prosze o sprawdzenie loga

[cNx]

Wolno mi chodzi komp mam avasta wykrylo mi cos ? dla pewnosci dodam loga swojego

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:06, on 2007-07-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
E:\gamaa adjuster\GammaAdjuster.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
E:\Gry\cs\hl.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\asdad\Pulpit\hijackthis.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: XBTP02634 Class - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23BA6566-3066-4C9E-A755-77CE7C2D67A9}: NameServer = 217.17.34.10,195.116.217.32
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB63434-3201-4E1A-92B4-B305F3F6ED58}: NameServer = 194.204.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 6613 bytes

[wojtas]

skasuj wpisy + pogrubiony do kosza:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: XBTP02634 Class - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause

te pliki"

C:\windows\System32\syssetupo.dll
C:\windows\System32\syssetup.dll

przeskanuj tu:

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty oraz nowy log z hijacka oraz combofixa

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[cNx]

Ejj ale jak te pliki usunac ?
normalnie wchodze do tego folderu i usuwam ?
albo jak w tym hijackthis ? ja cos nie moge sie doczytac w tym poradniku.
Pierwszy raz na forum takim pisze wiec wiesz
a i czy to na puplicie backoups usunac ?
Daje co mi wyszlo :

"asdad" - 2007-07-11 10:30:09 - ComboFix 07-07-10.1 - Dodatek Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 10:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 17:20 <DIR> d-------- C:\DOCUME~1\asdad\DANEAP~1\Skype
2007-07-10 15:32 <DIR> d-------- C:\DOCUME~1\asdad\DANEAP~1\vlc
2007-07-10 14:54 <DIR> d-------- C:\DOCUME~1\asdad\DANEAP~1\BearShare
2007-07-10 10:49 <DIR> d-------- C:\DOCUME~1\asdad\DANEAP~1\teamspeak2
2007-07-09 16:19 <DIR> d-------- C:\Program Files\HLTooLz
2007-07-09 16:18 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-09 16:18 249,856 --------- C:\WINDOWS\Setup1.exe
2007-07-07 21:57 <DIR> d--hs---- C:\WINDOWS\system32\28463
2007-07-01 12:28 <DIR> d-------- C:\DOCUME~1\asdad\DANEAP~1\Talkback
2007-06-30 13:06 <DIR> d-------- C:\DOCUME~1\asdad\DANEAP~1\Gadu-Gadu
2007-06-25 17:20 <DIR> d-------- C:\Program Files\Robster Productions
2007-06-20 17:08 <DIR> d-------- C:\DOCUME~1\asdad\Gadu-Gadu
2007-06-20 17:05 <DIR> d-------- C:\DOCUME~1\asdad\DANEAP~1\MEGAUPLOADTOOLBAR
2007-06-20 09:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Yahoo! Companion
2007-06-18 18:41 780,936 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-06-13 09:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-12 16:08 <DIR> d-------- C:\Program Files\TGTSoft
2007-06-12 14:58 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 09:16:00 -------- d-----w C:\Program Files\mIRC
2007-07-09 10:42:25 -------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-07-08 17:59:48 -------- d-----w C:\Program Files\Opera
2007-06-22 11:43:20 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-19 16:53:11 12,428 ----a-w C:\WINDOWS\mozver.dat
2007-06-19 16:53:11 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-06-18 16:45:13 -------- d-----w C:\Program Files\Passware
2007-06-07 08:27:32 -------- d-----w C:\Program Files\Szkola podstawowa klasa 4 - Przyroda
2007-06-04 13:41:14 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-30 15:21:20 -------- d-----w C:\Program Files\Google
2007-05-30 15:21:02 -------- d-----w C:\Program Files\IrfanView
2007-05-26 15:58:50 -------- d-----w C:\Program Files\VentriloMIX
2007-05-18 13:07:55 -------- d-----w C:\Program Files\Valve
2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-04 13:21:37 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-05-04 13:21:37 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-04-29 08:19:10 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 15:07:14 335 ----a-w C:\WINDOWS\nsreg.dat
2007-04-20 15:06:41 98,512 ----a-w C:\WINDOWS\GREUninstall.exe
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 12:56 63136 -ra------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2006-10-31 08:55 1803720 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-05-03 03:14 434279 --a------ C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 20:29]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 09:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"Steam"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kill Amcap.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kill Amcap.lnk
backup=C:\WINDOWS\pss\Kill Amcap.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^RaConfig.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk
backup=C:\WINDOWS\pss\RaConfig.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Norbert^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk]
path=C:\Documents and Settings\Norbert\Menu Start\Programy\Autostart\Rejestrowanie produktów Corela.lnk
backup=C:\WINDOWS\pss\Rejestrowanie produktów Corela.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1qaw3edr5]
C:\Documents and Settings\Norbert\Pulpit\krzysiek to cchce\pik.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE BenQ Web Camera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"E:\Gadu-Gadu\gg.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\No-IP Client 1.42]
"C:\Program Files\No-IP Client\noipclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate]
C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"E:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan]
C:\Program Files\INTERIAPL\Stefan\Stefan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe


Contents of the 'Scheduled Tasks' folder
2007-07-11 08:08:32 C:\WINDOWS\tasks\hl.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 10:31:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-11 10:32:09
C:\ComboFix-quarantined-files.txt ... 2007-07-11 10:31

--- E O F ---

Hijackthis new chyba dobrze ;]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28, on 2007-07-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\asdad\Pulpit\hijackthis.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23BA6566-3066-4C9E-A755-77CE7C2D67A9}: NameServer = 217.17.34.10,195.116.217.32
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB63434-3201-4E1A-92B4-B305F3F6ED58}: NameServer = 194.204.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 5828 bytes

[wojtas]

normalnie wchodze do tego folderu i usuwam ?

tak

te pliki"

C:\windows\System32\syssetupo.dll
C:\windows\System32\syssetup.dll

przeskanuj tu:

http://virusscan.jotti.org/
http://www.virustotal.com/

czyli wcohdzisz na te strony szukasz tego pliku i skanujesz potem raport z tej strony daj na forum

[cNx]

Oto wyniki :

C:\windows\System32\syssetup.dll

Antivirus Versión Last Update Result
AhnLab-V3 2007.7.11.1 20070711 no virus found
AntiVir 7.4.0.39 20070711 no virus found
Authentium 4.93.8 20070710 no virus found
Avast 4.7.997.0 20070711 no virus found
Aditional information
File size: 991744 bytes
MD5: e7d9044095ba676ee527d3596589f9a6
SHA1: a044cfa06c5f89ebcb2467bfc876acd8920cf2e6

Importante ATENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Ejj ja nie mam tego tam

C:\windows\System32\syssetupo.dll

Pomylka ? wez sprawdz bo ja tego nigdzie nie mam

[wojtas]

C:\WINDOWS\system32\28463
C:\Program Files\DaemonTools_WhenUSave_Installer

skasuj te 2 foldery moga byc ukryte

[cNx]

Skasowalem mam w tym folderu skreny z ekranu na stronie Onet.pl Teledyski
jak siostra se sluchala

C:\WINDOWS\system32\28463

To tez skasowalem

C:\Program Files\DaemonTools_WhenUSave_Installer

Ejj i czy na pulpicie folder backups usunac ?
to sa logi te co usunolem

[wojtas]

Ejj i czy na pulpicie folder backups usunac ?

tak

[cNx]

ja tam z rok i pol moze wiecej nie mialem formata.
ale tam i tak chodzi wszystko ladnie i fajnie

ejj i to wszystko ?

[wojtas]

tak

Autor postu otrzymał pochwałę