Bardzo wolne tempo internetu

Endrjusza · 22 Grudzień 2007 16:53

Sprawa wygląda tak zaden antywir Panda Avast czy Mks online nie widzą nic. Ad-aware mówi ze jest czysto. Ale strony w przeglądarce ładują mi sie jakies 300% wolniej pingi w programach komunikacyjnych np. TeamSpeak 1789 a normalnie bylo ok 70. GG-client(program do obsługi gier) “Your ping is over 600”

Ujmę to tak zamieszczam loga i prosze o ratunek.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:47:55, on 2007-12-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\autoclk.exe C:\WINDOWS\system32\srvd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\TEMP\3E00543D.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\PowerArchiver\PASTARTER.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE” /s O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [johkjh] C:\WINDOWS\system32\srvd.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [s123dwe2] C:\WINDOWS\TEMP\3E00543D.exe O4 - HKLM…\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM…\Run: [WindowsUpdater] WindowsUpdater.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\RunServices: [mmsass] mmdmm.exe O4 - HKLM…\RunServices: [WindowsUpdater] WindowsUpdater.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [johkjh] C:\WINDOWS\system32\srvd.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe – End of file - 4374 bytes

Tak ma to wyglądać

Asterisk

Ciuci · 22 Grudzień 2007 17:30

Usuń w HJT.

Użyj -->SDFix

Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym.

Pokaż Report.txt znajdujący się w folderze SDFix.

Potem log z ComboFix.

Endrjusza · 22 Grudzień 2007 18:09

Ok zrobione zamieszczam

SDFix SDFix: Version 1.119 Run by Endrju on 2007-12-22 at 18:47 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: FCI ntio256 Path: C:\WINDOWS\System32\svchost.exe:ext.exe ??\C:\WINDOWS\System32\ntio256.sys FCI - Deleted ntio256 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:-10654~1 - Deleted C:\Program Files\Helper\superfinderusa.dll - Deleted C:\WINDOWS\system32\2_exception.nls - Deleted C:\WINDOWS\system32\adult.txt - Deleted C:\WINDOWS\system32\finance.txt - Deleted C:\WINDOWS\system32\i - Deleted C:\WINDOWS\system32\lt.res - Deleted C:\WINDOWS\system32\other.txt - Deleted C:\WINDOWS\system32\pharma.txt - Deleted C:\WINDOWS\system32\sft.res - Deleted C:\WINDOWS\system32\xpdx.sys - Deleted Folder C:\Program Files\Helper - Removed Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 18:53:55 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg$winnt32$_test] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] “khjeh”=hex:20,02,00,00,36,f4,17,69,a0,d2,19,c6,12,c8,b1,6a,1a,b8,78,c6,16,… “hj34z0”=hex:f6,0b,a9,e8,ad,94,a7,1e,5d,e4,6f,b2,82,3f,b8,59,42,a6,8d,a4,3d,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fsc47] “Type”=dword:00000001 “Tag”=dword:00000001 “Group”=“System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0” “ErrorControl”=dword:00000001 “Start”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:2df9c43f “s2”=dword:110480d0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Fsc47] “Type”=dword:00000001 “Tag”=dword:00000001 “Group”=“System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0” “ErrorControl”=dword:00000001 “Start”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … C:\WINDOWS\system32\drivers\Fsc47.sys 137216 bytes executable C:\WINDOWS\system32\drivers\symavc32.sys 185856 bytes executable scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 2 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “C:\Program Files\BitComet\BitComet.exe”=“C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client” “C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe”=“C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GG E-Sports Platform Client” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 18 Dec 2007 194 A.SH. — “C:\BOOT.BAK” Fri 7 Dec 2007 65,115 …SH. — “C:\WINDOWS\system32\srvd.exe” Finished! -------------------------------------------------------------ComboFix ComboFix 07-12-21.4 - Endrju 2007-12-22 18:58:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.156 [GMT 1:00] Running from: C:\Documents and Settings\Endrju\Pulpit\ComboFix(2).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\curlog.htm C:\Program Files\akl\keylog.txt C:\Program Files\akl\readme.txt C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.dat C:\Program Files\akl\unsetup.exe C:\Program Files\amsys C:\Program Files\amsys\awmsg.dat C:\Program Files\amsys\guid.dat C:\Program Files\amsys\ijl15.dll C:\Program Files\amsys\mfc42.dll C:\Program Files\amsys\msvcrt.dll C:\Program Files\amsys\unins000.dat C:\Program Files\amsys\unis000.exe C:\Program Files\amsys\winam.dat C:\Program Files\e-zshopper C:\Program Files\e-zshopper\BarLcher.dll C:\Program Files\p2pnetworks C:\Program Files\p2pnetworks\amp2pl.exe C:\WINDOWS\764.exe C:\WINDOWS\7search.dll C:\WINDOWS\absolute key logger.lnk C:\WINDOWS\aconti.exe C:\WINDOWS\aconti.ini C:\WINDOWS\aconti.log C:\WINDOWS\aconti.sdb C:\WINDOWS\acontidialer.txt C:\WINDOWS\adbar.dll C:\WINDOWS\cbinst$.exe C:\WINDOWS\daxtime.dll C:\WINDOWS\default.htm C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\fhfmm-Uninstaller.exe C:\WINDOWS\fhfmm.exe C:\WINDOWS\flt.dll C:\WINDOWS\hcwprn.exe C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\kkcomp.exe C:\WINDOWS\kvnab$.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\liqad.exe C:\WINDOWS\liqui-Uninstaller.exe C:\WINDOWS\liqui.exe C:\WINDOWS\ngd.dll C:\WINDOWS\pbar.dll C:\WINDOWS\settn.dll C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\6_exception.nls C:\WINDOWS\system32\ace16win.dll C:\WINDOWS\system32\acespy C:\WINDOWS\system32\acespy__acelog.ndx C:\WINDOWS\system32\acespy\systune.exe C:\WINDOWS\system32\din.ip C:\WINDOWS\system32\dpqaqlqx.bin C:\WINDOWS\system32\drivers\blank.gif C:\WINDOWS\system32\drivers\box_2.gif C:\WINDOWS\system32\drivers\button_buynow.gif C:\WINDOWS\system32\drivers\button_freescan.gif C:\WINDOWS\system32\drivers\cell_bg.gif C:\WINDOWS\system32\drivers\cell_footer.gif C:\WINDOWS\system32\drivers\cell_header_block.gif C:\WINDOWS\system32\drivers\cell_header_remove.gif C:\WINDOWS\system32\drivers\cell_header_scan.gif C:\WINDOWS\system32\drivers\detect.htm C:\WINDOWS\system32\drivers\download_btn.jpg C:\WINDOWS\system32\drivers\download_now_btn.gif C:\WINDOWS\system32\drivers\footer_back.jpg C:\WINDOWS\system32\drivers\FSC47.sys C:\WINDOWS\system32\drivers\header_1.gif C:\WINDOWS\system32\drivers\header_2.gif C:\WINDOWS\system32\drivers\header_3.gif C:\WINDOWS\system32\drivers\header_4.gif C:\WINDOWS\system32\drivers\header_red_bg.gif C:\WINDOWS\system32\drivers\header_red_free_scan.gif C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif C:\WINDOWS\system32\drivers\infected.gif C:\WINDOWS\system32\drivers\main_back.gif C:\WINDOWS\system32\drivers\product_2_header.gif C:\WINDOWS\system32\drivers\product_2_name_small.gif C:\WINDOWS\system32\drivers\product_features.gif C:\WINDOWS\system32\drivers\pt.htm C:\WINDOWS\system32\drivers\rating.gif C:\WINDOWS\system32\drivers\Rgm33.sys C:\WINDOWS\system32\drivers\s_detect.htm C:\WINDOWS\system32\drivers\screenshot.jpg C:\WINDOWS\system32\drivers\sep_hor.gif C:\WINDOWS\system32\drivers\sep_vert.gif C:\WINDOWS\system32\drivers\shadow.jpg C:\WINDOWS\system32\drivers\shadow_bg.gif C:\WINDOWS\system32\drivers\spacer.gif C:\WINDOWS\system32\drivers\star.gif C:\WINDOWS\system32\drivers\star_gray.gif C:\WINDOWS\system32\drivers\star_gray_small.gif C:\WINDOWS\system32\drivers\star_small.gif C:\WINDOWS\system32\drivers\style.css C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\drivers\v.gif C:\WINDOWS\system32\drivers\warning_icon.gif C:\WINDOWS\system32\drivers\win_logo.gif C:\WINDOWS\system32\drivers\x.gif C:\WINDOWS\system32\stfv.bin C:\WINDOWS\system32\sznf.ascii C:\WINDOWS\system32\vxddsk.exe C:\WINDOWS\system32\wml.exe C:\WINDOWS\vxddsk.exe C:\WINDOWS\wbeInst$.exe C:\WINDOWS\wml.exe C:\WINDOWS\xadbrk.exe C:\WINDOWS\xadbrk_.exe C:\WINDOWS\xxxvideo.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_FSC47 -------\LEGACY_NTIO256 ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 02:03 . 2007-12-22 02:03 2007-12-22 01:49 . 2007-12-22 16:38 163,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-22 01:49 . 2007-12-22 16:37 6,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-22 01:49 . 2007-12-22 01:57 1,988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-22 01:49 . 2007-12-22 01:57 1,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-22 01:45 . 2007-12-22 01:53 2007-12-22 00:08 . 2007-12-22 00:08 2007-12-20 19:06 . 2007-12-20 19:06 2007-12-20 18:16 . 2007-12-20 18:16 2007-12-20 18:15 . 2007-12-20 18:15 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2007-12-20 18:14 . 2007-12-20 18:14 2007-12-20 18:12 . 2007-12-20 18:12 2007-12-20 17:46 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-20 17:41 . 2007-12-20 17:41 2007-12-20 17:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002367_.tmp 2007-12-20 17:35 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-20 17:32 . 2007-12-20 17:44 2007-12-20 15:35 . 2004-08-04 01:17 469,089 -ra------ C:\txtsetup.sif 2007-12-20 15:35 . 2004-08-03 23:00 262,400 -ra------ C:$LDR$ 2007-12-20 15:35 . 2007-12-18 23:57 194 --ahs---- C:\BOOT.BAK 2007-12-20 15:22 . 2007-12-20 15:22 2007-12-20 15:22 . 2007-12-20 15:22 2007-12-20 15:22 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-12-20 15:22 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-12-20 14:49 . 2007-12-20 14:49 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-20 12:30 . 2007-12-20 12:30 1,217 --a------ C:\WINDOWS\bestplayer.ini 2007-12-20 12:30 . 2007-12-20 12:30 246 --a------ C:\WINDOWS\bestplayer.bbt 2007-12-20 12:30 . 2007-12-20 12:30 116 --a------ C:\WINDOWS\bestplayer.bpp 2007-12-20 10:09 . 2007-12-20 10:09 2007-12-20 01:40 . 2007-12-20 01:40 2007-12-20 01:03 . 2007-12-20 01:03 4,608 --a------ C:\wincchw.exe 2007-12-20 01:03 . 2007-12-20 01:03 4,608 --a------ C:\winbhvd.exe 2007-12-20 01:03 . 2007-12-20 01:03 0 --a------ C:\WINDOWS\system32\MI1B.tmp 2007-12-20 01:03 . 2007-12-20 01:03 0 --a------ C:\WINDOWS\system32\MI19.tmp 2007-12-20 01:03 . 2007-12-20 01:03 0 --a------ C:\WINDOWS\system32\MI17.tmp 2007-12-20 01:03 . 2007-12-20 01:03 0 --a------ C:\WINDOWS\system32\MI15.tmp 2007-12-20 00:44 . 2007-12-22 00:08 2007-12-20 00:41 . 2007-12-20 00:41 29 --a------ C:\WINDOWS\system32\itosfgew.tmp 2007-12-20 00:15 . 2007-12-20 00:15 0 --a------ C:\WINDOWS\system32\MI11B.tmp 2007-12-20 00:13 . 2007-12-20 00:13 4,608 --a------ C:\winlxyt.exe 2007-12-20 00:13 . 2007-12-20 00:13 4,608 --a------ C:\winizce.exe 2007-12-20 00:13 . 2007-12-20 00:13 0 --a------ C:\WINDOWS\system32\MI117.tmp 2007-12-20 00:13 . 2007-12-20 00:13 0 --a------ C:\WINDOWS\system32\MI115.tmp 2007-12-20 00:00 . 2007-12-20 00:00 4,608 --a------ C:\winwcvs.exe 2007-12-20 00:00 . 2007-12-20 00:00 4,608 --a------ C:\winqqni.exe 2007-12-20 00:00 . 2007-12-20 00:00 0 --a------ C:\WINDOWS\system32\MI10F.tmp 2007-12-20 00:00 . 2007-12-20 00:00 0 --a------ C:\WINDOWS\system32\MI10D.tmp 2007-12-20 00:00 . 2007-12-20 00:00 0 --a------ C:\WINDOWS\system32\MI10B.tmp 2007-12-20 00:00 . 2007-12-20 00:00 0 --a------ C:\WINDOWS\system32\MI109.tmp 2007-12-19 23:56 . 2007-12-19 23:56 4 --a------ C:\WINDOWS\system32\jpewocmz.ini 2007-12-19 21:24 . 2007-12-19 21:26 94,208 --a------ C:\WINDOWS\ScUnin.exe 2007-12-19 21:24 . 2007-12-19 21:26 35,382 --a------ C:\WINDOWS\scunin.dat 2007-12-19 21:24 . 2007-12-19 21:26 967 --a------ C:\WINDOWS\ScUnin.pif 2007-12-19 21:23 . 2007-12-19 22:16 2007-12-19 10:16 . 2007-12-19 10:16 38 --a------ C:\WINDOWS\AviSplitter.INI 2007-12-19 03:51 . 2007-12-22 19:04 21,760 --a------ C:\WINDOWS\Bhm38.sys 2007-12-19 00:12 . 2007-12-19 00:12 2007-12-18 13:48 . 2007-12-18 13:48 2007-12-17 19:14 . 2003-02-21 03:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL 2007-12-16 09:48 . 2007-12-20 07:17 2007-12-16 09:48 . 2007-12-16 09:48 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-12-16 09:47 . 2007-12-17 15:52 2007-12-14 22:09 . 2007-12-14 22:09 2007-12-13 20:36 . 2007-12-13 20:45 24,064 --a------ C:\mlah.exe 2007-12-13 20:22 . 2007-12-13 20:46 25,600 --a------ C:\WINDOWS\system32\ronods.dll 2007-12-13 18:06 . 2007-12-13 20:37 25,600 --a------ C:\WINDOWS\system32\judgemq.dll 2007-12-13 03:50 . 2007-12-13 03:50 142,848 --a------ C:\WINDOWS\system32\MI112.tmp 2007-12-12 23:42 . 2007-12-19 00:08 21,760 --a------ C:\WINDOWS\system32\drivers\Bhm38.sys 2007-12-12 23:40 . 2007-12-13 20:45 57,856 --a------ C:\actgm.exe 2007-12-12 23:01 . 2007-12-12 23:01 2007-12-12 23:01 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll 2007-12-12 01:05 . 2007-12-12 01:05 2007-12-12 01:05 . 2006-11-22 11:00 63,488 --a------ C:\WINDOWS\system32\ff_acm.acm 2007-12-12 01:05 . 2006-11-22 11:00 8,192 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-12-12 01:05 . 2006-11-22 11:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-12-11 10:40 . 2007-12-11 10:41 2007-12-11 10:32 . 2007-12-11 10:32 2007-12-08 13:13 . 2007-12-08 13:13 2007-12-07 22:30 . 2007-12-22 01:19 2007-12-07 22:11 . 2007-12-07 22:11 2007-12-07 21:30 . 2007-12-07 21:30 808 --a------ C:\WINDOWS\unins000.dat 2007-12-07 19:21 . 2007-12-07 19:21 141,394 --a------ C:\Documents and Settings\Endrju\reg.exe 2007-12-07 18:25 . 2007-12-07 18:26 2007-12-07 18:25 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-07 17:50 . 2007-12-07 23:11 65,115 —hs---- C:\WINDOWS\system32\srvd.exe 2007-12-07 16:57 . 2007-12-07 16:57 2007-12-07 16:55 . 2007-12-07 16:55 2007-12-07 16:28 . 2007-12-20 00:03 2007-12-06 21:53 . 2004-08-04 00:43 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-12-06 21:14 . 2007-12-06 21:28 139,264 --a------ C:\WINDOWS\War3Unin.exe 2007-12-06 21:14 . 2007-12-06 21:32 76,215 --a------ C:\WINDOWS\War3Unin.dat 2007-12-06 21:14 . 2007-12-06 21:28 2,829 --a------ C:\WINDOWS\War3Unin.pif 2007-12-06 21:10 . 2007-12-22 16:10 2007-12-06 20:27 . 2007-12-06 20:27 2007-12-06 20:13 . 2007-12-06 20:13 2007-12-06 20:12 . 2007-12-06 20:13 2007-12-06 20:12 . 2007-12-06 20:12 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-06 19:46 . 2007-12-13 00:14 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-12-06 19:41 . 2002-03-21 20:21 134,784 -ra------ C:\WINDOWS\system32\drivers\b57xp32.sys 2007-12-06 19:40 . 2004-08-03 23:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-06 17:50 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-06 10:55 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-06 10:53 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:44] “PowerArchiver Tray”=“C:\Program Files\PowerArchiver\PASTARTER.EXE” [2007-11-30 16:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “APVXDWIN”=“C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe” [] “autoclk”=“autoclk.exe” [2002-09-25 10:36 C:\WINDOWS\autoclk.exe] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “Smapp”=“C:\Program Files\Analog Devices\SoundMAX\Smtray.exe” [2002-06-26 17:36] “WOOTASKBARICON”=“C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” [] “WOOWATCH”=“C:\PROGRA~1\Wanadoo\Watch.exe” [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] “WindowsUpdater”=“WindowsUpdater.exe” [] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] “johkjh”=“C:\WINDOWS\system32\srvd.exe” [2007-12-07 23:11] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] C:\Program Files\BitComet\BitComet.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray] 2007-11-30 16:08 140328 --a------ C:\Program Files\PowerArchiver\PASTARTER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s123dwe2] C:\WINDOWS\TEMP\B27F8382.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “PSIMSVC”=2 (0x2) “PAVSRV”=2 (0x2) “Panda Software Controller”=2 (0x2) “MSN RAV”=2 (0x2) “FCI”=2 (0x2) “SoundMAX Agent Service (default)”=2 (0x2) R0 Bhm38;Bhm38;C:\WINDOWS\system32\Drivers\Bhm38.sys [2007-12-19 00:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\setup.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 19:05:48 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-22 19:06:47 - machine was rebooted i na wszelki wypadek -------------------------------------hijack kolejny Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:07:40, on 2007-12-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\autoclk.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\PowerArchiver\PASTARTER.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE” /s O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\RunServices: [WindowsUpdater] WindowsUpdater.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe – End of file - 4009 bytes

Gutek · 22 Grudzień 2007 22:15

Wklej do Notatnika:

File:: C:\WINDOWS\system32\MI1B.tmp C:\WINDOWS\system32\MI19.tmp C:\WINDOWS\system32\MI17.tmp C:\WINDOWS\system32\MI15.tmp C:\WINDOWS\system32\itosfgew.tmp C:\WINDOWS\system32\MI11B.tmp C:\winlxyt.exe C:\winizce.exe C:\WINDOWS\system32\MI117.tmp C:\WINDOWS\system32\MI115.tmp C:\winwcvs.exe C:\winqqni.exe C:\WINDOWS\system32\MI10F.tmp C:\WINDOWS\system32\MI10D.tmp C:\WINDOWS\system32\MI10B.tmp C:\WINDOWS\system32\MI109.tmp C:\WINDOWS\system32\jpewocmz.ini C:\mlah.exe C:\WINDOWS\system32\ronods.dll C:\WINDOWS\system32\judgemq.dll C:\WINDOWS\system32\MI112.tmp C:\WINDOWS\system32\drivers\Bhm38.sys C:\actgm.exe C:\WINDOWS\system32\srvd.exe Driver:: Bhm38 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] “WindowsUpdater”=- [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “johkjh”=-

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Endrjusza · 22 Grudzień 2007 22:35

OK Kolejny log

ComboFix 07-12-21.4 - Endrju 2007-12-22 23:26:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.224 [GMT 1:00] Running from: C:\Documents and Settings\Endrju\Pulpit\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Endrju\Pulpit\CFScript.txt * Created a new restore point FILE C:\actgm.exe C:\mlah.exe C:\WINDOWS\system32\drivers\Bhm38.sys C:\WINDOWS\system32\itosfgew.tmp C:\WINDOWS\system32\jpewocmz.ini C:\WINDOWS\system32\judgemq.dll C:\WINDOWS\system32\MI109.tmp C:\WINDOWS\system32\MI10B.tmp C:\WINDOWS\system32\MI10D.tmp C:\WINDOWS\system32\MI10F.tmp C:\WINDOWS\system32\MI112.tmp C:\WINDOWS\system32\MI115.tmp C:\WINDOWS\system32\MI117.tmp C:\WINDOWS\system32\MI11B.tmp C:\WINDOWS\system32\MI15.tmp C:\WINDOWS\system32\MI17.tmp C:\WINDOWS\system32\MI19.tmp C:\WINDOWS\system32\MI1B.tmp C:\WINDOWS\system32\ronods.dll C:\WINDOWS\system32\srvd.exe C:\winizce.exe C:\winlxyt.exe C:\winqqni.exe C:\winwcvs.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\actgm.exe C:\mlah.exe C:\WINDOWS\system32\5_exception.nls C:\WINDOWS\system32\drivers\Bhm38.sys C:\WINDOWS\system32\itosfgew.tmp C:\WINDOWS\system32\jpewocmz.ini C:\WINDOWS\system32\judgemq.dll C:\WINDOWS\system32\MI109.tmp C:\WINDOWS\system32\MI10B.tmp C:\WINDOWS\system32\MI10D.tmp C:\WINDOWS\system32\MI10F.tmp C:\WINDOWS\system32\MI112.tmp C:\WINDOWS\system32\MI115.tmp C:\WINDOWS\system32\MI117.tmp C:\WINDOWS\system32\MI11B.tmp C:\WINDOWS\system32\MI15.tmp C:\WINDOWS\system32\MI17.tmp C:\WINDOWS\system32\MI19.tmp C:\WINDOWS\system32\MI1B.tmp C:\WINDOWS\system32\ronods.dll C:\WINDOWS\system32\srvd.exe C:\winizce.exe C:\winlxyt.exe C:\winqqni.exe C:\winwcvs.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_BHM38 -------\Bhm38 ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 02:03 . 2007-12-22 02:03 2007-12-22 01:49 . 2007-12-22 16:38 163,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-22 01:49 . 2007-12-22 16:37 6,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-22 01:49 . 2007-12-22 01:57 1,988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-22 01:49 . 2007-12-22 01:57 1,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-22 01:45 . 2007-12-22 01:53 2007-12-22 00:08 . 2007-12-22 00:08 2007-12-20 19:06 . 2007-12-20 19:06 2007-12-20 18:16 . 2007-12-20 18:16 2007-12-20 18:15 . 2007-12-20 18:15 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2007-12-20 18:14 . 2007-12-20 18:14 2007-12-20 18:12 . 2007-12-20 18:12 2007-12-20 17:46 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-20 17:41 . 2007-12-20 17:41 2007-12-20 17:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002367_.tmp 2007-12-20 17:35 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-20 17:32 . 2007-12-20 17:44 2007-12-20 15:35 . 2004-08-04 01:17 469,089 -ra------ C:\txtsetup.sif 2007-12-20 15:35 . 2004-08-03 23:00 262,400 -ra------ C:$LDR$ 2007-12-20 15:35 . 2007-12-18 23:57 194 --ahs---- C:\BOOT.BAK 2007-12-20 15:22 . 2007-12-20 15:22 2007-12-20 15:22 . 2007-12-20 15:22 2007-12-20 15:22 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-12-20 15:22 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-12-20 14:49 . 2007-12-20 14:49 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-20 12:30 . 2007-12-20 12:30 1,217 --a------ C:\WINDOWS\bestplayer.ini 2007-12-20 12:30 . 2007-12-20 12:30 246 --a------ C:\WINDOWS\bestplayer.bbt 2007-12-20 12:30 . 2007-12-20 12:30 116 --a------ C:\WINDOWS\bestplayer.bpp 2007-12-20 10:09 . 2007-12-20 10:09 2007-12-20 01:40 . 2007-12-20 01:40 2007-12-20 01:03 . 2007-12-20 01:03 4,608 --a------ C:\wincchw.exe 2007-12-20 01:03 . 2007-12-20 01:03 4,608 --a------ C:\winbhvd.exe 2007-12-20 00:44 . 2007-12-22 00:08 2007-12-19 21:24 . 2007-12-19 21:26 94,208 --a------ C:\WINDOWS\ScUnin.exe 2007-12-19 21:24 . 2007-12-19 21:26 35,382 --a------ C:\WINDOWS\scunin.dat 2007-12-19 21:24 . 2007-12-19 21:26 967 --a------ C:\WINDOWS\ScUnin.pif 2007-12-19 21:23 . 2007-12-22 23:16 2007-12-19 10:16 . 2007-12-19 10:16 38 --a------ C:\WINDOWS\AviSplitter.INI 2007-12-19 03:51 . 2007-12-22 23:29 21,760 --a------ C:\WINDOWS\Bhm38.sys 2007-12-19 00:12 . 2007-12-19 00:12 2007-12-18 13:48 . 2007-12-18 13:48 2007-12-17 19:14 . 2003-02-21 03:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL 2007-12-16 09:48 . 2007-12-20 07:17 2007-12-16 09:48 . 2007-12-16 09:48 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-12-16 09:47 . 2007-12-17 15:52 2007-12-14 22:09 . 2007-12-14 22:09 2007-12-12 23:01 . 2007-12-12 23:01 2007-12-12 23:01 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll 2007-12-12 01:05 . 2007-12-12 01:05 2007-12-12 01:05 . 2006-11-22 11:00 63,488 --a------ C:\WINDOWS\system32\ff_acm.acm 2007-12-12 01:05 . 2006-11-22 11:00 8,192 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-12-12 01:05 . 2006-11-22 11:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-12-11 10:40 . 2007-12-11 10:41 2007-12-11 10:32 . 2007-12-11 10:32 2007-12-08 13:13 . 2007-12-08 13:13 2007-12-07 22:30 . 2007-12-22 01:19 2007-12-07 22:11 . 2007-12-07 22:11 2007-12-07 21:30 . 2007-12-07 21:30 808 --a------ C:\WINDOWS\unins000.dat 2007-12-07 19:21 . 2007-12-07 19:21 141,394 --a------ C:\Documents and Settings\Endrju\reg.exe 2007-12-07 18:25 . 2007-12-07 18:26 2007-12-07 18:25 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-07 16:57 . 2007-12-07 16:57 2007-12-07 16:55 . 2007-12-07 16:55 2007-12-07 16:28 . 2007-12-20 00:03 2007-12-06 21:53 . 2004-08-04 00:43 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-12-06 21:14 . 2007-12-06 21:28 139,264 --a------ C:\WINDOWS\War3Unin.exe 2007-12-06 21:14 . 2007-12-06 21:32 76,215 --a------ C:\WINDOWS\War3Unin.dat 2007-12-06 21:14 . 2007-12-06 21:28 2,829 --a------ C:\WINDOWS\War3Unin.pif 2007-12-06 21:10 . 2007-12-22 20:11 2007-12-06 20:27 . 2007-12-06 20:27 2007-12-06 20:13 . 2007-12-06 20:13 2007-12-06 20:12 . 2007-12-06 20:13 2007-12-06 20:12 . 2007-12-06 20:12 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-06 19:46 . 2007-12-13 00:14 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-12-06 19:41 . 2002-03-21 20:21 134,784 -ra------ C:\WINDOWS\system32\drivers\b57xp32.sys 2007-12-06 19:40 . 2004-08-03 23:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-12-06 19:40 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-12-06 19:40 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-12-06 19:40 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-12-06 19:40 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-12-06 19:40 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys 2007-12-06 19:40 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-12-06 19:40 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-12-06 19:39 . 2007-12-06 19:39 2007-12-06 19:38 . 2007-12-06 19:38 2007-12-06 19:38 . 2004-08-03 22:59 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys 2007-12-06 19:38 . 2004-08-03 23:07 42,368 --a------ C:\WINDOWS\system32\drivers\agp440.sys 2007-12-06 19:38 . 2004-08-03 23:08 26,624 -ra------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-12-06 19:38 . 2004-08-03 22:59 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys 2007-12-06 19:38 . 2004-08-04 00:44 7,168 -ra------ C:\WINDOWS\system32\hccoin.dll 2007-12-06 19:38 . 2001-10-26 16:56 3,456 --a------ C:\WINDOWS\system32\drivers\pciide.sys 2007-12-06 19:37 . 2004-08-04 00:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-12-06 19:37 . 2004-08-04 00:34 68,608 --a------ C:\WINDOWS\system32\drivers\pci.sys 2007-12-06 19:37 . 2001-10-26 16:47 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-12-06 19:37 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys 2007-12-06 19:23 . 2000-03-29 07:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-12-06 19:23 . 2007-12-06 19:36 3,276 --a------ C:\WINDOWS\Ascd_tmp.ini 2007-12-06 19:17 . 2007-12-06 19:20 2007-12-06 19:17 . 2006-06-01 17:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-12-06 19:17 . 2007-12-22 23:31 63,804 --a------ C:\WINDOWS\system32\nvapps.xml . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-06 17:50 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-06 10:55 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-06 10:53 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:44] “PowerArchiver Tray”=“C:\Program Files\PowerArchiver\PASTARTER.EXE” [2007-11-30 16:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “APVXDWIN”=“C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe” [] “autoclk”=“autoclk.exe” [2002-09-25 10:36 C:\WINDOWS\autoclk.exe] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “Smapp”=“C:\Program Files\Analog Devices\SoundMAX\Smtray.exe” [2002-06-26 17:36] “WOOTASKBARICON”=“C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” [] “WOOWATCH”=“C:\PROGRA~1\Wanadoo\Watch.exe” [] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] C:\Program Files\BitComet\BitComet.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray] 2007-11-30 16:08 140328 --a------ C:\Program Files\PowerArchiver\PASTARTER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s123dwe2] C:\WINDOWS\TEMP\B27F8382.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “PSIMSVC”=2 (0x2) “PAVSRV”=2 (0x2) “Panda Software Controller”=2 (0x2) “MSN RAV”=2 (0x2) “FCI”=2 (0x2) “SoundMAX Agent Service (default)”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\setup.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 23:31:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-22 23:32:11 - machine was rebooted C:\ComboFix2.txt … 2007-12-22 19:06

asterisk · 23 Grudzień 2007 00:05

Poprawiłem raz - więcej nie będę.

Proszę uzupełnić tagi w poprzednim poście

Gutek · 23 Grudzień 2007 00:28

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Endrjusza · 23 Grudzień 2007 08:13

ok log kolejny

ComboFix 07-12-21.4 - Endrju 2007-12-23 9:08:44.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.250 [GMT 1:00] Running from: C:\Documents and Settings\Endrju\Pulpit\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Endrju\Pulpit\CFScript.txt * Created a new restore point FILE C:\winbhvd.exe C:\wincchw.exe C:\WINDOWS\002367_.tmp C:\WINDOWS\Bhm38.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\winbhvd.exe C:\wincchw.exe C:\WINDOWS\002367_.tmp C:\WINDOWS\Bhm38.sys . ((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))) . 2007-12-22 02:03 . 2007-12-22 02:03 2007-12-22 01:49 . 2007-12-22 16:38 163,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-22 01:49 . 2007-12-22 16:37 6,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-22 01:49 . 2007-12-22 01:57 1,988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-22 01:49 . 2007-12-22 01:57 1,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-22 01:45 . 2007-12-22 01:53 2007-12-22 00:08 . 2007-12-22 00:08 2007-12-20 19:06 . 2007-12-20 19:06 2007-12-20 18:16 . 2007-12-20 18:16 2007-12-20 18:15 . 2007-12-20 18:15 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2007-12-20 18:14 . 2007-12-20 18:14 2007-12-20 18:12 . 2007-12-20 18:12 2007-12-20 17:46 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-20 17:41 . 2007-12-20 17:41 2007-12-20 17:35 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-20 17:32 . 2007-12-20 17:44 2007-12-20 15:35 . 2004-08-04 01:17 469,089 -ra------ C:\txtsetup.sif 2007-12-20 15:35 . 2004-08-03 23:00 262,400 -ra------ C:$LDR$ 2007-12-20 15:35 . 2007-12-18 23:57 194 --ahs---- C:\BOOT.BAK 2007-12-20 15:22 . 2007-12-20 15:22 2007-12-20 15:22 . 2007-12-20 15:22 2007-12-20 15:22 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-12-20 15:22 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-12-20 14:49 . 2007-12-20 14:49 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-20 12:30 . 2007-12-20 12:30 1,217 --a------ C:\WINDOWS\bestplayer.ini 2007-12-20 12:30 . 2007-12-20 12:30 246 --a------ C:\WINDOWS\bestplayer.bbt 2007-12-20 12:30 . 2007-12-20 12:30 116 --a------ C:\WINDOWS\bestplayer.bpp 2007-12-20 10:09 . 2007-12-20 10:09 2007-12-20 01:40 . 2007-12-20 01:40 2007-12-20 00:44 . 2007-12-22 00:08 2007-12-19 21:24 . 2007-12-19 21:26 94,208 --a------ C:\WINDOWS\ScUnin.exe 2007-12-19 21:24 . 2007-12-19 21:26 35,382 --a------ C:\WINDOWS\scunin.dat 2007-12-19 21:24 . 2007-12-19 21:26 967 --a------ C:\WINDOWS\ScUnin.pif 2007-12-19 21:23 . 2007-12-23 02:21 2007-12-19 10:16 . 2007-12-19 10:16 38 --a------ C:\WINDOWS\AviSplitter.INI 2007-12-18 13:48 . 2007-12-18 13:48 2007-12-17 19:14 . 2003-02-21 03:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL 2007-12-16 09:48 . 2007-12-20 07:17 2007-12-16 09:48 . 2007-12-16 09:48 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-12-16 09:47 . 2007-12-17 15:52 2007-12-14 22:09 . 2007-12-14 22:09 2007-12-12 23:01 . 2007-12-12 23:01 2007-12-12 23:01 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll 2007-12-12 01:05 . 2007-12-12 01:05 2007-12-12 01:05 . 2006-11-22 11:00 63,488 --a------ C:\WINDOWS\system32\ff_acm.acm 2007-12-12 01:05 . 2006-11-22 11:00 8,192 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-12-12 01:05 . 2006-11-22 11:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-12-11 10:40 . 2007-12-11 10:41 2007-12-11 10:32 . 2007-12-11 10:32 2007-12-08 13:13 . 2007-12-08 13:13 2007-12-07 22:30 . 2007-12-22 01:19 2007-12-07 22:11 . 2007-12-07 22:11 2007-12-07 21:30 . 2007-12-07 21:30 808 --a------ C:\WINDOWS\unins000.dat 2007-12-07 19:21 . 2007-12-07 19:21 141,394 --a------ C:\Documents and Settings\Endrju\reg.exe 2007-12-07 18:25 . 2007-12-07 18:26 2007-12-07 18:25 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-07 16:57 . 2007-12-07 16:57 2007-12-07 16:55 . 2007-12-07 16:55 2007-12-07 16:28 . 2007-12-20 00:03 2007-12-06 21:53 . 2004-08-04 00:43 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-12-06 21:14 . 2007-12-06 21:28 139,264 --a------ C:\WINDOWS\War3Unin.exe 2007-12-06 21:14 . 2007-12-06 21:32 76,215 --a------ C:\WINDOWS\War3Unin.dat 2007-12-06 21:14 . 2007-12-06 21:28 2,829 --a------ C:\WINDOWS\War3Unin.pif 2007-12-06 21:10 . 2007-12-23 02:13 2007-12-06 20:27 . 2007-12-06 20:27 2007-12-06 20:13 . 2007-12-06 20:13 2007-12-06 20:12 . 2007-12-06 20:13 2007-12-06 20:12 . 2007-12-06 20:12 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-06 19:46 . 2007-12-13 00:14 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-12-06 19:41 . 2002-03-21 20:21 134,784 -ra------ C:\WINDOWS\system32\drivers\b57xp32.sys 2007-12-06 19:40 . 2004-08-03 23:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-12-06 19:40 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-12-06 19:40 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-12-06 19:40 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-12-06 19:40 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-12-06 19:40 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys 2007-12-06 19:40 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-12-06 19:40 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-12-06 19:39 . 2007-12-06 19:39 2007-12-06 19:38 . 2007-12-06 19:38 2007-12-06 19:38 . 2004-08-03 22:59 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys 2007-12-06 19:38 . 2004-08-03 23:07 42,368 --a------ C:\WINDOWS\system32\drivers\agp440.sys 2007-12-06 19:38 . 2004-08-03 23:08 26,624 -ra------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-12-06 19:38 . 2004-08-03 22:59 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys 2007-12-06 19:38 . 2004-08-04 00:44 7,168 -ra------ C:\WINDOWS\system32\hccoin.dll 2007-12-06 19:38 . 2001-10-26 16:56 3,456 --a------ C:\WINDOWS\system32\drivers\pciide.sys 2007-12-06 19:37 . 2004-08-04 00:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-12-06 19:37 . 2004-08-04 00:34 68,608 --a------ C:\WINDOWS\system32\drivers\pci.sys 2007-12-06 19:37 . 2001-10-26 16:47 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-12-06 19:37 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys 2007-12-06 19:23 . 2000-03-29 07:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-12-06 19:23 . 2007-12-06 19:36 3,276 --a------ C:\WINDOWS\Ascd_tmp.ini 2007-12-06 19:17 . 2007-12-06 19:20 2007-12-06 19:17 . 2006-06-01 17:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-12-06 19:17 . 2007-12-22 23:31 63,804 --a------ C:\WINDOWS\system32\nvapps.xml 2007-12-06 19:17 . 2006-06-01 17:22 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu 2007-12-06 19:16 . 2007-12-06 19:16 2007-12-06 19:16 . 2006-06-01 19:09 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-12-06 19:05 . 2007-12-06 19:05 2007-12-06 19:04 . 2007-12-06 19:04 1,158 --a------ C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-06 17:50 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-06 10:55 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-06 10:53 --------- d-----w C:\Program Files\Usługi online 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 66,056 ----a-w C:\WINDOWS\system32\dxdllreg.exe 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:44] “PowerArchiver Tray”=“C:\Program Files\PowerArchiver\PASTARTER.EXE” [2007-11-30 16:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “APVXDWIN”=“C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe” [] “autoclk”=“autoclk.exe” [2002-09-25 10:36 C:\WINDOWS\autoclk.exe] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “Smapp”=“C:\Program Files\Analog Devices\SoundMAX\Smtray.exe” [2002-06-26 17:36] “WOOTASKBARICON”=“C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” [] “WOOWATCH”=“C:\PROGRA~1\Wanadoo\Watch.exe” [] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] C:\Program Files\BitComet\BitComet.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray] 2007-11-30 16:08 140328 --a------ C:\Program Files\PowerArchiver\PASTARTER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s123dwe2] C:\WINDOWS\TEMP\B27F8382.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “PSIMSVC”=2 (0x2) “PAVSRV”=2 (0x2) “Panda Software Controller”=2 (0x2) “MSN RAV”=2 (0x2) “FCI”=2 (0x2) “SoundMAX Agent Service (default)”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\setup.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-23 09:10:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-23 9:11:46 C:\ComboFix2.txt … 2007-12-22 23:32 C:\ComboFix3.txt … 2007-12-22 19:06

Gutek · 23 Grudzień 2007 11:26

Na koniec Skan AVG Anti-Spyware 7.5 po update

Endrjusza · 23 Grudzień 2007 18:23

Wielkie dzięki za szybką i fachową pomoc Pozdrawiam!