Uruchamamiam komputer, włącza sie AVAST, znajduje wirusa (w system32), zaleca kwarantannne, ktora nic nie daje. Po chwili komputer się sam wyłącza. Załaczam loga i proszę o pomoc

Logfile of HijackThis v1.99.1

Scan saved at 20:08:57, on 2007-06-20

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Arek\Ustawienia lokalne\Temp\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p1

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: MainExplorer - {89731480-D47D-4DC4-8A36-BAAE55E094C5} - C:\WINDOWS\iexplore.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [AVPDWIN] "C:\Program Files\Panda Software\Panda Demo\pandasft.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170885988713

O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170885965970

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

to jest cos zlego:p

uzyj pockeet killbox. Zaznaczasz opcje Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz to:

C:\WINDOWS\System32\rpcc.dll

i naciskasz X czerwony. i restart kompa

to usun HijackThis chyba? niejestem pewien:p wiec poczekaj az ktos madry Ci napisze:)

poradzę Ci coś banalnego - przeskanduj kompa innym programem powinno pomóc.

Do usunięcia, a plik iexplore.dll usuń za pomocą Killbox.

Po wykonaniu w/w daj log z ComboFix.

zrobilem wszystko co radziliscie, ale niestety komp nadal sie wyłacza, nie wiem co robic, nawet zrestartowal sie po zeskanowaniu Combofixem , ktorego loga zamieszczam ponizej, please help :

quote

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Arek~tmp0374.exe

C:\Program Files\video access activex object

C:\WINDOWS\1.exe~

C:\WINDOWS\2020search.dll

C:\WINDOWS\764.exe

C:\WINDOWS\7search.dll

C:\WINDOWS\abc5019def.exe

C:\WINDOWS\alerter_snow.exe

C:\WINDOWS\bi.dll

C:\WINDOWS\bjam.dll

C:\WINDOWS\bokja.exe

C:\WINDOWS\cdsm32.dll

C:\WINDOWS\drv.sys

C:\WINDOWS\flt.dll

C:\WINDOWS\mspphe.dll

C:\WINDOWS\pbar.dll

C:\WINDOWS\saiemod.dll

C:\WINDOWS\services.dll

C:\WINDOWS\setup.exe

C:\WINDOWS\snownoit.exe

C:\WINDOWS\stcloader.exe

C:\WINDOWS\swin32.dll

C:\WINDOWS\system32.dll

C:\WINDOWS\system32{831E39AD-1C62-486A-BA39-29DEA8C8604C}.exe

C:\WINDOWS\system32\dlh9jkd1q2.exe

C:\WINDOWS\system32\dlh9jkd1q6.exe

C:\WINDOWS\system32\dlh9jkd1q7.exe

C:\WINDOWS\system32\dlh9jkd1q8.exe

C:\WINDOWS\system32\gtv_sd.bin

C:\WINDOWS\system32\kernel32.exe

C:\WINDOWS\system32\msixu.dll

C:\WINDOWS\system32\msxml3a.dll

C:\WINDOWS\system32\perfc000.dat

C:\WINDOWS\system32\satmat.exe

C:\WINDOWS\system32\susp.exe

C:\WINDOWS\system32\updatetc.exe

C:\WINDOWS\system32\v7.exe

C:\WINDOWS\system32\vxddsk.exe

C:\WINDOWS\system32\wer8274.dll

C:\WINDOWS\system32\wml.exe

C:\WINDOWS\system32\wmvds32.dll

C:\WINDOWS\voiceip.dll

((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))

2007-06-24 22:01 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-24 21:56

2007-06-24 21:52 53,248 --a------ C:\WINDOWS\system32\KemXML.dll

2007-06-24 21:52 51,712 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2007-06-24 21:52 23,808 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys

2007-06-24 21:52 22,272 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2007-06-24 21:52 155,648 --a------ C:\WINDOWS\system32\kemutb.dll

2007-06-24 21:52 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll

2007-06-24 21:52 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2007-06-24 21:51 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe

2007-06-24 21:51 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys

2007-06-24 21:51 55,808 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys

2007-06-24 21:51 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2007-06-24 21:51

2007-06-24 21:51

2007-06-22 00:58

2007-06-20 20:00 31,136 --a------ C:\WINDOWS\system32\0319642ld.exe

2007-06-20 19:57 31,136 --a------ C:\WINDOWS\system32\57484402ld.exe

2007-06-20 19:28 31,136 --a------ C:\WINDOWS\system32\28284662ld.exe

2007-06-20 19:24 31,136 --a------ C:\WINDOWS\system32\2429482ld.exe

2007-06-20 19:20 31,136 --a------ C:\WINDOWS\system32\20407052ld.exe

2007-06-20 19:16 31,136 --a------ C:\WINDOWS\system32\16334312ld.exe

2007-06-20 19:13 31,136 --a------ C:\WINDOWS\system32\1338422ld.exe

2007-06-20 19:11 59,104 --a------ C:\WINDOWS\system32\drivers\asc3550u.sys

2007-06-20 19:10 31,136 --a------ C:\WINDOWS\system32\1054592ld.exe

2007-06-20 17:45 31,136 --a------ C:\WINDOWS\system32\45287452ld.exe

2007-05-30 22:24

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 20:07:41 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-06-24 20:07:41 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-06-24 19:56:00 -------- d-----w C:\Program Files\PestPatrol

2007-06-24 19:51:29 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-06-20 15:45:30 59,104 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-10 20:32:55 -------- d-----w C:\Program Files\DC++

2007-05-18 20:30:56 -------- d-----w C:\Program Files\Winamp

2007-05-15 22:00:09 12 ----a-w C:\WINDOWS\system32\sl.bin

2007-05-10 16:04:26 10,129 ----a-w C:\WINDOWS\win32.exe

2007-05-09 14:50:26 4 ----a-w C:\WINDOWS\system32\stfv.bin

2007-05-09 14:37:46 -------- d-----w C:\Program Files\Hitman Pro

2007-05-09 14:07:55 30,464 ----a-w C:\WINDOWS\system32\Biprep.exe

2007-05-09 14:07:54 31,488 ----a-w C:\WINDOWS\system32\Bi.dll

2007-05-09 14:07:49 24,832 ----a-w C:\WINDOWS\system32\180ax.exe

2007-05-09 14:07:49 21,504 ----a-w C:\WINDOWS\system32\salm.exe

2007-05-09 14:07:40 17,408 ----a-w C:\WINDOWS\system32\tmrsrv32.exe

2007-05-09 14:07:35 81,926 ----a-w C:\WINDOWS\system32\msorcl32.exe

2007-05-08 23:19:54 2,841 ----a-w C:\WINDOWS\load.exe

2007-05-08 20:08:13 5,120 ----a-w C:\WINDOWS\system32\drivers\adildr.sys

2007-05-08 20:08:12 15,418 ----a-w C:\Program Files\unnvgojmz.exe

2007-05-08 20:04:45 1,460 ----a-w C:\WINDOWS\system32\wincrc32ie.dll

2007-05-08 20:03:16 40,448 ----a-w C:\WINDOWS\system32\htmlcukcu.dll

2007-05-08 16:23:05 -------- d-----w C:\Program Files\SpywareBlaster

2007-05-08 16:19:36 164 ----a-w C:\install.dat

2007-05-07 21:42:15 0 ----a-w C:\WINDOWS\system32\kgctini.dat

2007-05-07 21:41:52 52,767 ----a-w C:\WINDOWS\system32\csgoq.exe

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

2007-03-25 15:44:32 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-03-25 15:44:32 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 01:17]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PestPatrol Control Center”=“C:\PROGRA~1\PESTPA~1\PPControl.exe” [2004-11-15 11:49]

“CookiePatrol”=“C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [2005-01-10 09:35]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2005-07-11 18:14]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 19:28]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-03-12 21:24]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]

“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2006-03-28 17:38 C:\WINDOWS\KHALMNPR.Exe]

“@”="" []

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“Norton SystemWorks”=“C:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoBandCustomize”=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“System”=“csxue.exe”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mswsag.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

“C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

“C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

“C:\Program Files\D-Tools\daemon.exe” -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

“C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe” -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“C:\Program Files\Messenger\msmsgs.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

“C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]

v7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

unquote

Tak miało być.

Pobierz Windows Worms Doors Cleaner, ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Ściągnij The Avenger,

wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart. Po restarcie wchodzisz gdzie masz The Avenger wklejasz raport C:\avenger.txt

Zastosuj HaxFix, opcja 2. Run auto Fix , wszystko w linku. Wklej potem raport > C:\haxfix.txt

Po wszystkim nowy log z combofix.

Zastosowalem WWDC, ale niestety nie udalo mi sie zastosowac Avengera, poniewaz po wklejeniu oznaczonych elementow i kliknieciu na zielone swiatlo wyskoczyl komunikat :

Error: selected file does not appear to be a valid script

Error Code: 1813

Z kolei przy probie uzycia Hax Fixa (wszystko ciagle w trybie awaryjnym) komputer znowu sie sam wylaczyl!

zalaczam ponizej update loga combofixa i …hax fixa (jakims cudem powstal, ale nie mam pojecia jak):

((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))

2007-06-28 23:34 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe

2007-06-28 23:34 9,006 --a------ C:\clean.bat

2007-06-28 23:34 86,528 --a------ C:\WINDOWS\system32\catchme.exe

2007-06-28 23:34 53,248 --a------ C:\WINDOWS\system32\process.exe

2007-06-28 23:34 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2007-06-24 22:01 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-24 21:56

2007-06-24 21:52 53,248 --a------ C:\WINDOWS\system32\KemXML.dll

2007-06-24 21:52 51,712 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2007-06-24 21:52 23,808 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys

2007-06-24 21:52 22,272 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2007-06-24 21:52 155,648 --a------ C:\WINDOWS\system32\kemutb.dll

2007-06-24 21:52 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll

2007-06-24 21:52 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2007-06-24 21:51 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe

2007-06-24 21:51 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys

2007-06-24 21:51 55,808 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys

2007-06-24 21:51 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2007-06-24 21:51

2007-06-24 21:51

2007-06-22 00:58

2007-06-20 20:00 31,136 --a------ C:\WINDOWS\system32\0319642ld.exe

2007-06-20 19:57 31,136 --a------ C:\WINDOWS\system32\57484402ld.exe

2007-06-20 19:28 31,136 --a------ C:\WINDOWS\system32\28284662ld.exe

2007-06-20 19:24 31,136 --a------ C:\WINDOWS\system32\2429482ld.exe

2007-06-20 19:20 31,136 --a------ C:\WINDOWS\system32\20407052ld.exe

2007-06-20 19:16 31,136 --a------ C:\WINDOWS\system32\16334312ld.exe

2007-06-20 19:13 31,136 --a------ C:\WINDOWS\system32\1338422ld.exe

2007-06-20 19:11 59,104 --a------ C:\WINDOWS\system32\drivers\asc3550u.sys

2007-06-20 19:10 31,136 --a------ C:\WINDOWS\system32\1054592ld.exe

2007-06-20 17:45 31,136 --a------ C:\WINDOWS\system32\45287452ld.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 15:57:52 -------- d-----w C:\Program Files\Hitman Pro

2007-06-25 15:14:47 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-25 15:14:47 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-24 20:12:56 -------- d-----w C:\Program Files\PestPatrol

2007-06-24 20:07:41 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-06-24 20:07:41 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-06-24 19:51:29 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-06-20 15:45:30 59,104 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-10 20:32:55 -------- d-----w C:\Program Files\DC++

2007-05-18 20:30:56 -------- d-----w C:\Program Files\Winamp

2007-05-15 22:00:09 12 ----a-w C:\WINDOWS\system32\sl.bin

2007-05-10 16:04:26 10,129 ----a-w C:\WINDOWS\win32.exe

2007-05-09 14:50:26 4 ----a-w C:\WINDOWS\system32\stfv.bin

2007-05-09 14:07:55 30,464 ----a-w C:\WINDOWS\system32\Biprep.exe

2007-05-09 14:07:54 31,488 ----a-w C:\WINDOWS\system32\Bi.dll

2007-05-09 14:07:49 24,832 ----a-w C:\WINDOWS\system32\180ax.exe

2007-05-09 14:07:49 21,504 ----a-w C:\WINDOWS\system32\salm.exe

2007-05-09 14:07:40 17,408 ----a-w C:\WINDOWS\system32\tmrsrv32.exe

2007-05-09 14:07:35 81,926 ----a-w C:\WINDOWS\system32\msorcl32.exe

2007-05-08 23:19:54 2,841 ----a-w C:\WINDOWS\load.exe

2007-05-08 20:08:12 15,418 ----a-w C:\Program Files\unnvgojmz.exe

2007-05-08 20:04:45 1,460 ----a-w C:\WINDOWS\system32\wincrc32ie.dll

2007-05-08 20:03:16 40,448 ----a-w C:\WINDOWS\system32\htmlcukcu.dll

2007-05-08 16:19:36 164 ----a-w C:\install.dat

2007-05-07 21:42:15 0 ----a-w C:\WINDOWS\system32\kgctini.dat

2007-05-07 21:41:52 52,767 ----a-w C:\WINDOWS\system32\csgoq.exe

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 01:17]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PestPatrol Control Center”=“C:\PROGRA~1\PESTPA~1\PPControl.exe” [2004-11-15 11:49]

“CookiePatrol”=“C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [2005-01-10 09:35]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2005-07-11 18:14]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 19:28]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-03-12 21:24]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]

“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2006-03-28 17:38 C:\WINDOWS\KHALMNPR.Exe]

“@”="" []

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“Norton SystemWorks”=“C:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoBandCustomize”=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“System”=“csxue.exe”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mswsag.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

“C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

“C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

“C:\Program Files\D-Tools\daemon.exe” -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

“C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe” -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“C:\Program Files\Messenger\msmsgs.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

“C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]

v7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-12 12:56:47

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

C:\WINDOWS\system32\nmk4.dat

C:\WINDOWS\system32\mswsag.sys

C:\WINDOWS\system32\qo.dll

C:\WINDOWS\system32\qo.sys

C:\WINDOWS\system32\wsmsag.sys

scan completed successfully

hidden files: 5

**************************************************************************

Completion time: 2007-07-12 12:57:39

C:\ComboFix-quarantined-files.txt … 2007-07-12 12:57

— E O F —

< unquote>

— Checking for Haxdoor —

checking for a3d files

a3d files not found

checking for matching notify keys

no matching notify keys found

checking for matching services

matching services found

wsmsag

mswsag

checking for matching safeboot services

matching safeboot services found

mswsag.sys

checking for other Haxdoor-files

no other Haxdoor-files found

— Checking for Goldun —

checking for SSODL keys

no ssodl keys found

checking for notify keys

no notify keys found

checking for services

no services found

checking for other Goldun-files

no other Goldun-files found

checking iexplore.exe

iexplore.exe is not infected

pliz help

To tak zrób Pobierz program SDFix

zrobilem co trzeba SDfixem i AVG Anti-Spyware i po wszystkim znowu sie komp wylaczyl, ale kolejna proba byla ku mojemu zaskoczeniu udana, bo komp nie padł ale za to nie moze polaczyc sie z netem, co mam teraz zrobic?

zalaczam raporty

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting…

Normal Mode:

Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\1E9.tmp - Deleted

C:\WINDOWS\system32\1EE.tmp - Deleted

C:\WINDOWS\system32\drivers\asc3550u.sys - Deleted

C:\WINDOWS\win32.exe - Deleted

Removing Temp Files…

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

---

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:

---

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINDOWS\BIT2C4.tmp

C:\WINDOWS\BIT2C5.tmp

C:\WINDOWS\BIT2C9.tmp

C:\WINDOWS\BIT2CC.tmp

C:\WINDOWS\BIT2CD.tmp

C:\WINDOWS\BIT2D0.tmp

C:\WINDOWS\BIT2D1.tmp

C:\WINDOWS\LastGood.Tmp\INF\oem15.inf

C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF

Finished

a teraz AVG:

AVG Anti-Spyware - Scan Report

---

• Created at: 18:22:23 2007-07-13

• Scan result:

C:\WINDOWS\system32\cd_htm.dll_tobedeleted -> Adware.Cydoor : Ignored.

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Ignored.

HKU.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.

HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.

HKU\S-1-5-21-1801674531-1343024091-1602759347-1003\Software\Microsoft\Active Setup\Installed Components{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Ignored.

HKU\S-1-5-21-1801674531-1343024091-1602759347-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.

C:\WINDOWS\Downloaded Program Files\pinstall.dll -> Adware.LookMe : Ignored.

C:\Program Files\PestPatrol\Quarantine\20050528090453.zip/WINDOWS/system32/70tovmto.ini -> Adware.Sahat : Ignored.

C:\WINDOWS\system32\csgoq.exe -> Downloader.Agent.uj : Ignored.

C:\eied_s7.cab/eied_s7_c_200.exe -> Downloader.Mediket.bk : Ignored.

C:\WINDOWS\system32~.exe~ -> Downloader.Small.cxx : Ignored.

C:\autoexec.exe~ -> Downloader.Small.cxx : Ignored.

C:\Program Files\PestPatrol\Quarantine\20070508225014.zip/WINDOWS/win32.exe -> Downloader.Tibs.kv : Ignored.

C:\SDFix\backups\backups.zip/backups/win32.exe -> Downloader.Tibs.kv : Ignored.

C:\WINDOWS\win32.exe~ -> Downloader.Tibs.kv : Ignored.

C:\WINDOWS\system32\tmrsrv32.exe -> Downloader.VB.avl : Ignored.

C:\WINDOWS\abc5019def.exe~ -> Hijacker.Agent.jc : Ignored.

C:\WINDOWS\system32\v7.exe~ -> Hijacker.Agent.jc : Ignored.

C:\WINDOWS\BIT2C9.tmp -> Logger.Goldun.pf : Ignored.

C:\WINDOWS\BIT2CC.tmp -> Logger.Goldun.pf : Ignored.

C:\WINDOWS\BIT2CD.tmp -> Logger.Goldun.pf : Ignored.

C:\WINDOWS\system32\htmlcukcu.dll -> Logger.Goldun.pf : Ignored.

C:\WINDOWS\system32\msorcl32.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Ignored.

C:\QooBox\Quarantine\C\WINDOWS\drv.sys.vir -> Not-A-Virus.Hoax.Win32.Renos.hr : Ignored.

C:\WINDOWS\system32\drivers\adildr.sys -> Not-A-Virus.Hoax.Win32.Renos.hr : Ignored.

C:\WINDOWS\load.exe -> Rootkit.Vanti : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@ad.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@gde.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@lvgde.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@my.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@connextra[1].txt -> TrackingCookie.Connextra : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@hit.gemius[1].txt -> TrackingCookie.Gemius : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@real[1].txt -> TrackingCookie.Real : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.

C:\Documents and Settings\Arek\Cookies\arek@toplist[1].txt -> TrackingCookie.Toplist : Ignored.

C:\Program Files\PestPatrol\Quarantine\20070508225014.zip/WINDOWS/system32/chkdisk.exe -> Trojan.Agent.aff : Ignored.

C:\WINDOWS\snownoit.exe~ -> Trojan.LdPinch.bta : Ignored.

E:\Instalki\Ochrona\WinXP ServicePack 1 PL\CD-Key Change.zip/XP CD Key Generator.exe -> Trojan.Small.edz : Ignored.

C:\WINDOWS\system32\dmpgj.exe -> Trojan.Small.fb : Ignored.

C:\QooBox\Quarantine\C\WINDOWS\system32\dlh9jkd1q2.exe.vir -> Trojan.Tibs.x : Ignored.

C:\QooBox\Quarantine\C\WINDOWS\system32\dlh9jkd1q6.exe.vir -> Trojan.Tibs.x : Ignored.

C:\QooBox\Quarantine\C\WINDOWS\system32\dlh9jkd1q7.exe.vir -> Trojan.Tibs.x : Ignored.

::Report end

Pliz help !

Nowy log z Combofix. Usuń folder C:\QooBox oraz pliki

dzieki, sprobuje, przy okazji ciekawostka - wczoraj przy kilku probach odpalenia komp pare razy sie wylaczyl ( odnioslem wrazenie, ze wlasnie podczas proby nawiazania polaczenia z internetem, po kilknieciu przeze mnie na ikonke IE), a kilka razy sie nie wylaczyl ale za to nie mogl sie polaczyc z netem, czyli i tak zle i tak niedobrze,ale cos sie przynajmniej dzieje

zobaczymy co bedzie sie dzialo dalej

Skan - http://pl.trendmicro-europe.com/consume … launch.php + log z Combofix

pousuwalem pliki, ale zeskanowac niestety nie moge tym programem, bo tak jak wczesniej pisalem nie udaje mi sie polaczyc sie z netem po kliknieciu na IE (wtedy albo od razu wylacza mi kompa albo wyskakuje komunikat, ze nie moze otworzyc strony), chociaz polaczenie mam fizycznie otwarte, bo sprawdzilem to w panelu sterowania

ponizej zalaczam nowego loga z Combofixa:

((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))

2007-07-15 22:37 59,104 --a------ C:\WINDOWS\system32\drivers\asc3550u.sys

2007-07-13 16:53

2007-07-13 16:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-28 23:34 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe

2007-06-28 23:34 9,006 --a------ C:\clean.bat

2007-06-28 23:34 86,528 --a------ C:\WINDOWS\system32\catchme.exe

2007-06-28 23:34 53,248 --a------ C:\WINDOWS\system32\process.exe

2007-06-28 23:34 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2007-06-24 22:01 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-24 21:56

2007-06-24 21:52 53,248 --a------ C:\WINDOWS\system32\KemXML.dll

2007-06-24 21:52 51,712 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2007-06-24 21:52 23,808 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys

2007-06-24 21:52 22,272 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2007-06-24 21:52 155,648 --a------ C:\WINDOWS\system32\kemutb.dll

2007-06-24 21:52 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll

2007-06-24 21:52 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2007-06-24 21:51 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe

2007-06-24 21:51 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys

2007-06-24 21:51 55,808 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys

2007-06-24 21:51 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2007-06-24 21:51

2007-06-24 21:51

2007-06-22 00:58

2007-06-20 20:00 31,136 --a------ C:\WINDOWS\system32\0319642ld.exe

2007-06-20 19:57 31,136 --a------ C:\WINDOWS\system32\57484402ld.exe

2007-06-20 19:28 31,136 --a------ C:\WINDOWS\system32\28284662ld.exe

2007-06-20 19:24 31,136 --a------ C:\WINDOWS\system32\2429482ld.exe

2007-06-20 19:20 31,136 --a------ C:\WINDOWS\system32\20407052ld.exe

2007-06-20 19:16 31,136 --a------ C:\WINDOWS\system32\16334312ld.exe

2007-06-20 19:13 31,136 --a------ C:\WINDOWS\system32\1338422ld.exe

2007-06-20 19:10 31,136 --a------ C:\WINDOWS\system32\1054592ld.exe

2007-06-20 17:45 31,136 --a------ C:\WINDOWS\system32\45287452ld.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 18:58:34 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-07-16 18:58:34 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-07-16 18:35:15 -------- d-----w C:\Program Files\PestPatrol

2007-07-15 20:38:16 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-07-15 20:38:16 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-25 15:57:52 -------- d-----w C:\Program Files\Hitman Pro

2007-06-24 19:51:29 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-06-20 15:45:30 59,104 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-10 20:32:55 -------- d-----w C:\Program Files\DC++

2007-05-18 20:30:56 -------- d-----w C:\Program Files\Winamp

2007-05-15 22:00:09 12 ----a-w C:\WINDOWS\system32\sl.bin

2007-05-09 14:50:26 4 ----a-w C:\WINDOWS\system32\stfv.bin

2007-05-09 14:07:55 30,464 ----a-w C:\WINDOWS\system32\Biprep.exe

2007-05-09 14:07:54 31,488 ----a-w C:\WINDOWS\system32\Bi.dll

2007-05-09 14:07:49 24,832 ----a-w C:\WINDOWS\system32\180ax.exe

2007-05-09 14:07:49 21,504 ----a-w C:\WINDOWS\system32\salm.exe

2007-05-08 20:08:12 15,418 ----a-w C:\Program Files\unnvgojmz.exe

2007-05-08 20:04:45 1,460 ----a-w C:\WINDOWS\system32\wincrc32ie.dll

2007-05-08 16:19:36 164 ----a-w C:\install.dat

2007-05-07 21:42:15 0 ----a-w C:\WINDOWS\system32\kgctini.dat

2007-05-07 21:41:52 52,767 ----a-w C:\WINDOWS\system32\csgoq.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 01:17]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PestPatrol Control Center”=“C:\PROGRA~1\PESTPA~1\PPControl.exe” [2004-11-15 11:49]

“CookiePatrol”=“C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [2005-01-10 09:35]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2005-07-11 18:14]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 19:28]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“Norton SystemWorks”=“C:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoBandCustomize”=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

“{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“System”=“csxue.exe”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mswsag.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware]

“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

“C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

“C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

“C:\Program Files\D-Tools\daemon.exe” -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

“C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe” -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“C:\Program Files\Messenger\msmsgs.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

“C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]

C:\SDFix\RunThis.bat /second

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]

v7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-17 17:36:03

Windows 5.1.2600 NTFS

scanning hidden processes …

cmd.exe [1912]

scanning hidden autostart entries …

scanning hidden files …

C:\WINDOWS\system32\nmk4.dat

C:\WINDOWS\system32\mswsag.sys

C:\WINDOWS\system32\qo.dll

C:\WINDOWS\system32\qo.sys

C:\WINDOWS\system32\wsmsag.sys

scan completed successfully

hidden files: 5

**************************************************************************

Completion time: 2007-07-17 17:36:28

C:\ComboFix-quarantined-files.txt … 2007-07-12 12:57

C:\ComboFix2.txt … 2007-07-12 12:57

— E O F —

pliz help!

Pobierz OTMoveIt Do pola Paste List of Files/Folders to be Moved wklej ścieżki:

Następnie wciśnij przycisk MoveIt!

Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes.

Po restarcie usuń ręcznie folder C:\ _OTMoveIt (Prawoklik >>> Usuń >>> Opróżnij Kosz).

Pobierz program SDFix i zrób to co wyżej po tym Pobierz Gmer

1. Rootkit=>szukaj=>bez zaznaczania pokaż wszystko=> Ctrl + V do posta wklej

2. Rootkit => zaznaczone tylko Pokazuj wszystko + Usługi => Szukaj => Kopiuj => Ctrl + V do posta wklej

usunalem za pomoca OTMoveIt, potem SDFix, a nastepnie uzylem Gmera, oto posty:

1. nie wykryl zadnych zmian w systemie

GMER 1.0.13.12551 - http://www.gmer.net

Rootkit scan 2007-07-18 19:14:01

Windows 5.1.2600

---- Services - GMER 1.0.13 ----

Service .NET CLR Data

Service .NET CLR Networking

Service .NETFramework

Service C:\WINDOWS\services.exe [DISABLED] A-Load

Service [sYSTEM] Aavmker4

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI

Service [DISABLED] ACPIEC

Service System32\Drivers\adildr.sys [AUTO] ADILOADER

Service System32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw

Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service [AUTO] asc3550u

Service ASP.NET

Service ASP.NET_1.1.4322

Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state

Service [AUTO] aswMon2

Service [MANUAL] aswRdr

Service [sYSTEM] aswTdi

Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv

Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub

Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus

Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner

Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [sYSTEM] AVG Anti-Spyware Driver

Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard

Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln

Service BattC

Service [sYSTEM] Beep

Service C:\WINDOWS\System32\svchost.exe [AUTO] BITS

Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser

Service [DISABLED] cbidf2k

Service [DISABLED] cd20xrnt

Service [sYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom

Service [sYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc

Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv

Service [DISABLED] CmdIde

Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service C:\WINDOWS\System32\drivers\ctac32k.sys [MANUAL] ctac32k

Service C:\WINDOWS\system32\drivers\ctaud2k.sys [MANUAL] ctaud2k

Service C:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk

Service ctlntsvc

Service C:\WINDOWS\System32\drivers\ctprxy2k.sys [MANUAL] ctprxy2k

Service C:\WINDOWS\System32\drivers\ctsfm2k.sys [MANUAL] ctsfm2k

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload

Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\system32\drivers\emu10k1m.sys [MANUAL] emu10k

Service C:\WINDOWS\system32\drivers\ctlfacem.sys [MANUAL] emu10k1

Service C:\WINDOWS\System32\drivers\emupia2k.sys [MANUAL] emupia

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc

Service [sYSTEM] Fips

Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk

Service [sYSTEM] Fs_Rec

Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk

Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service System32\DRIVERS\GT680x.SYS [MANUAL] GT680x

Service C:\WINDOWS\system32\drivers\ha10kx2k.sys [MANUAL] ha10kx2k

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb

Service C:\WINDOWS\System32\drivers\HPFECP16.SYS [AUTO] HPFECP16

Service [DISABLED] hpn

Service [DISABLED] hpt3xx

Service [sYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt

Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT

Service [sYSTEM] Imapi

Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service [DISABLED] IntelIde

Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec

Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp

Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [bOOT] KSecDD

Service C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys [MANUAL] L8042Kbd

Service C:\WINDOWS\System32\DRIVERS\L8042mou.Sys [MANUAL] L8042mou

Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation

Service [sYSTEM] lbrtfdc

Service ldap

Service LHidKe

Service LicenseService

Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts

Service C:\WINDOWS\System32\DRIVERS\LMouKE.Sys [MANUAL] LMouKE

Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger

Service [sYSTEM] mnmdd

Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass

Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid

Service [bOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb

Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC

Service [sYSTEM] Msfs

Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\System32\mswsag.sys [sYSTEM] mswsag

Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401

Service [bOOT] Mup

Service [bOOT] NDIS

Service C:\WINDOWS\System32\DRIVERS\NetMotCM.sys [MANUAL] ndiscm

Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio

Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS

Service C:\WINDOWS\System32\DRIVERS\netbt.sys [DISABLED] NetBT

Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE

Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm

Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla

Service [sYSTEM] Npfs

Service [DISABLED] Ntfs

Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [sYSTEM] Null

Service NULLPROTO

Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv

Service nv4

Service C:\WINDOWS\System32\nvsvc32.exe [AUTO] NVSvc

Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose

Service C:\WINDOWS\system32\drivers\ctoss2k.sys [MANUAL] ossrv

Service Outlook

Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport

Service [bOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\System32\DRIVERS\PavProc.sys [AUTO] PavProc

Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI

Service [sYSTEM] PCIDump

Service [DISABLED] PCIIde

Service [DISABLED] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd

Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD

Service RDPDD

Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook

Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry

Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\Program [AUTO] SansaService

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial

Service [sYSTEM] Sfloppy

Service C:\WINDOWS\system32\drivers\sfmanm.sys [MANUAL] sfman

Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr

Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV

Service C:\WINDOWS\System32\DRIVERS\st3tgbus.sys [MANUAL] st3tgbus

Service C:\WINDOWS\System32\DRIVERS\st3tiger.sys [MANUAL] st3tiger

Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc

Service [MANUAL] svcWRSSSDK

Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr

Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service C:\WINDOWS\System32\DRIVERS\Sacm2A.sys [MANUAL] USBCM

Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan

Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci

Service VFILT

Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave

Service C:\WINDOWS\System32\DRIVERS\viaagp.sys [bOOT] viaagp

Service C:\WINDOWS\System32\DRIVERS\viaagp1.sys [bOOT] viaagp1

Service C:\WINDOWS\System32\DRIVERS\viaidexp.sys [bOOT] ViaIde

Service [bOOT] VolSnap

Service C:\WINDOWS\System32\vsdatant.sys [sYSTEM] vsdatant

Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe [AUTO] vsmon

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service VXD

Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time

Service W3SVC

Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi

Service WmiApRpl

Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL

Service C:\WINDOWS\System32\mswsaf.sys [AUTO] wsmsag

Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service {0BD767F7-DB39-4C4D-B31E-59EEE9773F97}

Service {56F2FE94-0C95-4358-B4F2-B0D3201C11A9}

---- EOF - GMER 1.0.13 ----

ponizej zamieszczam tez ostatni log z Combofixa:

((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))

2007-07-18 18:51 59,104 --a------ C:\WINDOWS\system32\drivers\asc3550u.sys

2007-07-13 16:53

2007-07-13 16:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-28 23:34 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe

2007-06-28 23:34 9,006 --a------ C:\clean.bat

2007-06-28 23:34 86,528 --a------ C:\WINDOWS\system32\catchme.exe

2007-06-28 23:34 53,248 --a------ C:\WINDOWS\system32\process.exe

2007-06-28 23:34 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2007-06-24 22:01 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-24 21:56

2007-06-24 21:52 53,248 --a------ C:\WINDOWS\system32\KemXML.dll

2007-06-24 21:52 51,712 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2007-06-24 21:52 23,808 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys

2007-06-24 21:52 22,272 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2007-06-24 21:52 155,648 --a------ C:\WINDOWS\system32\kemutb.dll

2007-06-24 21:52 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll

2007-06-24 21:52 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2007-06-24 21:51 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe

2007-06-24 21:51 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys

2007-06-24 21:51 55,808 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys

2007-06-24 21:51 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2007-06-24 21:51

2007-06-24 21:51

2007-06-22 00:58

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 16:47:26 -------- d-----w C:\Program Files\PestPatrol

2007-07-15 20:38:16 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-07-15 20:38:16 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-25 15:57:52 -------- d-----w C:\Program Files\Hitman Pro

2007-06-24 19:51:29 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-06-20 15:45:30 59,104 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-10 20:32:55 -------- d-----w C:\Program Files\DC++

2007-05-18 20:30:56 -------- d-----w C:\Program Files\Winamp

2007-05-15 22:00:09 12 ----a-w C:\WINDOWS\system32\sl.bin

2007-05-08 16:19:36 164 ----a-w C:\install.dat

2007-05-07 21:42:15 0 ----a-w C:\WINDOWS\system32\kgctini.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 01:17]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PestPatrol Control Center”=“C:\PROGRA~1\PESTPA~1\PPControl.exe” [2004-11-15 11:49]

“CookiePatrol”=“C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [2005-01-10 09:35]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2005-07-11 18:14]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 19:28]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“Norton SystemWorks”=“C:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoBandCustomize”=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

“{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“System”=“csxue.exe”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mswsag.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware]

“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

“C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

“C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

“C:\Program Files\D-Tools\daemon.exe” -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

“C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe” -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“C:\Program Files\Messenger\msmsgs.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

“C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]

C:\SDFix\RunThis.bat /second

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]

v7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-18 18:57:54

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

C:\WINDOWS\system32\nmk4.dat

C:\WINDOWS\system32\mswsag.sys

C:\WINDOWS\system32\qo.dll

C:\WINDOWS\system32\qo.sys

C:\WINDOWS\system32\wsmsag.sys

scan completed successfully

hidden files: 5

**************************************************************************

Completion time: 2007-07-18 18:58:42

C:\ComboFix-quarantined-files.txt … 2007-07-12 12:57

C:\ComboFix2.txt … 2007-07-17 17:36

C:\ComboFix3.txt … 2007-07-12 12:57

— E O F —

Co ciekawe 5 hidden files :

C:\WINDOWS\system32\nmk4.dat

C:\WINDOWS\system32\mswsag.sys

C:\WINDOWS\system32\qo.dll

C:\WINDOWS\system32\qo.sys

C:\WINDOWS\system32\wsmsag.sys

nie mogl usunac OTMOveIt bo… ich nie znalazl.

Niestety w dalszym ciagu nie wyswietla mi zadnej strony z netu lub tez komp sie wylacza jak klikam na IE (tzn. znika obraz na monitorze i musze resetowac kompa, bo wlasciwie w ten sposob to sie zawsze odbywa )

Pliz help!

Pobierz tego ComboFix i daj log z niego masz:

masz Rootkita, ale najpierw automat

zgodnie z zaleceniem - ponizej log z Combo fixa:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\drivers\asc3550u.sys

C:\WINDOWS\system32\sl.bin

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ASC3550U

-------\asc3550u

((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))

2007-07-18 23:31 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-07-18 23:31 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-07-13 16:53

2007-07-13 16:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-28 23:34 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe

2007-06-28 23:34 9,006 --a------ C:\clean.bat

2007-06-28 23:34 86,528 --a------ C:\WINDOWS\system32\catchme.exe

2007-06-28 23:34 53,248 --a------ C:\WINDOWS\system32\process.exe

2007-06-28 23:34 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2007-06-24 22:01 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-06-24 21:56

2007-06-24 21:52 53,248 --a------ C:\WINDOWS\system32\KemXML.dll

2007-06-24 21:52 51,712 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2007-06-24 21:52 23,808 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys

2007-06-24 21:52 22,272 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2007-06-24 21:52 155,648 --a------ C:\WINDOWS\system32\kemutb.dll

2007-06-24 21:52 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll

2007-06-24 21:52 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2007-06-24 21:51 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe

2007-06-24 21:51 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys

2007-06-24 21:51 55,808 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys

2007-06-24 21:51 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2007-06-24 21:51

2007-06-24 21:51

2007-06-22 00:58

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 21:04:44 -------- d-----w C:\Program Files\PestPatrol

2007-07-15 20:38:16 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-07-15 20:38:16 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-25 15:57:52 -------- d-----w C:\Program Files\Hitman Pro

2007-06-24 19:51:29 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-06-20 15:45:30 59,104 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-10 20:32:55 -------- d-----w C:\Program Files\DC++

2007-05-08 16:19:36 164 ----a-w C:\install.dat

2007-05-07 21:42:15 0 ----a-w C:\WINDOWS\system32\kgctini.dat

2002-06-04 07:59:58 204,800 ----a-w C:\Program Files\Restoration.exe

2002-06-04 07:53:46 8,127 ----a-w C:\Program Files\README.txt

2002-03-31 03:35:56 6,144 ----a-w C:\Program Files\DLL16.DLL

2002-03-21 08:20:38 204,849 ----a-w C:\Program Files\DLL32.DLL

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-04 01:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PestPatrol Control Center”=“C:\PROGRA~1\PESTPA~1\PPControl.exe” [2004-11-15 11:49]

“CookiePatrol”=“C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [2005-01-10 09:35]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2005-07-11 18:14]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 19:28]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“Norton SystemWorks”=“C:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoBandCustomize”=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

“{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“System”=“csxue.exe”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mswsag.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware]

“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

“C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

“C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

“C:\Program Files\D-Tools\daemon.exe” -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

“C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe” -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“C:\Program Files\Messenger\msmsgs.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

“C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]

C:\SDFix\RunThis.bat /second

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]

v7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}

rundll32 iesetup.dll,IEAccessUserInst

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}

C:\WINDOWS\system32\tmrsrv32.exe

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-21 11:44:25

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

C:\WINDOWS\system32\nmk4.dat

C:\WINDOWS\system32\mswsag.sys

C:\WINDOWS\system32\qo.dll

C:\WINDOWS\system32\qo.sys

C:\WINDOWS\system32\qosname.dll

C:\WINDOWS\system32\wsmsag.sys

scan completed successfully

hidden files: 6

**************************************************************************

Completion time: 2007-07-21 11:45:17 - machine was rebooted

C:\ComboFix-quarantined-files.txt … 2007-07-21 11:45

C:\ComboFix2.txt … 2007-07-18 18:58

C:\ComboFix3.txt … 2007-07-17 17:36

— E O F —

co teraz?

pliz hep!

Do notatnika wklej:

Plik > zapisz jako > ComboFix-Do.txt tam gdzie masz ikonę ComboFixa.

Następnie przeciągnij i upuść ten plik na ikonę Combofixa, jak poniżej.

Jak nie Twoje to przeskanuj na http://www.virustotal.com/vt/ i wklej raport po skanowaniu.

Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350

Po tym nowy log z combofix.

Oraz 2 logi z gmera:

1. Rootkit bez zaznaczania pokaż wszystko szukaj

2. Rootkit zaznaczone tylko Pokazuj wszystko + Usługi szukaj

Wrzuć na http://www.wklej.org/ i daj link.

wiec zrobilem tak:

• przeciagnalem plik na ikone Combofixa

• niestety nie przeskanowalem na virustotal.com, poniewaz nie mam polaczenia z netem nawet w trybie awaryjnym (to jest przeciez moj glowny problem, ktory probujemy rozwiazac)

• zainstalowalem jv16 power tools , ale ma on tyle opcji, ze nie za bardzo wiem jak sie nim prawidlowo posluzyc

• wreszcie zastosowalem znowu gmera:

1. nie wykryl zadnych zmian w systemie

2. zalaczam loga : http://wklej.org/dl/1ebd48c7cf

Ponizej zamieszczam tez nowego loga z Combofixa:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\drivers\asc3550u.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ASC3550U

-------\asc3550u

((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))

2007-07-23 21:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2007-07-23 21:44

2007-07-18 23:31 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-07-18 23:31 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat

2007-07-13 16:53

2007-07-13 16:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-28 23:34 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe

2007-06-28 23:34 9,006 --a------ C:\clean.bat

2007-06-28 23:34 86,528 --a------ C:\WINDOWS\system32\catchme.exe

2007-06-28 23:34 53,248 --a------ C:\WINDOWS\system32\process.exe

2007-06-28 23:34 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2007-06-24 22:01 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-06-24 21:56

2007-06-24 21:52 53,248 --a------ C:\WINDOWS\system32\KemXML.dll

2007-06-24 21:52 51,712 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2007-06-24 21:52 23,808 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys

2007-06-24 21:52 22,272 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2007-06-24 21:52 155,648 --a------ C:\WINDOWS\system32\kemutb.dll

2007-06-24 21:52 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll

2007-06-24 21:52 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2007-06-24 21:51 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe

2007-06-24 21:51 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys

2007-06-24 21:51 55,808 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys

2007-06-24 21:51 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2007-06-24 21:51

2007-06-24 21:51

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 15:09:37 -------- d-----w C:\Program Files\PestPatrol

2007-07-15 20:38:16 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-07-15 20:38:16 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-25 15:57:52 -------- d-----w C:\Program Files\Hitman Pro

2007-06-24 19:51:29 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-06-20 15:45:30 59,104 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-10 20:32:55 -------- d-----w C:\Program Files\DC++

2007-05-08 16:19:36 164 ----a-w C:\install.dat

2007-05-07 21:48:29 320 ----a-w C:\WINDOWS\system32\nmk4.dat

2007-05-07 21:42:15 0 ----a-w C:\WINDOWS\system32\kgctini.dat

2002-06-04 07:59:58 204,800 ----a-w C:\Program Files\Restoration.exe

2002-06-04 07:53:46 8,127 ----a-w C:\Program Files\README.txt

2002-03-31 03:35:56 6,144 ----a-w C:\Program Files\DLL16.DLL

2002-03-21 08:20:38 204,849 ----a-w C:\Program Files\DLL32.DLL

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-04 01:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PestPatrol Control Center”=“C:\PROGRA~1\PESTPA~1\PPControl.exe” [2004-11-15 11:49]

“CookiePatrol”=“C:\PROGRA~1\PESTPA~1\CookiePatrol.exe” [2005-01-10 09:35]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2005-07-11 18:14]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 19:28]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“Norton SystemWorks”=“C:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoBandCustomize”=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

“{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“System”=“csxue.exe”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mswsag.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]

path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware]

“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

“C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

“C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

“C:\Program Files\D-Tools\daemon.exe” -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

“C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe” -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“C:\Program Files\Messenger\msmsgs.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

“C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]

C:\SDFix\RunThis.bat /second

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]

v7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}

rundll32 iesetup.dll,IEAccessUserInst

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}

C:\WINDOWS\system32\tmrsrv32.exe

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-24 17:19:20

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-24 17:20:39 - machine was rebooted

C:\ComboFix-quarantined-files.txt … 2007-07-24 17:20

C:\ComboFix2.txt … 2007-07-21 11:45

C:\ComboFix3.txt … 2007-07-18 18:58

— E O F —

Juz powoli wymiekam, bo nadal caly czas brak netu (komunikat: nie mozna wyswietlic strony) lub wywalanie (gasnie ekran na monitorze i musze resetowac kompa, a potem znowu to samo)

Pliz help!