Komunikat na pulcpicie WARNING Dangerous Spyware

fabokl · 7 Grudzień 2008 17:10

Witam,

Proszę o pomoc bo sobie namieszałem strasznie i obecnie mam na pulpicie komunikat jako tapetę której nie da się zmienić " WARNING Dangerous Spyware

There are many viruses found on your cmuter, such as Trojan Horses, PassCapture, etc. Please follow that think to more about your data safety and privacy. Thank"

Spy boot wyszukuje jakieś trojany których nie da się za pomocą spybota wykasować, avast non stop wyje ze znaleziono wirusa. POMÓŻCIE Proszę

Logfile of HijackThis v1.99.1 Scan saved at 18:08:58, on 2008-12-07 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe D:\Programy\itunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe D:\Programy\MIO\wcescomm.exe D:\Programy\MIO\rapimgr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\a\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.pl/ O2 - BHO: {31d2bf4b-ec3c-02d8-b234-2dc9bc7085e0} - {0e5807cb-9cd2-432b-8d20-c3ceb4fb2d13} - C:\WINDOWS\system32\icmzsm.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5F149F1D-B4EA-4929-A319-E7DD2F803AE9} - (no file) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtuRJba.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {AFAFAF37-DA66-40C2-9051-F3B3FC7AC415} - C:\WINDOWS\system32\pmnljgFV.dll O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [Onet.pl AutoUpdate] “C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM…\Run: [QuickTime Task] “D:\gry\QTTask.exe” -atboottime O4 - HKLM…\Run: [iTunesHelper] “D:\Programy\itunes\iTunesHelper.exe” O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [H/PC Connection Agent] “D:\Programy\MIO\wcescomm.exe” O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MIO\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MIO\INetRepl.dll O9 - Extra ‘Tools’ menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\MIO\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{BD99338A-B18E-405C-92FC-8436C1464B91}: NameServer = 83.238.255.76 213.241.79.37 O20 - AppInit_DLLs: icmzsm.dll O20 - Winlogon Notify: awtuRJba - C:\WINDOWS\SYSTEM32\awtuRJba.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Gutek · 7 Grudzień 2008 17:16

Daj log z ComboFix

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Stara wersja HJT

fabokl · 7 Grudzień 2008 17:54

Nie wiem czy mam wkleić tu czy na wklejto.pl

daję tu najwyżej dostanę po uszach

ComboFix 08-12-06.06 - a 2008-12-07 18:35:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.252 [GMT 1:00] Uruchomiony z: d:\potrzebne\ODWIRUS\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\icmzsm.dll c:\windows\system32\nllpxoru.ini c:\windows\system32\onvuxade.dll c:\windows\system32\pmnljgFV.dll c:\windows\system32\VFgjlnmp.ini c:\windows\system32\VFgjlnmp.ini2 . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-07 do 2008-12-07 ))))))))))))))))))))))))))))))) . 2008-12-05 01:55 . 2008-12-05 01:55 95 --a------ c:\windows\wininit.ini 2008-12-04 22:50 . 2008-12-04 22:50 4,785 --a------ c:\windows\system32\warning.gif 2008-12-04 22:50 . 2008-12-04 22:50 1,349 --a------ c:\windows\system32\ahtn.htm 2008-12-04 22:49 . 2008-12-04 23:10 2008-12-04 22:49 . 2008-12-04 22:49 2008-12-04 22:49 . 2008-12-04 23:02 2008-12-04 22:49 . 2008-12-04 22:49 2008-12-04 22:49 . 2008-12-04 22:49 152,904 --a------ c:\windows\system32\vghd.scr 2008-12-04 22:48 . 2008-12-04 22:48 34,816 --a------ c:\windows\system32\awtuRJba.dll 2008-12-04 22:48 . 2008-12-04 22:48 1 --a------ c:\windows\system32\test.ttt 2008-12-04 22:18 . 2008-12-04 22:18 2008-12-04 22:18 . 2008-05-28 15:17 1,934,696 --a------ c:\windows\system32\ltmm15.dll 2008-11-29 15:51 . 2008-11-29 15:51 118,784 --a------ c:\windows\system32\ac3acm.acm 2008-11-29 15:51 . 2008-11-29 15:51 98,304 --a------ c:\windows\system32\l3codecx.ax 2008-11-29 14:48 . 2008-11-29 14:48 2008-11-29 14:48 . 2008-11-29 14:49 2008-11-29 14:18 . 2008-11-29 14:19 2008-11-27 20:52 . 2008-11-27 20:52 25 --a------ c:\windows\cdplayer.ini 2008-11-27 20:51 . 2008-11-27 20:51 2008-11-27 01:24 . 2008-12-04 00:40 226 --a------ c:\windows\AWS.ini 2008-11-26 22:01 . 2008-11-26 22:01 2008-11-18 21:41 . 2008-11-18 21:40 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp 2008-11-18 21:41 . 2008-11-18 21:41 11,455 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat 2008-11-18 21:40 . 2008-11-18 21:39 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.bmp 2008-11-18 21:40 . 2008-11-18 21:40 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.bmp 2008-11-18 21:40 . 2008-11-18 21:40 2,990 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat 2008-11-18 21:40 . 2008-11-18 21:40 1,188 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat 2008-11-18 21:39 . 2008-11-18 21:39 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp 2008-11-18 21:39 . 2008-11-18 21:39 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp 2008-11-18 21:39 . 2008-11-18 21:39 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp 2008-11-18 21:39 . 2008-11-18 21:38 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp 2008-11-18 21:39 . 2008-11-18 21:39 3,135 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat 2008-11-18 21:39 . 2008-11-18 21:39 3,089 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat 2008-11-18 21:39 . 2008-11-18 21:39 3,047 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat 2008-11-18 21:39 . 2008-11-18 21:39 2,969 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat 2008-11-18 21:38 . 2008-11-18 21:38 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.bmp 2008-11-18 21:38 . 2008-11-18 21:38 2,825 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat 2008-11-18 21:30 . 2008-11-18 21:29 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.bmp 2008-11-18 21:30 . 2008-11-18 21:30 2,714 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat 2008-11-18 21:24 . 2008-11-18 21:24 2008-11-18 21:23 . 2008-11-18 21:24 2008-11-18 21:23 . 2008-11-18 21:40 4,044,152 --a------ c:\windows\system32\SpoonUninstall.exe 2008-11-18 21:23 . 2008-11-18 21:23 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp 2008-11-18 21:23 . 2008-11-18 21:23 13,767 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2008-11-13 08:20 . 2008-09-04 18:15 1,106,944 -----c— c:\windows\system32\dllcache\msxml3.dll 2008-11-13 08:20 . 2008-10-24 12:21 455,296 -----c— c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 21:08 . 2008-11-12 21:08 2008-11-12 19:50 . 2008-12-04 21:37 2008-11-12 19:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-11-12 19:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-11-12 19:48 . 2008-11-12 19:48 2008-11-12 19:47 . 2008-11-12 19:47 2008-11-12 19:47 . 2008-11-12 19:49 2008-11-12 19:47 . 2008-10-01 13:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2008-11-12 19:46 . 2008-11-29 14:48 2008-11-12 19:46 . 2008-11-12 19:46 2008-11-09 20:19 . 2008-11-09 20:19 271,360 --a------ c:\windows\system32\drivers\atksgt.sys 2008-11-09 20:19 . 2008-11-09 20:19 18,048 --a------ c:\windows\system32\drivers\lirsgt.sys 2008-11-09 20:16 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-05 00:58 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-04 22:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-04 21:48 --------- d-----w c:\program files\eMule 2008-12-04 21:18 --------- d–h--w c:\program files\InstallShield Installation Information 2008-11-27 19:51 --------- d-----w c:\program files\Common Files\Real 2008-11-27 19:50 --------- d-----w c:\program files\Real 2008-11-02 13:10 --------- d-----w c:\program files\EA GAMES 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-12 15:58 --------- d-----w c:\program files\Common Files\Onet.pl 2008-04-03 11:04 0 ----a-w c:\program files\temp01 2008-03-01 07:19 774,144 ----a-w c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] 2008-12-04 22:48 34816 --a------ c:\windows\system32\awtuRJba.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe” [2008-09-16 1833296] “MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232] “H/PC Connection Agent”=“d:\programy\MIO\wcescomm.exe” [2006-06-27 1211176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ehTray”=“c:\windows\ehome\ehtray.exe” [2005-08-05 64512] “NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2005-06-15 6803456] “NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2005-06-15 86016] “avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000] “SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784] “SpeedTouch USB Diagnostics”=“c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-08-06 877568] “NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648] “HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 49152] “AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-11-07 111936] “QuickTime Task”=“d:\gry\QTTask.exe” [2008-11-04 413696] “iTunesHelper”=“d:\programy\itunes\iTunesHelper.exe” [2008-11-20 290088] “SoundMan”=“SOUNDMAN.EXE” [2004-10-27 c:\windows\SOUNDMAN.EXE] “nwiz”=“nwiz.exe” [2005-06-15 c:\windows\system32\nwiz.exe] “Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2005-05-20 c:\windows\KHALMNPR.Exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-20 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}”= “c:\windows\system32\awtuRJba.dll” [2008-12-04 34816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuRJba] 2008-12-04 22:48 34816 c:\windows\system32\awtuRJba.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=icmzsm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.I420”= i263_32.drv “msacm.l3acm”= c:\windows\system32\l3codecp.acm “vidc.L263”= lcodc26x2.dll “vidc.LEAD”= LCODCCMP2.DLL [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “c:\Program Files\IncrediMail\bin\IMApp.exe”= “c:\Program Files\IncrediMail\bin\IncMail.exe”= “c:\Program Files\IncrediMail\bin\ImpCnt.exe”= “d:\Programy\Phone\Skype.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”= “c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”= “c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”= “c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”= “c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”= “c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”= “c:\Program Files\eMule\emule.exe”= “c:\Program Files\Gadu-Gadu\gg.exe”= “d:\Programy\FrostWire\FrostWire.exe”= “d:\programy\MIO\rapimgr.exe”= d:\programy\MIO\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager “d:\programy\MIO\wcescomm.exe”= d:\programy\MIO\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager “d:\programy\MIO\WCESMgr.exe”= d:\programy\MIO\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application “%windir%\Network Diagnostic\xpnetdiag.exe”= “c:\Program Files\Bonjour\mDNSResponder.exe”= “d:\Programy\itunes\iTunes.exe”= “c:\Program Files\uTorrent\uTorrent.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184] R1 BIOS;BIOS;??\c:\windows\system32\drivers\BIOS.sys [2008-01-27 13696] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560] . Zawartość folderu ‘Zaplanowane zadania’ 2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{0e5807cb-9cd2-432b-8d20-c3ceb4fb2d13} - c:\windows\system32\icmzsm.dll BHO-{5F149F1D-B4EA-4929-A319-E7DD2F803AE9} - (no file) BHO-{AFAFAF37-DA66-40C2-9051-F3B3FC7AC415} - c:\windows\system32\pmnljgFV.dll HKLM-Run-Onet.pl AutoUpdate - c:\program files\Common Files\Onet.pl\NewAutoUpdate.exe HKU-Default-Run-Nokia.PCSync - d:\programy\n6500\Nokia PC Suite 6\PcSync2.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.pl/ uInternet Connection Wizard,ShellNext = hxxp://google.pl/ uInternet Settings,ProxyOverride = *.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FireFox -: Profile - c:\documents and settings\a\Application Data\Mozilla\Firefox\Profiles\0f2zifgn.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.pl/ FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF -: plugin - d:\gry\Plugins\npqtplugin.dll FF -: plugin - d:\gry\Plugins\npqtplugin2.dll FF -: plugin - d:\gry\Plugins\npqtplugin3.dll FF -: plugin - d:\gry\Plugins\npqtplugin4.dll FF -: plugin - d:\gry\Plugins\npqtplugin5.dll FF -: plugin - d:\gry\Plugins\npqtplugin6.dll FF -: plugin - d:\gry\Plugins\npqtplugin7.dll FF -: plugin - d:\programy\itunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 18:41:56 Windows 5.1.2600 Service Pack 3 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(560) c:\windows\system32\awtuRJba.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\windows\system32\rundll32.exe c:\windows\ehome\ehmsas.exe d:\programy\MIO\rapimgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Czas ukończenia: 2008-12-07 18:46:20 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2008-12-07 17:46:10 Przed: 18 419 462 144 bytes free Po: 18,502,098,944 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Windows XP Media Center Edition” /noexecute=optin /fastdetect 247 — E O F — 2008-11-13 21:08:15

fabokl · 7 Grudzień 2008 18:06

tak mi się wydaje ze o to chodziło

http://wklejto.pl/17658

mati5555 · 7 Grudzień 2008 18:08

Na logach sie nie znam, ale pobierz to: http://www.programosy.pl/program,removeit.html mi to pomogło z takim samym syfem