Problem z VBS:Malware-gen

asdf · 23 Luty 2008 15:33

witam,

mam problem z wirusem VBS:Malware-gen

ponizej zamieszczam loga

z gory dziekuje za pomoc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:07:28, on 2008-02-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Weronika\Pulpit\The KMPlayer\KMPlayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\DriveHQ\DriveHQ Desktop Express\MyDriveHQ.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\DriveHQ\DriveHQ Desktop Express\MyDriveHQ.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe


--

End of file - 5887 bytes

Armageddon · 23 Luty 2008 16:27

fix:

O4 - HKCU…\Run: [amva] C:\WINDOWS\system32\amvo.exe

addmir · 23 Luty 2008 16:39

Pokaż log z ComboFix. Opis i link do pobrania w temacie przyklejonym do tego działu.

asdf · 23 Luty 2008 16:50

usunięty (tzn.: avast go już nie wykrywa)

dzięki

Leon1 · 23 Luty 2008 19:04

A szkodliwy plik C:\WINDOWS\system32\amvo.exe

skasowałeś?

addmir prosił cię o coś

http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642

jest to program który pozwoli zlokalizować i usunąć pliki wirusa

asdf · 23 Luty 2008 20:37

log z comboFix:

http://www.wklej.org/id/84d8588078

addmir · 23 Luty 2008 21:01

Infekcja z pendrive.

Wklej do Notatnika:

File::

C:\h.cmd

C:\xo8wr9.exe

C:\WINDOWS\system32\amvo0.dll.vir


Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Powinno się rozpocząć usuwanie (jeśli pojawi się pytanie “1 or 2” - to wpisz 1 i naciśnij ENTER) i powstanie log, daj ten log na forum.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie plik C: ** Qoobox**

asdf · 23 Luty 2008 22:15

log combo ponownie:

http://www.wklej.org/id/4078e3569c

asdf · 23 Luty 2008 22:24

addmir miałeś na myśli folder C: \Qoobox ,tak? Bo nie ma tam takowego pliku…

Leon1 · 24 Luty 2008 10:55

Tak o to chodzi

log czysty

asdf · 24 Luty 2008 12:46

dziękuje bardzo za pomoc

tomek1606 · 24 Luty 2008 17:24

u mnie ten sam problem. Przy starcie systemu avast znajduje virusa, ale kwarantanna nic nie daje. Dodaje loga z ComboFix.

ComboFix 08-02-24.4 - Joasia 2008-02-24 17:00:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.103 [GMT 1:00]

Running from: C:\Documents and Settings\Joasia\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\00163D2D

C:\Program Files\myglobalsearch\bar\Cache\00164115

C:\Program Files\myglobalsearch\bar\Cache\0016448F.bin

C:\Program Files\myglobalsearch\bar\Cache\001647EB.bin

C:\Program Files\myglobalsearch\bar\Cache\00164AAA.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\WINDOWS\system32\hqghumea.dll

.

((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))

.

2008-02-24 12:12 . 2008-02-24 12:12 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-02-24 11:21 . 2006-08-21 10:14 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys

2008-02-24 11:21 . 2006-08-21 10:14 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe

2008-02-24 11:21 . 2006-08-21 13:28 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll

2008-02-24 11:16 . 2008-02-24 11:16

2008-02-23 20:10 . 2008-02-23 20:10 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-02-23 20:09 . 2008-02-24 16:09

2008-02-23 13:13 . 2007-07-09 14:11 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-02-22 20:53 . 2008-02-24 11:32

2008-02-22 14:50 . 2008-02-22 14:50 0 --a------ C:\WINDOWS\nsreg.dat

2008-02-22 14:11 . 2008-02-22 14:11

2008-02-22 14:10 . 2008-02-22 14:10

2008-02-22 14:01 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-02-22 13:54 . 2008-02-22 13:54

2008-02-22 13:48 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002344_.tmp

2008-02-22 13:47 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-02-22 13:43 . 2008-02-22 13:59

2008-02-22 08:17 . 2008-02-22 08:17

2008-02-22 08:17 . 2008-02-22 14:12 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-02-22 08:09 . 2008-02-24 12:28

2008-02-22 08:08 . 2008-02-24 16:59

2008-02-22 08:08 . 2008-02-22 08:08

2008-02-22 08:07 . 2008-02-22 08:07

2008-02-22 08:05 . 2008-02-23 15:47

2008-02-21 19:41 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll

2008-02-21 19:41 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll

2008-02-21 19:41 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll

2008-02-21 19:41 . 2003-09-24 09:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll

2008-02-21 19:41 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll

2008-02-21 18:23 . 2008-02-21 18:23 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS

2008-02-21 18:10 . 2008-02-21 18:10

2008-02-21 18:09 . 2008-02-21 18:08 350,814 --a------ C:\WINDOWS\hpdj5100.hi1

2008-02-21 18:09 . 2008-02-21 18:08 10,555 --a------ C:\WINDOWS\hpdj5100.bu1

2008-02-21 17:57 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2008-02-21 17:56 . 2008-02-21 18:23

2008-02-21 17:54 . 2008-02-21 18:24 366,570 --a------ C:\WINDOWS\hpdj5100.his

2008-02-21 17:54 . 2008-02-21 18:24 11,667 --a------ C:\WINDOWS\hpdj5100.ini

2008-02-20 18:59 . 2008-02-20 18:59 427 --a------ C:\WINDOWS\ODBC.INI

2008-02-20 18:56 . 2008-02-20 18:56

2008-02-20 18:54 . 2008-02-20 18:54

2008-02-20 18:45 . 2008-02-20 18:45

2008-02-20 16:47 . 2008-02-20 16:47

2008-02-20 16:04 . 2008-02-20 16:04

2008-02-20 15:02 . 2008-02-20 15:05 850,944 -ra------ C:\WINDOWS\system32\runsvc.exe

2008-02-20 14:51 . 2008-02-20 15:02 65 --a------ C:\WINDOWS\system32\x

2008-02-20 14:23 . 2002-12-09 18:24 49,152 --a------ C:\WINDOWS\system32\WooDial2000.dll

2008-02-20 14:23 . 2002-12-09 18:24 48,128 --a------ C:\WINDOWS\system32\SMMSCRPT.DLL

2008-02-20 14:23 . 2002-12-09 18:24 5,632 --a------ C:\WINDOWS\system32\SMMSETUP.DLL

2008-02-20 14:22 . 2008-02-20 14:22

2008-02-20 14:22 . 2003-01-30 09:48 143,360 --a------ C:\WINDOWS\autoclk.exe

2008-02-20 14:22 . 2002-02-21 09:19 45,148 --a------ C:\WINDOWS\system32\plugincpl131_03.cpl

2008-02-20 14:21 . 2008-02-24 16:58

2008-02-20 14:21 . 2003-03-04 10:26 9,728 --a------ C:\WINDOWS\system32\rnaph.dll

2008-02-20 14:13 . 2008-02-20 14:13 489 --a------ C:\WINDOWS\demo.INI

2008-02-20 14:11 . 2008-02-20 16:04

2008-02-20 14:11 . 2008-02-20 14:11

2008-02-20 14:11 . 2001-11-26 08:05 243,164 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2008-02-20 14:11 . 2001-06-28 02:21 217,088 -ra------ C:\WINDOWS\alcupd.exe

2008-02-20 14:11 . 2001-06-13 04:49 151,552 -ra------ C:\WINDOWS\alcrmv.exe

2008-02-20 14:11 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2008-02-20 14:11 . 2001-05-29 10:02 124,416 -ra------ C:\WINDOWS\soundman.exe

2008-02-20 14:11 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2008-02-20 14:11 . 2001-10-18 05:00 6,144 -ra------ C:\WINDOWS\system32\drivers\viaidexp.sys

2008-02-20 14:10 . 2008-02-20 14:10

2008-02-20 14:10 . 2001-12-05 16:36 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-02-20 14:06 . 2008-02-20 14:06

2008-02-20 12:51 . 2006-06-14 09:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2008-02-20 12:51 . 2006-02-15 01:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2008-02-20 12:51 . 2006-06-14 10:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-02-20 12:51 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2008-02-20 12:51 . 2004-08-04 00:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-02-20 12:51 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2008-02-20 12:51 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys

2008-02-20 12:51 . 2006-06-14 09:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-02-20 12:51 . 2001-08-17 21:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-02-20 12:51 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2008-02-20 12:50 . 2001-10-26 17:29 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll

2008-02-20 12:50 . 2001-08-17 20:50 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys

2008-02-20 12:50 . 2004-08-04 00:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll

2008-02-20 12:50 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-02-20 12:50 . 2001-08-17 22:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys

2008-02-20 12:49 . 2004-08-03 23:07 42,240 --a------ C:\WINDOWS\system32\drivers\viaagp.sys

2008-02-20 12:49 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2008-02-20 12:49 . 2008-02-24 11:32 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-20 12:48 . 2008-02-20 12:48

2008-02-20 12:48 . 2008-02-20 13:46

2008-02-20 12:48 . 2008-02-20 12:48

2008-02-20 12:48 . 2008-02-22 14:49

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-20 17:54 --------- d-----w C:\Program Files\microsoft frontpage

2008-02-20 15:04 22 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg

2008-02-20 12:59 --------- d-----w C:\Program Files\Alwil Software

2008-02-20 12:49 --------- d-----w C:\Program Files\Usługi online

2007-12-07 01:08 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

{37B85A29-692B-4205-9CAD-2626E4993404}

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“Orb”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe” [2008-01-07 21:02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]

“SoundMan”=“soundman.exe” [2001-05-29 10:02 124416 C:\WINDOWS\soundman.exe]

“runsvc”=“runsvc.exe” [2008-02-20 15:05 850944 C:\WINDOWS\system32\runsvc.exe]

“WOOWATCH”=“C:\PROGRA~1\Wanadoo\Watch.exe” [2002-12-09 18:24 20480]

“WOOTASKBARICON”=“C:\Program Files\Wanadoo\taskbaricon.exe” [2002-12-09 18:24 45056]

“HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [2003-06-25 11:24 49152]

“HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2003-10-23 19:51 233472]

“HPDJ Taskbar Utility”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe” [2003-07-28 14:43 188416]

“DeviceDiscovery”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [2003-05-21 18:37 229437]

“WinampAgent”=“D:\Winamp\winampa.exe” [2008-01-15 23:54 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

“runsvc”=“runsvc.exe” [2008-02-20 15:05 850944 C:\WINDOWS\system32\runsvc.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-20 16:04:25 962667]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=

“C:\WINDOWS\system32\runsvc.exe”=

“D:\Gadu-Gadu\gg.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“C:\WINDOWS\system32\rundll32.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-24 17:01:36

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-24 17:02:20

ComboFix-quarantined-files.txt 2008-02-24 16:02:05

.

2008-02-24 11:12:21 — E O F —