"Error Safe" jak usunąć?

przez Najker » 13.07.2007 (Pt) 9:32

Mam ten sam problem

Kod: Zaznacz cały: Logfile of HijackThis v1.99.1 Scan saved at 09:25, on 2007-07-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Program Files\BearShare\BearShare.exe C:\WINDOWS\retadpu1000137.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\WinPop\winpop.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wpabaln.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\SUPERC~1\USTAWI~1\Temp\Rar$EX00.094\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [BearShare] "d:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunOnce: [My Global Search Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

przez Gutek » 13.07.2007 (Pt) 9:50

Najpierw automat - Daj log z Combofix

przez Najker » 13.07.2007 (Pt) 10:29

C:\WINDOWS\system32\mcondusk.dll
C:\WINDOWS\system32\yowahqio.dll
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.ini
C:\WINDOWS\system32\ksudnocm.ini
C:\WINDOWS\system32\oiqhawoy.ini
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\jkkjkjj.dll
C:\WINDOWS\system32\jkkjkjj.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\SUPERC~1\Pulpit\internet.lnk
C:\Program Files\inetget2
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\retadpu1000137.exe
C:\WINDOWS\retadpu1000140.exe
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\x.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))

2007-07-13 09:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 09:12 225,280 --a------ C:\Program Files\Uninstall My Global Search Bar.dll
2007-07-13 09:06 66,624 --a------ C:\WINDOWS\system32\evoctwqw.dll
2007-07-13 09:06 66,112 --a------ C:\WINDOWS\system32\gsbkdcpu.exe
2007-07-13 09:03 66,112 --a------ C:\WINDOWS\system32\kcawycbw.exe
2007-07-13 00:43 555 --a------ C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb8467.dat
2007-07-13 00:43 372 --a------ C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb6334.dat
2007-07-13 00:43 32,768 --a------ C:\WINDOWS\system32\WinDmy.dll
2007-07-13 00:43 18,432 --a------ C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb41.dat
2007-07-13 00:43 139,264 --a------ C:\WINDOWS\mirar_distro_876090.exe
2007-07-13 00:42 <DIR> d-------- C:\WINDOWS\system32\UpMedia
2007-07-12 15:35 <DIR> d-------- C:\Program Files\QuickTime
2007-07-12 15:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2007-07-12 15:34 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-12 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple
2007-07-12 14:47 <DIR> d-------- C:\Program Files\Opera
2007-07-12 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Sandlot Games
2007-07-12 10:35 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\SopCast
2007-07-12 07:58 66,624 --a------ C:\WINDOWS\system32\njfnduhe.dll
2007-07-12 07:50 66,112 --a------ C:\WINDOWS\system32\wpqwpygo.exe
2007-07-12 01:50 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\Media Player Classic
2007-07-11 20:42 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\PlayFirst
2007-07-11 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PlayFirst
2007-07-11 18:37 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-07-10 20:59 <DIR> d-------- C:\Program Files\XviD
2007-07-10 20:53 <DIR> d-------- C:\Program Files\MarBit
2007-07-10 20:52 1,276 --a------ C:\WINDOWS\unins000.dat
2007-07-10 00:36 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\Kazaa Lite
2007-07-09 23:55 <DIR> d-------- C:\Program Files\BearShare Applications
2007-07-09 23:42 <DIR> d-------- C:\Downloads
2007-07-09 17:47 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\Zylom
2007-07-09 17:45 <DIR> d-------- C:\Program Files\Zylom Games
2007-07-09 17:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Zylom
2007-07-09 12:18 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-09 12:18 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-09 12:18 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-09 11:17 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-09 11:16 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-09 11:16 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-07-09 11:16 3,780,864 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-07-09 11:16 2,324,672 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-07-09 11:15 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-09 11:15 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-07-09 11:15 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-07-09 11:14 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-07-09 11:14 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-07-09 11:14 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-07-09 11:14 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-07-09 11:14 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-07-09 11:14 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-07-09 11:14 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-07-09 11:14 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-07-09 11:14 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-07-09 11:14 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-07-09 11:14 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-07-09 11:14 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-07-09 11:14 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-07-09 11:14 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-07-09 11:14 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-07-09 11:14 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-07-09 11:14 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-09 11:14 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-07-09 11:14 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-07-09 11:14 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-07-09 11:14 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-07-09 11:14 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-09 11:14 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-07-09 11:14 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-07-09 11:14 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-07-09 11:14 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-07-09 11:14 <DIR> dr------- C:\Program Files
2007-07-09 11:14 <DIR> d--hs---- C:\WINDOWS\Installer
2007-07-09 11:14 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-09 11:14 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-09 11:13 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-07-09 11:13 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-07-09 11:13 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 12:03:59 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-07-09 12:03:59 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-07-09 07:29:31 -------- d-----w C:\Program Files\Usługi online
2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 11:56 63136 -ra------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}]
2007-07-13 00:43 495616 --a------ C:\WINDOWS\system32\UpMedia\ContentTool.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]
C:\WINDOWS\system32\WinNB58.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-07-09 09:52 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6104497-54FD-4688-9162-5115CC8AB0FB}]
2007-03-20 17:27 562872 --a------ C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"nwiz"="nwiz.exe" [2004-06-10 13:52 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"BearShare"="d:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-09 09:52]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

Contents of the 'Scheduled Tasks' folder
2007-07-12 13:34:35 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 10:27:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 10:28:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-13 10:27

--- E O F ---

przez Joan » 13.07.2007 (Pt) 18:57

Pobierz i uruchom narzędzie The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\evoctwqw.dll
C:\WINDOWS\system32\gsbkdcpu.exe
C:\WINDOWS\system32\kcawycbw.exe
C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb8467.dat
C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb6334.dat
C:\WINDOWS\system32\WinDmy.dll
C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb41.dat
C:\WINDOWS\mirar_distro_876090.exe
C:\WINDOWS\system32\njfnduhe.dll
C:\WINDOWS\system32\wpqwpygo.exe
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\Uninstall My Global Search Bar.dll

Folders to delete:

C:\WINDOWS\system32\UpMedia

Registry keys to delete:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6104497-54FD-4688-9162-5115CC8AB0FB}

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

nowy log z combofix

przez Najker » 13.07.2007 (Pt) 21:10

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ljicsuta

*******************

Script file located at: \??\C:\WINDOWS\skeqnlvy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\evoctwqw.dll deleted successfully.
File C:\WINDOWS\system32\gsbkdcpu.exe deleted successfully.
File C:\WINDOWS\system32\kcawycbw.exe deleted successfully.
File C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb8467.dat deleted successfully.
File C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb6334.dat deleted successfully.
File C:\WINDOWS\system32\WinDmy.dll deleted successfully.
File C:\DOCUME~1\SUPERC~1\DANEAP~1\internaldb41.dat deleted successfully.
File C:\WINDOWS\mirar_distro_876090.exe deleted successfully.
File C:\WINDOWS\system32\njfnduhe.dll deleted successfully.
File C:\WINDOWS\system32\wpqwpygo.exe deleted successfully.

File C:\WINDOWS\system32\WinNB58.dll not found!
Deletion of file C:\WINDOWS\system32\WinNB58.dll failed!

Could not process line:
C:\WINDOWS\system32\WinNB58.dll
Status: 0xc0000034

File C:\Program Files\Uninstall My Global Search Bar.dll not found!
Deletion of file C:\Program Files\Uninstall My Global Search Bar.dll failed!

Could not process line:
C:\Program Files\Uninstall My Global Search Bar.dll
Status: 0xc0000034

Folder C:\WINDOWS\system32\UpMedia deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6104497-54FD-4688-9162-5115CC8AB0FB} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

przez Joan » 13.07.2007 (Pt) 23:58

nowy log z combo proszę

przez Najker » 14.07.2007 (So) 8:38

Prosze oto log z Combo

(((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))

2007-07-13 09:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 15:35 <DIR> d-------- C:\Program Files\QuickTime
2007-07-12 15:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2007-07-12 15:34 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-12 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple
2007-07-12 14:47 <DIR> d-------- C:\Program Files\Opera
2007-07-12 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Sandlot Games
2007-07-12 10:35 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\SopCast
2007-07-12 01:50 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\Media Player Classic
2007-07-11 20:42 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\PlayFirst
2007-07-11 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PlayFirst
2007-07-11 18:37 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-07-10 20:59 <DIR> d-------- C:\Program Files\XviD
2007-07-10 20:53 <DIR> d-------- C:\Program Files\MarBit
2007-07-10 20:52 1,276 --a------ C:\WINDOWS\unins000.dat
2007-07-10 00:36 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\Kazaa Lite
2007-07-09 23:55 <DIR> d-------- C:\Program Files\BearShare Applications
2007-07-09 23:42 <DIR> d-------- C:\Downloads
2007-07-09 17:47 <DIR> d-------- C:\DOCUME~1\SUPERC~1\DANEAP~1\Zylom
2007-07-09 17:45 <DIR> d-------- C:\Program Files\Zylom Games
2007-07-09 17:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Zylom
2007-07-09 12:18 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-09 12:18 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-09 12:18 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-09 11:17 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-09 11:16 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-09 11:16 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-07-09 11:16 3,780,864 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-07-09 11:16 2,324,672 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-07-09 11:15 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-09 11:15 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-07-09 11:15 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-07-09 11:14 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-07-09 11:14 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-07-09 11:14 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-07-09 11:14 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-07-09 11:14 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-07-09 11:14 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-07-09 11:14 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-07-09 11:14 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-07-09 11:14 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-07-09 11:14 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-07-09 11:14 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-07-09 11:14 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-07-09 11:14 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-07-09 11:14 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-07-09 11:14 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-07-09 11:14 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-07-09 11:14 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-07-09 11:14 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-07-09 11:14 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-07-09 11:14 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-09 11:14 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-07-09 11:14 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-07-09 11:14 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-07-09 11:14 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-07-09 11:14 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-09 11:14 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-07-09 11:14 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-07-09 11:14 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-07-09 11:14 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-07-09 11:14 <DIR> dr------- C:\Program Files
2007-07-09 11:14 <DIR> d--hs---- C:\WINDOWS\Installer
2007-07-09 11:14 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-09 11:14 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-09 11:13 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-07-09 11:13 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-07-09 11:13 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji
2007-07-09 11:13 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start
2007-07-09 11:13 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start
2007-07-09 11:13 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-07-09 11:13 <DIR> d--hs---- C:\System Volume Information
2007-07-09 11:13 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony
2007-07-09 11:13 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony
2007-07-09 11:13 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-07-09 11:13 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-07-09 11:13 <DIR> d-------- C:\Documents and Settings
2007-07-09 11:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione
2007-07-09 11:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit
2007-07-09 11:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 12:03:59 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-07-09 12:03:59 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-07-09 07:29:31 -------- d-----w C:\Program Files\Usługi online
2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 11:56 63136 -ra------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-07-09 09:52 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"nwiz"="nwiz.exe" [2004-06-10 13:52 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"BearShare"="d:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-09 09:52]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

Contents of the 'Scheduled Tasks' folder
2007-07-12 13:34:35 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 08:36:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-14 8:37:11
C:\ComboFix-quarantined-files.txt ... 2007-07-14 08:36
C:\ComboFix2.txt ... 2007-07-13 10:28

--- E O F ---

przez Joan » 14.07.2007 (So) 13:27

C:\Program Files\BearShare Applications

usun folder i już będzie ok

przez Najker » 14.07.2007 (So) 15:06

Ok juz usunołem dzieki za pomoc

przez lesiu131 » 21.07.2007 (So) 13:21

log z Hijack

Logfile of HijackThis v1.99.1
Scan saved at 13:17:04, on 2007-07-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ScannerU\AM32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Leszek\Pulpit\LFS\VundoFix.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Leszek\USTAWI~1\Temp\Rar$EX00.766\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xegmiaoh.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

log ComboFix

"Leszek" - 2007-07-22 13:25:22 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\cbxywuv.dll
C:\WINDOWS\system32\jtvvvbhw.dll
C:\WINDOWS\system32\qpswfnuy.dll
C:\WINDOWS\system32\xegmiaoh.dll
C:\WINDOWS\system32\bknxtlyj.exe
C:\WINDOWS\system32\dahykwkf.exe
C:\WINDOWS\system32\maeqvlvh.exe
C:\WINDOWS\system32\skmahlkm.exe
C:\WINDOWS\system32\ssjabcyc.exe
C:\WINDOWS\system32\udwvmqbw.exe
C:\WINDOWS\system32\wpvqrtge.exe
C:\WINDOWS\system32\xxpchudc.exe
C:\WINDOWS\system32\adeecxbx.dll
C:\WINDOWS\system32\ahhaknox.dll
C:\WINDOWS\system32\bboatxre.dll
C:\WINDOWS\system32\cphpsudu.dll
C:\WINDOWS\system32\fauofmqq.dll
C:\WINDOWS\system32\fiwrkymy.dll
C:\WINDOWS\system32\fuarruqe.dll
C:\WINDOWS\system32\fwhxmqbk.dll
C:\WINDOWS\system32\gnfkneow.dll
C:\WINDOWS\system32\htpxqwfu.dll
C:\WINDOWS\system32\iarnyqpc.dll
C:\WINDOWS\system32\jjenbahl.dll
C:\WINDOWS\system32\kqvcrvqj.dll
C:\WINDOWS\system32\lafgaqan.dll
C:\WINDOWS\system32\lclvmarf.dll
C:\WINDOWS\system32\lmhswvnb.dll
C:\WINDOWS\system32\mooftmhi.dll
C:\WINDOWS\system32\nikxgxnu.dll
C:\WINDOWS\system32\pdimujmv.dll
C:\WINDOWS\system32\rvigxofd.dll
C:\WINDOWS\system32\smthaugi.dll
C:\WINDOWS\system32\wfvtqbox.dll
C:\WINDOWS\system32\ysctnbas.dll
C:\WINDOWS\system32\cbxywuv.dll
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\srqss.tmp
C:\WINDOWS\system32\yunfwspq.ini
C:\WINDOWS\system32\hoaimgex.ini
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\srqss.tmp
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\srqss.tmp
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\qommlji.dll
C:\WINDOWS\system32\qommlji.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\advjahyt.exe
C:\WINDOWS\system32\aeqorepd.exe
C:\WINDOWS\system32\apqalpwj.exe
C:\WINDOWS\system32\dlsdncyh.exe
C:\WINDOWS\system32\fjkpsjxn.exe
C:\WINDOWS\system32\gtsufhqs.exe
C:\WINDOWS\system32\hmqpmfek.exe
C:\WINDOWS\system32\hngtsrbr.exe
C:\WINDOWS\system32\ibtqsygu.exe
C:\WINDOWS\system32\latmmhwu.exe
C:\WINDOWS\system32\llarreld.exe
C:\WINDOWS\system32\luhcdkgp.exe
C:\WINDOWS\system32\msvcrl.dll
C:\WINDOWS\system32\nejfgcwo.exe
C:\WINDOWS\system32\nnmuoeek.exe
C:\WINDOWS\system32\orkyhukq.exe
C:\WINDOWS\system32\ouldnsfg.exe
C:\WINDOWS\system32\qfcseipi.exe
C:\WINDOWS\system32\qsorotbv.exe
C:\WINDOWS\system32\sahhxgoa.exe
C:\WINDOWS\system32\stinabew.exe
C:\WINDOWS\system32\tpvfgciw.exe
C:\WINDOWS\system32\vaddrexq.exe
C:\WINDOWS\system32\waolkmos.exe
C:\WINDOWS\system32\whfgqpuc.exe
C:\WINDOWS\system32\xbccader.exe
C:\WINDOWS\system32\xjkjbbtk.exe
C:\WINDOWS\system32\xlbarbsp.exe
C:\WINDOWS\system32\xudqrhfv.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))

2007-07-22 13:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 13:13 <DIR> d-------- C:\VundoFix Backups
2007-07-22 13:09 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-22 13:09 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-07-22 13:09 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-07-22 13:09 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-07-22 13:09 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony
2007-07-22 13:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione
2007-07-22 13:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit
2007-07-22 13:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-07-20 19:24 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-20 19:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Lavasoft
2007-07-17 14:16 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-17 14:16 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-17 14:16 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-17 14:16 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-17 14:16 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-17 14:15 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-17 14:15 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-17 14:15 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-17 14:15 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-17 14:15 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-17 14:15 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-17 13:31 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-17 13:31 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-17 13:31 22 --a------ C:\WINDOWS\system32\register.bat
2007-07-17 13:31 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-16 22:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-16 22:27 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-07-16 22:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-16 22:27 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-07-16 18:03 <DIR> d-------- C:\DOCUME~1\Leszek\DANEAP~1\Shareaza
2007-07-14 17:16 1,916,928 --------- C:\WINDOWS\UNNVEContent.exe
2007-07-13 15:26 <DIR> d-------- C:\DOCUME~1\Leszek\DANEAP~1\BearShare
2007-07-12 17:47 <DIR> d-------- C:\DOCUME~1\Ewelina\DANEAP~1\uTorrent
2007-07-11 19:07 <DIR> d-------- C:\DOCUME~1\Ewelina\DANEAP~1\Gadu-Gadu
2007-07-10 22:31 <DIR> d-------- C:\Program Files\Soulseek-Test
2007-07-01 16:24 77,895 --a------ C:\WINDOWS\system32\unibus_tcutil.dll
2007-07-01 16:24 67,072 --a------ C:\WINDOWS\system32\drivers\Wibukey.sys
2007-07-01 16:24 57,552 --a------ C:\WINDOWS\system32\WKDOS.EXE
2007-07-01 16:24 52,736 --a------ C:\WINDOWS\system\WkWin.dll
2007-07-01 16:24 38,656 --a------ C:\WINDOWS\system32\drivers\P2k.sys
2007-07-01 16:24 29,696 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2007-07-01 16:24 139,264 --a------ C:\WINDOWS\system32\WkWin32.dll
2007-07-01 16:24 <DIR> d-------- C:\Program Files\WIBUKEY
2007-07-01 16:24 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2007-06-23 12:05 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-06-23 12:03 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll
2007-06-23 12:03 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll
2007-06-23 12:00 <DIR> d-------- C:\WINDOWS\solcache
2007-06-23 11:58 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-06-23 11:58 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-06-23 11:58 <DIR> d-------- C:\Program Files\Sierra On-Line
2007-06-23 11:58 <DIR> d-------- C:\DOCUME~1\Leszek\WINDOWS

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 11:13:31 -------- d-----w C:\DOCUME~1\Leszek\DANEAP~1\uTorrent
2007-07-14 15:14:25 -------- d-----w C:\DOCUME~1\Leszek\DANEAP~1\Ahead
2007-07-14 15:12:49 -------- d-----w C:\DOCUME~1\Leszek\DANEAP~1\foobar2000
2007-07-01 14:24:31 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-23 10:13:34 -------- d-----w C:\Program Files\HLSW
2007-06-20 12:40:10 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-20 09:44:38 -------- d-----w C:\DOCUME~1\Leszek\DANEAP~1\teamspeak2
2007-06-20 09:42:03 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-06-07 11:16:37 740 ----a-w C:\WINDOWS\eReg.dat
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 17:45:18 -------- d-----w C:\Program Files\File Rescue Plus
2007-05-31 17:43:06 -------- d-----w C:\Program Files\GetData
2007-05-27 20:21:03 -------- d-----w C:\Program Files\TC PowerPack
2007-05-27 19:19:55 -------- d-----w C:\Program Files\ScannerU
2007-05-07 15:44:33 4 ----a-w C:\WINDOWS\vx86036.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2002-12-18 17:55:08 57,344 ----a-w C:\Program Files\Scanutl.exe
2002-12-18 16:58:52 327,680 ----a-w C:\Program Files\Scanutl.rsc
2002-10-04 09:28:02 200,704 ----a-w C:\Program Files\copy.exe
2002-10-02 10:03:08 36,864 ----a-w C:\Program Files\Copyres.dll
2002-08-13 10:59:08 184,320 ----a-w C:\Program Files\Album.exe
2002-08-13 10:54:40 126,976 ----a-w C:\Program Files\Positive.exe
2002-08-13 10:53:16 131,072 ----a-w C:\Program Files\Negative.exe
2002-07-09 02:55:12 32,768 ----a-w C:\Program Files\prndrv32.dll
2002-04-24 10:29:08 77,824 ----a-w C:\Program Files\Custom_Config.exe
2002-04-18 04:22:50 57,344 ----a-w C:\Program Files\AM32.exe
2002-02-26 14:56:44 122,880 ----a-w C:\Program Files\OCR.exe
2002-01-21 15:39:34 36,864 ----a-w C:\Program Files\WebRes.dll
2002-01-21 15:38:06 36,864 ----a-w C:\Program Files\MailRes.dll
2002-01-21 15:32:02 36,864 ----a-w C:\Program Files\FaxRes.dll
2002-01-21 15:27:24 36,864 ----a-w C:\Program Files\AlbumRes.dll
2002-01-09 23:02:20 208,896 ----a-w C:\Program Files\mail.exe
2002-01-09 23:02:20 196,608 ----a-w C:\Program Files\Web.exe
2002-01-04 00:38:50 32,768 ----a-w C:\Program Files\Plkdata.dll
2002-01-03 17:11:56 32,768 ----a-w C:\Program Files\PosNegRes.dll
2002-01-03 17:10:42 32,768 ----a-w C:\Program Files\OcrRes.dll
2002-01-03 17:08:00 36,864 ----a-w C:\Program Files\Am32Res.dll
2001-12-28 01:09:06 28,672 ----a-w C:\Program Files\ImageFolio.exe
2001-12-06 20:41:00 28,672 ----a-w C:\Program Files\PowerSve.exe
2001-11-22 13:15:38 32,768 ----a-w C:\Program Files\CustomRes.dll
2001-11-16 16:26:02 24,576 ----a-w C:\Program Files\Custom_Launcher.exe
2001-07-03 09:50:44 49,152 ----a-w C:\Program Files\db4plk.dll
2001-06-11 14:39:32 155,648 ----a-w C:\Program Files\fax.exe
2001-02-13 14:46:50 98,304 ----a-w C:\Program Files\plkcom32.dll
2001-01-16 11:30:38 57,344 ----a-w C:\Program Files\IM31xpcx.del
2001-01-12 16:52:00 278,528 ----a-w C:\Program Files\ImgLib32.dll
2000-07-05 08:59:18 45,568 ----a-w C:\Program Files\EmailModule.dll
2000-06-28 16:31:54 53,248 ----a-w C:\Program Files\IM31XJPG.DEL
2000-04-24 09:08:16 2,081 ----a-w C:\Program Files\EmailDB.ini
1999-10-18 19:11:20 212,480 ----a-w C:\Program Files\Pcdlib32.dll
1999-08-03 17:58:06 65,536 ----a-w C:\Program Files\Guided.dll
1998-11-24 12:59:14 142,848 ----a-w C:\Program Files\IM31BMP.DIL
1998-02-19 12:58:38 67,584 ----a-w C:\Program Files\IM31XTIF.DEL
1998-02-19 11:11:02 32,768 ----a-w C:\Program Files\IM31XBMP.DEL
1998-02-19 11:10:28 82,432 ----a-w C:\Program Files\IM31TIF.DIL
1998-02-19 11:10:16 35,328 ----a-w C:\Program Files\IM31TGA.DIL
1998-02-19 11:10:04 54,784 ----a-w C:\Program Files\IM31PNG.DIL
1998-02-19 11:09:22 60,928 ----a-w C:\Program Files\IM31PCX.DIL
1998-02-19 11:09:10 33,280 ----a-w C:\Program Files\IM31PCD.DIL
1998-02-19 11:06:54 34,304 ----a-w C:\Program Files\IM31IMG.DIL
1998-02-19 11:06:40 36,864 ----a-w C:\Program Files\im31Gif.dil
1998-02-19 11:06:28 77,824 ----a-w C:\Program Files\IM31FAX.DIL
1998-02-18 20:19:06 86,528 ----a-w C:\Program Files\IM31XPNG.DEL
1998-02-03 14:06:14 67,072 ----a-w C:\Program Files\IM31JPG.DIL
1997-01-22 19:26:26 565,760 ----a-w C:\Program Files\MSVCP50.DLL

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-04 01:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27]
"InCD"="D:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 12:01]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37]
"Cmaudio"="cmicnfg.cpl" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"NVIEW"="nview.dll,nViewLoadHook" []
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-03-11 17:04]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-07-14 13:28]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" []
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-17 13:12]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-07-14 13:28]
"Shareaza"="D:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 13:31:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-22 13:33:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-22 13:32

--- E O F ---

prosze o pomoc

[/quote]

przez jessica » 21.07.2007 (So) 14:45

prosze o pomoc

Chcesz pomocy, a nawet nie napisałeś, co "dolega".
Ja nie jestem jasnowidzem.

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xegmiaoh.dll",forkonce

Ten w/w wpis sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz go >>Fix checked.

Masz, (a właściwie miałeś, bo ComboFix już usunął) - infekcję "VUNDO".

Teraz nic już szkodliwego w logu nie dostrzegam.
.

"Error Safe" jak usunąć?

Kto przegląda forum