Pomocy - jakiś wirus w systemie

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

Witam,

wygląda na to że załapałem jakiegos wirusa…Mógłby ktoś mi pomóc w usunięciu go ponieważ jak dotąd żaden antivirus którego używalem nie daje rady…Poniżej plik z Hijack-a…Z góry dzięki za pomoc…

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:24:44, on 2008-10-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArchestrA\aaLogger.exe

C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\ArchestrA\NTServApp.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

C:\Program Files\Common Files\ArchestrA\slssvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ThpSrv.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\WINDOWS\SkyTel.EXE

C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe

C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE

C:\Program Files\FactorySuite\Common\wwlogsvc.exe

C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\thpsrv.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\VM303_STI.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0.3\program\soffice.BIN

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\system32\clipsrv.exe

C:\Program Files\Common Files\ArchestrA\alarmmgr.exe

C:\Program Files\Outlook Express\msimn.exe

C:\totalcmd\TOTALCMD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.10:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: AlpGld.Tb6 - {57BE2636-F271-4151-9D4A-40A2663E4FD7} - C:\WINDOWS\system32\gjopli.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM…\Run: [000StTHK] 000StTHK.exe

O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [TPSMain] TPSMain.exe

O4 - HKLM…\Run: [TPSODDCtl] TPSODDCtl.exe

O4 - HKLM…\Run: [ThpSrv] thpsrv /logon

O4 - HKLM…\Run: [TFNF5] TFNF5.exe

O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM…\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM…\Run: [TOSDCR] TOSDCR.EXE

O4 - HKLM…\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM…\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM…\Run: [TFncKy] TFncKy.exe

O4 - HKLM…\Run: [TosHKCW.exe] “C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe”

O4 - HKLM…\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”

O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM…\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [s7UB Start] “C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe” -StartDB

O4 - HKLM…\Run: [iSUSPM Startup] “c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: OpenOffice.org 2.0.3.lnk = C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe

O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Dienst-Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\aaLogger.exe

O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe

O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\Common Files\ArchestrA\NTServApp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\slssvc.exe

O23 - Service: Ochrona dysku twardego TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe

O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

O23 - Service: Trapi File Server (TrapiServer) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe

O23 - Service: Wonderware Logger (WWLOGSVC) - Wonderware Corporation - C:\Program Files\FactorySuite\Common\wwlogsvc.exe

O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\wwnetdde.exe

O23 - Service: WwRpcSvr - Wonderware Corporation - C:\WINDOWS\system32\wwinstsvc.exe

End of file - 12930 bytes

#2

evendi ,

Zapoznaj się z tematem Ważny komunikat dotyczący tytułowania tematów - popraw tytuł na konkretny, mówiący o problemie.

Ważne

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu

Proszę poprawić pisownię w opisie problemu. W celu edycji swojego posta proszę skorzystać z przycisku ac7a4cd89050aa6e.gif

#3

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj tylko linka

#4

Witam ponownie,

Zrobiłem tak jak było napisane odnośnie programu Combofix…Oto log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:17:02, on 2008-10-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArchestrA\aaLogger.exe

C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\ArchestrA\NTServApp.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

C:\Program Files\Common Files\ArchestrA\slssvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ThpSrv.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\WINDOWS\SkyTel.EXE

C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe

C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE

C:\Program Files\FactorySuite\Common\wwlogsvc.exe

C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\thpsrv.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\VM303_STI.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0.3\program\soffice.BIN

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\system32\clipsrv.exe

C:\Program Files\Common Files\ArchestrA\alarmmgr.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Siemens\Step7\S7BIN\S7tgtopx.exe

C:\WINDOWS\system32\S7OTBXSX.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.execf

C:\WINDOWS\system32\chcp.com

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.10:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM…\Run: [000StTHK] 000StTHK.exe

O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [TPSMain] TPSMain.exe

O4 - HKLM…\Run: [TPSODDCtl] TPSODDCtl.exe

O4 - HKLM…\Run: [ThpSrv] thpsrv /logon

O4 - HKLM…\Run: [TFNF5] TFNF5.exe

O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM…\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM…\Run: [TOSDCR] TOSDCR.EXE

O4 - HKLM…\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM…\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM…\Run: [TFncKy] TFncKy.exe

O4 - HKLM…\Run: [TosHKCW.exe] “C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe”

O4 - HKLM…\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”

O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM…\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [s7UB Start] “C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe” -StartDB

O4 - HKLM…\Run: [iSUSPM Startup] “c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: OpenOffice.org 2.0.3.lnk = C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe

O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Dienst-Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\aaLogger.exe

O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe

O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\Common Files\ArchestrA\NTServApp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\slssvc.exe

O23 - Service: Ochrona dysku twardego TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe

O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

O23 - Service: Trapi File Server (TrapiServer) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe

O23 - Service: Wonderware Logger (WWLOGSVC) - Wonderware Corporation - C:\Program Files\FactorySuite\Common\wwlogsvc.exe

O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\wwnetdde.exe

O23 - Service: WwRpcSvr - Wonderware Corporation - C:\WINDOWS\system32\wwinstsvc.exe

End of file - 12727 bytes

#5

To nie jest log z programu Combofix tylko HijackThis. Program Combofix możesz znaleźć na dole strony w liku w moim poście powyżej.

Uruchom go dwuklikiem przeskanuj system i daj log na forum

Na czas pobierania i skanowania wyłącz wszystkie programy ochronne (antywirus i zapora)

:slight_smile:

#6

Problem w tym ze ten program Combofix nie za bardzo chce mi się uruchomić…Po dwukliku pokazuje się tylko ikonka Combofix z przemieszczjącym sie paskiem i tyle…Nic poza tym…Czyżbym coś robił źle?

#7

Wejdź w tryb awaryjny windows opis http://forum.pcformat.pl/showthread.php?tid=13358 i spróbuj uruchomić Combofix dwuklikiem.

#8

No mam nadzieje że to teraz o to chodzi…Oto log:

ComboFix 08-10-05.05 - HMS 2008-10-06 10:50:07.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1770 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\HMS\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\HMS\Cookies\hms@clicktorrent[2].txt

C:\Documents and Settings\HMS\Cookies\hms@komtrack[2].txt

C:\Documents and Settings\HMS\Cookies\hms@nuggad[2].txt

C:\Documents and Settings\HMS\Cookies\hms@tradedoubler[1].txt

C:\Documents and Settings\HMS\Ulubione\Free MP3 Search.url

C:\Documents and Settings\HMS\Ulubione\Free Porn.url

C:\Documents and Settings\HMS\Ulubione\Search Online.url

C:\Documents and Settings\HMS\Ulubione\VIP Casino.url

C:\WINDOWS\k.txt

C:\WINDOWS\system32\a.exe

C:\WINDOWS\system32\c.ico

C:\WINDOWS\system32\gjopli.dll

C:\WINDOWS\system32\m.ico

C:\WINDOWS\system32\p.ico

C:\WINDOWS\system32\s.ico

.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-06 do 2008-10-06 )))))))))))))))))))))))))))))))

.

2008-10-06 10:13 . 2008-10-06 10:49

2008-10-05 23:01 . 2008-10-05 23:01

2008-10-02 06:56 . 2008-10-02 06:56 0 --a------ C:\WINDOWS\nsreg.dat

2008-10-02 06:01 . 2008-10-02 06:01 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-10-01 11:08 . 2008-10-01 11:08

2008-09-19 03:17 . 2008-10-02 07:41

2008-09-17 15:48 . 2008-09-17 15:48 367 --a------ C:\WINDOWS\hpbafd.ini

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-06 08:26 --------- d-----w C:\Documents and Settings\HMS\Dane aplikacji\Skype

2008-10-03 05:30 --------- d-----w C:\Documents and Settings\HMS\Dane aplikacji\skypePM

2008-10-03 05:30 --------- d-----w C:\Documents and Settings\HMS\Dane aplikacji\OpenOffice.org2

2008-10-01 15:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\stamina

2008-10-01 09:15 --------- d-----w C:\Program Files\SkanerOnline

2008-09-09 17:10 --------- d-----w C:\Program Files\eMule

2008-08-11 15:08 --------- d-----w C:\Documents and Settings\HMS\Dane aplikacji\AVGTOOLBAR

2008-08-11 15:02 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-11 15:02 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-08-11 15:02 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-08-11 15:02 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-08-11 15:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg8

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:19 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-03-24 18:31 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 15360]

“TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-12 65536]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 1694208]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 21898024]

“PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-04-11 1409024]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ThpSrv”=“thpsrv” [X]

“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u” [X]

“00THotkey”=“C:\WINDOWS\system32\00THotkey.exe” [2006-05-18 11:40 253952]

“Apoint”=“C:\Program Files\Apoint2K\Apoint.exe” [2004-03-24 196608]

“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-03-23 94208]

“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 77824]

“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 118784]

“SmoothView”=“C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe” [2005-05-13 118784]

“TouchED”=“C:\Program Files\TOSHIBA\TouchED\TouchED.Exe” [2005-09-06 98304]

“TMESRV.EXE”=“C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE” [2006-01-27 118784]

“TMERzCtl.EXE”=“C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE” [2006-03-07 69632]

“TosHKCW.exe”=“C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe” [2005-05-17 49152]

“DLA”=“C:\WINDOWS\System32\DLA\DLACTRLW.EXE” [2005-10-06 122940]

“IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2005-12-05 667718]

“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2005-11-28 602182]

“PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE” [2006-04-26 237568]

“BigDog303”=“C:\WINDOWS\VM303_STI.EXE” [2005-10-25 61440]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 132496]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 40048]

“S7UB Start”=“C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe” [2003-12-18 110645]

“ISUSPM Startup”=“c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 249856]

“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2006-03-20 86960]

“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-08-11 1235736]

“SkyTel”=“SkyTel.EXE” [2006-04-25 C:\WINDOWS\SkyTel.exe]

“000StTHK”=“000StTHK.exe” [2001-06-23 04:28 24576 C:\WINDOWS\system32\000StTHK.exe]

“AGRSMMSG”=“AGRSMMSG.exe” [2006-03-04 C:\WINDOWS\agrsmmsg.exe]

“TPSMain”=“TPSMain.exe” [2006-06-08 C:\WINDOWS\system32\TPSMain.exe]

“TPSODDCtl”=“TPSODDCtl.exe” [2006-06-08 C:\WINDOWS\system32\TPSODDCtl.exe]

“TFNF5”=“TFNF5.exe” [2006-04-11 C:\WINDOWS\system32\TFNF5.exe]

“TOSDCR”=“TOSDCR.EXE” [2005-12-12 C:\WINDOWS\system32\TOSDCR.exe]

“NDSTray.exe”=“NDSTray.exe” [bU]

“TFncKy”=“TFncKy.exe” [bU]

“RTHDCPL”=“RTHDCPL.EXE” [2006-05-09 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360]

C:\Documents and Settings\HMS\Menu Start\Programy\Autostart\

OpenOffice.org 2.0.3.lnk - C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe [2006-07-02 393216]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe [2007-11-02 69632]

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]

Dienst-Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“DisableLockWorkstation”= 0 (0x0)

“DisableChangePassword”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoLogoff”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.iv31”= C:\WINDOWS\system32\ir32_32.dll

“vidc.iv32”= C:\WINDOWS\system32\ir32_32.dll

“SENTINEL”= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Common Files\ArchestrA\aaLogger.exe”=

“C:\Program Files\Common Files\ArchestrA\slssvc.exe”=

“C:\Program Files\Wonderware\InTouch\wm.exe”=

“C:\WINDOWS\system32\mmc.exe”=

“C:\WINDOWS\system32\OPCEnum.exe”=

“C:\WINDOWS\system32\dllhost.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\uTorrent\utorrent.exe”=

“C:\Program Files\Common Files\Siemens\SQLANY\dbsrv7.exe”=

“C:\Program Files\Siemens\Step7\S7BIN\S7tgtopx.exe”=

“C:\Program Files\Siemens\Step7\S7INF\S7usiapx.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\FactorySuite\Common\wwlogsvc.exe”=

“C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe”=

“C:\totalcmd\TOTALCMD.EXE”=

“C:\Program Files\AVG\AVG8\avgemc.exe”=

“C:\Program Files\AVG\AVG8\avgupd.exe”=

“C:\Program Files\AVG\AVG8\avgnsx.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“445:TCP”= 445:TCP:@xpsp2res.dll,-22005

“102:TCP”= 102:TCP:DAS SI 102

“135:TCP”= 135:TCP:DCOM 135

“502:TCP”= 502:TCP:Modicon 502

“1434:UDP”= 1434:UDP:SQL Server Browser 1434

“1433:TCP”= 1433:TCP:SQL TCP 1433

“2221:TCP”= 2221:TCP:DAS ABTCP 2221

“2222:TCP”= 2222:TCP:DAS ABTCP 2222

“2223:TCP”= 2223:TCP:DAS ABTCP 2223

“5413:TCP”= 5413:TCP:Port 5413

“80:TCP”= 80:TCP:SuiteVoyager 80

“443:TCP”= 443:TCP:SuiteVoyager 443

“9001:TCP”= 9001:TCP:vista 9001

“9002:TCP”= 9002:TCP:EnvMngr 9002

“9003:TCP”= 9003:TCP:MsgMngr 9003

“9004:TCP”= 9004:TCP:SecMngr 9004

“9006:TCP”= 9006:TCP:RedMngr 9006

“9007:TCP”= 9007:TCP:UnilinkMngr 9007

“9008:TCP”= 9008:TCP:BatchMngr 9008

“9011:TCP”= 9011:TCP:LogMngr 9011

“9012:TCP”= 9012:TCP:InfoMngr 9012

“9013:UDP”= 9013:UDP:RedMngrX 9013

“9014:UDP”= 9014:UDP:RedMngrX2 9014

“9015:TCP”= 9015:TCP:HistQMngrvista 9015

“9016:TCP”= 9016:TCP:HistQReader 9016

“44818:TCP”= 44818:TCP:Logix 44818

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-11 12936]

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 16384]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 6144]

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-11 97928]

S1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]

S2 almservice;Automation License Manager Service;C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe [2004-12-21 573502]

S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-11 875264]

S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704]

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-11 76040]

S2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2004-12-07 30224]

S2 s7asysvx;S7 Global Services;C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe [2004-07-26 69685]

S2 s7oiehsx;SIMATIC IEPG Help Service;C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2004-12-20 200769]

S2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2004-12-23 175159]

S2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\s7otranx.sys [2004-12-23 494647]

S2 s7otsadx;s7otsadx;C:\WINDOWS\system32\Drivers\s7otsadx.sys [2004-12-23 176183]

S2 s7snsrtx;PROFINET IO RT-Protocol;C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys [2004-08-23 70656]

S2 scpdrv;scpdrv;C:\Program Files\Common Files\Siemens\SWS\PlugIns\SCP\scpdrv.sys [2003-11-10 26944]

S2 slssvc;Wonderware SuiteLink;C:\Program Files\Common Files\ArchestrA\slssvc.exe [2004-07-07 40960]

S2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys [2004-11-22 172032]

S2 TrapiServer;Trapi File Server;C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe [2005-09-17 102400]

S2 WWLOGSVC;Wonderware Logger;C:\Program Files\FactorySuite\Common\wwlogsvc.exe [1999-07-22 36938]

S3 GT680xNT;715 USB Scanner Driver;C:\WINDOWS\system32\drivers\gt680x.sys [2003-02-27 17376]

S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]

S3 IPCTYPE;IPCTYPE;C:\Program Files\Pro-face\GP-Pro EX 2.1\IPCType.sys []

S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 30512]

S3 USBDLC;USB Link Cable Driver;C:\WINDOWS\system32\Drivers\usbdlc.sys [2004-11-24 12611]

S3 WwRpcSvr;WwRpcSvr;C:\WINDOWS\system32\wwinstsvc.exe [1999-09-03 36864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2e8e7ed5-6a41-11dc-868f-00037afdeb55}]

\Shell\aUTO\COMMAND - cN911.EXE

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cN911.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c6b85d57-4274-11dd-873b-00037afdeb55}]

\Shell\AutoRun\command - mvxm.cmd

\Shell\explore\Command - mvxm.cmd

\Shell\open\Command - mvxm.cmd

.

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Documents and Settings\HMS\Dane aplikacji\Mozilla\Firefox\Profiles\gsdx6msy.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.pajacyk.pl/

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-06 10:55:43

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)???0???@???

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2008-10-06 11:02:23

ComboFix-quarantined-files.txt 2008-10-06 09:02:02

Przed: 10 852 069 376 bajtów wolnych

Po: 11,096,657,920 bajtów wolnych

236 — E O F — 2008-10-02 18:17:54

#9

Tak o to chodziło

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

lub format

Usuń ręcznie folder

Start - Uruchom - wpisujesz cmd Enter

sc stop IPCTYPE Enter

sc delete IPCTYPE Enter

Wklej do notatnika

Z menu Notatnika wybierasz - Plik - Zapisz jako - Zmieniasz rozszerzenie z .txt na wszystkie pliki - zapisz pod nazwą Fix.reg

Uruchom ten plik, potwierdź dodanie do rejestru, uruchom ponownie komputer.

Log wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wykonaj optymalizacje Autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!

#10

A ja twierdzę, że ignorujesz zalecenia tyczące wklejanych na Forum logów, mimo, że podałem je w pierwszej notce moderacyjnej. :?

Wskażę ponownie TEMAT, którego zalecenia ignorujesz z poleceniem stosowania zasad określonych w podanym temacie.

Ponowne zignorowanie tych zasad sprawi, że temat wyląduje w Koszu.

#11

OK…Po wszystkich zabiegach log wyglada nastepujaco:

http://wklejto.pl/txt11627

Mam nadzieje ze teraz bedzie ok…Dzieki za pomoc

#12

Po tych wszystkich zabiegach to powinieneś dać raport z Kasperskiego lub DrWeb

:slight_smile: