nero 2007-11-12 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-11-12 19:29 <DIR> d-------- C:\VundoFix Backups 2007-11-12 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET 2007-11-12 17:23 128,352 --a------ C:\WINDOWS\system32\87146E.dll 2007-11-12 17:06 <DIR> d-------- C:\Program Files\Java 2007-11-12 17:06 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-12 17:00 81,472 --a------ C:\WINDOWS\system32\jxgdoynn.dll 2007-11-12 16:40 81,472 --a------ C:\WINDOWS\system32\vviokvwd.dll 2007-11-11 22:10 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0 2007-11-11 12:02 49,152 --a------ C:\WINDOWS\system32\TempDel.EXE 2007-11-11 12:02 9,446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys 2007-11-11 10:53 2 --a------ C:\WINDOWS\system32\Dvbpws.dll 2007-11-11 10:51 <DIR> d-------- C:\Program Files\WinFast 2007-11-11 09:45 79,936 --a------ C:\WINDOWS\system32\cbenwtco.dll 2007-11-10 18:10 1,203 --a------ C:\qevkxo.exe 2007-11-10 18:10 1,203 --a------ C:\mxbmuxuu.exe 2007-11-10 18:10 1,201 --a------ C:\pdfnfkyt.exe 2007-11-10 18:10 1,199 --a------ C:\lfwyhuri.exe 2007-11-10 18:10 1,195 --a------ C:\rokrxu.exe 2007-11-10 18:10 1,193 --a------ C:\jgcqoakj.exe 2007-11-10 16:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-10 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2007-11-10 13:02 69,635 --a------ C:\smitfrau.reg 2007-11-10 13:02 16,824 --a------ C:\replace.cmd 2007-11-10 13:02 3,451 --a------ C:\delfiles.cmd 2007-11-10 12:56 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-10 12:56 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-10 12:56 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-10 12:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-10 12:56 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-10 12:56 4,156 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-10 10:52 <DIR> d-------- C:\Program Files\Dealio 2007-11-10 10:49 <DIR> d-------- C:\WINDOWS\Web Download 2007-11-10 10:04 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys 2007-11-10 10:02 <DIR> d-------- C:\Program Files\RivaTuner v2.06 2007-11-10 02:28 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Thinstall 2007-11-10 00:50 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2007-11-08 16:17 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-11-08 16:10 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-11-08 16:09 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-11-07 18:14 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll 2007-11-07 18:14 1,025 --a------ C:\WINDOWS\system32\clauth2.dll 2007-11-07 18:14 1,025 --a------ C:\WINDOWS\system32\clauth1.dll 2007-11-07 18:14 205 --a------ C:\WINDOWS\system32\lsprst7.dll 2007-11-07 18:14 73 --a------ C:\WINDOWS\system32\ssprs.dll 2007-11-07 16:52 3,567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys 2007-11-03 14:27 <DIR> d-------- C:\Program Files\Aegisub 2007-11-02 18:02 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Nero 2007-11-02 18:01 <DIR> d-------- C:\Program Files\Common Files\Nero 2007-10-31 22:24 <DIR> d-------- C:\WINDOWS\nview 2007-10-31 22:24 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-31 22:19 6,853,088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-31 22:19 5,783,040 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-10-31 20:57 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Aegisub 2007-10-28 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ABBYY 2007-10-28 11:12 <DIR> d-------- C:\Program Files\Driver Cleaner PE 2007-10-27 08:50 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-10-27 02:09 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-10-27 02:09 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-10-26 17:11 <DIR> d-------- C:\VueScan 2007-10-26 17:10 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-10-26 17:01 <DIR> d-------- C:\Program Files\Plustek 2007-10-26 16:57 57,344 --a------ C:\WINDOWS\system32\Micdrv.dll 2007-10-26 16:57 15,360 --a------ C:\WINDOWS\system32\GetInst32.dll 2007-10-23 19:42 100,488 -ra------ C:\WINDOWS\system32\drivers\s125mgmt.sys 2007-10-23 19:41 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Teleca 2007-10-23 19:41 108,680 -ra------ C:\WINDOWS\system32\drivers\s125mdm.sys 2007-10-23 19:41 98,696 -ra------ C:\WINDOWS\system32\drivers\s125obex.sys 2007-10-23 19:41 83,336 -ra------ C:\WINDOWS\system32\drivers\s125bus.sys 2007-10-23 19:41 15,112 -ra------ C:\WINDOWS\system32\drivers\s125mdfl.sys 2007-10-23 19:41 12,424 -ra------ C:\WINDOWS\system32\drivers\s125whnt.sys 2007-10-23 19:41 12,424 -ra------ C:\WINDOWS\system32\drivers\s125wh.sys 2007-10-23 19:41 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cmnt.sys 2007-10-23 19:41 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cm.sys 2007-10-23 19:39 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Sony Ericsson 2007-10-23 19:38 <DIR> d-------- C:\Program Files\Sony Ericsson 2007-10-23 19:38 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2007-10-23 19:38 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2007-10-23 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2007-10-23 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2007-10-23 19:33 58,288 -ra------ C:\WINDOWS\system32\drivers\k510bus.sys 2007-10-23 19:33 5,808 -ra------ C:\WINDOWS\system32\drivers\k510whnt.sys 2007-10-23 19:33 5,808 -ra------ C:\WINDOWS\system32\drivers\k510wh.sys 2007-10-23 19:26 <DIR> d-------- C:\Program Files\SEMC 2007-10-22 19:35 <DIR> d-------- C:\Program Files\DkZ Studio 2007-10-22 17:50 <DIR> d-------- C:\Program Files\Web Forum Reader 2007-10-22 17:50 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\ChemTable Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-13 17:21 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Azureus 2007-11-13 15:24 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-11-12 22:01 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\foobar2000 2007-11-12 18:21 --------- d-----w C:\Program Files\FlashGet 2007-11-11 21:54 --------- d-----w C:\Program Files\RealMedia 2007-11-11 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-10 18:01 --------- d-----w C:\Program Files\SpeedFan 2007-11-10 17:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-11-10 17:05 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-10 15:23 --------- d-----w C:\Program Files\Azureus 2007-11-10 00:58 --------- d-----w C:\Program Files\GordianKnot 2007-11-10 00:36 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Zoom Player 2007-11-02 17:00 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-29 18:11 --------- d-----w C:\Program Files\AviSynth 2.5 2007-10-28 13:34 --------- d-----w C:\Program Files\7-Zip 2007-10-27 01:09 --------- d-----w C:\Program Files\ffdshow 2007-10-22 18:35 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-21 13:35 --------- d-----w C:\Program Files\foobar2000 2007-10-19 17:57 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Hamachi 2007-10-07 14:06 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Media Player Classic 2007-10-03 17:04 --------- d-----w C:\Program Files\Corel 2007-10-03 17:04 --------- d-----w C:\Program Files\Common Files\Corel 2007-10-03 16:01 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-02 17:41 --------- d-----w C:\Program Files\QuickTime Alternative 2007-10-02 17:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-10-02 17:15 --------- d-----w C:\Program Files\DAEMON Tools Pro 2007-10-02 17:12 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\DAEMON Tools Pro 2007-10-02 17:09 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-01 18:51 --------- d-----w C:\Program Files\MSECache 2007-10-01 14:46 --------- d-----w C:\Program Files\Microsoft.NET 2007-09-29 19:40 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\FileZilla 2007-09-26 17:09 --------- d-----w C:\Program Files\FileZilla Client 2007-09-24 20:00 --------- d-----w C:\Program Files\SMARTSYSTEM 2007-09-24 19:46 --------- d-----w C:\Program Files\bwin 2007-09-22 05:48 --------- d-----w C:\Program Files\MagicISO 2007-09-18 21:15 --------- d-----w C:\Program Files\Real Alternative 2007-09-18 21:15 --------- d-----w C:\Program Files\Paint.NET 2007-09-18 21:15 --------- d-----w C:\Program Files\Exact Audio Copy 2007-09-18 21:15 --------- d-----w C:\Program Files\DAMN NFO Viewer 2007-09-16 18:03 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Nvu 2007-09-16 14:34 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\KompoZer 2007-06-02 10:53 47,360 ----a-w C:\Documents and Settings\usr\Dane aplikacji\pcouffin.sys 2007-02-23 17:08 30,601 ----a-w C:\Documents and Settings\usr\x.exe 2007-01-21 11:54:02 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24adedd0-6f20-46bb-a3de-ea930d1f6f5d}] 2007-11-13 17:09 80448 --a------ C:\WINDOWS\system32\neiaxoty.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 15:10] "P17Helper"="P17.dll" [2005-05-03 18:38 C:\WINDOWS\system32\P17.dll] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30] "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 22:07] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2007-05-22 10:14] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-08 16:13] "9836c1fd"="C:\WINDOWS\system32\sgsywrry.dll" [2007-11-13 17:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"=0 (0x0) "RunStartupScriptSync"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"=1 (0x1) "NoChangeAnimation"=0 (0x0) "NoStrCmpLogical"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "MemCheckBoxInRunDlg"=0 (0x0) "NoStrCmpLogical"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcbyv] gebcbyv.dll R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 ABBYY.Licensing.FineReader.Professional.9.0;Usługa licencjonowania programu ABBYY FineReader 9.0;"C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" R2 nxsIO32;NextSensor Kernel I/O Driver;\??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys S1 atitray;atitray;\??\C:\PROGRA~1\NGOATI~1.6\ATT\atitray.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys S3 KS-959;MA-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys S3 Memctl;Memctl;\??\C:\Program Files\U-ABIT\FlashMenu\Memctl.sys S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys S3 PortTalk;PortTalk;C:\WINDOWS\system32\Drivers\PortTalk.sys S3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 utdrv;utdrv;\??\C:\WINDOWS\system32\drivers\utdrv.sys S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts SSDPSRV [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc622fa-4c8f-11dc-ab38-000e2e8baff8}] \Shell\AutoRun\command - L:\USBNB.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 18:49:52 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-13 18:51:19 - machine was rebooted . --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:01, on 2007-11-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\_program no install\HijackThis v2.0.2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://test.catalog.update.microsoft.com/v7/site/Home.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.wro.vectranet.pl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {d5f6f1d0-39ae-ed3a-bb64-02f60ddeda42} - {24adedd0-6f20-46bb-a3de-ea930d1f6f5d} - C:\WINDOWS\system32\neiaxoty.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [9836c1fd] rundll32.exe "C:\WINDOWS\system32\sgsywrry.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tag Page using FeedGhost - C:\Documents and Settings\usr\Ustawienia lokalne\Dane aplikacji\BinaryComponents\FeedGhost\Externals\IE_Tag.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190829263421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184770932906
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O20 - Winlogon Notify: gebcbyv - gebcbyv.dll (file missing)
O23 - Service: Usługa licencjonowania programu ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8664 bytes

[ Dodano: Dzisiaj o 19:19 ]
Zeskanowałem jeszcze raz Prevx CSI v1.0.100.179 i pokazał że mam jeszcze jednego Trojan.Vundo (3 już usunął został jeszcze jeden):
http://img102.imageshack.us/img102/213/bbfa5.png

**Posty:** 18165 · przez **wojtas** 13 Lis 2007, 20:36

Wykonaj to co jest podane w tym temacie

sciagnij ATF_Cleaner
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

skasuj te wpisy:

O2 - BHO: {d5f6f1d0-39ae-ed3a-bb64-02f60ddeda42} - {24adedd0-6f20-46bb-a3de-ea930d1f6f5d} - C:\WINDOWS\system32\neiaxoty.dll
O4 - HKLM\..\Run: [9836c1fd] rundll32.exe "C:\WINDOWS\system32\sgsywrry.dll",b
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: gebcbyv - gebcbyv.dll (file missing)

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\neiaxoty.dll
C:\WINDOWS\system32\sgsywrry.dll
C:\WINDOWS\system32\87146E.dll
C:\WINDOWS\system32\jxgdoynn.dll
C:\WINDOWS\system32\vviokvwd.dll
C:\WINDOWS\system32\cbenwtco.dll
C:\qevkxo.exe
C:\delfiles.cmd
C:\mxbmuxuu.exe
C:\pdfnfkyt.exe
C:\replace.cmd
C:\smitfrau.reg
C:\Documents and Settings\usr\x.exe
C:\lfwyhuri.exe
C:\rokrxu.exe
C:\jgcqoakj.exe

Folder::
C:\Program Files\Dealio

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

**Posty:** 43 · przez **pasta271** 13 Lis 2007, 21:48

Log z ComboFix:

ComboFix 07-11-08.1 - usr 2007-11-13 20:35:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.243 [GMT 1:00]
Running from: C:\Documents and Settings\usr\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\usr\Pulpit\CFScript.txt
* Created a new restore point

FILE
C:\delfiles.cmd
C:\Documents and Settings\usr\x.exe
C:\jgcqoakj.exe
C:\lfwyhuri.exe
C:\mxbmuxuu.exe
C:\pdfnfkyt.exe
C:\qevkxo.exe
C:\replace.cmd
C:\rokrxu.exe
C:\smitfrau.reg
C:\WINDOWS\system32\87146E.dll
C:\WINDOWS\system32\cbenwtco.dll
C:\WINDOWS\system32\jxgdoynn.dll
C:\WINDOWS\system32\neiaxoty.dll
C:\WINDOWS\system32\sgsywrry.dll
C:\WINDOWS\system32\vviokvwd.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\delfiles.cmd
C:\Documents and Settings\usr\x.exe
C:\jgcqoakj.exe
C:\lfwyhuri.exe
C:\mxbmuxuu.exe
C:\pdfnfkyt.exe
C:\Program Files\Dealio
C:\qevkxo.exe
C:\replace.cmd
C:\rokrxu.exe
C:\smitfrau.reg
C:\WINDOWS\system32\87146E.dll
C:\WINDOWS\system32\cbenwtco.dll
C:\WINDOWS\system32\jxgdoynn.dll
C:\WINDOWS\system32\sgsywrry.dll
C:\WINDOWS\system32\vviokvwd.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
.

2007-11-13 18:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 18:25 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-12 23:02 <DIR> d-------- C:\Temp
2007-11-12 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Prevx
2007-11-12 22:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-12 20:42 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Uniblue
2007-11-12 19:34 <DIR> d-------- C:\Program Files\Nero
2007-11-12 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-11-12 19:29 <DIR> d-------- C:\VundoFix Backups
2007-11-12 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2007-11-12 17:06 <DIR> d-------- C:\Program Files\Java
2007-11-12 17:06 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-11 22:10 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0
2007-11-11 12:02 49,152 --a------ C:\WINDOWS\system32\TempDel.EXE
2007-11-11 12:02 9,446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys
2007-11-11 10:53 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
2007-11-11 10:51 <DIR> d-------- C:\Program Files\WinFast
2007-11-10 16:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-10 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-11-10 12:56 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-10 12:56 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-10 12:56 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-10 12:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-10 12:56 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-10 12:56 4,156 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-10 10:49 <DIR> d-------- C:\WINDOWS\Web Download
2007-11-10 10:04 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2007-11-10 10:02 <DIR> d-------- C:\Program Files\RivaTuner v2.06
2007-11-10 02:28 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Thinstall
2007-11-10 00:50 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-11-08 16:17 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-08 16:10 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-08 16:09 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-11-07 18:14 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-11-07 18:14 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2007-11-07 18:14 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2007-11-07 18:14 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-11-07 18:14 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-11-07 16:52 3,567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2007-11-03 14:27 <DIR> d-------- C:\Program Files\Aegisub
2007-11-02 18:02 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Nero
2007-11-02 18:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-31 22:24 <DIR> d-------- C:\WINDOWS\nview
2007-10-31 22:24 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-31 22:19 6,853,088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-31 22:19 5,783,040 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-10-31 20:57 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Aegisub
2007-10-28 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ABBYY
2007-10-28 11:12 <DIR> d-------- C:\Program Files\Driver Cleaner PE
2007-10-27 08:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-27 02:09 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-10-27 02:09 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-10-26 17:11 <DIR> d-------- C:\VueScan
2007-10-26 17:10 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-10-26 17:01 <DIR> d-------- C:\Program Files\Plustek
2007-10-26 16:57 57,344 --a------ C:\WINDOWS\system32\Micdrv.dll
2007-10-26 16:57 15,360 --a------ C:\WINDOWS\system32\GetInst32.dll
2007-10-23 19:42 100,488 -ra------ C:\WINDOWS\system32\drivers\s125mgmt.sys
2007-10-23 19:41 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Teleca
2007-10-23 19:41 108,680 -ra------ C:\WINDOWS\system32\drivers\s125mdm.sys
2007-10-23 19:41 98,696 -ra------ C:\WINDOWS\system32\drivers\s125obex.sys
2007-10-23 19:41 83,336 -ra------ C:\WINDOWS\system32\drivers\s125bus.sys
2007-10-23 19:41 15,112 -ra------ C:\WINDOWS\system32\drivers\s125mdfl.sys
2007-10-23 19:41 12,424 -ra------ C:\WINDOWS\system32\drivers\s125whnt.sys
2007-10-23 19:41 12,424 -ra------ C:\WINDOWS\system32\drivers\s125wh.sys
2007-10-23 19:41 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cmnt.sys
2007-10-23 19:41 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cm.sys
2007-10-23 19:39 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Sony Ericsson
2007-10-23 19:38 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-10-23 19:38 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-10-23 19:38 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-10-23 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2007-10-23 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-10-23 19:33 58,288 -ra------ C:\WINDOWS\system32\drivers\k510bus.sys
2007-10-23 19:33 5,808 -ra------ C:\WINDOWS\system32\drivers\k510whnt.sys
2007-10-23 19:33 5,808 -ra------ C:\WINDOWS\system32\drivers\k510wh.sys
2007-10-23 19:26 <DIR> d-------- C:\Program Files\SEMC
2007-10-22 19:35 <DIR> d-------- C:\Program Files\DkZ Studio
2007-10-22 17:50 <DIR> d-------- C:\Program Files\Web Forum Reader
2007-10-22 17:50 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\ChemTable Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 19:10 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Azureus
2007-11-13 15:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-12 22:01 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\foobar2000
2007-11-12 18:21 --------- d-----w C:\Program Files\FlashGet
2007-11-11 21:54 --------- d-----w C:\Program Files\RealMedia
2007-11-11 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 18:01 --------- d-----w C:\Program Files\SpeedFan
2007-11-10 17:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-11-10 17:05 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-10 15:23 --------- d-----w C:\Program Files\Azureus
2007-11-10 00:58 --------- d-----w C:\Program Files\GordianKnot
2007-11-10 00:36 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Zoom Player
2007-11-02 17:00 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-29 18:11 --------- d-----w C:\Program Files\AviSynth 2.5
2007-10-28 13:34 --------- d-----w C:\Program Files\7-Zip
2007-10-27 01:09 --------- d-----w C:\Program Files\ffdshow
2007-10-22 18:35 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-21 13:35 --------- d-----w C:\Program Files\foobar2000
2007-10-19 17:57 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Hamachi
2007-10-07 14:06 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Media Player Classic
2007-10-03 17:04 --------- d-----w C:\Program Files\Corel
2007-10-03 17:04 --------- d-----w C:\Program Files\Common Files\Corel
2007-10-03 16:01 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-02 17:41 --------- d-----w C:\Program Files\QuickTime Alternative
2007-10-02 17:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-10-02 17:15 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-10-02 17:12 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\DAEMON Tools Pro
2007-10-02 17:09 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-01 18:51 --------- d-----w C:\Program Files\MSECache
2007-10-01 14:46 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-29 19:40 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\FileZilla
2007-09-26 17:09 --------- d-----w C:\Program Files\FileZilla Client
2007-09-24 20:00 --------- d-----w C:\Program Files\SMARTSYSTEM
2007-09-24 19:46 --------- d-----w C:\Program Files\bwin
2007-09-22 05:48 --------- d-----w C:\Program Files\MagicISO
2007-09-18 21:15 --------- d-----w C:\Program Files\Real Alternative
2007-09-18 21:15 --------- d-----w C:\Program Files\Paint.NET
2007-09-18 21:15 --------- d-----w C:\Program Files\Exact Audio Copy
2007-09-18 21:15 --------- d-----w C:\Program Files\DAMN NFO Viewer
2007-09-16 18:03 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Nvu
2007-09-16 14:34 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\KompoZer
2007-06-02 10:53 47,360 ----a-w C:\Documents and Settings\usr\Dane aplikacji\pcouffin.sys
2007-01-21 11:54:02 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-13_18.50.20.31 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 15:10]
"P17Helper"="P17.dll" [2005-05-03 18:38 C:\WINDOWS\system32\P17.dll]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 22:07]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2007-05-22 10:14]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-08 16:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)
"RunStartupScriptSync"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"NoChangeAnimation"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 ABBYY.Licensing.FineReader.Professional.9.0;Usługa licencjonowania programu ABBYY FineReader 9.0;"C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service
R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 nxsIO32;NextSensor Kernel I/O Driver;\??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys
R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys
S1 atitray;atitray;\??\C:\PROGRA~1\NGOATI~1.6\ATT\atitray.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys
S3 KS-959;MA-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys
S3 Memctl;Memctl;\??\C:\Program Files\U-ABIT\FlashMenu\Memctl.sys
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys
S3 PortTalk;PortTalk;C:\WINDOWS\system32\Drivers\PortTalk.sys
S3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 utdrv;utdrv;\??\C:\WINDOWS\system32\drivers\utdrv.sys
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts SSDPSRV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc622fa-4c8f-11dc-ab38-000e2e8baff8}]
\Shell\AutoRun\command - L:\USBNB.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 20:39:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-13 20:39:48 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-13 18:51
.
--- E O F ---

Log HijackThis v2.0.2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:02, on 2007-11-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinFast\WFTVFM\WFTV.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
E:\_program no install\HijackThis v2.0.2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://test.catalog.update.microsoft.com/v7/site/Home.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.wro.vectranet.pl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tag Page using FeedGhost - C:\Documents and Settings\usr\Ustawienia lokalne\Dane aplikacji\BinaryComponents\FeedGhost\Externals\IE_Tag.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190829263421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184770932906
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O23 - Service: Usługa licencjonowania programu ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8268 bytes

PS. Jakie polecacie programy do wykrywanie i usuwania wszelkiego rodzaju "badziewia".

**Posty:** 18165 · przez **wojtas** 13 Lis 2007, 22:26

jest czysto...

pasta271 napisał(a):PS. Jakie polecacie programy do wykrywanie i usuwania wszelkiego rodzaju "badziewia".

antywirus + AVG Anti-Spyware

**Posty:** 237 · przez **Kuba1** 13 Lis 2007, 22:28

Już ok.

Nod32 jest bardzo dobry, dodatkowo możesz zainstalowac AVG Anti-Spyware 7.5.1.43

**Posty:** 43 · przez **pasta271** 13 Lis 2007, 23:01

Wielkie dzięki za pomoc!!!

trojan.vundo

Trojan.Vundo

Kto jest na forum