Błędy 0x00000050, 0x0000008e plus ErrorSafe

Polishman · 2 Czerwiec 2007 11:30

Prosze o sprawdzenie loga

Logfile of HijackThis v1.99.1 Scan saved at 13:28:20, on 2007-06-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe n:\Program Files\Alwil Software\Avast4\aswUpdSv.exe n:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe N:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe n:\Program Files\Alwil Software\Avast4\ashMaiSv.exe n:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Total Commander XP\TOTALCMD.EXE E:\Program Files\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CORELDRW.EXE C:\Documents and Settings\Dzieci.WIN_XP\Pulpit\Radek\Bezpieczeństwo\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: (no name) - {e0e899ab-f487-11d5-8d29-0050ba6940e3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [LaunchList] n:\Program Files\Pinnacle\Studio 10\LaunchList.exe O4 - HKLM…\Run: [avast!] n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime O4 - HKLM…\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM…\Run: [Genuine] rundll32.exe “C:\WINDOWS\system32\iowpjmgs.dll”,realset O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Arrs] “C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” -vt yazb O4 - HKCU…\Run: [Gadu-Gadu] “E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Zfmu] “C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Add to AMV Converter… - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=WWW.WP.PL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 7647791593 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - n:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - n:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - n:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - n:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

Gutek · 2 Czerwiec 2007 15:19

Użyj ATF-Cleaner - http://www.atribune.org/ccount/click.php?id=1

Daj log z Combofix

Polishman · 2 Czerwiec 2007 18:38

Wykonano. Log:

“Dzieci” - 2007-06-02 20:26:09 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “N:\Downloads\WM’06” (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bdeeg.bak2 C:\WINDOWS\system32\bdeeg.ini C:\WINDOWS\system32\bdeeg.ini2 C:\WINDOWS\system32\bdeeg.bak2 C:\WINDOWS\system32\bdeeg.ini C:\WINDOWS\system32\bdeeg.ini2 C:\WINDOWS\system32\geedb.dll C:\WINDOWS\system32\vtusttt.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\WINDOWS\system32\windev-52f1-1dae.sys” “C:\WINDOWS\system32\windev-peers.ini” – Purity Folders: C:\WINDOWS\system32\SSTEM~1 C:\WINDOWS\system32\WNSXS~1 C:\WINDOWS\system32\DOBE~1 C:\WINDOWS\system32\PPATCH~1 C:\WINDOWS\system32\CURITY~1 C:\WINDOWS\system32\MBOLS~1 C:\WINDOWS\system32\STEM~1 C:\WINDOWS\system32\PPPATC~1 C:\WINDOWS\system32\SKS~1 C:\WINDOWS\FNTS~1 C:\WINDOWS\STEM32~1 C:\WINDOWS\ICROSO~1 C:\Program Files\Common Files\FNTS~1 C:\Program Files\Common Files\SCURIT~1 C:\Program Files\Common Files\SMANTE~1 C:\Program Files\Common Files\SSTEM3~1 C:\Program Files\Common Files\CROSOF~1 C:\Program Files\Common Files\ECURIT~1 C:\Program Files\Common Files\YSTEM3~1 C:\Program Files\Common Files\STEM~1 C:\Program Files\Common Files\DOBE~1 C:\Program Files\Common Files\PPPATC~1 C:\Program Files\Common Files\PPATCH~1 C:\Program Files\Common Files\CROSOF~1.NET C:\Program Files\Common Files\RACLE~1 C:\Program Files\SCURIT~1 C:\Program Files\SSTEM~1 C:\Program Files\SSTEM3~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\ASEMBL~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\FNTS~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\SCURIT~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\CROSOF~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\RACLE~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\YSTEM3~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\CURITY~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\MANTEC~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\MBOLS~1 C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\PPATCH~1 C:\DOCUME~1\DZIECI~1.WIN\MOJEDO~1\MCROSO~1.NET ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_WINCOM32 -------\windev-52f1-1dae ((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 )))))))))))))))))))))))))))))))))) 2007-06-02 20:29 2,580 --a------ C:\WINDOWS\system32\wabmircj.exe 2007-06-02 14:37 2,580 --a------ C:\WINDOWS\system32\banbdtlr.exe 2007-06-02 13:26 131,124 --a------ C:\WINDOWS\system32\iowpjmgs.dll 2007-06-02 13:23 2,580 --a------ C:\WINDOWS\system32\sovlgqwm.exe 2007-06-02 09:58 2,580 --a------ C:\WINDOWS\system32\wtdgngdt.exe 2007-05-31 19:34 2007-05-27 09:57 35,840 --a------ C:\WINDOWS\system32\lch.dll 2007-05-27 09:23 2007-05-27 09:23 2007-05-27 09:06 2007-05-27 09:06 2007-05-27 08:58 2007-05-26 23:00 2007-05-26 22:58 2007-05-26 22:57 2007-05-25 22:00 2007-05-25 19:23 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-05-25 19:23 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-05-25 19:23 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-05-25 19:23 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-05-25 19:23 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-25 19:23 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-05-25 19:22 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-05-25 19:22 206 --a------ C:\WINDOWS\g2955484.exe 2007-05-25 19:00 206 --a------ C:\WINDOWS\g1615750.exe 2007-05-25 18:38 206 --a------ C:\WINDOWS\g317796.exe 2007-05-25 16:58 206 --a------ C:\WINDOWS\g629187.exe 2007-05-25 16:23 2007-05-25 16:14 206 --a------ C:\WINDOWS\g288375.exe 2007-05-25 15:42 2007-05-25 15:05 206 --a------ C:\WINDOWS\g2995000.exe 2007-05-25 10:55 206 --a------ C:\WINDOWS\g7397156.exe 2007-05-25 10:33 206 --a------ C:\WINDOWS\g6071953.exe 2007-05-25 10:11 206 --a------ C:\WINDOWS\g4750031.exe 2007-05-25 09:49 206 --a------ C:\WINDOWS\g3422531.exe 2007-05-25 08:57 206 --a------ C:\WINDOWS\g294250.exe 2007-05-24 22:33 206 --a------ C:\WINDOWS\g667265.exe 2007-05-24 22:12 206 --a------ C:\WINDOWS\g1620453.exe 2007-05-24 21:52 206 --a------ C:\WINDOWS\g402296.exe 2007-05-24 21:31 206 --a------ C:\WINDOWS\g997015.exe 2007-05-24 21:10 206 --a------ C:\WINDOWS\g3639546.exe 2007-05-24 20:48 206 --a------ C:\WINDOWS\g2316671.exe 2007-05-24 20:46 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-05-24 20:46 9,006 --a------ C:\clean.bat 2007-05-24 20:46 86,528 --a------ C:\WINDOWS\system32\catchme.exe 2007-05-24 20:46 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-05-24 20:26 206 --a------ C:\WINDOWS\g997671.exe 2007-05-24 20:04 206 --a------ C:\WINDOWS\g15132625.exe 2007-05-24 16:05 206 --a------ C:\WINDOWS\g825734.exe 2007-05-24 15:04 206 --a------ C:\WINDOWS\g4402375.exe 2007-05-24 14:43 206 --a------ C:\WINDOWS\g3165484.exe 2007-05-24 14:21 206 --a------ C:\WINDOWS\g1865062.exe 2007-05-24 13:57 206 --a------ C:\WINDOWS\g425765.exe 2007-05-23 20:30 206 --a------ C:\WINDOWS\g18905609.exe 2007-05-23 15:38 206 --a------ C:\WINDOWS\g1354843.exe 2007-05-23 14:47 206 --a------ C:\WINDOWS\g3663453.exe 2007-05-21 22:43 71,680 --a------ C:\WINDOWS\g11959218.exe 2007-05-21 22:21 71,680 --a------ C:\WINDOWS\g10621734.exe 2007-05-21 21:59 71,680 --a------ C:\WINDOWS\g9304531.exe 2007-05-21 21:37 71,680 --a------ C:\WINDOWS\g7974500.exe 2007-05-21 21:15 71,680 --a------ C:\WINDOWS\g6652171.exe 2007-05-21 20:55 71,680 --a------ C:\WINDOWS\g5456875.exe 2007-05-21 20:33 71,680 --a------ C:\WINDOWS\g4126031.exe 2007-05-21 19:28 2 --a------ C:\WINDOWS\system32\wcpsvcc32.exe 2007-05-21 15:27 71,680 --a------ C:\WINDOWS\g316703.exe 2007-05-20 20:38 71,680 --a------ C:\WINDOWS\g1963125.exe 2007-05-20 20:25 2007-05-20 20:16 71,680 --a------ C:\WINDOWS\g637093.exe 2007-05-20 11:58 71,680 --a------ C:\WINDOWS\g1832437.exe 2007-05-20 11:36 109 --a------ C:\WINDOWS\g462359.exe 2007-05-20 09:12 71,680 --a------ C:\WINDOWS\g445062.exe 2007-05-19 23:43 71,680 --a------ C:\WINDOWS\g13402203.exe 2007-05-19 23:21 71,680 --a------ C:\WINDOWS\g12081765.exe 2007-05-19 22:59 71,680 --a------ C:\WINDOWS\g10761890.exe 2007-05-19 22:37 71,680 --a------ C:\WINDOWS\g9438531.exe 2007-05-19 22:15 71,680 --a------ C:\WINDOWS\g8117812.exe 2007-05-19 21:55 71,680 --a------ C:\WINDOWS\g6914484.exe 2007-05-19 21:33 71,680 --a------ C:\WINDOWS\g5594109.exe 2007-05-19 21:11 71,680 --a------ C:\WINDOWS\g4278171.exe 2007-05-19 20:51 71,680 --a------ C:\WINDOWS\g3074187.exe 2007-05-19 20:29 71,680 --a------ C:\WINDOWS\g1763078.exe 2007-05-19 20:07 71,680 --a------ C:\WINDOWS\g417078.exe 2007-05-19 17:59 71,680 --a------ C:\WINDOWS\g12943812.exe 2007-05-19 17:59 33,792 --a------ C:\WINDOWS\system32\wudb.dll 2007-05-19 14:32 2007-05-19 08:51 134,260 --a------ C:\WINDOWS\system32\alt.exe 2007-05-16 15:02 2007-05-16 15:01 2007-05-10 20:10 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-02 18:27:33 85,392 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-02 18:27:33 472,692 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-27 17:42:55 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-27 17:28:19 -------- d-----w C:\Program Files\bfgtoolbar 2007-05-26 21:04:48 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-24 19:55:14 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Skype 2007-05-19 12:41:09 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Lionhead Studios 2007-05-17 06:53:39 -------- d-----w C:\Program Files\EA GAMES 2007-04-30 07:50:10 -------- d-----w C:\Program Files\Common Files\Panda Software 2007-04-29 19:09:52 265 ----a-w C:\WINDOWS\mks.bat 2007-04-29 19:09:19 -------- d-----w C:\Program Files\Total Commander XP 2007-04-29 17:05:56 -------- d-----w C:\Program Files\Winamp 2007-04-29 10:23:42 -------- d-----w C:\Program Files\Common Files\ACD Systems 2007-04-28 07:41:19 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Gadu-Gadu 2007-04-28 07:10:00 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\FlashGet 2007-04-27 23:41:54 -------- d-----w C:\Program Files\DAEMON Tools 2007-04-27 23:41:52 -------- d-----w C:\Program Files\BitComet 2007-04-27 22:33:00 -------- d-----w C:\Program Files\Messenger 2007-04-27 08:05:17 -------- d-----w C:\Program Files\CDCheck 2007-04-26 17:04:52 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\temp 2007-04-25 18:51:59 -------- d-----w C:\Program Files\PowerISO 2007-04-25 18:51:58 -------- d-----w C:\Program Files\PSPad editor 2007-04-25 18:51:58 -------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-04-25 18:51:50 -------- d-----w C:\Program Files\Total Video Converter 2007-04-25 18:51:50 -------- d-----w C:\Program Files\ffdshow 2007-04-25 11:15:05 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-04-24 19:11:36 -------- d-----w C:\Program Files\FM Modifier 2.1 2007-04-23 12:10:04 -------- d-----w C:\Program Files\BFG 2007-04-18 16:29:32 -------- d-----w C:\Program Files\ReflexiveArcade 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 13:04:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-04-10 07:27:32 -------- d-----w C:\Program Files\Project64 v1.5 2007-04-09 13:17:17 -------- d-----w C:\Program Files\Opera 2007-04-04 17:00:58 -------- d-----w C:\Program Files\Crystal Player 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Skype 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Common Files\Skype 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-16 19:45:05 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-05-31 19:34] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6}=C:\WINDOWS\system32\lch.dll [2007-06-02 15:33] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {BB52494F-85A9-D378-D978-8AADDFB173C5}=C:\WINDOWS\system32\kqcbv.dll [] {bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2006-11-17 19:35] {CD3447D4-CA39-4377-8084-30E86331D74C}=C:\WINDOWS\system32\pixrwsmb.dll [] {D1159422-16E3-462F-A93D-FB718E100407}=C:\WINDOWS\system32\d4xofa.dll [] {f156768e-81ef-470c-9057-481ba8380dba}=C:\Program Files\FlashGet\getflash.dll [2007-05-31 19:34] {F3F47A26-2B71-4741-942B-085F8385F7D8}=C:\WINDOWS\system32\umrjjnnx.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe] “Cmaudio”=“cmicnfg.cpl” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-07-08 16:25] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 18:35] “NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-09-14 22:09] “Emurayden PSX Emulator”="" [] “ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 17:30] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 04:44] “LaunchList”=“n:\Program Files\Pinnacle\Studio 10\LaunchList.exe” [] “avast!”=“n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “QuickTime Task”=“C:\Program Files\QuickTime Alternative\qttask.exe” [2007-05-26 23:04] “Flashget”=“C:\Program Files\FlashGet\flashget.exe” [2007-05-31 19:34] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-04-03 20:04] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2006-10-31 15:32] “Arrs”=“C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” [] “Gadu-Gadu”=“E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “Zfmu”=“C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32] winrvc32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb] C:\WINDOWS\system32\wudb.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the ‘Scheduled Tasks’ folder 2007-06-02 18:32:30 C:\WINDOWS\tasks\XoftSpySE 2.job 2007-05-24 18:03:14 C:\WINDOWS\tasks\XoftSpySE.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-02 20:32:35 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-02 20:35:03 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-06-02 20:34 — E O F —

plus HJT:

Logfile of HijackThis v1.99.1 Scan saved at 20:43:07, on 2007-06-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe n:\Program Files\Alwil Software\Avast4\aswUpdSv.exe n:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe N:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe n:\Program Files\Alwil Software\Avast4\ashMaiSv.exe n:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\FlashGet\flashget.exe C:\Documents and Settings\Dzieci.WIN_XP\Pulpit\Radek\Bezpieczeństwo\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Lch - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - C:\WINDOWS\system32\lch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {BB52494F-85A9-D378-D978-8AADDFB173C5} - C:\WINDOWS\system32\kqcbv.dll (file missing) O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\pixrwsmb.dll (file missing) O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - C:\WINDOWS\system32\d4xofa.dll (file missing) O2 - BHO: FlashGet GetFlash Class - {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: (no name) - {F3F47A26-2B71-4741-942B-085F8385F7D8} - C:\WINDOWS\system32\umrjjnnx.dll (file missing) O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: (no name) - {e0e899ab-f487-11d5-8d29-0050ba6940e3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [LaunchList] n:\Program Files\Pinnacle\Studio 10\LaunchList.exe O4 - HKLM…\Run: [avast!] n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime O4 - HKLM…\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Arrs] “C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” -vt yazb O4 - HKCU…\Run: [Gadu-Gadu] “E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Zfmu] “C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Add to AMV Converter… - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=WWW.WP.PL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 7647791593 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing) O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - n:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - n:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - n:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - n:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

Poprawione. Nie zauważyłem.

Gutek · 2 Czerwiec 2007 18:41

Wklej cały log z Combo.

EDIT:

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

Files to delete: C:\WINDOWS\system32\banbdtlr.exe C:\WINDOWS\system32\iowpjmgs.dll C:\WINDOWS\system32\sovlgqwm.exe C:\WINDOWS\system32\wtdgngdt.exe C:\WINDOWS\system32\lch.dll C:\WINDOWS\g2955484.exe C:\WINDOWS\g1615750.exe C:\WINDOWS\g317796.exe C:\WINDOWS\g629187.exe C:\WINDOWS\g288375.exe C:\WINDOWS\g2995000.exe C:\WINDOWS\g7397156.exe C:\WINDOWS\g6071953.exe C:\WINDOWS\g4750031.exe C:\WINDOWS\g3422531.exe C:\WINDOWS\g294250.exe C:\WINDOWS\g667265.exe C:\WINDOWS\g1620453.exe C:\WINDOWS\g402296.exe C:\WINDOWS\g997015.exe C:\WINDOWS\g3639546.exe C:\WINDOWS\g2316671.exe C:\WINDOWS\g997671.exe C:\WINDOWS\g15132625.exe C:\WINDOWS\g825734.exe C:\WINDOWS\g4402375.exe C:\WINDOWS\g3165484.exe C:\WINDOWS\g1865062.exe C:\WINDOWS\g425765.exe C:\WINDOWS\g18905609.exe C:\WINDOWS\g1354843.exe C:\WINDOWS\g3663453.exe C:\WINDOWS\g11959218.exe C:\WINDOWS\g10621734.exe C:\WINDOWS\g9304531.exe C:\WINDOWS\g7974500.exe C:\WINDOWS\g6652171.exe C:\WINDOWS\g5456875.exe C:\WINDOWS\g4126031.exe C:\WINDOWS\system32\wcpsvcc32.exe C:\WINDOWS\g316703.exe C:\WINDOWS\g1963125.exe C:\WINDOWS\g637093.exe C:\WINDOWS\g1832437.exe C:\WINDOWS\g462359.exe C:\WINDOWS\g445062.exe C:\WINDOWS\g13402203.exe C:\WINDOWS\g12081765.exe C:\WINDOWS\g10761890.exe C:\WINDOWS\g9438531.exe C:\WINDOWS\g8117812.exe C:\WINDOWS\g6914484.exe C:\WINDOWS\g5594109.exe C:\WINDOWS\g4278171.exe C:\WINDOWS\g3074187.exe C:\WINDOWS\g1763078.exe C:\WINDOWS\g417078.exe C:\WINDOWS\g12943812.exe

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Polishman · 3 Czerwiec 2007 07:39

Zrobione. Cos jeszcze?

HJT:

Logfile of HijackThis v1.99.1 Scan saved at 13:23:50, on 2007-06-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe n:\Program Files\Alwil Software\Avast4\aswUpdSv.exe n:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe N:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\FlashGet\flashget.exe C:\WINDOWS\system32\ctfmon.exe n:\Program Files\Alwil Software\Avast4\ashMaiSv.exe n:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dzieci.WIN_XP\Pulpit\Radek\Bezpieczeństwo\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Lch - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - C:\WINDOWS\system32\lch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {BB52494F-85A9-D378-D978-8AADDFB173C5} - C:\WINDOWS\system32\kqcbv.dll (file missing) O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\pixrwsmb.dll (file missing) O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - C:\WINDOWS\system32\d4xofa.dll (file missing) O2 - BHO: FlashGet GetFlash Class - {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: (no name) - {F3F47A26-2B71-4741-942B-085F8385F7D8} - C:\WINDOWS\system32\umrjjnnx.dll (file missing) O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: (no name) - {e0e899ab-f487-11d5-8d29-0050ba6940e3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [LaunchList] n:\Program Files\Pinnacle\Studio 10\LaunchList.exe O4 - HKLM…\Run: [avast!] n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime O4 - HKLM…\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Arrs] “C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” -vt yazb O4 - HKCU…\Run: [Gadu-Gadu] “E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Zfmu] “C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Add to AMV Converter… - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=WWW.WP.PL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 7647791593 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing) O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - n:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - n:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - n:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - n:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

Combofix

“Dzieci” - 2007-06-03 13:45:44 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “N:\Downloads\WM’06” ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 )))))))))))))))))))))))))))))))))) 2007-06-03 09:37 2007-06-02 20:35 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-02 20:29 2,580 --a------ C:\WINDOWS\system32\wabmircj.exe 2007-06-02 14:37 2,580 --a------ C:\WINDOWS\system32\banbdtlr.exe 2007-06-02 13:26 131,124 --a------ C:\WINDOWS\system32\iowpjmgs.dll 2007-06-02 13:23 2,580 --a------ C:\WINDOWS\system32\sovlgqwm.exe 2007-06-02 09:58 2,580 --a------ C:\WINDOWS\system32\wtdgngdt.exe 2007-05-31 19:34 2007-05-27 09:57 35,840 --a------ C:\WINDOWS\system32\lch.dll 2007-05-27 09:23 2007-05-27 09:23 2007-05-27 09:06 2007-05-27 09:06 2007-05-27 08:58 2007-05-26 23:00 2007-05-26 22:58 2007-05-26 22:57 2007-05-25 22:00 2007-05-25 19:23 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-05-25 19:23 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-05-25 19:23 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-05-25 19:23 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-05-25 19:23 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-25 19:23 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-05-25 19:22 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-05-25 19:22 206 --a------ C:\WINDOWS\g2955484.exe 2007-05-25 19:00 206 --a------ C:\WINDOWS\g1615750.exe 2007-05-25 18:38 206 --a------ C:\WINDOWS\g317796.exe 2007-05-25 16:58 206 --a------ C:\WINDOWS\g629187.exe 2007-05-25 16:23 2007-05-25 16:14 206 --a------ C:\WINDOWS\g288375.exe 2007-05-25 15:42 2007-05-25 15:05 206 --a------ C:\WINDOWS\g2995000.exe 2007-05-25 10:55 206 --a------ C:\WINDOWS\g7397156.exe 2007-05-25 10:33 206 --a------ C:\WINDOWS\g6071953.exe 2007-05-25 10:11 206 --a------ C:\WINDOWS\g4750031.exe 2007-05-25 09:49 206 --a------ C:\WINDOWS\g3422531.exe 2007-05-25 08:57 206 --a------ C:\WINDOWS\g294250.exe 2007-05-24 22:33 206 --a------ C:\WINDOWS\g667265.exe 2007-05-24 22:12 206 --a------ C:\WINDOWS\g1620453.exe 2007-05-24 21:52 206 --a------ C:\WINDOWS\g402296.exe 2007-05-24 21:31 206 --a------ C:\WINDOWS\g997015.exe 2007-05-24 21:10 206 --a------ C:\WINDOWS\g3639546.exe 2007-05-24 20:48 206 --a------ C:\WINDOWS\g2316671.exe 2007-05-24 20:46 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-05-24 20:46 9,006 --a------ C:\clean.bat 2007-05-24 20:46 86,528 --a------ C:\WINDOWS\system32\catchme.exe 2007-05-24 20:46 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-05-24 20:26 206 --a------ C:\WINDOWS\g997671.exe 2007-05-24 20:04 206 --a------ C:\WINDOWS\g15132625.exe 2007-05-24 16:05 206 --a------ C:\WINDOWS\g825734.exe 2007-05-24 15:04 206 --a------ C:\WINDOWS\g4402375.exe 2007-05-24 14:43 206 --a------ C:\WINDOWS\g3165484.exe 2007-05-24 14:21 206 --a------ C:\WINDOWS\g1865062.exe 2007-05-24 13:57 206 --a------ C:\WINDOWS\g425765.exe 2007-05-23 20:30 206 --a------ C:\WINDOWS\g18905609.exe 2007-05-23 15:38 206 --a------ C:\WINDOWS\g1354843.exe 2007-05-23 14:47 206 --a------ C:\WINDOWS\g3663453.exe 2007-05-21 22:43 71,680 --a------ C:\WINDOWS\g11959218.exe 2007-05-21 22:21 71,680 --a------ C:\WINDOWS\g10621734.exe 2007-05-21 21:59 71,680 --a------ C:\WINDOWS\g9304531.exe 2007-05-21 21:37 71,680 --a------ C:\WINDOWS\g7974500.exe 2007-05-21 21:15 71,680 --a------ C:\WINDOWS\g6652171.exe 2007-05-21 20:55 71,680 --a------ C:\WINDOWS\g5456875.exe 2007-05-21 20:33 71,680 --a------ C:\WINDOWS\g4126031.exe 2007-05-21 19:28 2 --a------ C:\WINDOWS\system32\wcpsvcc32.exe 2007-05-21 15:27 71,680 --a------ C:\WINDOWS\g316703.exe 2007-05-20 20:38 71,680 --a------ C:\WINDOWS\g1963125.exe 2007-05-20 20:25 2007-05-20 20:16 71,680 --a------ C:\WINDOWS\g637093.exe 2007-05-20 11:58 71,680 --a------ C:\WINDOWS\g1832437.exe 2007-05-20 11:36 109 --a------ C:\WINDOWS\g462359.exe 2007-05-20 09:12 71,680 --a------ C:\WINDOWS\g445062.exe 2007-05-19 23:43 71,680 --a------ C:\WINDOWS\g13402203.exe 2007-05-19 23:21 71,680 --a------ C:\WINDOWS\g12081765.exe 2007-05-19 22:59 71,680 --a------ C:\WINDOWS\g10761890.exe 2007-05-19 22:37 71,680 --a------ C:\WINDOWS\g9438531.exe 2007-05-19 22:15 71,680 --a------ C:\WINDOWS\g8117812.exe 2007-05-19 21:55 71,680 --a------ C:\WINDOWS\g6914484.exe 2007-05-19 21:33 71,680 --a------ C:\WINDOWS\g5594109.exe 2007-05-19 21:11 71,680 --a------ C:\WINDOWS\g4278171.exe 2007-05-19 20:51 71,680 --a------ C:\WINDOWS\g3074187.exe 2007-05-19 20:29 71,680 --a------ C:\WINDOWS\g1763078.exe 2007-05-19 20:07 71,680 --a------ C:\WINDOWS\g417078.exe 2007-05-19 17:59 71,680 --a------ C:\WINDOWS\g12943812.exe 2007-05-19 17:59 33,792 --a------ C:\WINDOWS\system32\wudb.dll 2007-05-19 14:32 2007-05-19 08:51 134,260 --a------ C:\WINDOWS\system32\alt.exe 2007-05-16 15:02 2007-05-16 15:01 2007-05-10 20:10 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-02 18:27:33 85,392 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-02 18:27:33 472,692 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-27 17:42:55 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-27 17:28:19 -------- d-----w C:\Program Files\bfgtoolbar 2007-05-26 21:04:48 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-24 19:55:14 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Skype 2007-05-19 12:41:09 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Lionhead Studios 2007-05-17 06:53:39 -------- d-----w C:\Program Files\EA GAMES 2007-04-30 07:50:10 -------- d-----w C:\Program Files\Common Files\Panda Software 2007-04-29 19:09:52 265 ----a-w C:\WINDOWS\mks.bat 2007-04-29 19:09:19 -------- d-----w C:\Program Files\Total Commander XP 2007-04-29 17:05:56 -------- d-----w C:\Program Files\Winamp 2007-04-29 10:23:42 -------- d-----w C:\Program Files\Common Files\ACD Systems 2007-04-28 07:41:19 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Gadu-Gadu 2007-04-28 07:10:00 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\FlashGet 2007-04-27 23:41:54 -------- d-----w C:\Program Files\DAEMON Tools 2007-04-27 23:41:52 -------- d-----w C:\Program Files\BitComet 2007-04-27 22:33:00 -------- d-----w C:\Program Files\Messenger 2007-04-27 08:05:17 -------- d-----w C:\Program Files\CDCheck 2007-04-26 17:04:52 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\temp 2007-04-25 18:51:59 -------- d-----w C:\Program Files\PowerISO 2007-04-25 18:51:58 -------- d-----w C:\Program Files\PSPad editor 2007-04-25 18:51:58 -------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-04-25 18:51:50 -------- d-----w C:\Program Files\Total Video Converter 2007-04-25 18:51:50 -------- d-----w C:\Program Files\ffdshow 2007-04-25 11:15:05 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-04-24 19:11:36 -------- d-----w C:\Program Files\FM Modifier 2.1 2007-04-23 12:10:04 -------- d-----w C:\Program Files\BFG 2007-04-18 16:29:32 -------- d-----w C:\Program Files\ReflexiveArcade 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 13:04:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-04-10 07:27:32 -------- d-----w C:\Program Files\Project64 v1.5 2007-04-09 13:17:17 -------- d-----w C:\Program Files\Opera 2007-04-04 17:00:58 -------- d-----w C:\Program Files\Crystal Player 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Skype 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Common Files\Skype 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-16 19:45:05 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-05-31 19:34] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6}=C:\WINDOWS\system32\lch.dll [2007-06-02 15:33] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {BB52494F-85A9-D378-D978-8AADDFB173C5}=C:\WINDOWS\system32\kqcbv.dll [] {bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2006-11-17 19:35] {CD3447D4-CA39-4377-8084-30E86331D74C}=C:\WINDOWS\system32\pixrwsmb.dll [] {D1159422-16E3-462F-A93D-FB718E100407}=C:\WINDOWS\system32\d4xofa.dll [] {f156768e-81ef-470c-9057-481ba8380dba}=C:\Program Files\FlashGet\getflash.dll [2007-05-31 19:34] {F3F47A26-2B71-4741-942B-085F8385F7D8}=C:\WINDOWS\system32\umrjjnnx.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe] “Cmaudio”=“cmicnfg.cpl” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-07-08 16:25] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 18:35] “NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-09-14 22:09] “Emurayden PSX Emulator”="" [] “ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 17:30] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 04:44] “LaunchList”=“n:\Program Files\Pinnacle\Studio 10\LaunchList.exe” [] “avast!”=“n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “QuickTime Task”=“C:\Program Files\QuickTime Alternative\qttask.exe” [2007-05-26 23:04] “Flashget”=“C:\Program Files\FlashGet\flashget.exe” [2007-05-31 19:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-04-03 20:04] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2006-10-31 15:32] “Arrs”=“C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” [] “Gadu-Gadu”=“E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “Zfmu”=“C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32] winrvc32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb] C:\WINDOWS\system32\wudb.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* *Newly Created Service* - ABGTGTMF Contents of the ‘Scheduled Tasks’ folder 2007-06-03 07:37:11 C:\WINDOWS\tasks\XoftSpySE 2.job 2007-05-24 18:03:14 C:\WINDOWS\tasks\XoftSpySE.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-03 13:49:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-03 13:50:46 C:\ComboFix-quarantined-files.txt … 2007-06-03 13:50 C:\ComboFix2.txt … 2007-06-02 20:35 — E O F —

Gutek · 3 Czerwiec 2007 17:06

Nie zrobiłeś nic - przeczytaj uważnie jak masz użyć The Avenger. Po tym nowy log z Combo

Polishman · 4 Czerwiec 2007 13:47

Racja. Cos sie zle zrobilo i nie wywalilo. Nowy log:

“Dzieci” - 2007-06-04 15:41:19 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “N:\Downloads\WM’06” ((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))))) 2007-06-04 15:40 2007-06-02 20:35 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-02 20:29 2,580 --a------ C:\WINDOWS\system32\wabmircj.exe 2007-05-31 19:34 2007-05-27 09:23 2007-05-27 09:23 2007-05-27 09:06 2007-05-27 09:06 2007-05-27 08:58 2007-05-26 23:00 2007-05-26 22:58 2007-05-26 22:57 2007-05-25 22:00 2007-05-25 19:23 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-05-25 19:23 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-05-25 19:23 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-05-25 19:23 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-05-25 19:23 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-25 19:23 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-05-25 19:22 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-05-25 16:23 2007-05-25 15:42 2007-05-24 20:46 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-05-24 20:46 9,006 --a------ C:\clean.bat 2007-05-24 20:46 86,528 --a------ C:\WINDOWS\system32\catchme.exe 2007-05-24 20:46 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-05-20 20:25 2007-05-19 17:59 33,792 --a------ C:\WINDOWS\system32\wudb.dll 2007-05-19 14:32 2007-05-19 08:51 134,260 --a------ C:\WINDOWS\system32\alt.exe 2007-05-16 15:02 2007-05-16 15:01 2007-05-10 20:10 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-02 18:27:33 85,392 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-02 18:27:33 472,692 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-27 17:42:55 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-27 17:28:19 -------- d-----w C:\Program Files\bfgtoolbar 2007-05-26 21:04:48 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-24 19:55:14 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Skype 2007-05-19 12:41:09 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Lionhead Studios 2007-05-17 06:53:39 -------- d-----w C:\Program Files\EA GAMES 2007-04-30 07:50:10 -------- d-----w C:\Program Files\Common Files\Panda Software 2007-04-29 19:09:52 265 ----a-w C:\WINDOWS\mks.bat 2007-04-29 19:09:19 -------- d-----w C:\Program Files\Total Commander XP 2007-04-29 17:05:56 -------- d-----w C:\Program Files\Winamp 2007-04-29 10:23:42 -------- d-----w C:\Program Files\Common Files\ACD Systems 2007-04-28 07:41:19 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Gadu-Gadu 2007-04-28 07:10:00 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\FlashGet 2007-04-27 23:41:54 -------- d-----w C:\Program Files\DAEMON Tools 2007-04-27 23:41:52 -------- d-----w C:\Program Files\BitComet 2007-04-27 22:33:00 -------- d-----w C:\Program Files\Messenger 2007-04-27 08:05:17 -------- d-----w C:\Program Files\CDCheck 2007-04-26 17:04:52 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\temp 2007-04-25 18:51:59 -------- d-----w C:\Program Files\PowerISO 2007-04-25 18:51:58 -------- d-----w C:\Program Files\PSPad editor 2007-04-25 18:51:58 -------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-04-25 18:51:50 -------- d-----w C:\Program Files\Total Video Converter 2007-04-25 18:51:50 -------- d-----w C:\Program Files\ffdshow 2007-04-25 11:15:05 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-04-24 19:11:36 -------- d-----w C:\Program Files\FM Modifier 2.1 2007-04-23 12:10:04 -------- d-----w C:\Program Files\BFG 2007-04-18 16:29:32 -------- d-----w C:\Program Files\ReflexiveArcade 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 13:04:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-04-10 07:27:32 -------- d-----w C:\Program Files\Project64 v1.5 2007-04-09 13:17:17 -------- d-----w C:\Program Files\Opera 2007-04-04 17:00:58 -------- d-----w C:\Program Files\Crystal Player 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Skype 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Common Files\Skype 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-16 19:45:05 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-05-31 19:34] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6}=C:\WINDOWS\system32\lch.dll [] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {BB52494F-85A9-D378-D978-8AADDFB173C5}=C:\WINDOWS\system32\kqcbv.dll [] {bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2006-11-17 19:35] {CD3447D4-CA39-4377-8084-30E86331D74C}=C:\WINDOWS\system32\pixrwsmb.dll [] {D1159422-16E3-462F-A93D-FB718E100407}=C:\WINDOWS\system32\d4xofa.dll [] {f156768e-81ef-470c-9057-481ba8380dba}=C:\Program Files\FlashGet\getflash.dll [2007-05-31 19:34] {F3F47A26-2B71-4741-942B-085F8385F7D8}=C:\WINDOWS\system32\umrjjnnx.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe] “Cmaudio”=“cmicnfg.cpl” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-07-08 16:25] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 18:35] “NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-09-14 22:09] “Emurayden PSX Emulator”="" [] “ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 17:30] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 04:44] “LaunchList”=“n:\Program Files\Pinnacle\Studio 10\LaunchList.exe” [] “avast!”=“n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “QuickTime Task”=“C:\Program Files\QuickTime Alternative\qttask.exe” [2007-05-26 23:04] “Flashget”=“C:\Program Files\FlashGet\flashget.exe” [2007-05-31 19:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-04-03 20:04] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2006-10-31 15:32] “Arrs”=“C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” [] “Gadu-Gadu”=“E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “Zfmu”=“C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32] winrvc32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb] C:\WINDOWS\system32\wudb.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the ‘Scheduled Tasks’ folder 2007-06-04 13:40:13 C:\WINDOWS\tasks\XoftSpySE 2.job 2007-05-24 18:03:14 C:\WINDOWS\tasks\XoftSpySE.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-04 15:44:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-04 15:45:41 C:\ComboFix-quarantined-files.txt … 2007-06-04 15:45 C:\ComboFix2.txt … 2007-06-03 13:50 C:\ComboFix3.txt … 2007-06-02 20:35 — E O F —

HJT:

Logfile of HijackThis v1.99.1 Scan saved at 15:47:29, on 2007-06-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe n:\Program Files\Alwil Software\Avast4\aswUpdSv.exe n:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe N:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe n:\Program Files\Alwil Software\Avast4\ashMaiSv.exe n:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dzieci.WIN_XP\Pulpit\Radek\Bezpieczeństwo\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Lch - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - C:\WINDOWS\system32\lch.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {BB52494F-85A9-D378-D978-8AADDFB173C5} - C:\WINDOWS\system32\kqcbv.dll (file missing) O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\pixrwsmb.dll (file missing) O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - C:\WINDOWS\system32\d4xofa.dll (file missing) O2 - BHO: FlashGet GetFlash Class - {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: (no name) - {F3F47A26-2B71-4741-942B-085F8385F7D8} - C:\WINDOWS\system32\umrjjnnx.dll (file missing) O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: (no name) - {e0e899ab-f487-11d5-8d29-0050ba6940e3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [LaunchList] n:\Program Files\Pinnacle\Studio 10\LaunchList.exe O4 - HKLM…\Run: [avast!] n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime O4 - HKLM…\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Arrs] “C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” -vt yazb O4 - HKCU…\Run: [Gadu-Gadu] “E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Zfmu] “C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Add to AMV Converter… - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {d6e814a0-e0c5-11d4-8d29-0050ba6940e3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=WWW.WP.PL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 7647791593 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing) O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - n:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - n:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - n:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - n:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

Gutek · 4 Czerwiec 2007 14:20

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

Files to delete: C:\WINDOWS\system32\wudb.dll Registry keys to delete: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BB52494F-85A9-D378-D978-8AADDFB173C5} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CD3447D4-CA39-4377-8084-30E86331D74C} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D1159422-16E3-462F-A93D-FB718E100407} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F3F47A26-2B71-4741-942B-085F8385F7D8}

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po tym nowy log z HJT + Silent

Polishman · 4 Czerwiec 2007 16:14

Siakies bledy wyskoczyly przy The Avengerze. Dawac HJT czy trzeba bedzie z tym cos zrobic?

////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\agbupjqf ******************* Script file located at: ??\C:\Documents and Settings\tntamxfl.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\wudb.dll deleted successfully. Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ghntmpah ******************* Script file located at: ??\C:\Program Files\iuhqpfeq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\wudb.dll not found! Deletion of file C:\WINDOWS\system32\wudb.dll failed! Could not process line: C:\WINDOWS\system32\wudb.dll Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32 deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb deleted successfully. Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} deleted successfully. Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BB52494F-85A9-D378-D978-8AADDFB173C5} deleted successfully. Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CD3447D4-CA39-4377-8084-30E86331D74C} deleted successfully. Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D1159422-16E3-462F-A93D-FB718E100407} deleted successfully. Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F3F47A26-2B71-4741-942B-085F8385F7D8} deleted successfully. Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\jwmxoudy ******************* Script file located at: xbpsxsom Could not open script file! Error Could not open script file! Status: 0xc000003b Abort! ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\qvjlfufv ******************* Script file located at: ??\C:\WINDOWS\xmunkqyb.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\wudb.dll not found! Deletion of file C:\WINDOWS\system32\wudb.dll failed! Could not process line: C:\WINDOWS\system32\wudb.dll Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32 not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BB52494F-85A9-D378-D978-8AADDFB173C5} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BB52494F-85A9-D378-D978-8AADDFB173C5} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CD3447D4-CA39-4377-8084-30E86331D74C} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CD3447D4-CA39-4377-8084-30E86331D74C} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D1159422-16E3-462F-A93D-FB718E100407} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D1159422-16E3-462F-A93D-FB718E100407} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F3F47A26-2B71-4741-942B-085F8385F7D8} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F3F47A26-2B71-4741-942B-085F8385F7D8} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\vvhliuvt ******************* Script file located at: ??\C:\WINDOWS\system32\jnbfcshd.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\wudb.dll not found! Deletion of file C:\WINDOWS\system32\wudb.dll failed! Could not process line: C:\WINDOWS\system32\wudb.dll Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32 not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BB52494F-85A9-D378-D978-8AADDFB173C5} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BB52494F-85A9-D378-D978-8AADDFB173C5} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CD3447D4-CA39-4377-8084-30E86331D74C} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CD3447D4-CA39-4377-8084-30E86331D74C} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D1159422-16E3-462F-A93D-FB718E100407} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D1159422-16E3-462F-A93D-FB718E100407} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F3F47A26-2B71-4741-942B-085F8385F7D8} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F3F47A26-2B71-4741-942B-085F8385F7D8} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xvdqbfwn ******************* Script file located at: ??\C:\yprxodru.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32 not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BB52494F-85A9-D378-D978-8AADDFB173C5} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BB52494F-85A9-D378-D978-8AADDFB173C5} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CD3447D4-CA39-4377-8084-30E86331D74C} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CD3447D4-CA39-4377-8084-30E86331D74C} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D1159422-16E3-462F-A93D-FB718E100407} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D1159422-16E3-462F-A93D-FB718E100407} failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F3F47A26-2B71-4741-942B-085F8385F7D8} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F3F47A26-2B71-4741-942B-085F8385F7D8} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.

Gutek · 4 Czerwiec 2007 16:39

Daj nowy log z Combo

Polishman · 4 Czerwiec 2007 18:01

“Dzieci” - 2007-06-04 19:56:33 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “N:\Downloads\WM’06” ((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))))) 2007-06-04 18:12 2007-06-04 18:11 0 --a------ C:\backup.reg 2007-06-04 18:07 60,416 --a------ C:\WINDOWS\system32\drivers\d^higedq.sys 2007-06-02 20:35 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-02 20:29 2,580 --a------ C:\WINDOWS\system32\wabmircj.exe 2007-05-31 19:34 2007-05-27 09:23 2007-05-27 09:23 2007-05-27 09:06 2007-05-27 09:06 2007-05-27 08:58 2007-05-26 23:00 2007-05-26 22:58 2007-05-26 22:57 2007-05-25 22:00 2007-05-25 19:23 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-05-25 19:23 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-05-25 19:23 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-05-25 19:23 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-05-25 19:23 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-25 19:23 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-05-25 19:22 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-05-25 16:23 2007-05-25 15:42 2007-05-24 20:46 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-05-24 20:46 9,006 --a------ C:\clean.bat 2007-05-24 20:46 86,528 --a------ C:\WINDOWS\system32\catchme.exe 2007-05-24 20:46 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-05-20 20:25 2007-05-19 14:32 2007-05-19 08:51 134,260 --a------ C:\WINDOWS\system32\alt.exe 2007-05-16 15:02 2007-05-16 15:01 2007-05-10 20:10 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-02 18:27:33 85,392 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-02 18:27:33 472,692 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-27 17:42:55 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-27 17:28:19 -------- d-----w C:\Program Files\bfgtoolbar 2007-05-26 21:04:48 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-24 19:55:14 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Skype 2007-05-19 12:41:09 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Lionhead Studios 2007-05-17 06:53:39 -------- d-----w C:\Program Files\EA GAMES 2007-04-30 07:50:10 -------- d-----w C:\Program Files\Common Files\Panda Software 2007-04-29 19:09:52 265 ----a-w C:\WINDOWS\mks.bat 2007-04-29 19:09:19 -------- d-----w C:\Program Files\Total Commander XP 2007-04-29 17:05:56 -------- d-----w C:\Program Files\Winamp 2007-04-29 10:23:42 -------- d-----w C:\Program Files\Common Files\ACD Systems 2007-04-28 07:41:19 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Gadu-Gadu 2007-04-28 07:10:00 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\FlashGet 2007-04-27 23:41:54 -------- d-----w C:\Program Files\DAEMON Tools 2007-04-27 23:41:52 -------- d-----w C:\Program Files\BitComet 2007-04-27 22:33:00 -------- d-----w C:\Program Files\Messenger 2007-04-27 08:05:17 -------- d-----w C:\Program Files\CDCheck 2007-04-26 17:04:52 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\temp 2007-04-25 18:51:59 -------- d-----w C:\Program Files\PowerISO 2007-04-25 18:51:58 -------- d-----w C:\Program Files\PSPad editor 2007-04-25 18:51:58 -------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-04-25 18:51:50 -------- d-----w C:\Program Files\Total Video Converter 2007-04-25 18:51:50 -------- d-----w C:\Program Files\ffdshow 2007-04-25 11:15:05 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-04-24 19:11:36 -------- d-----w C:\Program Files\FM Modifier 2.1 2007-04-23 12:10:04 -------- d-----w C:\Program Files\BFG 2007-04-18 16:29:32 -------- d-----w C:\Program Files\ReflexiveArcade 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 13:04:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-04-10 07:27:32 -------- d-----w C:\Program Files\Project64 v1.5 2007-04-09 13:17:17 -------- d-----w C:\Program Files\Opera 2007-04-04 17:00:58 -------- d-----w C:\Program Files\Crystal Player 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Skype 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Common Files\Skype 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-16 19:45:05 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-05-31 19:34] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2006-11-17 19:35] {f156768e-81ef-470c-9057-481ba8380dba}=C:\Program Files\FlashGet\getflash.dll [2007-05-31 19:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe] “Cmaudio”=“cmicnfg.cpl” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-07-08 16:25] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 18:35] “NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-09-14 22:09] “Emurayden PSX Emulator”="" [] “ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 17:30] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 04:44] “LaunchList”=“n:\Program Files\Pinnacle\Studio 10\LaunchList.exe” [] “avast!”=“n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “QuickTime Task”=“C:\Program Files\QuickTime Alternative\qttask.exe” [2007-05-26 23:04] “Flashget”=“C:\Program Files\FlashGet\flashget.exe” [2007-05-31 19:34] “vdiwhojw”=“C:\jqknuxgo.bat” [] “gjqqjsgj”=“C:\iraqewiv.bat” [] “qspqcexm”=“C:\iynjnvja.bat” [] “agdvwico”=“C:\plwabjrf.bat” [] “jamcxlpe”=“C:\ntbsvtvw.bat” [] “xmhkvmbf”=“C:\namkkgst.bat” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-04-03 20:04] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2006-10-31 15:32] “Arrs”=“C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” [] “Gadu-Gadu”=“E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “Zfmu”=“C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” [] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the ‘Scheduled Tasks’ folder 2007-06-04 16:21:23 C:\WINDOWS\tasks\XoftSpySE 2.job 2007-05-24 18:03:14 C:\WINDOWS\tasks\XoftSpySE.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-04 19:59:59 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-04 20:01:05 C:\ComboFix-quarantined-files.txt … 2007-06-04 20:00 — E O F —

Złączono Posta : 04.06.2007 (Pon) 20:04

“Dzieci” - 2007-06-04 19:56:33 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “N:\Downloads\WM’06” ((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))))) 2007-06-04 18:12 2007-06-04 18:11 0 --a------ C:\backup.reg 2007-06-04 18:07 60,416 --a------ C:\WINDOWS\system32\drivers\d^higedq.sys 2007-06-02 20:35 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-02 20:29 2,580 --a------ C:\WINDOWS\system32\wabmircj.exe 2007-05-31 19:34 2007-05-27 09:23 2007-05-27 09:23 2007-05-27 09:06 2007-05-27 09:06 2007-05-27 08:58 2007-05-26 23:00 2007-05-26 22:58 2007-05-26 22:57 2007-05-25 22:00 2007-05-25 19:23 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-05-25 19:23 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-05-25 19:23 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-05-25 19:23 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-05-25 19:23 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-25 19:23 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-05-25 19:22 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-05-25 16:23 2007-05-25 15:42 2007-05-24 20:46 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-05-24 20:46 9,006 --a------ C:\clean.bat 2007-05-24 20:46 86,528 --a------ C:\WINDOWS\system32\catchme.exe 2007-05-24 20:46 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-05-20 20:25 2007-05-19 14:32 2007-05-19 08:51 134,260 --a------ C:\WINDOWS\system32\alt.exe 2007-05-16 15:02 2007-05-16 15:01 2007-05-10 20:10 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-02 18:27:33 85,392 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-02 18:27:33 472,692 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-27 17:42:55 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-27 17:28:19 -------- d-----w C:\Program Files\bfgtoolbar 2007-05-26 21:04:48 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-24 19:55:14 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Skype 2007-05-19 12:41:09 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Lionhead Studios 2007-05-17 06:53:39 -------- d-----w C:\Program Files\EA GAMES 2007-04-30 07:50:10 -------- d-----w C:\Program Files\Common Files\Panda Software 2007-04-29 19:09:52 265 ----a-w C:\WINDOWS\mks.bat 2007-04-29 19:09:19 -------- d-----w C:\Program Files\Total Commander XP 2007-04-29 17:05:56 -------- d-----w C:\Program Files\Winamp 2007-04-29 10:23:42 -------- d-----w C:\Program Files\Common Files\ACD Systems 2007-04-28 07:41:19 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\Gadu-Gadu 2007-04-28 07:10:00 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\FlashGet 2007-04-27 23:41:54 -------- d-----w C:\Program Files\DAEMON Tools 2007-04-27 23:41:52 -------- d-----w C:\Program Files\BitComet 2007-04-27 22:33:00 -------- d-----w C:\Program Files\Messenger 2007-04-27 08:05:17 -------- d-----w C:\Program Files\CDCheck 2007-04-26 17:04:52 -------- d-----w C:\DOCUME~1\DZIECI~1.WIN\DANEAP~1\temp 2007-04-25 18:51:59 -------- d-----w C:\Program Files\PowerISO 2007-04-25 18:51:58 -------- d-----w C:\Program Files\PSPad editor 2007-04-25 18:51:58 -------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-04-25 18:51:50 -------- d-----w C:\Program Files\Total Video Converter 2007-04-25 18:51:50 -------- d-----w C:\Program Files\ffdshow 2007-04-25 11:15:05 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-04-24 19:11:36 -------- d-----w C:\Program Files\FM Modifier 2.1 2007-04-23 12:10:04 -------- d-----w C:\Program Files\BFG 2007-04-18 16:29:32 -------- d-----w C:\Program Files\ReflexiveArcade 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 13:04:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-04-10 07:27:32 -------- d-----w C:\Program Files\Project64 v1.5 2007-04-09 13:17:17 -------- d-----w C:\Program Files\Opera 2007-04-04 17:00:58 -------- d-----w C:\Program Files\Crystal Player 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Skype 2007-04-04 10:52:30 -------- d-----w C:\Program Files\Common Files\Skype 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-16 19:45:05 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-05-31 19:34] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2006-11-17 19:35] {f156768e-81ef-470c-9057-481ba8380dba}=C:\Program Files\FlashGet\getflash.dll [2007-05-31 19:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe] “Cmaudio”=“cmicnfg.cpl” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-07-08 16:25] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 18:35] “NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-09-14 22:09] “Emurayden PSX Emulator”="" [] “ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 17:30] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 04:44] “LaunchList”=“n:\Program Files\Pinnacle\Studio 10\LaunchList.exe” [] “avast!”=“n:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “QuickTime Task”=“C:\Program Files\QuickTime Alternative\qttask.exe” [2007-05-26 23:04] “Flashget”=“C:\Program Files\FlashGet\flashget.exe” [2007-05-31 19:34] “vdiwhojw”=“C:\jqknuxgo.bat” [] “gjqqjsgj”=“C:\iraqewiv.bat” [] “qspqcexm”=“C:\iynjnvja.bat” [] “agdvwico”=“C:\plwabjrf.bat” [] “jamcxlpe”=“C:\ntbsvtvw.bat” [] “xmhkvmbf”=“C:\namkkgst.bat” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-04-03 20:04] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2006-10-31 15:32] “Arrs”=“C:\PROGRA~1\COMMON~1\PPPATC~1\regedit.exe” [] “Gadu-Gadu”=“E:\Iwona\Nowy folder\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “Zfmu”=“C:\Documents and Settings\Dzieci.WIN_XP\Moje dokumenty\s?curity\n?tdde.exe” [] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the ‘Scheduled Tasks’ folder 2007-06-04 16:21:23 C:\WINDOWS\tasks\XoftSpySE 2.job 2007-05-24 18:03:14 C:\WINDOWS\tasks\XoftSpySE.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-04 19:59:59 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-04 20:01:05 C:\ComboFix-quarantined-files.txt … 2007-06-04 20:00 — E O F —