Wirus zaatakował mi kompa(dccom)

**Posty:** 2 · przez **loki_26** 20 Lut 2009, 19:12

Witam od kilku dni mam problem z komputerem samoczynnie się wyłącza . Wyskakuje Błąd - program uruchamiajacy proces serwera dcom >próbowałem już pozamykać porty Windows Worms Doors Cleanerem ale dziejesię to samo dalej( z tym że jeden port netbios nie jest enable tylko wyskakuje trójką informacyjny zamiast "ptaszka") ale jak napisałem wcześniej nie pomogło.Skanowałem już kompa Ad aware i Spyware Doctor i raz znajduje usuwam jakies robale ale zazwyczaj o niskiej szkodliwości drugi raz skanuje i nie ma nic.A kolejnego dnia znowu to samo.Dotychczas nie używałem żadnego antywirusa i wszystko było ok.

przeskanowałem kompa Hjackiem2 i zgodnie z zaleceniem wklejam log a

Kod: Zaznacz wszystko: [Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:54:25, on 2009-02-20 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\G-VGA.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Vivotek\ST3402\Launcher_VV.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing) O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://10.0.0.3/RtspVaPgDec.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A454E737-267D-4F91-8552-AB1B280C3856}: NameServer = 213.227.72.1,213.227.75.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Vivotek ST3402 Launcher (Vivotek_ST3402) - Vivotek Inc. - C:\Program Files\Vivotek\ST3402\Launcher_VV.exe -- End of file - 7326 bytes]

Kod: Zaznacz wszystko: ComboFix 09-02-19.01 - władysław 2009-02-20 19:02:23.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1023.784 [GMT 1:00] Uruchomiony z: c:\documents and settings\władysław\Pulpit\ComboFix.exe AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Setup Wizard c:\program files\Setup Wizard\Setup Wizard.exe c:\windows\sysdat.dll c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekaspulkyab.sys c:\windows\system32\senekaavnvognm.dat c:\windows\system32\senekanswwkeab.dll c:\windows\system32\senekapop.dll c:\windows\system32\senekarfvkpdpa.dat c:\windows\system32\winlogon2.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA ((((((((((((((((((((((((( Pliki utworzone od 2009-01-20 do 2009-02-20 ))))))))))))))))))))))))))))))) . 2009-02-19 18:54 . 2009-02-19 18:54 <DIR> d-------- c:\program files\Trend Micro 2009-02-16 18:17 . 2009-02-16 17:37 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-02-16 18:14 . 2009-02-16 18:14 0 --a------ c:\documents and settings\w 2009-02-16 17:38 . 2009-02-16 17:37 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-16 17:33 . 2009-02-16 17:33 <DIR> d-------- c:\program files\Lavasoft 2009-02-16 17:33 . 2009-02-16 17:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Lavasoft 2009-02-16 17:33 . 2009-02-16 17:33 <DIR> d--h----- c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-16 17:06 . 2009-02-16 17:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-02-16 17:06 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2009-02-16 17:06 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2009-02-16 17:06 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2009-02-16 17:06 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2009-02-16 17:05 . 2009-02-16 17:06 <DIR> d-------- c:\program files\Spyware Doctor 2009-02-16 17:05 . 2009-02-16 17:06 <DIR> d-------- c:\documents and settings\władysław\Dane aplikacji\PC Tools 2009-02-14 19:40 . 2009-02-14 19:40 <DIR> d-------- c:\documents and settings\władysław\.gstreamer-0.10 2009-02-14 19:40 . 2009-02-14 19:40 <DIR> d-------- c:\documents and settings\władysław\.gstreamer-0.10 2009-02-14 16:41 . 2009-02-14 16:41 <DIR> d--hs---- C:\FOUND.011 2009-02-13 15:39 . 2009-02-13 15:39 <DIR> d-------- c:\program files\Nowe Gadu-Gadu 2009-02-11 20:00 . 2009-02-11 20:00 <DIR> d-------- c:\program files\Common Files\Skype 2009-01-25 16:09 . 2009-01-25 16:09 <DIR> d--hs---- C:\FOUND.010 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 18:50 --------- d-----w c:\program files\Dnote Software 2009-01-18 18:21 --------- d-----w c:\program files\Mio Technology 2009-01-16 20:30 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-12 10:52 --------- d-----w c:\program files\Microsoft Sync Framework 2009-01-12 10:50 --------- d-----w c:\program files\Windows Live SkyDrive 2009-01-12 10:50 --------- d-----w c:\program files\Microsoft 2009-01-12 10:43 --------- d-----w c:\program files\Common Files\Windows Live 2009-01-06 18:37 --------- d-----w c:\documents and settings\władysław\Dane aplikacji\Nowe Gadu-Gadu 2008-12-19 10:38 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-19 09:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-12-04 23:33 308,072 ----a-w c:\windows\WLXPGSS.SCR 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2007-11-27 17:36 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat 2008-10-23 14:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008102320081024\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-06 9302632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "VGAUtil"="c:\windows\system32\G-VGA.exe" [2003-10-08 544768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\INTERIAPL\\Stefan\\Stefan.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Vivotek\\Installation Wizard\\InstallationWizard.exe"= "c:\\Program Files\\Vivotek\\ST3402\\Playback_VV.exe"= "c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"= "c:\\TOTALCMD\\TOTALCMD.EXE"= "c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\GG.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-16 64160] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-12 55136] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 Vivotek_ST3402;Vivotek ST3402 Launcher;c:\program files\Vivotek\ST3402\Launcher_VV.exe [2006-09-29 430080] R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [2007-11-27 167661] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-16 356920] . Zawartość folderu 'Zaplanowane zadania' 2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 17:37] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-IP surveillance - (no file) . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = iexplore IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: {A454E737-267D-4F91-8552-AB1B280C3856} = 213.227.72.1,213.227.75.1 DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://10.0.0.3/RtspVaPgDec.cab FF - ProfilePath - c:\documents and settings\władysław\Dane aplikacji\Mozilla\Firefox\Profiles\swu5ri76.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - http://www.onet.pl FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-20 19:05:46 Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\windows\system32\drivers\seneka.sys 0 bytes c:\windows\system32\drivers\senekaaxxobbas.sys 81920 bytes c:\windows\system32\drivers\senekaspulkyab.sys 81920 bytes c:\windows\system32\drivers\senekafrkdlije.sys 81920 bytes c:\windows\system32\drivers\senekajyxxvoyd.sys 81920 bytes c:\docume~1\W c:\windows\system32\senekapop.dll 0 bytes c:\windows\system32\senekavnstiqfo.dll 49152 bytes c:\windows\system32\senekafcfsbpfu.dat 65536 bytes c:\windows\system32\senekaxymkphxc.dll 16384 bytes c:\windows\system32\senekadvblovym.dll 16384 bytes c:\windows\system32\senekaxownvxtw.dat 16384 bytes c:\windows\system32\senekarfvkpdpa.dat 16384 bytes c:\windows\system32\senekaavnvognm.dat 16384 bytes c:\windows\system32\senekanswwkeab.dll 49152 bytes c:\windows\system32\senekapikoisvj.dll 16384 bytes c:\windows\system32\senekatpomruft.dll 16384 bytes c:\windows\system32\senekadqdylqvk.dll 49152 bytes c:\windows\system32\senekaylqbdibi.dat 16384 bytes c:\windows\system32\senekatqsbcjpq.dll 16384 bytes c:\windows\system32\senekaypeouodv.dll 16384 bytes skanowanie pomyślnie ukończone ukryte pliki: 21 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seneka] "imagepath"="\systemroot\system32\drivers\senekajyxxvoyd.sys" . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\JAVA\JRE6\BIN\JQS.EXE c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE . ************************************************************************** . Czas ukończenia: 2009-02-20 19:07:11 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-02-20 18:07:10 Przed: 9,542,975,488 bajtów wolnych Po: 9,822,797,824 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 192 --- E O F --- 2009-02-12 20:23:20

oraz log z rsit

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.05 (written by random/random) Run by władysław at 2009-02-20 19:11:46 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 9 GB (47%) free of 20 GB Total RAM: 1023 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:11:46, on 2009-02-20 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Vivotek\ST3402\Launcher_VV.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\władysław\Pulpit\RSIT.exe C:\Program Files\Trend Micro\HijackThis\władysław.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing) O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://10.0.0.3/RtspVaPgDec.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A454E737-267D-4F91-8552-AB1B280C3856}: NameServer = 213.227.72.1,213.227.75.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Vivotek ST3402 Launcher (Vivotek_ST3402) - Vivotek Inc. - C:\Program Files\Vivotek\ST3402\Launcher_VV.exe -- End of file - 6567 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Pomocnik rejestracji usługi Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NVRTCLK"=C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe [2003-12-30 24576] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] "VGAUtil"=C:\WINDOWS\system32\G-VGA.exe [2003-10-08 544768] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-01-08 65536] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-19 136600] "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-02-16 509784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-02-06 9302632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\INTERIAPL\Stefan\Stefan.exe"="C:\Program Files\INTERIAPL\Stefan\Stefan.exe:*:Enabled:Komunikator Stefan" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Vivotek\Installation Wizard\InstallationWizard.exe"="C:\Program Files\Vivotek\Installation Wizard\InstallationWizard.exe:*:Enabled:Installation Wizard" "C:\Program Files\Vivotek\ST3402\Playback_VV.exe"="C:\Program Files\Vivotek\ST3402\Playback_VV.exe:*:Enabled:Playback" "C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe"="C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk" "C:\TOTALCMD\TOTALCMD.EXE"="C:\TOTALCMD\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows" "C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Nowe Gadu-Gadu\GG.EXE"="C:\Program Files\Nowe Gadu-Gadu\GG.EXE:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 2 months====== 2009-02-20 19:10:48 ----D---- C:\rsit 2009-02-20 19:07:13 ----A---- C:\ComboFix.txt 2009-02-20 18:57:24 ----A---- C:\Boot.bak 2009-02-20 18:57:23 ----RASHD---- C:\cmdcons 2009-02-20 18:56:03 ----A---- C:\WINDOWS\zip.exe 2009-02-20 18:56:03 ----A---- C:\WINDOWS\VFIND.exe 2009-02-20 18:56:03 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-02-20 18:56:03 ----A---- C:\WINDOWS\SWSC.exe 2009-02-20 18:56:03 ----A---- C:\WINDOWS\SWREG.exe 2009-02-20 18:56:03 ----A---- C:\WINDOWS\sed.exe 2009-02-20 18:56:03 ----A---- C:\WINDOWS\NIRCMD.exe 2009-02-20 18:56:03 ----A---- C:\WINDOWS\grep.exe 2009-02-20 18:56:03 ----A---- C:\WINDOWS\fdsv.exe 2009-02-20 18:56:00 ----D---- C:\WINDOWS\ERDNT 2009-02-20 18:56:00 ----D---- C:\Qoobox 2009-02-20 18:55:59 ----D---- C:\ComboFix 2009-02-19 18:54:30 ----D---- C:\Program Files\Trend Micro 2009-02-19 18:47:28 ----A---- C:\WINDOWS\UPGRADE.TXT 2009-02-16 18:17:45 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-02-16 17:33:21 ----HD---- C:\Documents and Settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-16 17:33:16 ----D---- C:\Program Files\Lavasoft 2009-02-16 17:33:16 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2009-02-16 17:06:08 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2009-02-16 17:05:58 ----D---- C:\Program Files\Spyware Doctor 2009-02-16 17:05:58 ----D---- C:\Documents and Settings\władysław\Dane aplikacji\PC Tools 2009-02-14 16:41:32 ----SHD---- C:\FOUND.011 2009-02-13 15:39:19 ----D---- C:\Program Files\Nowe Gadu-Gadu 2009-02-12 21:22:23 ----HD---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-12 15:58:46 ----D---- C:\PrzelewCOM 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\ZLIB.DLL 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\MSREPL35.DLL 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\MSRD2X35.DLL 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\MSJTER35.DLL 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\MSJINT35.DLL 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\MSJET35.DLL 2009-02-12 15:58:46 ----A---- C:\WINDOWS\system32\MSBIND.DLL 2009-02-11 20:00:37 ----D---- C:\Program Files\Common Files\Skype 2009-01-31 11:44:25 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-25 16:09:56 ----SHD---- C:\FOUND.010 2009-01-19 19:07:46 ----D---- C:\Program Files\WinRAR 2009-01-19 17:52:28 ----SHD---- C:\FOUND.009 2009-01-18 19:50:24 ----D---- C:\Program Files\Dnote Software 2009-01-18 19:21:25 ----D---- C:\Program Files\Mio Technology 2009-01-17 20:12:24 ----SHD---- C:\FOUND.008 2009-01-16 19:11:46 ----HD---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-12 19:26:48 ----SHD---- C:\FOUND.007 2009-01-12 11:52:24 ----D---- C:\Program Files\Microsoft Sync Framework 2009-01-12 11:50:29 ----D---- C:\Program Files\Microsoft 2009-01-12 11:50:10 ----D---- C:\Program Files\Windows Live SkyDrive 2009-01-12 11:43:04 ----D---- C:\Program Files\Common Files\Windows Live 2009-01-06 19:37:37 ----D---- C:\Documents and Settings\władysław\Dane aplikacji\Nowe Gadu-Gadu ======List of files/folders modified in the last 2 months====== 2009-02-20 19:05:50 ----A---- C:\WINDOWS\system.ini 2009-02-20 19:02:16 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-20 18:57:26 ----RASH---- C:\boot.ini 2009-02-16 17:07:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-12 21:22:26 ----A---- C:\WINDOWS\imsins.BAK 2009-02-12 05:56:18 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-02 13:05:08 ----A---- C:\WINDOWS\NeroDigital.ini 2009-01-16 21:30:38 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-21 00:03:54 ----A---- C:\WINDOWS\system32\wininet.dll 2008-12-21 00:03:52 ----N---- C:\WINDOWS\system32\occache.dll 2008-12-21 00:03:52 ----N---- C:\WINDOWS\system32\mstime.dll 2008-12-21 00:03:52 ----N---- C:\WINDOWS\system32\msrating.dll 2008-12-21 00:03:52 ----N---- C:\WINDOWS\system32\mshtmled.dll 2008-12-21 00:03:52 ----A---- C:\WINDOWS\system32\webcheck.dll 2008-12-21 00:03:52 ----A---- C:\WINDOWS\system32\urlmon.dll 2008-12-21 00:03:52 ----A---- C:\WINDOWS\system32\url.dll 2008-12-21 00:03:52 ----A---- C:\WINDOWS\system32\pngfilt.dll 2008-12-21 00:03:48 ----N---- C:\WINDOWS\system32\jsproxy.dll 2008-12-21 00:03:48 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2008-12-21 00:03:48 ----A---- C:\WINDOWS\system32\msfeeds.dll 2008-12-21 00:03:46 ----N---- C:\WINDOWS\system32\iernonce.dll 2008-12-21 00:03:46 ----A---- C:\WINDOWS\system32\iertutil.dll 2008-12-21 00:03:44 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-12-21 00:03:42 ----N---- C:\WINDOWS\system32\iedkcs32.dll 2008-12-21 00:03:42 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2008-12-21 00:03:40 ----N---- C:\WINDOWS\system32\ieaksie.dll 2008-12-21 00:03:40 ----N---- C:\WINDOWS\system32\ieakeng.dll 2008-12-21 00:03:40 ----N---- C:\WINDOWS\system32\extmgr.dll 2008-12-21 00:03:40 ----N---- C:\WINDOWS\system32\dxtrans.dll 2008-12-21 00:03:40 ----A---- C:\WINDOWS\system32\icardie.dll 2008-12-21 00:03:40 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2008-12-21 00:03:40 ----A---- C:\WINDOWS\system32\advpack.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-09-04 41984] R3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 PD1030VID;Creative WebCam Pro; C:\WINDOWS\system32\DRIVERS\p1030vid.sys [2000-12-26 167661] R3 rtl8029;Sterownik NT karty Realtek RTL8029(AS)-based PCI Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-11-27 25280] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840] S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952] S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys [] S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-19 152984] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 Vivotek_ST3402;Vivotek ST3402 Launcher; C:\Program Files\Vivotek\ST3402\Launcher_VV.exe [2006-09-29 430080] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-16 950096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176] -----------------EOF-----------------

proszę o pomoc pozdrawiam loki_26

**Posty:** 266 · przez **C-oolt** 20 Lut 2009, 19:30

Siemka

Daj jeszcze log z ComboFix -a : http://forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-rsita-vt95026.html

Pozdro

**Posty:** 18165 · przez **wojtas** 20 Lut 2009, 20:26

Pobierz i uruchom narzędzie
The Avenger
w bialym polu wklej tekst:

Files to delete:

c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaaxxobbas.sys
c:\windows\system32\drivers\senekaspulkyab.sys
c:\windows\system32\drivers\senekafrkdlije.sys
c:\windows\system32\drivers\senekajyxxvoyd.sys
c:\docume~1\W
c:\windows\system32\senekapop.dll
c:\windows\system32\senekavnstiqfo.dll
c:\windows\system32\senekafcfsbpfu.dat
c:\windows\system32\senekaxymkphxc.dll
c:\windows\system32\senekadvblovym.dll
c:\windows\system32\senekaxownvxtw.dat
c:\windows\system32\senekarfvkpdpa.dat
c:\windows\system32\senekaavnvognm.dat
c:\windows\system32\senekanswwkeab.dll
c:\windows\system32\senekapikoisvj.dll
c:\windows\system32\senekatpomruft.dll
c:\windows\system32\senekadqdylqvk.dll
c:\windows\system32\senekaylqbdibi.dat
c:\windows\system32\senekatqsbcjpq.dll
c:\windows\system32\senekaypeouodv.dll

Registry keys to delete:

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seneka

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt oraz nowy log z combofixa i . Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

**Posty:** 2 · przez **loki_26** 22 Lut 2009, 17:07

Witam ponownie wklejam logi zgodnie z zaleceniem najpierw avenger:

Kod: Zaznacz wszystko: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "seneka" found! ImagePath: \systemroot\system32\drivers\senekajyxxvoyd.sys Start Type: 1 (System) Rootkit scan completed. File "c:\windows\system32\drivers\seneka.sys" deleted successfully. File "c:\windows\system32\drivers\senekaaxxobbas.sys" deleted successfully. File "c:\windows\system32\drivers\senekaspulkyab.sys" deleted successfully. File "c:\windows\system32\drivers\senekafrkdlije.sys" deleted successfully. File "c:\windows\system32\drivers\senekajyxxvoyd.sys" deleted successfully. File "c:\docume~1\W" deleted successfully. File "c:\windows\system32\senekapop.dll" deleted successfully. File "c:\windows\system32\senekavnstiqfo.dll" deleted successfully. File "c:\windows\system32\senekafcfsbpfu.dat" deleted successfully. File "c:\windows\system32\senekaxymkphxc.dll" deleted successfully. File "c:\windows\system32\senekadvblovym.dll" deleted successfully. File "c:\windows\system32\senekaxownvxtw.dat" deleted successfully. File "c:\windows\system32\senekarfvkpdpa.dat" deleted successfully. File "c:\windows\system32\senekaavnvognm.dat" deleted successfully. File "c:\windows\system32\senekanswwkeab.dll" deleted successfully. File "c:\windows\system32\senekapikoisvj.dll" deleted successfully. File "c:\windows\system32\senekatpomruft.dll" deleted successfully. File "c:\windows\system32\senekadqdylqvk.dll" deleted successfully. File "c:\windows\system32\senekaylqbdibi.dat" deleted successfully. File "c:\windows\system32\senekatqsbcjpq.dll" deleted successfully. File "c:\windows\system32\senekaypeouodv.dll" deleted successfully. Registry key "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seneka" deleted successfully. Completed script processing. ******************* Finished! Terminate.

oraz nowy log z combofixa

Kod: Zaznacz wszystko: ComboFix 09-02-21.01 - władysław 2009-02-22 16:08:35.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1023.675 [GMT 1:00] Uruchomiony z: c:\documents and settings\władysław\Pulpit\skanery\ComboFix.exe AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\senekamuecmwia.dat . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-22 do 2009-02-22 ))))))))))))))))))))))))))))))) . 2009-02-20 19:10 . 2009-02-20 19:10 <DIR> d-------- C:\rsit 2009-02-19 18:54 . 2009-02-19 18:54 <DIR> d-------- c:\program files\Trend Micro 2009-02-16 18:17 . 2009-02-16 17:37 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-02-16 17:38 . 2009-02-16 17:37 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-16 17:33 . 2009-02-16 17:33 <DIR> d-------- c:\program files\Lavasoft 2009-02-16 17:33 . 2009-02-16 17:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Lavasoft 2009-02-16 17:33 . 2009-02-16 17:33 <DIR> d--h----- c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-16 17:06 . 2009-02-16 17:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-02-16 17:06 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2009-02-16 17:06 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2009-02-16 17:06 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2009-02-16 17:06 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2009-02-16 17:05 . 2009-02-16 17:06 <DIR> d-------- c:\program files\Spyware Doctor 2009-02-16 17:05 . 2009-02-16 17:06 <DIR> d-------- c:\documents and settings\władysław\Dane aplikacji\PC Tools 2009-02-14 19:40 . 2009-02-14 19:40 <DIR> d-------- c:\documents and settings\władysław\.gstreamer-0.10 2009-02-14 19:40 . 2009-02-14 19:40 <DIR> d-------- c:\documents and settings\władysław\.gstreamer-0.10 2009-02-14 16:41 . 2009-02-14 16:41 <DIR> d--hs---- C:\FOUND.011 2009-02-13 15:39 . 2009-02-13 15:39 <DIR> d-------- c:\program files\Nowe Gadu-Gadu 2009-02-11 20:00 . 2009-02-11 20:00 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-06 19:57 . 2009-02-06 19:57 308,104 --a------ c:\windows\WLXPGSS.SCR 2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll 2009-01-25 16:09 . 2009-01-25 16:09 <DIR> d--hs---- C:\FOUND.010 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 18:50 --------- d-----w c:\program files\Dnote Software 2009-01-18 18:21 --------- d-----w c:\program files\Mio Technology 2009-01-16 20:30 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-12 10:52 --------- d-----w c:\program files\Microsoft Sync Framework 2009-01-12 10:50 --------- d-----w c:\program files\Windows Live SkyDrive 2009-01-12 10:50 --------- d-----w c:\program files\Microsoft 2009-01-12 10:43 --------- d-----w c:\program files\Common Files\Windows Live 2009-01-06 18:37 --------- d-----w c:\documents and settings\władysław\Dane aplikacji\Nowe Gadu-Gadu 2008-12-19 10:38 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-19 09:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2007-11-27 17:36 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat 2008-10-23 14:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008102320081024\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-20_19.06.31.85 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-22 14:02:10 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\[u]0[/u]024607ccdb9930d0e82f4289d386489\WindowsLive.Client.ni.dll + 2009-02-22 14:01:54 6,492,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\[u]0[/u]d92e2974417f7e8a81827e43479f0dd\WindowsLive.Writer.PostEditor.ni.dll + 2009-02-22 14:01:56 868,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\21bf88d832fad106823d5e3fb7715cdb\WindowsLive.Writer.Controls.ni.dll + 2009-02-22 14:02:06 1,155,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\25879a16bea29a61420a05639017bd3e\WindowsLive.Writer.ApplicationFramework.ni.dll + 2009-02-22 14:02:10 634,880 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\30e26e6fc391e51fcf4ad24d0097aebb\WindowsLive.Writer.HtmlEditor.ni.dll + 2009-02-22 14:02:08 921,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b2a6aa0a2758d21b155fea5a498d9c3\WindowsLive.Writer.BlogClient.ni.dll + 2009-02-22 14:02:06 114,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f11652952fd2f51b7506879343f7289\WindowsLive.Writer.Api.ni.dll + 2009-02-22 14:02:02 176,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43bc7d79650bc43f9a143dfeeebf4549\WindowsLive.Writer.HtmlParser.ni.dll + 2009-02-22 14:02:04 282,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70714e6d0c656df3792d9c44c214adaf\WindowsLive.Writer.Mshtml.ni.dll + 2009-02-22 14:02:02 475,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8af8a8ba37744d09a028566829f9e964\WindowsLive.Writer.Localization.ni.dll + 2009-02-22 14:02:00 2,080,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a39ca3f05b95dfca526e39353ba86c48\WindowsLive.Writer.CoreServices.ni.dll + 2009-02-22 14:02:06 143,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a82a16758b71291ebf35c64216f1546b\WindowsLive.Writer.Extensibility.ni.dll + 2009-02-22 14:02:00 335,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\acc3759bf6558b7b3f1f07960b9db27d\WindowsLive.Writer.Interop.ni.dll + 2009-02-22 14:02:00 200,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b3217fa87ed1f8e3d8c5da5971eb51ed\WindowsLive.Writer.BrowserControl.ni.dll + 2009-02-22 14:02:00 335,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c25e8c74456a5b7340589a5457c22e35\WindowsLive.Writer.Interop.Mshtml.ni.dll + 2009-02-22 14:02:12 376,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d5a8a22065837bde5abaddca1bd1210e\WindowsLive.Writer.SpellChecker.ni.dll + 2009-02-22 14:02:12 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df877561c9bfcef447d163451d1e9faf\WindowsLive.Writer.Instrumentation.ni.dll + 2009-02-22 14:02:02 131,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e2ba25e018ed3ecdac82978053eae744\WindowsLive.Writer.Passport.ni.dll + 2009-02-22 14:02:12 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7763f69f454e8d98998951f805eed06\WindowsLive.Writer.FileDestinations.ni.dll + 2009-02-22 14:02:14 634,880 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\542de0d1b6e269c35169bb0ebe60158e\WindowsLiveLocal.WriterPlugin.ni.dll + 2009-02-22 14:01:40 49,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\1a69f2433c9d15d5ed86091964aa5184\WindowsLiveWriter.ni.exe - 2009-01-12 10:53:34 80,395 ----a-r c:\windows\Installer\{2A5FBE73-76DA-4A31-BD86-1B0E01DC33F8}\MsblIco.Exe + 2009-02-22 13:08:58 80,395 ----a-r c:\windows\Installer\{2A5FBE73-76DA-4A31-BD86-1B0E01DC33F8}\MsblIco.Exe + 2009-02-22 13:09:50 132,096 ----a-r c:\windows\Installer\{CF589477-3D27-4C6F-82A3-78547ACAC55D}\WLXPhotoGalleryIcon.exe - 2009-01-12 10:51:22 58,945 ----a-r c:\windows\Installer\{DB4690C5-9015-401D-A96C-A49909B7C372}\wlmail.exe + 2009-02-22 13:09:14 58,945 ----a-r c:\windows\Installer\{DB4690C5-9015-401D-A96C-A49909B7C372}\wlmail.exe - 2009-02-20 16:36:24 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-22 12:45:22 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-02-20 16:36:24 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2009-02-22 12:45:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2009-02-20 16:36:24 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2009-02-22 12:45:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2009-02-22 15:03:22 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_57c.dat . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-06 9302632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "VGAUtil"="c:\windows\system32\G-VGA.exe" [2003-10-08 544768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\INTERIAPL\\Stefan\\Stefan.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Vivotek\\Installation Wizard\\InstallationWizard.exe"= "c:\\Program Files\\Vivotek\\ST3402\\Playback_VV.exe"= "c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"= "c:\\TOTALCMD\\TOTALCMD.EXE"= "c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "c:\\Program Files\\Nowe Gadu-Gadu\\GG.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-16 64160] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-12 55136] R2 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 Vivotek_ST3402;Vivotek ST3402 Launcher;c:\program files\Vivotek\ST3402\Launcher_VV.exe [2006-09-29 430080] R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [2007-11-27 167661] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-16 356920] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - FSSSVC . Zawartość folderu 'Zaplanowane zadania' 2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 17:37] . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = iexplore IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: {A454E737-267D-4F91-8552-AB1B280C3856} = 213.227.72.1,213.227.75.1 DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://10.0.0.3/RtspVaPgDec.cab FF - ProfilePath - c:\documents and settings\władysław\Dane aplikacji\Mozilla\Firefox\Profiles\swu5ri76.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - www.onet.pl FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 16:09:47 Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-02-22 16:10:39 ComboFix-quarantined-files.txt 2009-02-22 15:10:38 ComboFix2.txt 2009-02-20 18:07:14 Przed: 9 612 984 320 bajtów wolnych Po: 9,728,901,120 bajtów wolnych 184 --- E O F --- 2009-02-12 20:23:20

kapersky wywala mi błąd

Kod: Zaznacz wszystko: Uruchamianie programu. Proszę czekać... Wybrano źródło uaktualnień: http://www.kaspersky.com Pobieranie pliku: packages/kos-extras.jar Program został uruchomiony. Trwa aktualizacja bazy danych. Proszę czekać... Wybrano źródło uaktualnień: http://dnl-17.geo.kaspersky.com/ Pobieranie pliku: index/master.xml.klz Pobieranie pliku: index/master.xml Błąd operacji plikowej: index/master.xml Aktualizacja nie powiodła się. Nie powiodło się uruchomienie programu. Zamknij okno Kaspersky Online Scanner 7.0, otwórz je ponownie i zainstaluj program. Aby uaktualnić Kaspersky Online Scanner 7.0 komputer musi być połączony z internetem. Przy użyciu najnowszych uaktualnień baz danych można wykrywać nowe wirusy i zagrożenia. Aby korzystać z Kaspersky Online Scanner 7.0 musisz połączyć się z internetem. [ERROR: Błąd operacji plikowej]

sciągnąłem trial 30 dniowy przeskanowałem i oto log:

Kod: Zaznacz wszystko: Data: Przyszłość (zdarzenia: 2) Skanowanie (zdarzenia: 2) 2009-02-22 17:15:56 Ochrona nie jest uruchomiona Kaspersky Anti-Virus 2009-02-22 17:12:42 Bazy danych są nieaktualne Kaspersky Anti-Virus Skanowanie (zdarzenia: 2) 2009-02-22 17:16:36 Zadanie zostało uruchomione Kaspersky Anti-Virus Pliki i pamięć 2009-02-22 17:12:42 Zadanie zostało uruchomione Kaspersky Anti-Virus Pliki i pamięć Skanowanie (zdarzenia: 2) 2009-02-22 17:16:36 Zadanie zostało uruchomione Kaspersky Anti-Virus Poczta i komunikatory 2009-02-22 17:12:42 Zadanie zostało uruchomione Kaspersky Anti-Virus Poczta i komunikatory Skanowanie (zdarzenia: 2) 2009-02-22 17:16:36 Zadanie zostało uruchomione Kaspersky Anti-Virus Ruch WWW 2009-02-22 17:12:42 Zadanie zostało uruchomione Kaspersky Anti-Virus Ruch WWW Skanowanie (zdarzenia: 2) 2009-02-22 17:16:36 Zadanie zostało uruchomione Kaspersky Anti-Virus Anti-Phishing 2009-02-22 17:12:42 Zadanie zostało uruchomione Kaspersky Anti-Virus Anti-Phishing Skanowanie (zdarzenia: 2) 2009-02-22 17:16:36 Zadanie zostało uruchomione Kaspersky Anti-Virus Ochrona proaktywna 2009-02-22 17:12:42 Zadanie zostało uruchomione Kaspersky Anti-Virus Ochrona proaktywna Skanowanie (zdarzenia: 2) 2009-02-22 17:15:56 Niepoprawny klucz Kaspersky Anti-Virus Skanowanie (zdarzenia: 2) 2009-02-22 17:12:42 Zadanie zostało uruchomione Kaspersky Anti-Virus Szybkie skanowanie 2009-02-22 17:14:04 Zadanie zostało zakończone Kaspersky Anti-Virus Szybkie skanowanie Skanowanie (zdarzenia: 2) 2009-02-22 17:12:55 Zadanie zostało uruchomione Kaspersky Anti-Virus Aktualizacja 2009-02-22 17:16:37 Zadanie zostało zakończone Kaspersky Anti-Virus Aktualizacja

**Posty:** 18165 · przez **wojtas** 22 Lut 2009, 19:00

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.