prosze o sprawdzenie loga (raport o bledach, muli sie)

[Krzaczek]

Komputer muli sie strasznine, przy wlaczaniu wsykakuje standardowy komunikat o raporcie bledow temp2. Oprocz tego kiedy chce wejsc na jakas partycje dysku to kazdy otwiera sie w nowym oknie.

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:50, on 2008-03-26
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\OpenOffice.ux.pl 2.2.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.2.1\program\soffice.BIN
C:\WINDOWS\System32\temp1.exe
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AntiVirenKit\AVKWCtl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Burn Dvd Mail More] C:\Documents and Settings\All Users\Dane aplikacji\Part title burn dvd\Wait Multi.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.2.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.2.1\program\quickstart.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{558A5A51-E357-4CFE-B8DE-63A6AEA026F5}: NameServer = 85.255.116.132,85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F0AC435-89F7-411D-97D8-CF45114642A3}: NameServer = 85.255.116.132,85.255.112.221
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.132 85.255.112.221
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.132 85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.132 85.255.112.221
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe
O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5646 bytes


Kod: Zaznacz wszystko

Deckard's System Scanner v20071014.68
Run by Zuczus on 2008-03-26 16:44:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]System Drive C: has 2.48 GiB (less than 15%) free.[/color]


-- HijackThis (run as Zuczus.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:59, on 2008-03-26
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\OpenOffice.ux.pl 2.2.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.2.1\program\soffice.BIN
C:\WINDOWS\System32\temp1.exe
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AntiVirenKit\AVKWCtl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zuczus\Moje dokumenty\Bluetooth\share\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Zuczus.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Burn Dvd Mail More] C:\Documents and Settings\All Users\Dane aplikacji\Part title burn dvd\Wait Multi.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.2.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.2.1\program\quickstart.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{558A5A51-E357-4CFE-B8DE-63A6AEA026F5}: NameServer = 85.255.116.132,85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F0AC435-89F7-411D-97D8-CF45114642A3}: NameServer = 85.255.116.132,85.255.112.221
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.132 85.255.112.221
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.132 85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.132 85.255.112.221
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe
O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5755 bytes

-- Files created between 2008-02-26 and 2008-03-26 -----------------------------

2008-03-25 14:24:28         0 d-------- C:\Program Files\Trend Micro
2008-03-25 14:23:39     70207 -rahs---- C:\WINDOWS\svchost.exe <Not Verified; ; BindFile ????>
2008-03-25 14:14:02      2416 --a------ C:\WINDOWS\System32\tmp.reg
2008-03-25 14:13:25     25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-03-25 14:13:25    289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-25 14:13:25    288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-25 14:13:25     53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-25 14:13:25     51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-03-25 13:55:54         0 d-------- C:\Program Files\SpywareBlaster
2008-03-25 13:55:37         0 d-------- C:\Program Files\ScanSpyware v3.8
2008-03-25 13:38:35         0 d-------- C:\!KillBox
2008-03-18 22:56:17         0 d-------- C:\Program Files\Microsoft.NET
2008-03-18 22:45:04         0 d-------- C:\Program Files\Microsoft Works
2008-03-18 22:38:19         0 d-------- C:\WINDOWS\SHELLNEW
2008-03-08 12:03:16         0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-03-26 16:41:54         0 d-------- C:\Documents and Settings\Zuczus\Dane aplikacji\MegauploadToolbar
2008-03-26 16:23:10         0 d-------- C:\Documents and Settings\Zuczus\Dane aplikacji\OpenOffice.ux.pl2
2008-03-26 16:23:09      2085 --a------ C:\WINDOWS\System32\temp2.exe
2008-03-26 16:23:09     35346 --a------ C:\WINDOWS\System32\temp1.exe
2008-03-18 22:46:07         0 d-------- C:\Program Files\Common Files
2008-03-08 12:05:24         0 d-------- C:\Program Files\GetRight
2008-02-28 19:17:35         0 d-------- C:\Program Files\Opera
2008-02-13 11:08:07         0 d-------- C:\Documents and Settings\Zuczus\Dane aplikacji\Adobe
2008-01-30 18:44:47         0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 13:54]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 21:46]
"ATIPTA"="atiptaxx.exe" [2006-02-22 01:05 C:\WINDOWS\system32\atiptaxx.exe]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-07-20 21:49]
"Burn Dvd Mail More"="C:\Documents and Settings\All Users\Dane aplikacji\Part title burn dvd\Wait Multi.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

C:\Documents and Settings\Zuczus\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 2.2.1.lnk - C:\Program Files\OpenOffice.ux.pl 2.2.1\program\quickstart.exe [2007-07-09 23:18:48]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Configuration & Monitor Utility.lnk - C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe [2007-07-10 21:55:27]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\heck manager for more]
C:\Documents and Settings\All Users\Dane aplikacji\ping inside more part\cast locks vc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\program files\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ededd8b7-2f2d-11dc-883d-806d6172696f}]
AutoRun\command- RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ededd8b8-2f2d-11dc-883d-806d6172696f}]
AutoRun\command- RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ededd8b9-2f2d-11dc-883d-806d6172696f}]
AutoRun\command- RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe




-- End of Deckard's System Scanner: finished at 2008-03-26 16:45:20 ------------



Kod: Zaznacz wszystko

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 16:46:09
Windows 5.1.2600  NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:85,8f,d0,ed,b5,a0,9e,18,5a,50,34,df,98,cf,23,01,8a,5a,1b,7b,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:60,fd,b6,e3,71,16,e1,5e,13,60,07,36,c5,bd,41,de,1f,68,f2,f4,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,03,43,4e,a5,88,3c,12,b3,7f,65,cc,51,f5,d8,00,d6,a5,..
"khjeh"=hex:24,31,f0,e4,31,61,18,d4,1b,5f,51,d2,67,c0,a1,10,c1,af,70,fd,39,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,84,25,f1,66,e2,62,35,6a,28,b3,f3,89,b2,87,cd,15,43,cd,48,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:85,8f,d0,ed,b5,a0,9e,18,5a,50,34,df,98,cf,23,01,8a,5a,1b,7b,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:60,fd,b6,e3,71,16,e1,5e,13,60,07,36,c5,bd,41,de,1f,68,f2,f4,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,03,43,4e,a5,88,3c,12,b3,7f,65,cc,51,f5,d8,00,d6,a5,..
"khjeh"=hex:24,31,f0,e4,31,61,18,d4,1b,5f,51,d2,67,c0,a1,10,c1,af,70,fd,39,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,84,25,f1,66,e2,62,35,6a,28,b3,f3,89,b2,87,cd,15,43,cd,48,8f,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Atari\Z\1w]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



[b0br]

http://forum.programosy.pl/dla-userow-wstawiajacych-logi-na-forum-vt93842.html

[Okocza]

Ściągnij program Fixwareout i zastosuj go

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\temp2.exe
C:\WINDOWS\System32\temp1.exe

usuwasz, pogrubione ręcznie z dysku tylko nie pomyl z plikiem systemowym który jest w C:\WINDOWS\system32\svchost.exe, potem nowy log z hijack this, combofix, sdfix oraz sillent runners. przeskanuj kompa pod względem spy ware programem ewido.

[Krzaczek]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:48, on 2008-03-27
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\OpenOffice.ux.pl 2.2.1\program\soffice.exe
C:\Program Files\OpenOffice.ux.pl 2.2.1\program\soffice.BIN
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AntiVirenKit\AVKWCtl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Burn Dvd Mail More] C:\Documents and Settings\All Users\Dane aplikacji\Part title burn dvd\Wait Multi.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.2.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.2.1\program\quickstart.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe
O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5384 bytes


Kod: Zaznacz wszystko

ComboFix 08-03-26.3 - Zuczus 2008-03-27 22:33:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.0.1250.1.1045.18.690 [GMT 1:00]
Running from: C:\Documents and Settings\Zuczus\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Zuczus\Moje dokumenty\ICROSO~1.NET
C:\Program Files\myglobalsearch
C:\WINDOWS\autorun.inf
D:\Autorun.inf
E:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-02-27 to 2008-03-27  )))))))))))))))))))))))))))))))
.

2008-03-27 20:26 . 2008-03-27 21:33   <DIR>   d--------   C:\Program Files\ewido anti-spyware 4.0
2008-03-27 20:13 . 2008-03-27 20:16   <DIR>   d--------   C:\fixwareout
2008-03-25 14:24 . 2008-03-25 14:24   <DIR>   d--------   C:\Program Files\Trend Micro
2008-03-25 14:14 . 2008-03-25 14:14   2,416   --a------   C:\WINDOWS\system32\tmp.reg
2008-03-25 14:13 . 2007-09-05 23:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-03-25 14:13 . 2006-04-27 16:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-03-25 14:13 . 2003-06-05 20:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-03-25 14:13 . 2004-07-31 17:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-03-25 14:13 . 2007-10-03 23:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-03-25 13:55 . 2008-03-25 13:55   <DIR>   d--------   C:\Program Files\SpywareBlaster
2008-03-25 13:55 . 2008-03-25 13:55   <DIR>   d--------   C:\Program Files\ScanSpyware v3.8
2008-03-25 13:55 . 2005-08-25 18:19   115,920   --a------   C:\WINDOWS\system32\MSINET.OCX
2008-03-25 13:50 . 2008-03-25 13:50   <DIR>   d--------   C:\Deckard
2008-03-25 13:45 . 2008-03-26 16:46   <DIR>   d--------   C:\SDFix
2008-03-18 22:59 . 2008-03-18 22:59   421   --a------   C:\WINDOWS\ODBC.INI
2008-03-18 22:58 . 2007-04-09 13:23   28,040   --a------   C:\WINDOWS\system32\mdimon.dll
2008-03-18 22:56 . 2008-03-18 22:56   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-03-18 22:45 . 2008-03-18 22:45   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-03-18 22:38 . 2008-03-18 22:55   <DIR>   d--------   C:\WINDOWS\SHELLNEW

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 21:20   ---------   d-----w   C:\Documents and Settings\Zuczus\Dane aplikacji\OpenOffice.ux.pl2
2008-03-26 16:10   ---------   d-----w   C:\Documents and Settings\Zuczus\Dane aplikacji\MegauploadToolbar
2008-03-08 11:05   ---------   d-----w   C:\Program Files\GetRight
2008-02-28 18:17   ---------   d-----w   C:\Program Files\Opera
2008-01-30 17:44   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 13:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 21:46 241664]
"ATIPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-07-20 21:49 98304]
"Burn Dvd Mail More"="C:\Documents and Settings\All Users\Dane aplikacji\Part title burn dvd\Wait Multi.exe" [ ]
"!ewido"="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2008-03-27 20:31 6283264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29 13312]

C:\Documents and Settings\Zuczus\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 2.2.1.lnk - C:\Program Files\OpenOffice.ux.pl 2.2.1\program\quickstart.exe [2007-07-09 23:18:48 17408]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2001-10-26 18:29 13312 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\heck manager for more]
C:\Documents and Settings\All Users\Dane aplikacji\ping inside more part\cast locks vc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 07:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-05-13 02:28 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-05-13 02:28 172032 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2001-08-02 06:14 1077277 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
--a------ 2007-07-14 10:35 730360 c:\program files\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 23:22 35328 C:\Program Files\Winamp\winampa.exe

R2 AVKService;AVK Service;C:\Program Files\AntiVirenKit\AVKService.exe [2004-09-28 09:59]
R2 AVKWCtl;Strażnik AVK;C:\Program Files\AntiVirenKit\AVKWCtl.exe [2004-11-30 15:26]
R2 PStrip;PSTRIP;C:\WINDOWS\System32\DRIVERS\PSTRIP.SYS [2007-07-15 02:37]
R3 GDInterceptor;GDInterceptor;C:\WINDOWS\System32\interceptor.sys [2007-07-10 21:09]
R3 HookCentre;HookCentre;C:\WINDOWS\System32\drivers\HookCentre.sys [2007-08-27 11:21]
R3 USBNDIS5;USBNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\USBNDIS5.SYS [2003-04-14 12:51]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\k510bus.sys [2006-02-17 20:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k510mdfl.sys [2006-02-17 20:34]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\k510mdm.sys [2006-02-17 20:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\k510mgmt.sys [2006-02-17 20:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\k510obex.sys [2006-02-17 20:34]
S3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter;C:\WINDOWS\System32\DRIVERS\vnetusbr.sys [2003-07-23 12:01]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 22:35:04
Windows 5.1.2600  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-27 22:35:31
ComboFix-quarantined-files.txt  2008-03-27 21:35:22
Pre-Run: 2,466,045,952 bajtów wolnych
Post-Run: 2,455,760,896 bajtów wolnych


[ Dodano: Dzisiaj o 22:45 ]

Kod: Zaznacz wszystko

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 22:42:31
Windows 5.1.2600  NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:85,8f,d0,ed,b5,a0,9e,18,5a,50,34,df,98,cf,23,01,8a,5a,1b,7b,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:60,fd,b6,e3,71,16,e1,5e,13,60,07,36,c5,bd,41,de,1f,68,f2,f4,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,03,43,4e,a5,88,3c,12,b3,7f,65,cc,51,f5,d8,00,d6,a5,..
"khjeh"=hex:24,31,f0,e4,31,61,18,d4,1b,5f,51,d2,67,c0,a1,10,c1,af,70,fd,39,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,84,25,f1,66,e2,62,35,6a,28,b3,f3,89,b2,87,cd,15,43,cd,48,8f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:85,8f,d0,ed,b5,a0,9e,18,5a,50,34,df,98,cf,23,01,8a,5a,1b,7b,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:60,fd,b6,e3,71,16,e1,5e,13,60,07,36,c5,bd,41,de,1f,68,f2,f4,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,03,43,4e,a5,88,3c,12,b3,7f,65,cc,51,f5,d8,00,d6,a5,..
"khjeh"=hex:24,31,f0,e4,31,61,18,d4,1b,5f,51,d2,67,c0,a1,10,c1,af,70,fd,39,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,84,25,f1,66,e2,62,35,6a,28,b3,f3,89,b2,87,cd,15,43,cd,48,8f,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-583907252-287218729-839522115-1003]
"RefCount"=dword:00000003
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Atari\Z\1w]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



[Dzi@dek]

Wklej do notatnika

File::
C:\WINDOWS\svchost.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Burn Dvd Mail More"=-

Plik Zapisz jako... CFScript - najlepiej jeśli zapiszesz w

takiej lokalizacji, by ikona CFScript.txt znalazła się obok ikony ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
Potwierdz zrestartuje sie komputer.

Jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER. Rozpocznie się proces usuwania.

Daj nowe logi z Combofix oraz z hijacka