Jak usunac wirusa? (antywirus nie wykrywa)

[Endzia311]

Mam wirusa MS32DLL.dll.vbs i mój antywirus go nie wykrywa mimo wszelkich aktualizacji (avast 4.7 home edition). Nie wiem jak go mam usunąć. A poza tym bearshare mi nie działa mimo iż innym te same wersje działają. Nie wiem od czego to może zależeć. Nie mam go już od dawna zainstalowanego ale jakieś śmiecie chyba zostały.
Z góry dziękuje za pomoc

log z hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:56:19, on 2007-04-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\ashServ.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Moje dokumenty\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [BearShare] "D:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: DC++.lnk = C:\Program Files\DC++\DCPlusPlus.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

[adam9870]

O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs

Użyj ComboFix. Uruchom go => naciśnij klawisz Y => czekaj cierpliwie i powinien być log w formie pliku .txt o nazwie combofix na partycji C, którego proszę tu pokazać.

Jeśli nie masz już Messenger'a to usuń te dwa wpisy:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O4 - HKLM\..\Run: [BearShare] "D:\BearShare\BearShare.exe" /pause

Zwykła wersja programu BearShare posiada w sobie syf dlatego proponuję go usunąć. A jeśli koniecznie chcesz z niego korzystać to zainstaluj wersję Lite, która jest pozbawiona syfu.

[Endzia311]

wyglada na to ze juz wirusa nie ma. messengera używam.
A co mam zrobic z tym?

O4 - HKLM\..\Run: [BearShare] "D:\BearShare\BearShare.exe" /pause

Teraz nie mam zainstalowanego. Nie mam nic widocznego takiego na dysku. Mam to usunąć w hijackthis? Nie wiem czemu mi żadna wersja nie chodzi oprócz tej najnowszej. Innym działają.

Te pliki txt (są dwa: ComboFix-quarantined-files.txt i ComboFix.txt) mam usunać?
wklejam z ComboFix

"Admin" - 07-04-15 15:16:13 Dodatek Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Admin\Moje dokumenty\hijackthis"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\MS32DLL.dll.vbs
c:\autorun.inf
d:\MS32DLL.dll.vbs
d:\autorun.inf
e:\MS32DLL.dll.vbs
e:\autorun.inf
f:\MS32DLL.dll.vbs
f:\autorun.inf
g:\MS32DLL.dll.vbs
g:\autorun.inf
h:\MS32DLL.dll.vbs
h:\autorun.inf


((((((((((((((((((((((((((((((( Files Created from 2007-03-15 to 2007-04-15 ))))))))))))))))))))))))))))))))))


2007-04-15 13:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-02 20:23 <DIR> d-------- C:\DOCUME~1\Admin\DANEAP~1\Creative
2007-03-27 12:12 <DIR> d-------- C:\DOCUME~1\Admin\DANEAP~1\Media Player Classic
2007-03-27 12:11 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-27 12:11 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 12:11 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-03-27 12:11 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 12:11 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-03-27 12:11 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 12:11 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 12:11 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-27 12:11 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-27 12:11 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 12:11 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-03-27 12:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-03-27 12:11 <DIR> d-------- C:\DOCUME~1\Admin\DANEAP~1\Real


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-15 15:18 -------- d-------- C:\Program Files\dc++
2007-04-15 12:46 -------- d--h----- C:\Program Files\installshield installation information
2007-04-14 09:47 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-14 09:47 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-14 09:45 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-14 09:44 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-14 09:43 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-14 09:42 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-04-10 13:18 712832 --a------ C:\WINDOWS\system32\aswboot.exe
2007-04-06 16:05 -------- d-------- C:\DOCUME~1\Admin\DANEAP~1\skype
2007-03-25 09:19 49492 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-25 09:19 355486 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-23 13:26 -------- d-------- C:\Program Files\gadu-gadu
2007-03-09 01:16 -------- d-------- C:\Program Files\subedit-player
2007-03-05 16:04 -------- d-------- C:\DOCUME~1\Admin\DANEAP~1\limewire
2007-02-24 17:40 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-02-19 14:22 -------- d-------- C:\Program Files\msn messenger
2007-02-01 21:49 308 --a------ C:\WINDOWS\logokom.reg


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\Avast4\\ashDisp.exe"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
"BearShare"="\"D:\\BearShare\\BearShare.exe\" /pause"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"D:\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxccmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18857610-e212-11db-9737-0011d84d5ea9}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780f73dd-e9a3-11db-9748-0011d84d5ea9}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5e6536-9854-11db-9067-0011d84d5ea9}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3cedc02-7f90-11db-902f-0011d84d5ea9}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-15 15:18:41
C:\ComboFix-quarantined-files.txt ... 07-04-15 15:18

[adam9870]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18857610-e212-11db-9737-0011d84d5ea9}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780f73dd-e9a3-11db-9748-0011d84d5ea9}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5e6536-9854-11db-9067-0011d84d5ea9}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3cedc02-7f90-11db-902f-0011d84d5ea9}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

Zajrzyj tutaj:

http://www.searchengines.pl/phpbb203/in ... pid=395844

[Endzia311]

Usunelam. Wklejam z combo

"Admin" - 07-04-15 15:43:58 Dodatek Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Admin\Moje dokumenty\hijackthis"


((((((((((((((((((((((((((((((( Files Created from 2007-03-15 to 2007-04-15 ))))))))))))))))))))))))))))))))))


2007-04-15 13:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-02 20:23 <DIR> d-------- C:\DOCUME~1\Admin\DANEAP~1\Creative
2007-03-27 12:12 <DIR> d-------- C:\DOCUME~1\Admin\DANEAP~1\Media Player Classic
2007-03-27 12:11 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-27 12:11 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 12:11 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-03-27 12:11 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 12:11 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-03-27 12:11 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 12:11 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 12:11 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-27 12:11 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-27 12:11 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 12:11 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-03-27 12:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-03-27 12:11 <DIR> d-------- C:\DOCUME~1\Admin\DANEAP~1\Real


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-15 15:41 -------- d-------- C:\Program Files\dc++
2007-04-15 12:46 -------- d--h----- C:\Program Files\installshield installation information
2007-04-14 09:47 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-14 09:47 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-14 09:45 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-14 09:44 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-14 09:43 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-14 09:42 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-04-10 13:18 712832 --a------ C:\WINDOWS\system32\aswboot.exe
2007-04-06 16:05 -------- d-------- C:\DOCUME~1\Admin\DANEAP~1\skype
2007-03-25 09:19 49492 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-25 09:19 355486 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-23 13:26 -------- d-------- C:\Program Files\gadu-gadu
2007-03-09 01:16 -------- d-------- C:\Program Files\subedit-player
2007-03-05 16:04 -------- d-------- C:\DOCUME~1\Admin\DANEAP~1\limewire
2007-02-24 17:40 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-02-19 14:22 -------- d-------- C:\Program Files\msn messenger
2007-02-01 21:49 308 --a------ C:\WINDOWS\logokom.reg


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\Avast4\\ashDisp.exe"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
"BearShare"="\"D:\\BearShare\\BearShare.exe\" /pause"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"D:\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxccmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-15 15:44:54
C:\ComboFix-quarantined-files.txt ... 07-04-15 15:44
C:\ComboFix2.txt ... 07-04-15 15:18

[adam9870]

Już jest Ok.

[Endzia311]

serdecznie dziękuję ))