proszę o sprawdzenie loga -trojan-

[wsw1967]

Proszę o sprawdzenie loga. Co kilka minut AVAST wyświetla komunikat o trojanie C:\DOCUME~1\Operator\USTAWI~1\Temp\ac8zt2\msmdev.dll
I AVASTEM nie mogę go usunąć.

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:46, on 2007-10-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\opsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
G:\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Opiekun\optray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\explorer.exe
E:\Antywirus\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://expert.online.pl/5_111.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "G:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WConfig.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: sysdx - {71E8A255-E15E-4404-997A-EEF05FC0B51E} - C:\WINDOWS\sysdx.dll (file missing)
O21 - SSODL: msmdev - {B91E85FF-F024-460E-B7F5-4DE4856E8D23} - C:\WINDOWS\msmdev.dll (file missing)
O21 - SSODL: msmhost - {522F0DD8-1459-4072-8631-2BC5176413BE} - C:\WINDOWS\msmhost.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - G:\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Opiekun (OpSrv) - SoftStory - C:\WINDOWS\system32\opsrv.exe

--
End of file - 8382 bytes


[wojtas]

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

potem nowy log z hijacka oraz z combofixa

Autor postu otrzymał pochwałę

[wsw1967]

Już podaję logi

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:37, on 2007-10-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\opsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
G:\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
E:\Opiekun\optray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Antywirus\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://expert.online.pl/5_111.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "G:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WConfig.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\oplsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: sysdx - {71E8A255-E15E-4404-997A-EEF05FC0B51E} - C:\WINDOWS\sysdx.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - G:\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Opiekun (OpSrv) - SoftStory - C:\WINDOWS\system32\opsrv.exe

--
End of file - 8123 bytes


Kod: Zaznacz wszystko

ComboFix 07-10-02.2 - Operator 2007-10-02 22:41:45.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.478 [GMT 2:00]
Running from: E:\Antywirus\ComboFix\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\Cache\00030990
C:\Program Files\myglobalsearch\bar\Cache\00031267
C:\Program Files\myglobalsearch\bar\Cache\000313E4.bin
C:\Program Files\myglobalsearch\bar\Cache\000317EB.bin
C:\Program Files\myglobalsearch\bar\Cache\000319AE.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\dat.txt
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\system32\moviemk.exe
C:\WINDOWS\system32\oemiglib.dll
C:\WINDOWS\system32\oledb32.dll
C:\WINDOWS\system32\winhelp.exe

.
(((((((((((((((((((((((((   Files Created from 2007-09-02 to 2007-10-02  )))))))))))))))))))))))))))))))
.

2007-10-02 22:40   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-02 22:29   53,248   --a------   C:\WINDOWS\system32\Process.exe
2007-10-02 22:29   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2007-10-02 22:29   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2007-10-02 22:29   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2007-10-02 22:29   25,088   --a------   C:\WINDOWS\system32\WS2Fix.exe
2007-10-02 22:29   1,946   --a------   C:\WINDOWS\system32\tmp.reg
2007-10-02 19:50   <DIR>   d--------   C:\Program Files\SkanerOnline
2007-10-02 18:55   <DIR>   d--hs----   C:\FOUND.001
2007-10-02 17:26   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2007-10-02 17:26   <DIR>   dr-h-----   C:\Documents and Settings\Operator\Dane aplikacji\SecuROM
2007-10-02 16:29   303,104   --a------   C:\WINDOWS\msvb.dll
2007-09-29 10:57   <DIR>   d--hs----   C:\FOUND.000
2007-09-26 22:26   <DIR>   d--------   C:\Documents and Settings\Operator\Dane aplikacji\Ahead
2007-09-26 20:28   <DIR>   d--------   C:\Documents and Settings\Operator\Dane aplikacji\Opera
2007-09-22 19:13   536   --a------   C:\WINDOWS\system32\SpoonUninstall-World Cup Manager 2002.dat
2007-09-21 21:45   <DIR>   d--------   C:\Documents and Settings\Operator\Dane aplikacji\Autodesk
2007-09-21 21:45   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2007-09-16 21:25   <DIR>   d--------   C:\Winamp
2007-09-12 19:32   <DIR>   d--hs----   C:\FOUND.018
2007-09-10 18:42   <DIR>   d--------   C:\Documents and Settings\Operator\Dane aplikacji\HEXelon
2007-09-10 14:34   <DIR>   d--hs----   C:\FOUND.017
2007-09-09 14:39   <DIR>   d--hs----   C:\FOUND.016
2007-09-08 11:11   <DIR>   d--hs----   C:\FOUND.015

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-22 19:13   164352   --a------   C:\WINDOWS\system32\SpoonUninstall.exe
2007-09-06 12:09   801144   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-09-06 12:05   94416   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05   92848   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03   23152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02   42912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00   95608   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 12:00   26624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-24 10:05   43520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-13 21:33   223128   --a------   C:\WINDOWS\system32\drivers\dtscsi.sys
2007-08-13 21:29   643072   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-08-11 20:46   ---------   d--------   C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-08-11 19:59   ---------   d--------   C:\Program Files\CCleaner
2007-08-11 19:47   ---------   d--------   C:\Program Files\Trojan Remover
2007-08-11 19:47   ---------   d--------   C:\Documents and Settings\Operator\Dane aplikacji\Simply Super Software
2007-08-11 19:47   ---------   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2007-08-11 18:18   ---------   d--------   C:\Program Files\Codeforge
2007-08-11 17:50   ---------   d--------   C:\Program Files\PowerQuest
2007-08-11 10:27   737280   --a------   C:\WINDOWS\iun6002.exe
2007-08-11 10:27   ---------   d--------   C:\Program Files\Replay Converter
2007-08-10 20:55   ---------   d--------   C:\Documents and Settings\Operator\Dane aplikacji\The Goalkeeper
2007-08-10 20:29   ---------   d--------   C:\Documents and Settings\Operator\Dane aplikacji\GetRightToGo
2007-08-02 20:49   ---------   d--------   C:\Program Files\MSXML 4.0
2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19   271224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19   207736   --a------   C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
1999-05-17 14:58   99840   --a------   C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 03:53   70144   --a------   C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53   48640   --a------   C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 03:53   31744   --a------   C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 03:53   186368   --a------   C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 03:53   17920   --a------   C:\Program Files\Common Files\IRASRIAL.DLL
2007-03-09 07:12:32   27,648   --sha-w   C:\WINDOWS\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06]
"nwiz"="nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\system32\nwiz.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 11:16]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DAEMON Tools"="G:\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-30 21:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 09:15]
"QuickTime Task"="E:\QuickTime\qttask.exe" [2007-04-27 09:41]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06]
"WinampAgent"="C:\Winamp\winampa.exe" [2007-05-15 00:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 17:34]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 17:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2006-06-02 20:47:25]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE [1999-05-17 14:59:04]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2006-06-02 20:47:25]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE [1999-05-17 14:59:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sysdx"= {71E8A255-E15E-4404-997A-EEF05FC0B51E} - C:\WINDOWS\sysdx.dll [ ]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
AutoRun\command- M:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 12:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 22:45:14
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OpSrv]
"ImagePath"="C:\WINDOWS\system32\opsrv.exe /startedbyscm:BB66DA22-40E2A281-OpiekunService"
.
Completion time: 2007-10-02 22:46:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 22:46
.
   --- E O F ---


[Dzi@dek]

http://cexx.org/lspfix.htm ściągnij program http://cexx.org/LSPFix.exe i w/g tej stronki przenieś w programie plik oplsp.dll na prawą stronę i daj finish.

[wsw1967]

Dzięki Chłopaki pomogło.

[wojtas]

daj nowe logi

[wsw1967]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:16, on 2007-10-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\opsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
G:\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Antywirus\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://expert.online.pl/5_111.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "G:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-1060284298-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-1060284298-1003\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WConfig.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: sysdx - {71E8A255-E15E-4404-997A-EEF05FC0B51E} - C:\WINDOWS\sysdx.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - G:\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Opiekun (OpSrv) - SoftStory - C:\WINDOWS\system32\opsrv.exe

--
End of file - 7996 bytes


Kod: Zaznacz wszystko

ComboFix 07-10-02.2 - Operator 2007-10-03 20:54:53.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.451 [GMT 2:00]
Running from: E:\Antywirus\ComboFix\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-09-03 to 2007-10-03  )))))))))))))))))))))))))))))))
.

2007-10-02 22:40   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-02 22:29   53,248   --a------   C:\WINDOWS\system32\Process.exe
2007-10-02 22:29   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2007-10-02 22:29   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2007-10-02 22:29   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2007-10-02 22:29   25,088   --a------   C:\WINDOWS\system32\WS2Fix.exe
2007-10-02 22:29   1,946   --a------   C:\WINDOWS\system32\tmp.reg
2007-10-02 19:50   <DIR>   d--------   C:\Program Files\SkanerOnline
2007-10-02 18:55   <DIR>   d--hs----   C:\FOUND.001
2007-10-02 17:26   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2007-10-02 17:26   <DIR>   dr-h-----   C:\Documents and Settings\Operator\Dane aplikacji\SecuROM
2007-10-02 16:29   303,104   --a------   C:\WINDOWS\msvb.dll
2007-09-29 10:57   <DIR>   d--hs----   C:\FOUND.000
2007-09-26 22:26   <DIR>   d--------   C:\Documents and Settings\Operator\Dane aplikacji\Ahead
2007-09-26 20:28   <DIR>   d--------   C:\Documents and Settings\Operator\Dane aplikacji\Opera
2007-09-22 19:13   536   --a------   C:\WINDOWS\system32\SpoonUninstall-World Cup Manager 2002.dat
2007-09-21 21:45   <DIR>   d--------   C:\Documents and Settings\Operator\Dane aplikacji\Autodesk
2007-09-21 21:45   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2007-09-16 21:25   <DIR>   d--------   C:\Winamp
2007-09-12 19:32   <DIR>   d--hs----   C:\FOUND.018
2007-09-10 18:42   <DIR>   d--------   C:\Documents and Settings\Operator\Dane aplikacji\HEXelon
2007-09-10 14:34   <DIR>   d--hs----   C:\FOUND.017
2007-09-09 14:39   <DIR>   d--hs----   C:\FOUND.016
2007-09-08 11:11   <DIR>   d--hs----   C:\FOUND.015

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-22 19:13   164352   --a------   C:\WINDOWS\system32\SpoonUninstall.exe
2007-09-06 12:09   801144   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-09-06 12:05   94416   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05   92848   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03   23152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02   42912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00   95608   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 12:00   26624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-24 10:05   43520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-13 21:33   223128   --a------   C:\WINDOWS\system32\drivers\dtscsi.sys
2007-08-13 21:29   643072   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-08-11 20:46   ---------   d--------   C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-08-11 19:59   ---------   d--------   C:\Program Files\CCleaner
2007-08-11 19:47   ---------   d--------   C:\Program Files\Trojan Remover
2007-08-11 19:47   ---------   d--------   C:\Documents and Settings\Operator\Dane aplikacji\Simply Super Software
2007-08-11 19:47   ---------   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2007-08-11 18:18   ---------   d--------   C:\Program Files\Codeforge
2007-08-11 17:50   ---------   d--------   C:\Program Files\PowerQuest
2007-08-11 10:27   737280   --a------   C:\WINDOWS\iun6002.exe
2007-08-11 10:27   ---------   d--------   C:\Program Files\Replay Converter
2007-08-10 20:55   ---------   d--------   C:\Documents and Settings\Operator\Dane aplikacji\The Goalkeeper
2007-08-10 20:29   ---------   d--------   C:\Documents and Settings\Operator\Dane aplikacji\GetRightToGo
2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19   271224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19   207736   --a------   C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
1999-05-17 14:58   99840   --a------   C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 03:53   70144   --a------   C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53   48640   --a------   C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 03:53   31744   --a------   C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 03:53   186368   --a------   C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 03:53   17920   --a------   C:\Program Files\Common Files\IRASRIAL.DLL
2007-03-09 07:12:32   27,648   --sha-w   C:\WINDOWS\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((   snapshot@2007-10-02_22.46.05.30   )))))))))))))))))))))))))))))))))))))))))
.
----a-w            16,384 2007-10-03 15:25:38  C:\WINDOWS\Temp\Perflib_Perfdata_7e8.dat
----a-w           163,328 2007-03-13 08:57:12  C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06]
"nwiz"="nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\system32\nwiz.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 11:16]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DAEMON Tools"="G:\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-30 21:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 09:15]
"QuickTime Task"="E:\QuickTime\qttask.exe" [2007-04-27 09:41]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06]
"WinampAgent"="C:\Winamp\winampa.exe" [2007-05-15 00:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 17:34]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 17:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2006-06-02 20:47:25]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE [1999-05-17 14:59:04]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2006-06-02 20:47:25]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE [1999-05-17 14:59:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sysdx"= {71E8A255-E15E-4404-997A-EEF05FC0B51E} - C:\WINDOWS\sysdx.dll [ ]

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R2 OpSrv;Opiekun;C:\WINDOWS\system32\opsrv.exe /startedbyscm:BB66DA22-40E2A281-OpiekunService
R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys
S3 rtport;rtport;\??\C:\WINDOWS\system32\drivers\rtport.sys
S3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 12:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 20:56:12
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OpSrv]
"ImagePath"="C:\WINDOWS\system32\opsrv.exe /startedbyscm:BB66DA22-40E2A281-OpiekunService"
.
Completion time: 2007-10-03 20:56:59
C:\ComboFix-quarantined-files.txt ... 2007-10-03 20:56
C:\ComboFix2.txt ... 2007-10-02 22:46
.
   --- E O F ---


[wojtas]

O21 - SSODL: sysdx - {71E8A255-E15E-4404-997A-EEF05FC0B51E} - C:\WINDOWS\sysdx.dll (file missing)

skasuj ^^ ten wpis

oraz ten pogrubiony wywal do kosza

C:\WINDOWS\msvb.dll

[wsw1967]

Dzięki wojtas19162! Zrobiłem jak mi podpowiedziałeś.