złapanie trojana i jego konsekwencje

[pudel882]

Witam. Mam ogromny problem z kompem. Nagle zaczął mi się restartować (wyskokiwało okienko z odliczaniem), więc pomyślałem, że to trojan. Włączyłem skanowanie, które wykryło mi jakieś dwa wiru, oczywiście je usunąłem. Ale niestety komp zachowuje się bardzo dziwnie: chodzi wolno, internet albo zamula albo w ogóle nie działa i co jakiś czas wyskakują rzekome błędy w rejstrze. Obawiam się że mam jakiś syf dlatego prosiłbym o sprawdzenie logów. Z góry dzięki za pomoc.

logi z hj

Kod: Zaznacz cały

Logfile of HijackThis v1.99.1
Scan saved at 22:36:53, on 2007-04-18
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7619C8-784D-4145-8FFE-A62D5C61A7A3}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


z silenta dodam jak skończy scan, a narazie korzystając z tego że net w miare działa prosze o sprawdzenie hj.

[Joan]

O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
O4 - HKCU\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

pliki na czerwono usuń ręcznie z dysku w trybie awaryjnym, wpisy skasuj w hjt.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com

strona startowa Twoja? Daj nowe logi hjt+silentrunners.

[StG 44]

Mam ogromny problem z kompem

Nie jest to dziwne,bez SP2,firewalla,WWDC ,nie można nie mieć kłopotów.

[pudel882]

hj

Kod: Zaznacz cały

Logfile of HijackThis v1.99.1
Scan saved at 23:03:57, on 2007-04-18
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7619C8-784D-4145-8FFE-A62D5C61A7A3}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

silent nie chce robić scan'u, wyskakuje coś takiego:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com

strona startowa Twoja?

nie, nie jest to moja strona startowa

Nie jest to dziwne,bez SP2,firewalla,WWDC ,nie można nie mieć kłopotów.

Wiem zdaje sobie sprawe, że sam sprawiam sobie kłopoty niską ochroną.

Sorry za kłopot.

[Joan]

to tę stronę startową też zafixuj.

O problemach z Silentem poczytaj tutaj -> KLIK

[pudel882]

W związku z tym, że silent nadal nie robi scan'u i nadal wyskakują jakieś błędy, postanowiłem, że zrobie format i postawie na nowo system. Jeszcze raz sorry za kłopot i dzięki za chęć pomocy. Pozdrawiam.

[Joan]

poczekaj, zajrzyj tu: http://www.error.xp.pl/

Daj loga z ComboFix

a kłopotu żadnego nikomu nie zrobiłeś

[pudel882]

log z combofix:

Kod: Zaznacz cały

ComboFix 07-04-19.1V - Running from: D:\


(((((((((((((((((((((((((((((((   Files Created from 2007-03-19 to 2007-04-19  ))))))))))))))))))))))))))))))))))


2007-04-19 14:07   0   --a------   C:\WINDOWS\system32\dllhost32.exe
2007-04-18 22:59   <DIR>   d--------   C:\Nowy folder
2007-04-18 14:07   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Radmin
2007-04-18 14:03   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-04-18 14:00   <DIR>   d--------   C:\WINDOWS\system32\rserver30
2007-04-18 14:00   <DIR>   d--------   C:\WINDOWS\LastGood
2007-04-06 11:06   20,096   --a------   C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2007-04-06 11:03   99,840   --a------   C:\WINDOWS\system32\irftp.exe
2007-04-06 11:03   78,848   --a------   C:\WINDOWS\system32\irmon.dll
2007-04-06 11:03   7,680   --a------   C:\WINDOWS\system32\wshirda.dll
2007-04-06 11:03   55,296   --a------   C:\WINDOWS\system32\drivers\irda.sys
2007-04-06 11:03   26,624   --a------   C:\WINDOWS\system32\drivers\irstusb.sys
2007-04-06 11:03   19,584   --a------   C:\WINDOWS\system32\drivers\rasirda.sys
2007-04-05 20:24   8,192   --a------   C:\WINDOWS\system32\tsbyuv.dll
2007-04-05 20:24   50,688   --a------   C:\WINDOWS\system32\vfwwdm32.dll
2007-04-05 20:24   45,568   --a------   C:\WINDOWS\system32\iyuv_32.dll
2007-04-05 20:24   10,005   -ra------   C:\WINDOWS\system32\drivers\wf2kXbar.sys
2007-04-05 20:24   <DIR>   d--------   C:\WUTemp
2007-04-05 20:23   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2007-04-05 20:21   9,446   --a------   C:\WINDOWS\system32\drivers\WFIOCTL.sys
2007-04-05 20:21   49,152   --a------   C:\WINDOWS\system32\TempDel.EXE
2007-04-05 20:21   <DIR>   d--------   C:\WinFast WorkArea
2007-04-05 20:21   <DIR>   d--------   C:\Program Files\WinFast
2007-04-05 20:21   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Ulead Systems
2007-04-05 19:46   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2007-04-05 19:45   75,925   --a------   C:\WINDOWS\system32\drivers\wf2kvcap.sys
2007-04-05 19:45   36,423   --a------   C:\WINDOWS\system32\drivers\wf2ktunr.sys
2007-04-05 19:45   <DIR>   d--------   C:\WINDOWS\system32\DX9
2007-04-05 19:43   9,600   --a------   C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-04-05 19:43   <DIR>   d--------   C:\WINDOWS\system32\WinFox
2007-04-05 19:43   <DIR>   d--------   C:\WINDOWS\system32\WinFast
2007-03-31 17:20   <DIR>   d--------   C:\WINDOWS\system32\FlashAX
2007-03-31 17:20   <DIR>   d--------   C:\Program Files\UnibetpokerMPP
2007-03-31 17:20   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Microgaming
2007-03-25 19:47   <DIR>   d--------   C:\Program Files\PITy2004
2007-03-25 19:30   <DIR>   d--------   C:\Program Files\IPSPI
2007-03-25 19:24   <DIR>   d--------   C:\Program Files\PITy
2007-03-24 10:04   <DIR>   d--------   C:\Program Files\Prawo Jazdy 2006
2007-03-20 21:08   18,224   --a------   C:\DOCUME~1\Szymek\DANEAP~1\GDIPFONTCACHEV1.DAT
2007-03-20 17:34   <DIR>   d--------   C:\WINDOWS\pss
2007-03-20 17:31   <DIR>   d--------   C:\Program Files\ffdshow
2007-03-20 17:30   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Media Player Classic
2007-03-20 16:51   <DIR>   d--------   C:\WINDOWS\Sun
2007-03-20 16:51   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Sun
2007-03-20 16:50   831,519   --a------   C:\WINDOWS\system32\mswdat10.dll
2007-03-20 16:50   614,429   --a------   C:\WINDOWS\system32\mswstr10.dll
2007-03-20 16:50   552,989   --a------   C:\WINDOWS\system32\msrepl40.dll
2007-03-20 16:50   53,279   --a------   C:\WINDOWS\system32\msjter40.dll
2007-03-20 16:50   512,029   --a------   C:\WINDOWS\system32\msexch40.dll
2007-03-20 16:50   421,919   --a------   C:\WINDOWS\system32\msrd2x40.dll
2007-03-20 16:50   380,957   --a------   C:\WINDOWS\system32\expsrv.dll
2007-03-20 16:50   348,193   --a------   C:\WINDOWS\system32\msjetoledb40.dll
2007-03-20 16:50   348,189   --a------   C:\WINDOWS\system32\msxbde40.dll
2007-03-20 16:50   348,189   --a------   C:\WINDOWS\system32\mspbde40.dll
2007-03-20 16:50   319,517   --a------   C:\WINDOWS\system32\msexcl40.dll
2007-03-20 16:50   315,423   --a------   C:\WINDOWS\system32\msrd3x40.dll
2007-03-20 16:50   30,749   --a------   C:\WINDOWS\system32\vbajet32.dll
2007-03-20 16:50   258,077   --a------   C:\WINDOWS\system32\mstext40.dll
2007-03-20 16:50   241,693   --a------   C:\WINDOWS\system32\msjtes40.dll
2007-03-20 16:50   213,023   --a------   C:\WINDOWS\system32\msltus40.dll
2007-03-20 16:50   172,061   --a------   C:\WINDOWS\system32\msjint40.dll
2007-03-20 16:50   1,507,358   --a------   C:\WINDOWS\system32\msjet40.dll
2007-03-20 16:50   <DIR>   d--------   C:\Program Files\PROKOM Software SA
2007-03-20 16:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2007-03-20 16:33   <DIR>   d--------   C:\Program Files\uTorrent
2007-03-20 16:33   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\uTorrent
2007-03-20 15:10   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2007-03-20 14:11   8,704   --a------   C:\WINDOWS\system32\kbdjpn.dll
2007-03-20 14:11   8,192   --a------   C:\WINDOWS\system32\kbdkor.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd106.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd101c.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd101b.dll
2007-03-20 14:11   5,632   --a------   C:\WINDOWS\system32\kbd103.dll
2007-03-20 14:05   <DIR>   d--------   C:\Program Files\Google
2007-03-20 14:05   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Google
2007-03-20 14:05   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google
2007-03-20 14:04   <DIR>   d--------   C:\Downloads
2007-03-20 08:40   <DIR>   d--------   C:\Program Files\Switch Off
2007-03-20 00:04   4   --a------   C:\WINDOWS\system32\proc-220146841.bin
2007-03-20 00:04   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\GanymedeNet
2007-03-19 20:43   <DIR>   d--------   C:\Program Files\Real Alternative
2007-03-19 20:43   <DIR>   d--------   C:\Program Files\Media Player Classic
2007-03-19 20:43   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Real
2007-03-19 20:43   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-03-19 20:09   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\fltk.org
2007-03-19 20:08   <DIR>   d--------   C:\WEOL2007
2007-03-19 00:48   182,880   --a------   C:\WINDOWS\system32\iuengine.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-19 14:07   --------   d--------   C:\Program Files\neostrada tp
2007-04-16 14:12   4986   --a------   C:\WINDOWS\mozver.dat
2007-04-14 09:47   94552   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-14 09:47   85952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-14 09:45   23416   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-14 09:44   43176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-14 09:43   26888   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-14 09:42   90112   --a------   C:\WINDOWS\system32\avastss.scr
2007-04-12 09:02   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\skype
2007-04-10 13:18   712832   --a------   C:\WINDOWS\system32\aswboot.exe
2007-04-05 20:23   --------   d--h-----   C:\Program Files\installshield installation information
2007-04-02 19:10   --------   d--------   C:\Program Files\emule
2007-03-29 17:40   --------   d--------   C:\Program Files\bitcomet
2007-03-25 10:11   49492   --a------   C:\WINDOWS\system32\perfc015.dat
2007-03-25 10:11   355486   --a------   C:\WINDOWS\system32\perfh015.dat
2007-03-20 16:42   --------   d--------   C:\Program Files\java
2007-03-20 14:21   --------   d--------   C:\Program Files\subedit-player
2007-03-18 22:39   98304   --a------   C:\WINDOWS\system32cmdlineext.dll
2007-03-18 22:35   --------   d--------   C:\Program Files\konami
2007-03-18 22:33   --------   d--------   C:\Program Files\Common Files\installshield
2007-03-18 13:10   --------   d--h-----   C:\Program Files\windowsupdate
2007-03-18 13:09   --------   d--------   C:\Program Files\genius
2007-03-18 13:06   --------   d--------   C:\Program Files\skype
2007-03-18 13:06   --------   d--------   C:\Program Files\Common Files\skype
2007-03-18 12:39   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\talkback
2007-03-18 12:38   0   --a------   C:\WINDOWS\nsreg.dat
2007-03-18 12:38   --------   d--------   C:\Program Files\gadu-gadu
2007-03-18 12:34   --------   d--------   C:\Program Files\sagem
2007-03-18 12:28   --------   d--------   C:\Program Files\alwil software
2007-03-18 12:26   --------   d--------   C:\Program Files\winamp
2007-03-18 12:24   --------   d--------   C:\Program Files\intel
2007-03-18 12:22   --------   d--------   C:\Program Files\c-media 3d audio
2007-03-18 12:21   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\help
2007-03-18 12:19   --------   d--------   C:\Program Files\ati technologies
2007-03-18 12:14   --------   d--------   C:\Program Files\messenger
2007-03-18 12:10   0   -rahs----   C:\MSDOS.SYS
2007-03-18 12:10   0   -rahs----   C:\IO.SYS
2007-03-18 12:10   0   --a------   C:\CONFIG.SYS
2007-03-18 12:10   0   --a------   C:\AUTOEXEC.BAT
2007-03-18 12:10   --------   d--------   C:\Program Files\microsoft frontpage
2007-03-18 12:08   --------   d--------   C:\Program Files\usˆugi online
2007-03-18 12:08   --------   d--------   C:\Program Files\movie maker
2007-03-18 12:07   21856   --a------   C:\WINDOWS\system32\emptyregdb.dat
2007-03-18 12:07   --------   d--------   C:\Program Files\Common Files\mssoap
2007-03-18 12:06   --------   d--------   C:\Program Files\windows nt
2007-03-18 12:06   --------   d--------   C:\Program Files\msn gaming zone
2007-03-18 12:00   62   --ahs----   C:\DOCUME~1\Szymek\DANEAP~1\desktop.ini
2007-03-18 12:00   --------   d--------   C:\Program Files\Common Files\speechengines
2007-03-18 12:00   --------   d--------   C:\Program Files\Common Files\odbc


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7}   c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"M1000Mnt"="M1000Rmv.exe /StartStillMnt"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"WinFast Schedule"="C:\\Program Files\\WinFast\\WFTVFM\\WFWIZ.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Security Center Notification Appls"="C:\\WINDOWS\\System32\\sxe.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0\0\0
   Security Packages   REG_MULTI_SZ      kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages   REG_MULTI_SZ      scecli\0\0

 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070418-225546-857
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20070418-225546-669
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20070418-225545-743
O4 - HKCU\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
backup-20070418-225545-963
O4 - HKLM\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
backup-20070418-225545-506
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-19 14:20:53
C:\ComboFix-quarantined-files.txt ... 07-04-19 14:20


Edit:
wyskakują błedy tego typu:

[adam9870]

W trbie awaryjnym usuń z dysku ręcznie plik (jeśli będzie)

C:\\WINDOWS\\System32\\sxe.exe

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Security Center Notification Appls"=-

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

2007-04-05 20:21 49,152 --a------ C:\WINDOWS\system32\TempDel.EXE

Przeskanuj ten plik na stronie http://www.virustotal.com/ a jeśli okaże się szkodliwy - go również usuń.

Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz usługę Posłaniec.

Po wykonaniu wklej nowy log z Combo.

[pudel882]

log z combo

Kod: Zaznacz cały

ComboFix 07-04-19.1V - Running from: D:\


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\a.exe


(((((((((((((((((((((((((((((((   Files Created from 2007-03-20 to 2007-04-20  ))))))))))))))))))))))))))))))))))


2007-04-20 22:15   115,200   --a------   C:\WINDOWS\system32\sxe.exe
2007-04-20 16:41   69,496   --a------   C:\DOCUME~1\Szymek\3.exe
2007-04-20 16:41   2,560   ---hs----   C:\WINDOWS\system32\helpersrvc.exe
2007-04-20 16:40   66,845   --a------   C:\WINDOWS\system32\dload.exe
2007-04-19 15:35   68,888   --a------   C:\WINDOWS\system32\xinput1_3.dll
2007-04-19 15:35   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2007-04-19 15:35   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-04-19 15:35   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2007-04-19 15:35   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2007-04-19 15:35   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2007-04-19 15:35   15,128   --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-19 15:28   <DIR>   d--------   C:\Program Files\Sega
2007-04-19 15:28   <DIR>   d--------   C:\Program Files\DaemonTools_WhenUSave_Installer
2007-04-19 15:26   <DIR>   d--------   C:\Program Files\DAEMON Tools
2007-04-19 15:24   682,232   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-04-19 14:07   217,088   -r-hs----   C:\WINDOWS\system32\dllhost32.exe
2007-04-18 22:59   <DIR>   d--------   C:\Nowy folder
2007-04-18 14:07   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Radmin
2007-04-18 14:03   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-04-18 14:00   <DIR>   d--------   C:\WINDOWS\system32\rserver30
2007-04-18 14:00   <DIR>   d--------   C:\WINDOWS\LastGood
2007-04-06 11:06   20,096   --a------   C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2007-04-06 11:03   99,840   --a------   C:\WINDOWS\system32\irftp.exe
2007-04-06 11:03   78,848   --a------   C:\WINDOWS\system32\irmon.dll
2007-04-06 11:03   7,680   --a------   C:\WINDOWS\system32\wshirda.dll
2007-04-06 11:03   55,296   --a------   C:\WINDOWS\system32\drivers\irda.sys
2007-04-06 11:03   26,624   --a------   C:\WINDOWS\system32\drivers\irstusb.sys
2007-04-06 11:03   19,584   --a------   C:\WINDOWS\system32\drivers\rasirda.sys
2007-04-05 20:24   8,192   --a------   C:\WINDOWS\system32\tsbyuv.dll
2007-04-05 20:24   50,688   --a------   C:\WINDOWS\system32\vfwwdm32.dll
2007-04-05 20:24   45,568   --a------   C:\WINDOWS\system32\iyuv_32.dll
2007-04-05 20:24   10,005   -ra------   C:\WINDOWS\system32\drivers\wf2kXbar.sys
2007-04-05 20:24   <DIR>   d--------   C:\WUTemp
2007-04-05 20:23   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2007-04-05 20:21   9,446   --a------   C:\WINDOWS\system32\drivers\WFIOCTL.sys
2007-04-05 20:21   49,152   --a------   C:\WINDOWS\system32\TempDel.EXE
2007-04-05 20:21   <DIR>   d--------   C:\WinFast WorkArea
2007-04-05 20:21   <DIR>   d--------   C:\Program Files\WinFast
2007-04-05 20:21   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Ulead Systems
2007-04-05 19:46   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2007-04-05 19:45   75,925   --a------   C:\WINDOWS\system32\drivers\wf2kvcap.sys
2007-04-05 19:45   36,423   --a------   C:\WINDOWS\system32\drivers\wf2ktunr.sys
2007-04-05 19:45   <DIR>   d--------   C:\WINDOWS\system32\DX9
2007-04-05 19:43   9,600   --a------   C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-04-05 19:43   <DIR>   d--------   C:\WINDOWS\system32\WinFox
2007-04-05 19:43   <DIR>   d--------   C:\WINDOWS\system32\WinFast
2007-03-31 17:20   <DIR>   d--------   C:\WINDOWS\system32\FlashAX
2007-03-31 17:20   <DIR>   d--------   C:\Program Files\UnibetpokerMPP
2007-03-31 17:20   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Microgaming
2007-03-25 19:47   <DIR>   d--------   C:\Program Files\PITy2004
2007-03-25 19:30   <DIR>   d--------   C:\Program Files\IPSPI
2007-03-25 19:24   <DIR>   d--------   C:\Program Files\PITy
2007-03-24 10:04   <DIR>   d--------   C:\Program Files\Prawo Jazdy 2006
2007-03-20 21:08   18,224   --a------   C:\DOCUME~1\Szymek\DANEAP~1\GDIPFONTCACHEV1.DAT
2007-03-20 17:34   <DIR>   d--------   C:\WINDOWS\pss
2007-03-20 17:31   <DIR>   d--------   C:\Program Files\ffdshow
2007-03-20 17:30   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Media Player Classic
2007-03-20 16:51   <DIR>   d--------   C:\WINDOWS\Sun
2007-03-20 16:51   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Sun
2007-03-20 16:50   831,519   --a------   C:\WINDOWS\system32\mswdat10.dll
2007-03-20 16:50   614,429   --a------   C:\WINDOWS\system32\mswstr10.dll
2007-03-20 16:50   552,989   --a------   C:\WINDOWS\system32\msrepl40.dll
2007-03-20 16:50   53,279   --a------   C:\WINDOWS\system32\msjter40.dll
2007-03-20 16:50   512,029   --a------   C:\WINDOWS\system32\msexch40.dll
2007-03-20 16:50   421,919   --a------   C:\WINDOWS\system32\msrd2x40.dll
2007-03-20 16:50   380,957   --a------   C:\WINDOWS\system32\expsrv.dll
2007-03-20 16:50   348,193   --a------   C:\WINDOWS\system32\msjetoledb40.dll
2007-03-20 16:50   348,189   --a------   C:\WINDOWS\system32\msxbde40.dll
2007-03-20 16:50   348,189   --a------   C:\WINDOWS\system32\mspbde40.dll
2007-03-20 16:50   319,517   --a------   C:\WINDOWS\system32\msexcl40.dll
2007-03-20 16:50   315,423   --a------   C:\WINDOWS\system32\msrd3x40.dll
2007-03-20 16:50   30,749   --a------   C:\WINDOWS\system32\vbajet32.dll
2007-03-20 16:50   258,077   --a------   C:\WINDOWS\system32\mstext40.dll
2007-03-20 16:50   241,693   --a------   C:\WINDOWS\system32\msjtes40.dll
2007-03-20 16:50   213,023   --a------   C:\WINDOWS\system32\msltus40.dll
2007-03-20 16:50   172,061   --a------   C:\WINDOWS\system32\msjint40.dll
2007-03-20 16:50   1,507,358   --a------   C:\WINDOWS\system32\msjet40.dll
2007-03-20 16:50   <DIR>   d--------   C:\Program Files\PROKOM Software SA
2007-03-20 16:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2007-03-20 16:33   <DIR>   d--------   C:\Program Files\uTorrent
2007-03-20 16:33   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\uTorrent
2007-03-20 15:10   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2007-03-20 14:11   8,704   --a------   C:\WINDOWS\system32\kbdjpn.dll
2007-03-20 14:11   8,192   --a------   C:\WINDOWS\system32\kbdkor.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd106.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd101c.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd101b.dll
2007-03-20 14:11   5,632   --a------   C:\WINDOWS\system32\kbd103.dll
2007-03-20 14:05   <DIR>   d--------   C:\Program Files\Google
2007-03-20 14:05   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Google
2007-03-20 14:05   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google
2007-03-20 14:04   <DIR>   d--------   C:\Downloads
2007-03-20 08:40   <DIR>   d--------   C:\Program Files\Switch Off
2007-03-20 00:04   4   --a------   C:\WINDOWS\system32\proc-220146841.bin
2007-03-20 00:04   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\GanymedeNet


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-20 22:15   --------   d--------   C:\Program Files\neostrada tp
2007-04-19 17:17   163644   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-19 15:28   --------   d--h-----   C:\Program Files\installshield installation information
2007-04-16 14:12   4986   --a------   C:\WINDOWS\mozver.dat
2007-04-14 09:47   94552   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-14 09:47   85952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-14 09:45   23416   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-14 09:44   43176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-14 09:43   26888   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-14 09:42   90112   --a------   C:\WINDOWS\system32\avastss.scr
2007-04-12 09:02   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\skype
2007-04-10 13:18   712832   --a------   C:\WINDOWS\system32\aswboot.exe
2007-04-02 19:10   --------   d--------   C:\Program Files\emule
2007-03-29 17:40   --------   d--------   C:\Program Files\bitcomet
2007-03-25 10:11   49492   --a------   C:\WINDOWS\system32\perfc015.dat
2007-03-25 10:11   355486   --a------   C:\WINDOWS\system32\perfh015.dat
2007-03-22 10:34   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\real
2007-03-20 18:06   --------   d--------   C:\Program Files\real alternative
2007-03-20 16:42   --------   d--------   C:\Program Files\java
2007-03-20 14:21   --------   d--------   C:\Program Files\subedit-player
2007-03-19 20:43   --------   d--------   C:\Program Files\media player classic
2007-03-18 22:39   98304   --a------   C:\WINDOWS\system32cmdlineext.dll
2007-03-18 22:35   --------   d--------   C:\Program Files\konami
2007-03-18 22:33   --------   d--------   C:\Program Files\Common Files\installshield
2007-03-18 13:10   --------   d--h-----   C:\Program Files\windowsupdate
2007-03-18 13:09   --------   d--------   C:\Program Files\genius
2007-03-18 13:06   --------   d--------   C:\Program Files\skype
2007-03-18 13:06   --------   d--------   C:\Program Files\Common Files\skype
2007-03-18 12:39   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\talkback
2007-03-18 12:38   0   --a------   C:\WINDOWS\nsreg.dat
2007-03-18 12:38   --------   d--------   C:\Program Files\gadu-gadu
2007-03-18 12:34   --------   d--------   C:\Program Files\sagem
2007-03-18 12:28   --------   d--------   C:\Program Files\alwil software
2007-03-18 12:26   --------   d--------   C:\Program Files\winamp
2007-03-18 12:24   --------   d--------   C:\Program Files\intel
2007-03-18 12:22   --------   d--------   C:\Program Files\c-media 3d audio
2007-03-18 12:21   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\help
2007-03-18 12:19   --------   d--------   C:\Program Files\ati technologies
2007-03-18 12:14   --------   d--------   C:\Program Files\messenger
2007-03-18 12:10   0   -rahs----   C:\MSDOS.SYS
2007-03-18 12:10   0   -rahs----   C:\IO.SYS
2007-03-18 12:10   0   --a------   C:\CONFIG.SYS
2007-03-18 12:10   0   --a------   C:\AUTOEXEC.BAT
2007-03-18 12:10   --------   d--------   C:\Program Files\microsoft frontpage
2007-03-18 12:08   --------   d--------   C:\Program Files\usˆugi online
2007-03-18 12:08   --------   d--------   C:\Program Files\movie maker
2007-03-18 12:07   21856   --a------   C:\WINDOWS\system32\emptyregdb.dat
2007-03-18 12:07   --------   d--------   C:\Program Files\Common Files\mssoap
2007-03-18 12:06   --------   d--------   C:\Program Files\windows nt
2007-03-18 12:06   --------   d--------   C:\Program Files\msn gaming zone
2007-03-18 12:00   62   --ahs----   C:\DOCUME~1\Szymek\DANEAP~1\desktop.ini
2007-03-18 12:00   --------   d--------   C:\Program Files\Common Files\speechengines
2007-03-18 12:00   --------   d--------   C:\Program Files\Common Files\odbc
2007-01-24 15:25   66408   --a------   C:\WINDOWS\system32\dxdllreg.exe


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7}   c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"M1000Mnt"="M1000Rmv.exe /StartStillMnt"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"WinFast Schedule"="C:\\Program Files\\WinFast\\WFTVFM\\WFWIZ.exe"
"Windows DLL Extension Viewer"="dllhost32.exe"
"msvccc66"="svcchosst.exe"
"johnj315"="C:\\Documents and Settings\\Szymek\\3.exe"
"Windows Security Center Notification Appls"="C:\\WINDOWS\\System32\\sxe.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"johnj315"="C:\\Documents and Settings\\Szymek\\3.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows DLL Extension Viewer"="dllhost32.exe"
"msvccc66"="svcchosst.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Security Center Notification Appls"="C:\\WINDOWS\\System32\\sxe.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0\0\0
   Security Packages   REG_MULTI_SZ      kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages   REG_MULTI_SZ      scecli\0\0

 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2d7ceb-d53f-11db-8479-806d6172696f}]
Shell\AutoRun\command   E:\autorun6e.exe

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-20 22:30:27
C:\ComboFix-quarantined-files.txt ... 07-04-20 22:30
C:\ComboFix2.txt ... 07-04-19 14:20


C:\\WINDOWS\\System32\\sxe.exe

tego pliku nie było

[adam9870]

Przeskanuj plik C:\WINDOWS\system32\dllhost32.exe na stronie http://www.virustotal.com/ a jeśli okaże się szkodliwy - ścieżkę do niego również wklej do killboxa.

Ściągnij program KillBox, zaznacz Delete on reboot, w polu full path of file wklej ścieżki:
C:\WINDOWS\system32\sxe.exe
C:\DOCUME~1\Szymek\3.exe
C:\WINDOWS\system32\helpersrvc.exe
C:\WINDOWS\system32\dload.exe
Po wklejeniu każdej ścieżki z osobna kliknij na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgódź się na restart.

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows DLL Extension Viewer"=-
"msvccc66"=-
"johnj315"=-
"Windows Security Center Notification Appls"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"johnj315"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows DLL Extension Viewer"=-
"msvccc66"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Security Center Notification Appls"=-

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Po wykonaniu wklej nowy log z Combo.

[pudel882]

Kod: Zaznacz cały

ComboFix 07-04-19.1V - Running from: D:\


(((((((((((((((((((((((((((((((   Files Created from 2007-03-20 to 2007-04-20  ))))))))))))))))))))))))))))))))))


2007-04-20 23:01   174,080   -r-hs----   C:\WINDOWS\system32\msq23.exe
2007-04-20 22:52   <DIR>   d--------   C:\!KillBox
2007-04-19 15:35   68,888   --a------   C:\WINDOWS\system32\xinput1_3.dll
2007-04-19 15:35   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2007-04-19 15:35   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-04-19 15:35   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2007-04-19 15:35   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2007-04-19 15:35   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2007-04-19 15:35   15,128   --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-19 15:28   <DIR>   d--------   C:\Program Files\Sega
2007-04-19 15:28   <DIR>   d--------   C:\Program Files\DaemonTools_WhenUSave_Installer
2007-04-19 15:26   <DIR>   d--------   C:\Program Files\DAEMON Tools
2007-04-19 15:24   682,232   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-04-19 14:07   217,088   -r-hs----   C:\WINDOWS\system32\dllhost32.exe
2007-04-18 22:59   <DIR>   d--------   C:\Nowy folder
2007-04-18 14:07   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Radmin
2007-04-18 14:03   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-04-18 14:00   <DIR>   d--------   C:\WINDOWS\system32\rserver30
2007-04-18 14:00   <DIR>   d--------   C:\WINDOWS\LastGood
2007-04-06 11:06   20,096   --a------   C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2007-04-06 11:03   99,840   --a------   C:\WINDOWS\system32\irftp.exe
2007-04-06 11:03   78,848   --a------   C:\WINDOWS\system32\irmon.dll
2007-04-06 11:03   7,680   --a------   C:\WINDOWS\system32\wshirda.dll
2007-04-06 11:03   55,296   --a------   C:\WINDOWS\system32\drivers\irda.sys
2007-04-06 11:03   26,624   --a------   C:\WINDOWS\system32\drivers\irstusb.sys
2007-04-06 11:03   19,584   --a------   C:\WINDOWS\system32\drivers\rasirda.sys
2007-04-05 20:24   8,192   --a------   C:\WINDOWS\system32\tsbyuv.dll
2007-04-05 20:24   50,688   --a------   C:\WINDOWS\system32\vfwwdm32.dll
2007-04-05 20:24   45,568   --a------   C:\WINDOWS\system32\iyuv_32.dll
2007-04-05 20:24   10,005   -ra------   C:\WINDOWS\system32\drivers\wf2kXbar.sys
2007-04-05 20:24   <DIR>   d--------   C:\WUTemp
2007-04-05 20:23   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2007-04-05 20:21   9,446   --a------   C:\WINDOWS\system32\drivers\WFIOCTL.sys
2007-04-05 20:21   49,152   --a------   C:\WINDOWS\system32\TempDel.EXE
2007-04-05 20:21   <DIR>   d--------   C:\WinFast WorkArea
2007-04-05 20:21   <DIR>   d--------   C:\Program Files\WinFast
2007-04-05 20:21   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Ulead Systems
2007-04-05 19:46   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2007-04-05 19:45   75,925   --a------   C:\WINDOWS\system32\drivers\wf2kvcap.sys
2007-04-05 19:45   36,423   --a------   C:\WINDOWS\system32\drivers\wf2ktunr.sys
2007-04-05 19:45   <DIR>   d--------   C:\WINDOWS\system32\DX9
2007-04-05 19:43   9,600   --a------   C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-04-05 19:43   <DIR>   d--------   C:\WINDOWS\system32\WinFox
2007-04-05 19:43   <DIR>   d--------   C:\WINDOWS\system32\WinFast
2007-03-31 17:20   <DIR>   d--------   C:\WINDOWS\system32\FlashAX
2007-03-31 17:20   <DIR>   d--------   C:\Program Files\UnibetpokerMPP
2007-03-31 17:20   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Microgaming
2007-03-25 19:47   <DIR>   d--------   C:\Program Files\PITy2004
2007-03-25 19:30   <DIR>   d--------   C:\Program Files\IPSPI
2007-03-25 19:24   <DIR>   d--------   C:\Program Files\PITy
2007-03-24 10:04   <DIR>   d--------   C:\Program Files\Prawo Jazdy 2006
2007-03-20 21:08   18,224   --a------   C:\DOCUME~1\Szymek\DANEAP~1\GDIPFONTCACHEV1.DAT
2007-03-20 17:34   <DIR>   d--------   C:\WINDOWS\pss
2007-03-20 17:31   <DIR>   d--------   C:\Program Files\ffdshow
2007-03-20 17:30   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Media Player Classic
2007-03-20 16:51   <DIR>   d--------   C:\WINDOWS\Sun
2007-03-20 16:51   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Sun
2007-03-20 16:50   831,519   --a------   C:\WINDOWS\system32\mswdat10.dll
2007-03-20 16:50   614,429   --a------   C:\WINDOWS\system32\mswstr10.dll
2007-03-20 16:50   552,989   --a------   C:\WINDOWS\system32\msrepl40.dll
2007-03-20 16:50   53,279   --a------   C:\WINDOWS\system32\msjter40.dll
2007-03-20 16:50   512,029   --a------   C:\WINDOWS\system32\msexch40.dll
2007-03-20 16:50   421,919   --a------   C:\WINDOWS\system32\msrd2x40.dll
2007-03-20 16:50   380,957   --a------   C:\WINDOWS\system32\expsrv.dll
2007-03-20 16:50   348,193   --a------   C:\WINDOWS\system32\msjetoledb40.dll
2007-03-20 16:50   348,189   --a------   C:\WINDOWS\system32\msxbde40.dll
2007-03-20 16:50   348,189   --a------   C:\WINDOWS\system32\mspbde40.dll
2007-03-20 16:50   319,517   --a------   C:\WINDOWS\system32\msexcl40.dll
2007-03-20 16:50   315,423   --a------   C:\WINDOWS\system32\msrd3x40.dll
2007-03-20 16:50   30,749   --a------   C:\WINDOWS\system32\vbajet32.dll
2007-03-20 16:50   258,077   --a------   C:\WINDOWS\system32\mstext40.dll
2007-03-20 16:50   241,693   --a------   C:\WINDOWS\system32\msjtes40.dll
2007-03-20 16:50   213,023   --a------   C:\WINDOWS\system32\msltus40.dll
2007-03-20 16:50   172,061   --a------   C:\WINDOWS\system32\msjint40.dll
2007-03-20 16:50   1,507,358   --a------   C:\WINDOWS\system32\msjet40.dll
2007-03-20 16:50   <DIR>   d--------   C:\Program Files\PROKOM Software SA
2007-03-20 16:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2007-03-20 16:33   <DIR>   d--------   C:\Program Files\uTorrent
2007-03-20 16:33   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\uTorrent
2007-03-20 15:10   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2007-03-20 14:11   8,704   --a------   C:\WINDOWS\system32\kbdjpn.dll
2007-03-20 14:11   8,192   --a------   C:\WINDOWS\system32\kbdkor.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd106.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd101c.dll
2007-03-20 14:11   6,144   --a------   C:\WINDOWS\system32\kbd101b.dll
2007-03-20 14:11   5,632   --a------   C:\WINDOWS\system32\kbd103.dll
2007-03-20 14:05   <DIR>   d--------   C:\Program Files\Google
2007-03-20 14:05   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\Google
2007-03-20 14:05   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google
2007-03-20 14:04   <DIR>   d--------   C:\Downloads
2007-03-20 08:40   <DIR>   d--------   C:\Program Files\Switch Off
2007-03-20 00:04   4   --a------   C:\WINDOWS\system32\proc-220146841.bin
2007-03-20 00:04   <DIR>   d--------   C:\DOCUME~1\Szymek\DANEAP~1\GanymedeNet


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-20 23:00   --------   d--------   C:\Program Files\neostrada tp
2007-04-19 17:17   163644   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-19 15:28   --------   d--h-----   C:\Program Files\installshield installation information
2007-04-16 14:12   4986   --a------   C:\WINDOWS\mozver.dat
2007-04-14 09:47   94552   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-14 09:47   85952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-14 09:45   23416   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-14 09:44   43176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-14 09:43   26888   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-14 09:42   90112   --a------   C:\WINDOWS\system32\avastss.scr
2007-04-12 09:02   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\skype
2007-04-10 13:18   712832   --a------   C:\WINDOWS\system32\aswboot.exe
2007-04-02 19:10   --------   d--------   C:\Program Files\emule
2007-03-29 17:40   --------   d--------   C:\Program Files\bitcomet
2007-03-25 10:11   49492   --a------   C:\WINDOWS\system32\perfc015.dat
2007-03-25 10:11   355486   --a------   C:\WINDOWS\system32\perfh015.dat
2007-03-22 10:34   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\real
2007-03-20 18:06   --------   d--------   C:\Program Files\real alternative
2007-03-20 16:42   --------   d--------   C:\Program Files\java
2007-03-20 14:21   --------   d--------   C:\Program Files\subedit-player
2007-03-19 20:43   --------   d--------   C:\Program Files\media player classic
2007-03-18 22:39   98304   --a------   C:\WINDOWS\system32cmdlineext.dll
2007-03-18 22:35   --------   d--------   C:\Program Files\konami
2007-03-18 22:33   --------   d--------   C:\Program Files\Common Files\installshield
2007-03-18 13:10   --------   d--h-----   C:\Program Files\windowsupdate
2007-03-18 13:09   --------   d--------   C:\Program Files\genius
2007-03-18 13:06   --------   d--------   C:\Program Files\skype
2007-03-18 13:06   --------   d--------   C:\Program Files\Common Files\skype
2007-03-18 12:39   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\talkback
2007-03-18 12:38   0   --a------   C:\WINDOWS\nsreg.dat
2007-03-18 12:38   --------   d--------   C:\Program Files\gadu-gadu
2007-03-18 12:34   --------   d--------   C:\Program Files\sagem
2007-03-18 12:28   --------   d--------   C:\Program Files\alwil software
2007-03-18 12:26   --------   d--------   C:\Program Files\winamp
2007-03-18 12:24   --------   d--------   C:\Program Files\intel
2007-03-18 12:22   --------   d--------   C:\Program Files\c-media 3d audio
2007-03-18 12:21   --------   d--------   C:\DOCUME~1\Szymek\DANEAP~1\help
2007-03-18 12:19   --------   d--------   C:\Program Files\ati technologies
2007-03-18 12:14   --------   d--------   C:\Program Files\messenger
2007-03-18 12:10   0   -rahs----   C:\MSDOS.SYS
2007-03-18 12:10   0   -rahs----   C:\IO.SYS
2007-03-18 12:10   0   --a------   C:\CONFIG.SYS
2007-03-18 12:10   0   --a------   C:\AUTOEXEC.BAT
2007-03-18 12:10   --------   d--------   C:\Program Files\microsoft frontpage
2007-03-18 12:08   --------   d--------   C:\Program Files\usˆugi online
2007-03-18 12:08   --------   d--------   C:\Program Files\movie maker
2007-03-18 12:07   21856   --a------   C:\WINDOWS\system32\emptyregdb.dat
2007-03-18 12:07   --------   d--------   C:\Program Files\Common Files\mssoap
2007-03-18 12:06   --------   d--------   C:\Program Files\windows nt
2007-03-18 12:06   --------   d--------   C:\Program Files\msn gaming zone
2007-03-18 12:00   62   --ahs----   C:\DOCUME~1\Szymek\DANEAP~1\desktop.ini
2007-03-18 12:00   --------   d--------   C:\Program Files\Common Files\speechengines
2007-03-18 12:00   --------   d--------   C:\Program Files\Common Files\odbc
2007-01-24 15:25   66408   --a------   C:\WINDOWS\system32\dxdllreg.exe


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7}   c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"M1000Mnt"="M1000Rmv.exe /StartStillMnt"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"WinFast Schedule"="C:\\Program Files\\WinFast\\WFTVFM\\WFWIZ.exe"
"Windows DLL Extension Viewer"="dllhost32.exe"
"Internet Security Service"="msq23.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows DLL Extension Viewer"="dllhost32.exe"
"Internet Security Service"="msq23.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Internet Security Service"="msq23.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0\0\0
   Security Packages   REG_MULTI_SZ      kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages   REG_MULTI_SZ      scecli\0\0

 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-20 23:03:34
C:\ComboFix-quarantined-files.txt ... 07-04-20 23:03
C:\ComboFix2.txt ... 07-04-20 22:30
C:\ComboFix3.txt ... 07-04-19 14:20


C:\WINDOWS\system32\dllhost32.exe

tego pliku nie mam, jest coś bez "32".

[Gutek]

C:\WINDOWS\system32\msq23.exe
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\WINDOWS\system32\dllhost32.exe

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

Files to delete:

C:\WINDOWS\system32\msq23.exe
C:\WINDOWS\system32\dllhost32.exe

Folders to delete:

C:\Program Files\DaemonTools_WhenUSave_Installer

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po tym nowy log usuniemy klucze

[pudel882]

Dzięki za pomoc, ale niestety musiałem format zrobić i postawić system od nowa. Dzisiaj w ogóle nie chciał mi się uruchomić więc nie miałem raczej wyjścia. Tak czy inaczej dzięki za pomoc i czas spędzony nad moim problemem. Pozdrawiam.