z trojanem

**Posty:** 477 · przez **matti_84** 28 Gru 2007, 01:05

Witam.
Mam dość poważny problem. W folderze windows pojawil się plik resfix32v.exe. Obciąża on potwornie system, (co zresztą wydaje mi się, że wynika z loga). Zamieszczam log z hijack'a. Robię to po raz pierwszy więc mam nadzieję, że dobrze go zapisałem...
Bardzo proszę pomóżcie mi usunąć ten plik. Jedynym miejscem, gdzie znalazłem jakieś informacje na temat tego pliku to prevx CSI. Tylko tam coś o nim jest.

oto log:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 23:48:38, on 2007-12-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Mateusz\Programy\ATnotes\ATnotes.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe D:\Ola\Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe D:\Mateusz\Programy\HijackThis.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe C:\WINDOWS\resfix32v.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [C:\Program Files\NET Traffic Meter\NET Traffic Meter] "C:\Program Files\NET Traffic Meter\NET Traffic Meter.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [ATnotes.exe] D:\Mateusz\Programy\ATnotes\ATnotes.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Ola\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab O20 - AppInit_DLLs: C:\WINDOWS\sysloader32v.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Bardzo proszę o pomoc. Od razu piszę, że nie mam pojęcia jak usuwać pliki w hijacku. Proszę o łopatologię dla analfabety :-)

P.S próbowałem usunąć ten pilk killboxem oraz różnymi antywirusami (avast dr.web) i naprawdę kompletnie straciłem już nadzieję, a formata nie chcę robić.
Samo napisanie tego posta zajęło mi pół godziny... (strasznie mi ten trojan (czy co to jest) spowalnia wszystko.

Z góry dziękuję za pomoc (to naprawdę ważne)...

Aha jeżeli są potrzebne jeszcze jakieś informację to chętnie je podam.

**Posty:** 3854 · przez **Dzi@dek** 28 Gru 2007, 13:45

Daj log z combofix
http://www.programosy.pl/program,combofix.html

**Posty:** 477 · przez **matti_84** 28 Gru 2007, 20:24

Log z combofix'a

Kod: Zaznacz wszystko: ComboFix 07-12-21.4 - M 2007-12-28 19:18:43.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.560 [GMT 1:00] Running from: D:\Mateusz\Programy\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\tmp39.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPF ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-28 19:19 . 2007-12-28 19:19 0 --ah----- C:\WINDOWS\BIT61E.tmp 2007-12-28 19:19 . 2007-12-28 19:19 0 --ah----- C:\WINDOWS\BIT61D.tmp 2007-12-28 19:19 . 2007-12-28 19:19 0 --ah----- C:\WINDOWS\BIT61C.tmp 2007-12-28 19:19 . 2007-12-28 19:19 0 --ah----- C:\WINDOWS\BIT61B.tmp 2007-12-28 19:19 . 2007-12-28 19:19 0 --ah----- C:\WINDOWS\BIT61A.tmp 2007-12-28 19:19 . 2007-12-28 19:19 0 --ah----- C:\WINDOWS\BIT616.tmp 2007-12-28 19:19 . 2007-12-28 19:22 0 --ah----- C:\WINDOWS\BIT611.tmp 2007-12-28 19:17 . 2007-12-28 19:17 0 --ah----- C:\WINDOWS\BIT5CA.tmp 2007-12-28 19:16 . 2007-12-28 19:16 0 --ah----- C:\WINDOWS\BIT5C9.tmp 2007-12-28 19:16 . 2007-12-28 19:16 0 --ah----- C:\WINDOWS\BIT5C8.tmp 2007-12-28 19:15 . 2007-12-28 19:15 0 --ah----- C:\WINDOWS\BIT5C7.tmp 2007-12-28 19:15 . 2007-12-28 19:15 0 --ah----- C:\WINDOWS\BIT5C6.tmp 2007-12-28 19:15 . 2007-12-28 19:15 0 --ah----- C:\WINDOWS\BIT5C5.tmp 2007-12-28 19:15 . 2007-12-28 19:15 0 --ah----- C:\WINDOWS\BIT5C4.tmp 2007-12-28 19:14 . 2007-12-28 19:14 0 --ah----- C:\WINDOWS\BIT5C3.tmp 2007-12-28 19:14 . 2007-12-28 19:14 0 --ah----- C:\WINDOWS\BIT5C2.tmp 2007-12-28 19:14 . 2007-12-28 19:14 0 --ah----- C:\WINDOWS\BIT5C1.tmp 2007-12-28 19:14 . 2007-12-28 19:14 0 --ah----- C:\WINDOWS\BIT5C0.tmp 2007-12-28 19:14 . 2007-12-28 19:14 0 --ah----- C:\WINDOWS\BIT5BF.tmp 2007-12-28 19:14 . 2007-12-28 19:14 0 --ah----- C:\WINDOWS\BIT5BE.tmp 2007-12-28 19:14 . 2007-12-28 19:14 0 --ah----- C:\WINDOWS\BIT5BD.tmp 2007-12-28 19:13 . 2007-12-28 19:13 0 --ah----- C:\WINDOWS\BIT5BC.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5BA.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5B9.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5B8.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5B7.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5B6.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5B5.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5B3.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5B2.tmp 2007-12-28 19:12 . 2007-12-28 19:12 0 --ah----- C:\WINDOWS\BIT5A9.tmp 2007-12-28 19:11 . 2007-12-28 19:11 0 --ah----- C:\WINDOWS\BIT5A0.tmp 2007-12-28 19:08 . 2007-12-28 19:08 0 --ah----- C:\WINDOWS\BIT5B4.tmp 2007-12-28 19:05 . 2007-12-28 19:05 0 --ah----- C:\WINDOWS\BIT5B1.tmp 2007-12-28 19:05 . 2007-12-28 19:05 0 --ah----- C:\WINDOWS\BIT5B0.tmp 2007-12-28 19:04 . 2007-12-28 19:04 0 --ah----- C:\WINDOWS\BIT5AF.tmp 2007-12-28 19:04 . 2007-12-28 19:04 0 --ah----- C:\WINDOWS\BIT5AE.tmp 2007-12-28 19:04 . 2007-12-28 19:04 0 --ah----- C:\WINDOWS\BIT5AD.tmp 2007-12-28 19:04 . 2007-12-28 19:04 0 --ah----- C:\WINDOWS\BIT5AC.tmp 2007-12-28 19:04 . 2007-12-28 19:04 0 --ah----- C:\WINDOWS\BIT5AB.tmp 2007-12-28 19:04 . 2007-12-28 19:04 0 --ah----- C:\WINDOWS\BIT5AA.tmp 2007-12-28 19:04 . 2007-12-28 19:04 0 --ah----- C:\WINDOWS\BIT5A8.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT5A7.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT5A6.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT5A5.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT5A4.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT5A3.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT5A2.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT5A1.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT59F.tmp 2007-12-28 19:02 . 2007-12-28 19:02 0 --ah----- C:\WINDOWS\BIT59E.tmp 2007-12-28 19:01 . 2007-12-28 19:01 0 --ah----- C:\WINDOWS\BIT591.tmp 2007-12-28 19:01 . 2007-12-28 19:01 0 --ah----- C:\WINDOWS\BIT58E.tmp 2007-12-28 19:01 . 2007-12-28 19:01 0 --ah----- C:\WINDOWS\BIT512.tmp 2007-12-28 18:54 . 2007-12-28 18:54 0 --ah----- C:\WINDOWS\BIT58C.tmp 2007-12-28 18:53 . 2007-12-28 18:53 0 --ah----- C:\WINDOWS\BIT588.tmp 2007-12-28 18:51 . 2007-12-28 18:51 0 --ah----- C:\WINDOWS\BIT579.tmp 2007-12-28 18:50 . 2007-12-28 18:50 0 --ah----- C:\WINDOWS\BIT574.tmp 2007-12-28 18:50 . 2007-12-28 18:50 0 --ah----- C:\WINDOWS\BIT558.tmp 2007-12-28 18:50 . 2007-12-28 18:50 0 --ah----- C:\WINDOWS\BIT54C.tmp 2007-12-28 18:50 . 2007-12-28 18:50 0 --ah----- C:\WINDOWS\BIT545.tmp 2007-12-28 18:50 . 2007-12-28 18:50 0 --ah----- C:\WINDOWS\BIT542.tmp 2007-12-28 18:49 . 2007-12-28 18:49 0 --ah----- C:\WINDOWS\BIT540.tmp 2007-12-28 18:49 . 2007-12-28 18:49 0 --ah----- C:\WINDOWS\BIT53E.tmp 2007-12-28 18:49 . 2007-12-28 18:49 0 --ah----- C:\WINDOWS\BIT53D.tmp 2007-12-28 18:49 . 2007-12-28 18:49 0 --ah----- C:\WINDOWS\BIT538.tmp 2007-12-28 18:49 . 2007-12-28 18:49 0 --ah----- C:\WINDOWS\BIT516.tmp 2007-12-28 18:46 . 2007-12-28 18:46 0 --ah----- C:\WINDOWS\BIT42E.tmp 2007-12-28 18:46 . 2007-12-28 18:46 0 --ah----- C:\WINDOWS\BIT35F.tmp 2007-12-28 18:43 . 2007-12-28 18:43 0 --ah----- C:\WINDOWS\BIT42B.tmp 2007-12-28 18:42 . 2007-12-28 18:42 0 --ah----- C:\WINDOWS\BIT42A.tmp 2007-12-28 18:41 . 2007-12-28 18:41 0 --ah----- C:\WINDOWS\BIT429.tmp 2007-12-28 18:40 . 2007-12-28 18:40 0 --ah----- C:\WINDOWS\BIT41A.tmp 2007-12-28 18:40 . 2007-12-28 18:40 0 --ah----- C:\WINDOWS\BIT3FE.tmp 2007-12-28 18:40 . 2007-12-28 18:40 0 --ah----- C:\WINDOWS\BIT3F0.tmp 2007-12-28 18:40 . 2007-12-28 18:40 0 --ah----- C:\WINDOWS\BIT3CA.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT3C9.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT3C8.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT3A7.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT3A6.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT3A5.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT398.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT37A.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT364.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT363.tmp 2007-12-28 18:39 . 2007-12-28 18:39 0 --ah----- C:\WINDOWS\BIT362.tmp 2007-12-28 18:38 . 2007-12-28 18:38 0 --ah----- C:\WINDOWS\BIT361.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT360.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT35E.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT35C.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT351.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT34C.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT33A.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT335.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT331.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT32D.tmp 2007-12-28 18:37 . 2007-12-28 18:37 0 --ah----- C:\WINDOWS\BIT32B.tmp 2007-12-28 18:36 . 2007-12-28 18:36 0 --ah----- C:\WINDOWS\BIT324.tmp 2007-12-28 18:36 . 2007-12-28 18:36 0 --ah----- C:\WINDOWS\BIT312.tmp 2007-12-28 17:42 . 2007-12-28 17:42 0 --ah----- C:\WINDOWS\BIT6E7.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-22 19:14 --------- d-----w C:\Program Files\ActivationManager 2007-12-15 23:51 --------- d-----w C:\Program Files\AMD 2007-12-14 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 07:34 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-08 20:49 --------- d-----w C:\Program Files\OpenAL 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-29 19:36 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-11-14 12:12 --------- d-----w C:\Documents and Settings\M\Dane aplikacji\Gadu-Gadu 2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-11-04 21:35 --------- d-----w C:\Program Files\Shareaza 2006-11-02 20:30 81,920 ----a-w C:\Documents and Settings\M\Dane aplikacji\ezpinst.exe 2006-11-02 20:30 47,360 ----a-w C:\Documents and Settings\M\Dane aplikacji\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}] 2007-10-26 19:04 233472 --a------ C:\Program Files\ActivationManager\ActivationManager.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATnotes.exe"="D:\Mateusz\Programy\ATnotes\ATnotes.exe" [2005-01-05 16:45] "Gadu-Gadu"="D:\Ola\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2006-02-10 23:25 C:\WINDOWS\system32\rundll32.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50] "C:\Program Files\NET Traffic Meter\NET Traffic Meter"="C:\Program Files\NET Traffic Meter\NET Traffic Meter.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17] "NvMediaCenter"="RUNDLL32.exe" [2006-02-10 23:25 C:\WINDOWS\system32\rundll32.exe] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-10 23:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\WINDOWS\sysloader32v.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2006-02-10 23:22 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 13:53] R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-09-07 18:51] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-09-07 18:51] R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2007-09-07 18:52] R3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 07:40] R3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 07:40] S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-27 08:26] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys [2007-10-11 07:27] S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2007-12-27 22:24] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6a843a-fbbe-11db-9ae4-000e507ef1d2}] \Shell\Auto\command - Song.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Song.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{647ac7a8-3a75-11dc-9bf8-b12278df9105}] \Shell\Auto\command - UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fab8333-c8d9-11db-9a47-000e507ef1d2}] \Shell\AutoRun\command - I:\USBNB.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-28 19:22:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "C:\\Program Files\\NET Traffic Meter\\NET Traffic Meter"="\"C:\\Program Files\\NET Traffic Meter\\NET Traffic Meter.exe\"" . Completion time: 2007-12-28 19:23:33 - machine was rebooted [M]

**Posty:** 18165 · przez **wojtas** 28 Gru 2007, 20:52

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\sysloader32v.dll
C:\WINDOWS\BIT61E.tmp
C:\WINDOWS\BIT61D.tmp
C:\WINDOWS\BIT61C.tmp
C:\WINDOWS\BIT61B.tmp
C:\WINDOWS\BIT61A.tmp
C:\WINDOWS\BIT616.tmp
C:\WINDOWS\BIT611.tmp
C:\WINDOWS\BIT5CA.tmp
C:\WINDOWS\BIT5C9.tmp
C:\WINDOWS\BIT5C8.tmp
C:\WINDOWS\BIT5C7.tmp
C:\WINDOWS\BIT5C6.tmp
C:\WINDOWS\BIT5C5.tmp
C:\WINDOWS\BIT5C4.tmp
C:\WINDOWS\BIT5C3.tmp
C:\WINDOWS\BIT5C2.tmp
C:\WINDOWS\BIT5C1.tmp
C:\WINDOWS\BIT5C0.tmp
C:\WINDOWS\BIT5BF.tmp
C:\WINDOWS\BIT5BE.tmp
C:\WINDOWS\BIT5BD.tmp
C:\WINDOWS\BIT5BC.tmp
C:\WINDOWS\BIT5BA.tmp
C:\WINDOWS\BIT5B9.tmp
C:\WINDOWS\BIT5B8.tmp
C:\WINDOWS\BIT5B7.tmp
C:\WINDOWS\BIT5B6.tmp
C:\WINDOWS\BIT5B5.tmp
C:\WINDOWS\BIT5B3.tmp
C:\WINDOWS\BIT5B2.tmp
C:\WINDOWS\BIT5A9.tmp
C:\WINDOWS\BIT5A0.tmp
C:\WINDOWS\BIT5B4.tmp
C:\WINDOWS\BIT5B1.tmp
C:\WINDOWS\BIT5B0.tmp
C:\WINDOWS\BIT5AF.tmp
C:\WINDOWS\BIT5AE.tmp
C:\WINDOWS\BIT5AD.tmp
C:\WINDOWS\BIT5AC.tmp
C:\WINDOWS\BIT5AB.tmp
C:\WINDOWS\BIT5AA.tmp
C:\WINDOWS\BIT5A8.tmp
C:\WINDOWS\BIT5A7.tmp
C:\WINDOWS\BIT5A6.tmp
C:\WINDOWS\BIT5A5.tmp
C:\WINDOWS\BIT5A4.tmp
C:\WINDOWS\BIT5A3.tmp
C:\WINDOWS\BIT5A2.tmp
C:\WINDOWS\BIT5A1.tmp
C:\WINDOWS\BIT59F.tmp
C:\WINDOWS\BIT59E.tmp
C:\WINDOWS\BIT591.tmp
C:\WINDOWS\BIT58E.tmp
C:\WINDOWS\BIT512.tmp
C:\WINDOWS\BIT58C.tmp
C:\WINDOWS\BIT588.tmp
C:\WINDOWS\BIT579.tmp
C:\WINDOWS\BIT574.tmp
C:\WINDOWS\BIT558.tmp
C:\WINDOWS\BIT54C.tmp
C:\WINDOWS\BIT545.tmp
C:\WINDOWS\BIT542.tmp
C:\WINDOWS\BIT540.tmp
C:\WINDOWS\BIT53E.tmp
C:\WINDOWS\BIT53D.tmp
C:\WINDOWS\BIT538.tmp
C:\WINDOWS\BIT516.tmp
C:\WINDOWS\BIT42E.tmp
C:\WINDOWS\BIT35F.tmp
C:\WINDOWS\BIT42B.tmp
C:\WINDOWS\BIT42A.tmp
C:\WINDOWS\BIT429.tmp
C:\WINDOWS\BIT41A.tmp
C:\WINDOWS\BIT3FE.tmp
C:\WINDOWS\BIT3F0.tmp
C:\WINDOWS\BIT3CA.tmp
C:\WINDOWS\BIT3C9.tmp
C:\WINDOWS\BIT3C8.tmp
C:\WINDOWS\BIT3A7.tmp
C:\WINDOWS\BIT3A6.tmp
C:\WINDOWS\BIT3A5.tmp
C:\WINDOWS\BIT398.tmp
C:\WINDOWS\BIT37A.tmp
C:\WINDOWS\BIT364.tmp
C:\WINDOWS\BIT363.tmp
C:\WINDOWS\BIT362.tmp
C:\WINDOWS\BIT361.tmp
C:\WINDOWS\BIT360.tmp
C:\WINDOWS\BIT35E.tmp
C:\WINDOWS\BIT35C.tmp
C:\WINDOWS\BIT351.tmp
C:\WINDOWS\BIT34C.tmp
C:\WINDOWS\BIT33A.tmp
C:\WINDOWS\BIT335.tmp
C:\WINDOWS\BIT331.tmp
C:\WINDOWS\BIT32D.tmp
C:\WINDOWS\BIT32B.tmp
C:\WINDOWS\BIT324.tmp
C:\WINDOWS\BIT312.tmp
C:\WINDOWS\BIT6E7.tmp

Folder::
C:\Program Files\ActivationManager

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6a843a-fbbe-11db-9ae4-000e507ef1d2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{647ac7a8-3a75-11dc-9bf8-b12278df9105}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fab8333-c8d9-11db-9a47-000e507ef1d2}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania

skasuj te wpisy w hijacku:

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O20 - AppInit_DLLs: C:\WINDOWS\sysloader32v.dll

Potem nowy log z hijacka oraz combofixa

Autor postu otrzymał pochwałę

**Posty:** 477 · przez **matti_84** 29 Gru 2007, 00:19

Hej.
Zrobiłem wszystko jak powiedziałeś. Nie wiem czy to coś dało, choć komputer jakby przyspieszył.
Możesz, proszę, sprawdzić te logi?
hijack:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 23:17:50, on 2007-12-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spyware Doctor\SDTrayApp.exe D:\Mateusz\Programy\ATnotes\ATnotes.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe D:\Ola\Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe D:\Mateusz\Programy\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [C:\Program Files\NET Traffic Meter\NET Traffic Meter] "C:\Program Files\NET Traffic Meter\NET Traffic Meter.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [ATnotes.exe] D:\Mateusz\Programy\ATnotes\ATnotes.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Ola\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

combofix:

Kod: Zaznacz wszystko: ComboFix 07-12-21.4 - M 2007-12-28 23:11:43.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.574 [GMT 1:00] Running from: D:\Mateusz\Programy\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-28 22:57 . 2007-12-28 23:02 0 --ah----- C:\WINDOWS\BITD3C.tmp 2007-12-28 22:56 . 2007-12-28 22:56 0 --ah----- C:\WINDOWS\BITD1B.tmp 2007-12-28 22:55 . 2007-12-28 22:55 0 --ah----- C:\WINDOWS\BITCE9.tmp 2007-12-28 22:54 . 2007-12-28 22:54 0 --ah----- C:\WINDOWS\BITCB2.tmp 2007-12-28 22:53 . 2007-12-28 22:53 0 --ah----- C:\WINDOWS\BITC70.tmp 2007-12-28 22:52 . 2007-12-28 22:52 0 --ah----- C:\WINDOWS\BITC31.tmp 2007-12-28 22:51 . 2007-12-28 23:12 0 --ah----- C:\WINDOWS\BITBFF.tmp 2007-12-28 22:50 . 2007-12-28 23:12 0 --ah----- C:\WINDOWS\BITBC6.tmp 2007-12-28 22:50 . 2007-12-28 23:12 0 --ah----- C:\WINDOWS\BITBC3.tmp 2007-12-28 22:50 . 2007-12-28 23:12 0 --ah----- C:\WINDOWS\BITBC1.tmp 2007-12-28 22:50 . 2007-12-28 23:12 0 --ah----- C:\WINDOWS\BITBAB.tmp 2007-12-28 22:50 . 2007-12-28 23:11 0 --ah----- C:\WINDOWS\BITB97.tmp 2007-12-28 22:50 . 2007-12-28 23:11 0 --ah----- C:\WINDOWS\BITB96.tmp 2007-12-28 22:50 . 2007-12-28 23:11 0 --ah----- C:\WINDOWS\BITB95.tmp 2007-12-28 22:45 . 2007-12-28 23:11 0 --ah----- C:\WINDOWS\BITBB8.tmp 2007-12-28 22:33 . 2007-12-28 22:33 0 --ah----- C:\WINDOWS\BITB52.tmp 2007-12-28 22:32 . 2007-12-28 22:32 0 --ah----- C:\WINDOWS\BITB51.tmp 2007-12-28 22:31 . 2007-12-28 22:31 0 --ah----- C:\WINDOWS\BITB4F.tmp 2007-12-28 22:31 . 2007-12-28 22:31 0 --ah----- C:\WINDOWS\BITB4D.tmp 2007-12-28 22:31 . 2007-12-28 22:31 0 --ah----- C:\WINDOWS\BITB4C.tmp 2007-12-28 22:31 . 2007-12-28 22:31 0 --ah----- C:\WINDOWS\BITB4B.tmp 2007-12-28 22:31 . 2007-12-28 22:31 0 --ah----- C:\WINDOWS\BITB4A.tmp 2007-12-28 22:29 . 2007-12-28 22:29 0 --ah----- C:\WINDOWS\BITB31.tmp 2007-12-28 22:25 . 2007-12-28 22:25 0 --ah----- C:\WINDOWS\BITB79.tmp 2007-12-28 22:25 . 2007-12-28 22:25 0 --ah----- C:\WINDOWS\BITB78.tmp 2007-12-28 22:16 . 2007-12-28 22:16 0 --ah----- C:\WINDOWS\BITB77.tmp 2007-12-28 22:15 . 2007-12-28 22:15 0 --ah----- C:\WINDOWS\BITB75.tmp 2007-12-28 22:15 . 2007-12-28 22:15 0 --ah----- C:\WINDOWS\BITB74.tmp 2007-12-28 22:15 . 2007-12-28 22:15 0 --ah----- C:\WINDOWS\BITB73.tmp 2007-12-28 22:14 . 2007-12-28 22:14 0 --ah----- C:\WINDOWS\BITB72.tmp 2007-12-28 22:14 . 2007-12-28 22:14 0 --ah----- C:\WINDOWS\BITB71.tmp 2007-12-28 22:13 . 2007-12-28 22:13 0 --ah----- C:\WINDOWS\BITB70.tmp 2007-12-28 22:13 . 2007-12-28 22:13 0 --ah----- C:\WINDOWS\BITB6F.tmp 2007-12-28 22:13 . 2007-12-28 22:13 0 --ah----- C:\WINDOWS\BITB6E.tmp 2007-12-28 22:13 . 2007-12-28 22:13 0 --ah----- C:\WINDOWS\BITB6D.tmp 2007-12-28 22:13 . 2007-12-28 22:13 0 --ah----- C:\WINDOWS\BITB6C.tmp 2007-12-28 22:13 . 2007-12-28 22:13 0 --ah----- C:\WINDOWS\BITB6B.tmp 2007-12-28 22:13 . 2007-12-28 22:13 0 --ah----- C:\WINDOWS\BITB6A.tmp 2007-12-28 22:11 . 2007-12-28 22:11 0 --ah----- C:\WINDOWS\BITB69.tmp 2007-12-28 22:06 . 2007-12-28 22:06 0 --ah----- C:\WINDOWS\BITB68.tmp 2007-12-28 22:05 . 2007-12-28 22:05 0 --ah----- C:\WINDOWS\BITB67.tmp 2007-12-28 22:04 . 2007-12-28 22:04 0 --ah----- C:\WINDOWS\BITB66.tmp 2007-12-28 22:03 . 2007-12-28 22:03 0 --ah----- C:\WINDOWS\BITB65.tmp 2007-12-28 22:03 . 2007-12-28 22:03 0 --ah----- C:\WINDOWS\BITB64.tmp 2007-12-28 22:02 . 2007-12-28 22:02 0 --ah----- C:\WINDOWS\BITB63.tmp 2007-12-28 22:02 . 2007-12-28 22:02 0 --ah----- C:\WINDOWS\BITB62.tmp 2007-12-28 22:02 . 2007-12-28 22:02 0 --ah----- C:\WINDOWS\BITB61.tmp 2007-12-28 22:02 . 2007-12-28 22:02 0 --ah----- C:\WINDOWS\BITB60.tmp 2007-12-28 22:01 . 2007-12-28 22:01 0 --ah----- C:\WINDOWS\BITB5E.tmp 2007-12-28 22:01 . 2007-12-28 22:01 0 --ah----- C:\WINDOWS\BITB5D.tmp 2007-12-28 22:01 . 2007-12-28 22:01 0 --ah----- C:\WINDOWS\BITB5B.tmp 2007-12-28 22:00 . 2007-12-28 22:00 0 --ah----- C:\WINDOWS\BITB5A.tmp 2007-12-28 22:00 . 2007-12-28 22:00 0 --ah----- C:\WINDOWS\BITB59.tmp 2007-12-28 22:00 . 2007-12-28 22:00 0 --ah----- C:\WINDOWS\BITB58.tmp 2007-12-28 22:00 . 2007-12-28 22:00 0 --ah----- C:\WINDOWS\BITB57.tmp 2007-12-28 22:00 . 2007-12-28 22:00 0 --ah----- C:\WINDOWS\BITB56.tmp 2007-12-28 21:57 . 2007-12-28 21:57 0 --ah----- C:\WINDOWS\BITB55.tmp 2007-12-28 21:57 . 2007-12-28 21:57 0 --ah----- C:\WINDOWS\BITB54.tmp 2007-12-28 21:57 . 2007-12-28 21:57 0 --ah----- C:\WINDOWS\BITB50.tmp 2007-12-28 21:56 . 2007-12-28 21:56 0 --ah----- C:\WINDOWS\BITB4E.tmp 2007-12-28 21:56 . 2007-12-28 21:56 0 --ah----- C:\WINDOWS\BITB48.tmp 2007-12-28 21:56 . 2007-12-28 21:56 0 --ah----- C:\WINDOWS\BITB3C.tmp 2007-12-28 21:55 . 2007-12-28 21:55 0 --ah----- C:\WINDOWS\BITB2D.tmp 2007-12-28 21:55 . 2007-12-28 21:55 0 --ah----- C:\WINDOWS\BITB2C.tmp 2007-12-28 21:54 . 2007-12-28 21:54 0 --ah----- C:\WINDOWS\BITB2B.tmp 2007-12-28 21:54 . 2007-12-28 21:54 0 --ah----- C:\WINDOWS\BITB2A.tmp 2007-12-28 21:54 . 2007-12-28 21:54 0 --ah----- C:\WINDOWS\BITB29.tmp 2007-12-28 21:54 . 2007-12-28 21:54 0 --ah----- C:\WINDOWS\BITB28.tmp 2007-12-28 21:52 . 2007-12-28 21:52 0 --ah----- C:\WINDOWS\BITB27.tmp 2007-12-28 21:48 . 2007-12-28 21:49 0 --ah----- C:\WINDOWS\BITB26.tmp 2007-12-28 21:46 . 2007-12-28 21:46 0 --ah----- C:\WINDOWS\BITB25.tmp 2007-12-28 21:45 . 2007-12-28 21:45 0 --ah----- C:\WINDOWS\BITB24.tmp 2007-12-28 21:43 . 2007-12-28 21:43 0 --ah----- C:\WINDOWS\BITB23.tmp 2007-12-28 21:28 . 2007-12-28 21:28 0 --ah----- C:\WINDOWS\BITB20.tmp 2007-12-28 21:10 . 2007-12-28 21:10 0 --ah----- C:\WINDOWS\BITB1E.tmp 2007-12-28 21:09 . 2007-12-28 21:09 0 --ah----- C:\WINDOWS\BITB1C.tmp 2007-12-28 21:09 . 2007-12-28 21:09 0 --ah----- C:\WINDOWS\BITB1B.tmp 2007-12-28 21:08 . 2007-12-28 21:08 0 --ah----- C:\WINDOWS\BITB19.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB0C.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB0B.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB0A.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB09.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB08.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB07.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB06.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB05.tmp 2007-12-28 21:06 . 2007-12-28 21:06 0 --ah----- C:\WINDOWS\BITB03.tmp 2007-12-28 21:05 . 2007-12-28 21:05 0 --ah----- C:\WINDOWS\BITB02.tmp 2007-12-28 21:05 . 2007-12-28 21:05 0 --ah----- C:\WINDOWS\BITB01.tmp 2007-12-28 21:03 . 2007-12-28 21:03 0 --ah----- C:\WINDOWS\BITAEC.tmp 2007-12-28 21:02 . 2007-12-28 21:02 0 --ah----- C:\WINDOWS\BITADF.tmp 2007-12-28 21:00 . 2007-12-28 21:00 0 --ah----- C:\WINDOWS\BITAD0.tmp 2007-12-28 21:00 . 2007-12-28 21:00 0 --ah----- C:\WINDOWS\BITACF.tmp 2007-12-28 20:59 . 2007-12-28 20:59 0 --ah----- C:\WINDOWS\BITACB.tmp 2007-12-28 20:59 . 2007-12-28 20:59 0 --ah----- C:\WINDOWS\BITACA.tmp 2007-12-28 20:59 . 2007-12-28 20:59 0 --ah----- C:\WINDOWS\BITABA.tmp 2007-12-28 20:59 . 2007-12-28 20:59 0 --ah----- C:\WINDOWS\BITAB9.tmp 2007-12-28 20:59 . 2007-12-28 20:59 0 --ah----- C:\WINDOWS\BITAA1.tmp 2007-12-28 20:59 . 2007-12-28 20:59 0 --ah----- C:\WINDOWS\BITA95.tmp 2007-12-28 20:59 . 2007-12-28 20:59 0 --ah----- C:\WINDOWS\BITA91.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-15 23:51 --------- d-----w C:\Program Files\AMD 2007-12-14 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 07:34 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-08 20:49 --------- d-----w C:\Program Files\OpenAL 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-11-29 19:36 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-11-29 19:36 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-11-29 19:36 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-14 12:12 --------- d-----w C:\Documents and Settings\M\Dane aplikacji\Gadu-Gadu 2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-11-12 05:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-11-12 05:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-11-12 05:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-11-12 05:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-11-12 05:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-11-12 05:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-11-12 05:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-11-12 05:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-11-12 05:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-11-12 05:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-11-12 05:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-11-12 05:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-11-12 05:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-11-12 05:51 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-11-12 05:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-11-12 05:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-11-12 05:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-11-12 05:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-11-12 05:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-11-12 05:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-11-12 05:51 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-11-12 05:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-11-12 05:51 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-11-12 05:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-11-12 05:51 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-11-12 05:51 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-28_19.22.53.23 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-26 18:43:30 4,096 ----a-w C:\WINDOWS\sysloader32v.dll + 2007-12-28 21:51:08 4,096 ------w C:\WINDOWS\sysloader32v.dll + 2007-12-28 22:08:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_670.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATnotes.exe"="D:\Mateusz\Programy\ATnotes\ATnotes.exe" [2005-01-05 16:45] "Gadu-Gadu"="D:\Ola\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2006-02-10 23:25 C:\WINDOWS\system32\rundll32.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50] "C:\Program Files\NET Traffic Meter\NET Traffic Meter"="C:\Program Files\NET Traffic Meter\NET Traffic Meter.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17] "NvMediaCenter"="RUNDLL32.exe" [2006-02-10 23:25 C:\WINDOWS\system32\rundll32.exe] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-10 23:22] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2006-02-10 23:22 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 13:53] R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-09-07 18:51] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-09-07 18:51] R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2007-09-07 18:52] R3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 07:40] R3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 07:40] S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-27 08:26] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys [2007-10-11 07:27] S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2007-12-27 22:24] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-28 23:13:58 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "C:\\Program Files\\NET Traffic Meter\\NET Traffic Meter"="\"C:\\Program Files\\NET Traffic Meter\\NET Traffic Meter.exe\"" . Completion time: 2007-12-28 23:14:53 C:\ComboFix2.txt ... 2007-12-28 22:52 C:\ComboFix3.txt ... 2007-12-28 19:23

EDIT:

żeby nie było, że posty nabijam:

:arrow:

Dzi@dek

No przecież poprawiłem (za szybko ctrl+c i ctrl+v) :wink:

wojtas19162

Bardzo, bardzo Ci dziękuję za pomoc. Nawet nie wiesz jak bardzo mi pomogłeś...

Dzięki :!:

**Posty:** 3854 · przez **Dzi@dek** 29 Gru 2007, 00:20

matti_84 napisał(a):hijack:
Kod:
http://forum.programosy.pl/-vp690997.html?sid=29d5e5d0ec7dd24bbfaec6fa183d407c#690997

**Posty:** 18165 · przez **wojtas** 29 Gru 2007, 14:00

Wykonaj to co jest podane w tym temacie

Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\resfix32v.exe
C:\WINDOWS\sysloader32v.dll
C:\WINDOWS\BIT61E.tmp
C:\WINDOWS\BIT61D.tmp
C:\WINDOWS\BIT61C.tmp
C:\WINDOWS\BIT61B.tmp
C:\WINDOWS\BIT61A.tmp
C:\WINDOWS\BIT616.tmp
C:\WINDOWS\BIT611.tmp
C:\WINDOWS\BIT5CA.tmp
C:\WINDOWS\BIT5C9.tmp
C:\WINDOWS\BIT5C8.tmp
C:\WINDOWS\BIT5C7.tmp
C:\WINDOWS\BIT5C6.tmp
C:\WINDOWS\BIT5C5.tmp
C:\WINDOWS\BIT5C4.tmp
C:\WINDOWS\BIT5C3.tmp
C:\WINDOWS\BIT5C2.tmp
C:\WINDOWS\BIT5C1.tmp
C:\WINDOWS\BIT5C0.tmp
C:\WINDOWS\BIT5BF.tmp
C:\WINDOWS\BIT5BE.tmp
C:\WINDOWS\BIT5BD.tmp
C:\WINDOWS\BIT5BC.tmp
C:\WINDOWS\BIT5BA.tmp
C:\WINDOWS\BIT5B9.tmp
C:\WINDOWS\BIT5B8.tmp
C:\WINDOWS\BIT5B7.tmp
C:\WINDOWS\BIT5B6.tmp
C:\WINDOWS\BIT5B5.tmp
C:\WINDOWS\BIT5B3.tmp
C:\WINDOWS\BIT5B2.tmp
C:\WINDOWS\BIT5A9.tmp
C:\WINDOWS\BIT5A0.tmp
C:\WINDOWS\BIT5B4.tmp
C:\WINDOWS\BIT5B1.tmp
C:\WINDOWS\BIT5B0.tmp
C:\WINDOWS\BIT5AF.tmp
C:\WINDOWS\BIT5AE.tmp
C:\WINDOWS\BIT5AD.tmp
C:\WINDOWS\BIT5AC.tmp
C:\WINDOWS\BIT5AB.tmp
C:\WINDOWS\BIT5AA.tmp
C:\WINDOWS\BIT5A8.tmp
C:\WINDOWS\BIT5A7.tmp
C:\WINDOWS\BIT5A6.tmp
C:\WINDOWS\BIT5A5.tmp
C:\WINDOWS\BIT5A4.tmp
C:\WINDOWS\BIT5A3.tmp
C:\WINDOWS\BIT5A2.tmp
C:\WINDOWS\BIT5A1.tmp
C:\WINDOWS\BIT59F.tmp
C:\WINDOWS\BIT59E.tmp
C:\WINDOWS\BIT591.tmp
C:\WINDOWS\BIT58E.tmp
C:\WINDOWS\BIT512.tmp
C:\WINDOWS\BIT58C.tmp
C:\WINDOWS\BIT588.tmp
C:\WINDOWS\BIT579.tmp
C:\WINDOWS\BIT574.tmp
C:\WINDOWS\BIT558.tmp
C:\WINDOWS\BIT54C.tmp
C:\WINDOWS\BIT545.tmp
C:\WINDOWS\BIT542.tmp
C:\WINDOWS\BIT540.tmp
C:\WINDOWS\BIT53E.tmp
C:\WINDOWS\BIT53D.tmp
C:\WINDOWS\BIT538.tmp
C:\WINDOWS\BIT516.tmp
C:\WINDOWS\BIT42E.tmp
C:\WINDOWS\BIT35F.tmp
C:\WINDOWS\BIT42B.tmp
C:\WINDOWS\BIT42A.tmp
C:\WINDOWS\BIT429.tmp
C:\WINDOWS\BIT41A.tmp
C:\WINDOWS\BIT3FE.tmp
C:\WINDOWS\BIT3F0.tmp
C:\WINDOWS\BIT3CA.tmp
C:\WINDOWS\BIT3C9.tmp
C:\WINDOWS\BIT3C8.tmp
C:\WINDOWS\BIT3A7.tmp
C:\WINDOWS\BIT3A6.tmp
C:\WINDOWS\BIT3A5.tmp
C:\WINDOWS\BIT398.tmp
C:\WINDOWS\BIT37A.tmp
C:\WINDOWS\BIT364.tmp
C:\WINDOWS\BIT363.tmp
C:\WINDOWS\BIT362.tmp
C:\WINDOWS\BIT361.tmp
C:\WINDOWS\BIT360.tmp
C:\WINDOWS\BIT35E.tmp
C:\WINDOWS\BIT35C.tmp
C:\WINDOWS\BIT351.tmp
C:\WINDOWS\BIT34C.tmp
C:\WINDOWS\BIT33A.tmp
C:\WINDOWS\BIT335.tmp
C:\WINDOWS\BIT331.tmp
C:\WINDOWS\BIT32D.tmp
C:\WINDOWS\BIT32B.tmp
C:\WINDOWS\BIT324.tmp
C:\WINDOWS\BIT312.tmp
C:\WINDOWS\BIT6E7.tmp

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z combofixa

z trojanem

z trojanem

Kto jest na forum