2 wirusy

jordan20 · 27 Styczeń 2008 15:38

witam-po przeskanowaniu ArcaMicroSkan znalazło mi 2 wirusy:

[skanowanie : C:]

C:\WIN31.dll.vbs:WIN31.dll.vbs <- Heur.VBS.Generic.23 : Kasowanie

C:\WINDOWS\WIN31.dll.vbs:WIN31.dll.vbs <- Heur.VBS.Generic.23 : Kasowanie -> Leczenie -> Brak akcji

i nie mogę ich usunąć

wklejam loga

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:35:25, on 2008-01-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\CACHEM~1\CachemanXP.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\USBIcon.exe

C:\WINDOWS\System32\WScript.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BANTAI USA & EZRAEL [AL - MUKHLIS STUDIO]

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 80.190.241.30 home.edonkey.com

O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay

O4 - HKLM…\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://mks.com.pl

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/ins … utions.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

–

End of file - 7451 bytes

mam antywira avast

czym mogę się pozbyć tych wirusów

pozdrawiam

Gutek · 27 Styczeń 2008 16:00

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

O4 - HKLM\..\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs

usuń wpis HJT

Daj log z ComboFix

jordan20 · 27 Styczeń 2008 16:24

logi z combofix

ComboFix 08-01-23.1C - Kuba 2008-01-27 17:18:48.1 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.167 [GMT 1:00]

Running from: E:\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\WIN31.dll.vbs

C:\WINDOWS\WIN31.dll.vbs

D:\Autorun.inf

D:\WIN31.dll.vbs

E:\Autorun.inf

E:\WIN31.dll.vbs

F:\Autorun.inf

F:\WIN31.dll.vbs

.

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))

.

2008-01-27 17:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-27 16:35 . 2008-01-27 16:35

2008-01-27 01:23 . 2008-01-27 01:23

2008-01-27 00:14 . 2008-01-27 00:14

2008-01-26 18:42 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys

2008-01-26 18:41 . 2008-01-26 18:41

2008-01-26 18:34 . 2008-01-26 18:34

2008-01-26 14:04 . 2008-01-26 14:04 15,360 --ahs---- C:\Thumbs.db

2008-01-26 14:04 . 2008-01-26 14:04 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-01-12 19:16 . 2008-01-12 19:16

2008-01-06 17:15 . 2008-01-26 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-06 17:15 . 2008-01-06 17:15 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-06 17:14 . 2008-01-06 17:14

2008-01-06 17:13 . 2008-01-06 17:14

2007-12-30 20:37 . 2007-12-30 20:38 4,458,138 --a------ C:\01 —cieľka 1.wma

2007-12-30 20:34 . 2007-12-30 20:34 3,609,534 --a------ C:\07 —cieľka 7.wma

2007-12-29 00:01 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX

2007-12-29 00:01 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX

2007-12-29 00:01 . 2004-03-08 23:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2007-12-29 00:01 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL

2007-12-29 00:01 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL

2007-12-29 00:01 . 1999-03-25 19:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-12-29 00:01 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll

2007-12-29 00:01 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL

2007-12-29 00:01 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL

2007-12-29 00:01 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL

2007-12-27 18:43 . 2007-12-27 18:43

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-12 18:56 --------- d-----w C:\Program Files\IrfanView

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-12-01 18:30 --------- d-----w C:\Program Files\LG Electronics

2007-12-01 18:29 --------- d-----w C:\Program Files\LG PC Suite 2

2007-11-30 23:19 --------- d-----w C:\Program Files\MSXML 4.0

2007-11-30 13:44 --------- d-----w C:\Program Files\Samsung

2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:29 723,968 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:44 1,291,264 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab

2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab

2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab

2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab

2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab

2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab

2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab

2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab

2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab

2007-10-22 02:31 976,020 ------w C:\Program Files\BDAXP.cab

2007-10-22 02:31 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab

2007-10-22 02:31 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab

2007-10-22 02:31 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab

2007-10-22 02:31 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab

2007-10-22 02:31 86,802 ----a-w C:\Program Files\dxupdate.cab

2007-10-22 02:31 855,886 ------w C:\Program Files\AUG2007_d3dx10_35_x64.cab

2007-10-22 02:31 800,467 ------w C:\Program Files\AUG2007_d3dx10_35_x86.cab

2007-10-22 02:31 76,808 ----a-w C:\Program Files\DSETUP.dll

2007-10-22 02:31 702,644 ------w C:\Program Files\JUN2007_d3dx10_34_x64.cab

2007-10-22 02:31 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab

2007-10-22 02:31 702,072 ------w C:\Program Files\JUN2007_d3dx10_34_x86.cab

2007-10-22 02:31 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab

2007-10-22 02:31 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab

2007-10-22 02:31 502,792 ----a-w C:\Program Files\DXSETUP.exe

2007-10-22 02:31 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab

2007-10-22 02:31 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab

2007-10-22 02:31 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab

2007-10-22 02:31 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab

2007-10-22 02:31 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab

2007-10-22 02:31 201,696 ------w C:\Program Files\AUG2007_XACT_x64.cab

2007-10-22 02:31 200,722 ------w C:\Program Files\JUN2007_XACT_x64.cab

2007-10-22 02:31 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab

2007-10-22 02:31 198,275 ------w C:\Program Files\FEB2007_XACT_x64.cab

2007-10-22 02:31 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab

2007-10-22 02:31 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab

2007-10-22 02:31 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab

2007-10-22 02:31 183,321 ------w C:\Program Files\OCT2006_XACT_x64.cab

2007-10-22 02:31 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab

2007-10-22 02:31 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab

2007-10-22 02:31 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab

2007-10-22 02:31 156,612 ------w C:\Program Files\AUG2007_XACT_x86.cab

2007-10-22 02:31 156,509 ------w C:\Program Files\JUN2007_XACT_x86.cab

2007-10-22 02:31 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab

2007-10-22 02:31 151,583 ------w C:\Program Files\FEB2007_XACT_x86.cab

2007-10-22 02:31 146,559 ------w C:\Program Files\DEC2006_XACT_x86.cab

2007-10-22 02:31 138,977 ------w C:\Program Files\OCT2006_XACT_x86.cab

2007-10-22 02:31 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab

2007-10-22 02:31 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab

2007-10-22 02:31 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab

2007-10-22 02:31 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab

2007-10-22 02:31 13,265,040 ------w C:\Program Files\dxnt.cab

2007-10-22 02:31 100,417 ------w C:\Program Files\APR2007_xinput_x64.cab

2007-10-22 02:31 1,803,760 ------w C:\Program Files\AUG2007_d3dx9_35_x64.cab

2007-10-22 02:31 1,711,752 ------w C:\Program Files\AUG2007_d3dx9_35_x86.cab

2007-10-22 02:31 1,673,224 ----a-w C:\Program Files\dsetup32.dll

2007-10-22 02:31 1,611,374 ------w C:\Program Files\JUN2007_d3dx9_34_x64.cab

2007-10-22 02:31 1,610,958 ------w C:\Program Files\APR2007_d3dx9_33_x64.cab

2007-10-22 02:31 1,610,886 ------w C:\Program Files\JUN2007_d3dx9_34_x86.cab

2007-10-22 02:31 1,609,639 ------w C:\Program Files\APR2007_d3dx9_33_x86.cab

2007-10-22 02:31 1,575,336 ------w C:\Program Files\DEC2006_d3dx9_32_x86.cab

2007-10-22 02:31 1,572,114 ------w C:\Program Files\DEC2006_d3dx9_32_x64.cab

2007-10-22 02:31 1,413,862 ------w C:\Program Files\OCT2006_d3dx9_31_x64.cab

2007-10-22 02:31 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab

2007-10-22 02:31 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab

2007-10-22 02:31 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab

2007-10-22 02:31 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab

2007-10-22 02:31 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab

2007-10-22 02:31 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab

2007-10-22 02:31 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab

2007-10-22 02:31 1,156,363 ------w C:\Program Files\BDANT.cab

2007-10-22 02:31 1,128,177 ------w C:\Program Files\OCT2006_d3dx9_31_x86.cab

2007-10-22 02:31 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab

2007-10-22 02:31 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab

2007-10-22 02:31 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab

2007-10-22 02:31 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab

2007-10-22 02:31 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab

2007-10-22 02:31 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab

2007-10-22 02:31 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24 1694208]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-09-14 21:05 344064]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“C:\Program Files\Google\Gmail Notifier\gnotify.exe” [2005-07-15 22:48 479232]

“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-06-21 12:32 188416]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]

“ppmate”=“C:\Program Files\PPMate\PPMate\ppmate.exe” [2006-11-23 02:45 1495123]

“MCI USB Icon”=“C:\WINDOWS\system32\USBIcon.exe” [2004-09-17 12:49 81920]

“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-12-11 10:56 286720]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\

Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-26 12:50:20 106496]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

–a------ 2006-09-14 22:09 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]

–a------ 2006-11-23 02:45 1495123 C:\Program Files\PPMate\PPMate\ppmate.exe

R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2006-03-22 02:36]

R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44]

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]

S3 MksMonEn;MkS_Mon Kernel Engine;C:\Program Files\MKS\Bin\MksMonEn.sys []

S3 MksMonEv;MkS_Mon Kernel Events;C:\Program Files\MKS\Bin\MksMonEv.sys []

S3 MksMonFd;MkS_Mon Kernel Filter Driver;C:\Program Files\MKS\Bin\MksMonFd.sys []

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{621FCD24-4498-4324-A81E-07D331376EDF}]

C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the ‘Scheduled Tasks’ folder

“2008-01-18 16:30:22 C:\WINDOWS\Tasks\Funkcja One Button Checkup pakietu Norton SystemWorks.job”

C:\Program Files\Norton SystemWorks\OBC.exe

“2008-01-26 23:00:02 C:\WINDOWS\Tasks\Symantec Drmc.job”

C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe

“2008-01-27 16:06:22 C:\WINDOWS\Tasks\Symantec NetDetect.job”

C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

“2008-01-06 16:14:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-27 17:20:44

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-27 17:21:17

ComboFix-quarantined-files.txt 2008-01-27 16:21:16

.

2008-01-26 14:58:22 — E O F —

Gutek · 27 Styczeń 2008 16:49

Zrozumiałeś co napsiałem czy nie:

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Combo usunął powinno już być Ok