Problem z wirusem

Dla specjalistów Bezpieczeństwo
#1

witam mam problem z wirusem backdoor hupigon.MHP wczesniej miałem kilka innych miedzy innymi Virtumonde które na zmiane pojawiaja się podczas skanowania komputera programem spyware doctor i w żaden sposób nie idzie ich usunać. Oto mój log z hijackthis. Prosze o sprawdzenie i ewentualną pomoc z tym problemem. Z góry dziekuję.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:55, on 2008-05-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\PC Tools Firewall Plus\FWService.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\System32\CTsvcCDA.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\oodag.exe

D:\Program Files\Spyware Doctor\svcntaux.exe

D:\WINDOWS\system32\rundll32.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\Program Files\Spyware Doctor\SDTrayApp.exe

D:\Program Files\Spyware Doctor\swdsvc.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\wdfmgr.exe

D:\WINDOWS\system32\UAService7.exe

D:\WINDOWS\System32\MsPMSPSv.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\System32\wbem\wmiprvse.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Spyware Doctor\swdoctor.exe

D:\Program Files\internet explorer\iexplore.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

D:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll

O4 - HKLM…\Run: [updReg] D:\WINDOWS\UpdReg.EXE

O4 - HKLM…\Run: [DAEMON Tools] “D:\Program Files\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [RemoteControl] “D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [DataLayer] D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [NetPanel] “D:\Program Files\NetPanel\Starter.exe” /path=“D:\Program Files\NetPanel”

O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM…\Run: [QuickTime Task] “D:\WINDOWS\system32\qttask .exe” -atboottime

O4 - HKLM…\Run: [CnxDslTaskBar] “D:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852”

O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [sony Ericsson PC Suite] “D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [FixCamera] D:\WINDOWS\FixCamera.exe

O4 - HKLM…\Run: [tsnp325] D:\WINDOWS\tsnp325.exe

O4 - HKLM…\Run: [snp325] D:\WINDOWS\vsnp325.exe

O4 - HKLM…\Run: [00PCTFW] “D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” -s

O4 - HKLM…\Run: [sDTray] “D:\Program Files\Spyware Doctor\SDTrayApp.exe”

O4 - HKCU…\Run: [FAST Defrag] D:\PROGRA~1\FASTDE~1\FAST2.EXE -tray

O4 - HKCU…\Run: [AtiTrayTools] D:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray.exe

O4 - HKCU…\Run: [NOMAD Detector] “D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe”

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView\Ebay\Ebay.htm

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip…{BB5291CF-A39A-4D19-A91A-F3ADEE4820AA}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: ddcyaww - ddcyaww.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

End of file - 8073 bytes

#2

wpis

usuń HijackThisem >> Fix checked

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 przeskanuj daj log

:slight_smile:

#3

ComboFix 08-04-29.5 - t 2008-05-01 13:47:20.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.161 [GMT 2:00]

Running from: E:\Programy\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat

D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moja muzyka\001305EF\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moja muzyka\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moja muzyka\My Playlists\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moja muzyka\Przykadowa muzyka\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moja muzyka\Sample Playlists\00130581\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moja muzyka\Sample Playlists\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moja muzyka\Sync Playlists\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moje obrazy\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moje obrazy\Przykadowe obrazy\Desktop_.ini

D:\Documents and Settings\All Users.WINDOWS\Dokumenty\Moje wideo\Desktop_.ini

D:\PROGRA~1\FASTDE~1\FAST2 .EXE

D:\PROGRA~1\FASTDE~1\FAST2.EXE

D:\PROGRA~1\NEOSTR~1\Watch.exe

D:\Program Files\Accoona

D:\Program Files\Accoona\quiesce.exe

D:\Program Files\Accoona\tbquiesce.exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe

D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\Program Files\FAST Defrag\FAST2 .EXE

D:\Program Files\FAST Defrag\FAST2.EXE

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

D:\Program Files\MyWay

D:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT

D:\Program Files\MyWay\SrchAstt\1.bin\PARTNER2.DAT

D:\Program Files\MyWay\SrchAstt\Cache\0001A14C

D:\Program Files\MyWay\SrchAstt\Cache\00028497

D:\Program Files\MyWay\SrchAstt\Cache\000B405F

D:\Program Files\MyWay\SrchAstt\Cache\00777B47

D:\Program Files\MyWay\SrchAstt\Cache\files.ini

D:\Program Files\Neostrada TP\TaskbarIcon.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\Program Files\NetPanel\Starter.exe

D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

D:\Program Files\Spyware Doctor\SDTrayApp.exe

D:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

D:\WINDOWS\cookies.ini

D:\WINDOWS\dat.txt

D:\WINDOWS\hosts

D:\WINDOWS\pskt.ini

D:\WINDOWS\rs.txt

D:\WINDOWS\system32\atiptaxx.exe

D:\WINDOWS\system32\bbeeg.ini2

D:\WINDOWS\system32\hjkkj.ini

D:\WINDOWS\system32\hjkkj.ini2

D:\WINDOWS\system32\jkkjh.dll

D:\WINDOWS\system32\jkkjh.exe

D:\WINDOWS\system32\jqnityrb.ini

D:\WINDOWS\system32\lufqprak.dll

D:\WINDOWS\system32\mcrh.tmp

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask .exe

D:\WINDOWS\system32\qttask.exe

D:\WINDOWS\system32\riwaruhm.dll

D:\WINDOWS\system32\rjgxjivp.ini

D:\WINDOWS\tsnp325.exe

D:\WINDOWS\UpdReg.EXE

.

((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))

.

2008-05-01 12:38 . 2008-04-29 05:11

2008-05-01 11:18 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe

2008-05-01 11:18 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe

2008-05-01 11:18 . 2008-04-24 08:10 86,528 --a------ D:\WINDOWS\system32\VACFix.exe

2008-05-01 11:18 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe

2008-05-01 11:18 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\404Fix.exe

2008-05-01 11:18 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe

2008-05-01 11:18 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe

2008-05-01 11:18 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe

2008-05-01 09:59 . 2008-05-01 09:59 1,809 --a------ D:\WINDOWS\system32\sdjptaxo.dll

2008-05-01 09:59 . 2008-05-01 09:59 1,809 --a------ D:\WINDOWS\system32\qgtjfsue.dll

2008-04-30 20:00 . 2008-04-30 20:00 1,795 --a------ D:\WINDOWS\system32\mualkmav.dll

2008-04-30 20:00 . 2008-04-30 20:00 1,795 --a------ D:\WINDOWS\system32\hlfjcxxk.dll

2008-04-29 17:19 . 2008-04-29 17:19 1,795 --a------ D:\WINDOWS\system32\skttokld.dll

2008-04-29 17:19 . 2008-04-29 17:19 1,795 --a------ D:\WINDOWS\system32\houqdfgh.dll

2008-04-29 17:10 . 2008-04-29 17:10 1,795 --a------ D:\WINDOWS\system32\evkopgsi.dll

2008-04-29 17:09 . 2008-04-29 17:09 1,795 --a------ D:\WINDOWS\system32\dltnenfd.dll

2008-04-28 17:03 . 2008-04-28 17:03 1,809 --a------ D:\WINDOWS\system32\ojlgxbyi.dll

2008-04-28 17:00 . 2008-04-28 17:00 1,809 --a------ D:\WINDOWS\system32\uedakttx.dll

2008-04-28 16:56 . 2008-04-28 16:56 1,795 --a------ D:\WINDOWS\system32\uemljvfb.dll

2008-04-28 16:55 . 2008-04-28 16:55 1,795 --a------ D:\WINDOWS\system32\ntdakxuk.dll

2008-04-27 10:46 . 2008-04-27 10:46 1,795 --a------ D:\WINDOWS\system32\oijhffee.dll

2008-04-27 10:45 . 2008-04-27 10:45 1,795 --a------ D:\WINDOWS\system32\glnmluxf.dll

2008-04-26 08:37 . 2008-04-26 08:37 1,795 --a------ D:\WINDOWS\system32\mhhljhgt.dll

2008-04-26 08:37 . 2008-04-26 08:37 1,795 --a------ D:\WINDOWS\system32\lmkueqmb.dll

2008-04-26 08:22 . 2008-04-26 08:22 1,795 --a------ D:\WINDOWS\system32\djovwfyy.dll

2008-04-26 08:21 . 2008-04-26 08:21 1,795 --a------ D:\WINDOWS\system32\srgexscb.dll

2008-04-24 22:28 . 2008-04-24 22:28 1,809 --a------ D:\WINDOWS\system32\pblrlwsb.dll

2008-04-24 22:25 . 2008-04-24 22:25 1,809 --a------ D:\WINDOWS\system32\itwrtqph.dll

2008-04-23 22:29 . 2008-04-23 22:29 1,809 --a------ D:\WINDOWS\system32\uqsqtbna.dll

2008-04-23 22:26 . 2008-04-23 22:26 1,809 --a------ D:\WINDOWS\system32\eyqxxrgj.dll

2008-04-22 22:25 . 2008-04-22 22:25 1,809 --a------ D:\WINDOWS\system32\xkbsrdkh.dll

2008-04-22 22:25 . 2008-04-22 22:25 1,809 --a------ D:\WINDOWS\system32\ndnnytgy.dll

2008-04-21 22:28 . 2008-04-21 22:28 1,795 --a------ D:\WINDOWS\system32\kqujolaf.dll

2008-04-21 22:25 . 2008-04-21 22:25 1,795 --a------ D:\WINDOWS\system32\kscysbsv.dll

2008-04-21 18:13 . 2008-04-21 18:13 1,795 --a------ D:\WINDOWS\system32\mrosirly.dll

2008-04-21 18:10 . 2008-04-21 18:10 1,795 --a------ D:\WINDOWS\system32\mcrhjknc.dll

2008-04-20 18:10 . 2008-04-20 18:10 1,795 --a------ D:\WINDOWS\system32\emeiqybs.dll

2008-04-20 18:07 . 2008-04-20 18:07 1,795 --a------ D:\WINDOWS\system32\jnaonjxs.dll

2008-04-20 17:58 . 2008-04-20 17:58 1,795 --a------ D:\WINDOWS\system32\pmoujjkg.dll

2008-04-20 17:57 . 2008-04-20 17:57 1,795 --a------ D:\WINDOWS\system32\qunrlnbq.dll

2008-04-19 17:54 . 2008-04-19 17:54 1,795 --a------ D:\WINDOWS\system32\kubvbjpa.dll

2008-04-19 17:51 . 2008-04-19 17:51 1,795 --a------ D:\WINDOWS\system32\kisydrus.dll

2008-04-18 17:51 . 2008-04-18 17:51 1,809 --a------ D:\WINDOWS\system32\vvssrlxu.dll

2008-04-18 17:48 . 2008-04-18 17:48 1,809 --a------ D:\WINDOWS\system32\dbxegwyc.dll

2008-04-16 23:31 . 2008-04-30 19:59 101,156 --a------ D:\WINDOWS\BM0fa2a456.xml

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-01 11:45 --------- d—a-w D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP

2008-05-01 11:36 223,128 ----a-w D:\WINDOWS\system32\drivers\dtscsi.sys

2008-05-01 11:36 --------- d-----w D:\Program Files\DAEMON Tools

2008-05-01 11:32 --------- d-----w D:\Program Files\Valve

2008-05-01 10:51 --------- d-----w D:\Program Files\Neostrada TP

2008-05-01 10:22 --------- d-----w D:\Documents and Settings\t.DAREK-O3WK1XPX4\Dane aplikacji\Skype

2008-05-01 10:18 --------- d-----w D:\Program Files\Spyware Doctor

2008-05-01 09:43 --------- d-----w D:\Program Files\PC Tools Firewall Plus

2008-05-01 09:43 --------- d-----w D:\Program Files\NetPanel

2008-05-01 09:43 --------- d-----w D:\Program Files\FAST Defrag

2008-05-01 09:25 440,832 ----a-w D:\WINDOWS\UpdReg .EXE

2008-05-01 09:25 344,064 ----a-w D:\WINDOWS\system32\atiptaxx .exe

2008-05-01 09:25 270,336 ----a-w D:\WINDOWS\tsnp325 .exe

2008-05-01 08:27 20,480 ----a-w D:\WINDOWS\FixCamera .exe

2008-04-24 17:20 --------- d-----w D:\Documents and Settings\t.DAREK-O3WK1XPX4\Dane aplikacji\Azureus

2008-02-23 17:18 835,584 ----a-w D:\WINDOWS\vsnp325 .exe

2008-02-01 16:59 108,144 ----a-w D:\WINDOWS\system32\CmdLineExt.dll

2007-01-21 20:00 87,608 ----a-w D:\Documents and Settings\t.DAREK-O3WK1XPX4\Dane aplikacji\ezpinst.exe

2007-01-21 20:00 47,360 ----a-w D:\Documents and Settings\t.DAREK-O3WK1XPX4\Dane aplikacji\pcouffin.sys

2003-03-21 11:37 16,056 ----a-w D:\Program Files\owcstp16.dll

.

----a-w 851,968 2008-03-25 12:28:17 D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer .exe

----a-w 851,968 2008-02-01 16:19:43 D:\Program Files\Common Files\PCSuite\DataLayer\DATALA~1 .EXE

----a-w 32,768 2008-05-01 09:25:21 D:\Program Files\CyberLink\PowerDVD\PDVDServ .exe

----a-w 133,016 2008-04-25 16:03:54 D:\Program Files\DAEMON Tools\daemon .exe

----a-w 98,816 2008-05-01 09:26:41 D:\Program Files\FAST Defrag\FAST2 .EXE

----a-w 49,152 2008-05-01 09:25:44 D:\Program Files\HP\HP Software Update\HPWuSchd2 .exe

----a-w 132,496 2008-05-01 09:25:25 D:\Program Files\Java\jre1.6.0_03\bin\jusched .exe

----a-w 53,248 2008-05-01 09:25:44 D:\Program Files\Neostrada TP\TaskbarIcon .exe

----a-w 20,480 2008-05-01 09:28:35 D:\Program Files\Neostrada TP\Watch .exe

----a-w 448,512 2008-05-01 09:25:31 D:\Program Files\NetPanel\Starter .exe

----a-w 2,598,808 2008-05-01 09:26:06 D:\Program Files\PC Tools Firewall Plus\FirewallGUI .exe

----a-w 457,216 2008-02-23 08:11:24 D:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray .exe

----a-w 159,744 2008-05-01 09:25:47 D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe

----a-w 278,528 2008-05-01 09:25:38 D:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb .exe

----a-w 20,480 2008-05-01 08:27:43 D:\WINDOWS\FixCamera .exe

----a-w 270,336 2008-05-01 09:25:56 D:\WINDOWS\tsnp325 .exe

----a-w 440,832 2008-05-01 09:25:21 D:\WINDOWS\UpdReg .EXE

----a-w 835,584 2008-02-23 17:18:59 D:\WINDOWS\vsnp325 .exe

----a-w 344,064 2008-05-01 09:25:36 D:\WINDOWS\system32\atiptaxx .exe

[/code]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“FAST Defrag”=“D:\PROGRA~1\FASTDE~1\FAST2.exe” []

“AtiTrayTools”=“D:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray.exe” []

“NOMAD Detector”=“D:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun .exe” []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“UpdReg”=“D:\WINDOWS\UpdReg.EXE” []

“DAEMON Tools”=“D:\Program Files\DAEMON Tools\daemon.exe” [2005-12-10 16:57 133016]

“RemoteControl”=“D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” []

“SunJavaUpdateSched”=“D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” []

“DataLayer”=“D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” []

“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 00:44 110592 D:\WINDOWS\system32\bthprops.cpl]

“NetPanel”=“D:\Program Files\NetPanel\Starter.exe” []

“AtiPTA”=“atiptaxx.exe” []

“QuickTime Task”=“D:\WINDOWS\system32\qttask .exe” []

“CnxDslTaskBar”=“D:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” []

“WOOWATCH”=“D:\PROGRA~1\NEOSTR~1\Watch.exe” []

“WOOTASKBARICON”=“D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” []

“HP Software Update”=“D:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]

“Sony Ericsson PC Suite”=“D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” []

“FixCamera”=“D:\WINDOWS\FixCamera.exe” []

“tsnp325”=“D:\WINDOWS\tsnp325.exe” []

“snp325”=“D:\WINDOWS\vsnp325.exe” []

“00PCTFW”=“D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.JPEG”= JpegCode.dll

“VIDC.MJPG”= JpegCode.dll

“msacm.ctmp3”= D:\WINDOWS\system32\ctmp3.acm

“VIDC.YV12”= yv12vfw.dll

“msacm.ac3filter”= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPoXUSDM]

--------- 2004-04-19 08:34 1017856 D:\Program Files\EPoX\USDM\USDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“D:\WINDOWS\system32\dpnsvr.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=

“D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“D:\WINDOWS\system32\sessmgr.exe”=

“D:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe”=

“D:\Program Files\Azureus\Azureus.exe”=

“D:\Program Files\eMule\emule.exe”=

“D:\Program Files\Gadu-Gadu\gg.exe”=

“D:\Program Files\Neostrada TP\NeostradaTP.exe”=

“D:\Program Files\Outlook Express\msimn.exe”=

“D:\Program Files\Real Alternative\settings.exe”=

“D:\Program Files\Spyware Doctor\swdoctor.exe”=

“D:\Program Files\K-Lite Codec Pack\filters\ac3config.exe”=

“D:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“9978:TCP”= 9978:TCP:BitComet 9978 TCP

“9978:UDP”= 9978:UDP:BitComet 9978 UDP

“20717:TCP”= 20717:TCP:BitComet 20717 TCP

“20717:UDP”= 20717:UDP:BitComet 20717 UDP

“8747:TCP”= 8747:TCP:BitComet 8747 TCP

“8747:UDP”= 8747:UDP:BitComet 8747 UDP

“20910:TCP”= 20910:TCP:BitComet 20910 TCP

“20910:UDP”= 20910:UDP:BitComet 20910 UDP

R0 xmasbus;xmasbus;D:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]

R0 xmasscsi;xmasscsi;D:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]

R1 atitray;atitray;D:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray.sys [2005-07-31 17:08]

R1 pctfw2;pctfw2;D:\WINDOWS\system32\drivers\pctfw2.sys [2007-11-09 17:00]

R1 pctmp;PC Tools Firewall Memory Protection Driver;D:\WINDOWS\system32\drivers\pctmp.sys [2007-11-09 17:00]

R1 pctssipc;PC Tools Security Suite IPC Driver;D:\WINDOWS\system32\drivers\pctssipc.sys [2007-11-09 17:00]

R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;D:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 20:27]

R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;D:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 20:27]

R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;D:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 20:28]

R3 SNP325;USB PC Camera (SNPSTD325);D:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-26 11:03]

S2 SVKP;SVKP;D:\WINDOWS\system32\SVKP.sys []

S3 krdpdre;krdpdre;D:\DOCUME~1\TDF01~1.DAR\USTAWI~1\Temp\krdpdre.sys []

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);D:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\autorun.exe

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-01 13:50:04

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

wywalilem to co mi kazałeś teraz wstawiam log z ComboFix scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-01 13:52:31

ComboFix-quarantined-files.txt 2008-05-01 11:52:08

Pre-Run: 7,955,173,376 bajtów wolnych

Post-Run: 7,941,754,880 bajtów wolnych

363 — E O F — 2007-10-14 10:51:34

W dniu 01.05.2008, o godzinie 14:38 został dopisany post przez darlem

spyware doctor znajduje w dalszym ciagu jakies to nowe wirusy “trojan.Generic” za nic nie idzie tego usunać.

#4

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:

#5

zrobiłem tak jak kazałeś teraz log z hijackthis wygląda tak sprawdz go jezeli możesz:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:40, on 2008-05-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\PC Tools Firewall Plus\FWService.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\CTsvcCDA.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\oodag.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\wdfmgr.exe

D:\WINDOWS\system32\UAService7.exe

D:\WINDOWS\System32\MsPMSPSv.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\WINDOWS\system32\rundll32.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\Spyware Doctor\svcntaux.exe

D:\Program Files\Spyware Doctor\swdsvc.exe

D:\Program Files\Spyware Doctor\SDTrayApp.exe

D:\Program Files\FAST Defrag\FAST2 .EXE

D:\Program Files\Spyware Doctor\swdoctor.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\internet explorer\iexplore.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

D:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll

O4 - HKLM…\Run: [DAEMON Tools] “D:\Program Files\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [sDTray] “D:\Program Files\Spyware Doctor\SDTrayApp.exe”

O4 - HKCU…\Run: [FAST Defrag] D:\PROGRA~1\FASTDE~1\FAST2~2.EXE -tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView\Ebay\Ebay.htm

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip…{BB5291CF-A39A-4D19-A91A-F3ADEE4820AA}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

End of file - 6545 bytes

#6

W logu nic nie widać

Podaj log z Combofix

#7

oto log z combofix

ComboFix 08-04-29.5 - t 2008-05-01 17:06:06.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.238 [GMT 2:00]

Running from: E:\Programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))

.

2008-04-16 23:31 . 2008-04-30 19:59 101,156 --a------ D:\WINDOWS\BM0fa2a456.xml

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-01 14:44 --------- d—a-w D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP

2008-05-01 14:44 --------- d-----w D:\Program Files\Spyware Doctor

2008-05-01 14:36 --------- d-----w D:\Program Files\Google

2008-05-01 14:15 --------- d-----w D:\Program Files\Neostrada TP

2008-05-01 11:36 223,128 ----a-w D:\WINDOWS\system32\drivers\dtscsi.sys

2008-05-01 11:36 --------- d-----w D:\Program Files\DAEMON Tools

2008-05-01 11:32 --------- d-----w D:\Program Files\Valve

2008-05-01 10:22 --------- d-----w D:\Documents and Settings\t.DAREK-O3WK1XPX4\Dane aplikacji\Skype

2008-05-01 09:43 --------- d-----w D:\Program Files\PC Tools Firewall Plus

2008-05-01 09:43 --------- d-----w D:\Program Files\NetPanel

2008-05-01 09:43 --------- d-----w D:\Program Files\FAST Defrag

2008-05-01 09:25 440,832 ----a-w D:\WINDOWS\UpdReg .EXE

2008-05-01 09:25 344,064 ----a-w D:\WINDOWS\system32\atiptaxx .exe

2008-05-01 09:25 270,336 ----a-w D:\WINDOWS\tsnp325 .exe

2008-05-01 08:27 20,480 ----a-w D:\WINDOWS\FixCamera .exe

2008-04-24 17:20 --------- d-----w D:\Documents and Settings\t.DAREK-O3WK1XPX4\Dane aplikacji\Azureus

2008-02-23 17:18 835,584 ----a-w D:\WINDOWS\vsnp325 .exe

2008-02-01 16:59 108,144 ----a-w D:\WINDOWS\system32\CmdLineExt.dll

2007-01-21 20:00 87,608 ----a-w D:\Documents and Settings\t.DAREK-O3WK1XPX4\Dane aplikacji\ezpinst.exe

2007-01-21 20:00 47,360 ----a-w D:\Documents and Settings\t.DAREK-O3WK1XPX4\Dane aplikacji\pcouffin.sys

2003-03-21 11:37 16,056 ----a-w D:\Program Files\owcstp16.dll

.

----a-w 851,968 2008-03-25 12:28:17 D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer .exe

----a-w 851,968 2008-02-01 16:19:43 D:\Program Files\Common Files\PCSuite\DataLayer\DATALA~1 .EXE

----a-w 32,768 2008-05-01 09:25:21 D:\Program Files\CyberLink\PowerDVD\PDVDServ .exe

----a-w 133,016 2008-04-25 16:03:54 D:\Program Files\DAEMON Tools\daemon .exe

----a-w 98,816 2008-05-01 09:26:41 D:\Program Files\FAST Defrag\FAST2 .EXE

----a-w 49,152 2008-05-01 09:25:44 D:\Program Files\HP\HP Software Update\HPWuSchd2 .exe

----a-w 132,496 2008-05-01 09:25:25 D:\Program Files\Java\jre1.6.0_03\bin\jusched .exe

----a-w 53,248 2008-05-01 09:25:44 D:\Program Files\Neostrada TP\TaskbarIcon .exe

----a-w 20,480 2008-05-01 09:28:35 D:\Program Files\Neostrada TP\Watch .exe

----a-w 448,512 2008-05-01 09:25:31 D:\Program Files\NetPanel\Starter .exe

----a-w 2,598,808 2008-05-01 09:26:06 D:\Program Files\PC Tools Firewall Plus\FirewallGUI .exe

----a-w 457,216 2008-02-23 08:11:24 D:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray .exe

----a-w 159,744 2008-05-01 09:25:47 D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe

----a-w 278,528 2008-05-01 09:25:38 D:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb .exe

----a-w 20,480 2008-05-01 08:27:43 D:\WINDOWS\FixCamera .exe

----a-w 270,336 2008-05-01 09:25:56 D:\WINDOWS\tsnp325 .exe

----a-w 440,832 2008-05-01 09:25:21 D:\WINDOWS\UpdReg .EXE

----a-w 835,584 2008-02-23 17:18:59 D:\WINDOWS\vsnp325 .exe

----a-w 344,064 2008-05-01 09:25:36 D:\WINDOWS\system32\atiptaxx .exe

[/code]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“FAST Defrag”=“D:\PROGRA~1\FASTDE~1\FAST2~2.exe” [2008-05-01 11:26 98816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“DAEMON Tools”=“D:\Program Files\DAEMON Tools\daemon.exe” [2005-12-10 16:57 133016]

“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 00:44 110592 D:\WINDOWS\system32\bthprops.cpl]

“HP Software Update”=“D:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.JPEG”= JpegCode.dll

“VIDC.MJPG”= JpegCode.dll

“msacm.ctmp3”= D:\WINDOWS\system32\ctmp3.acm

“VIDC.YV12”= yv12vfw.dll

“msacm.ac3filter”= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPoXUSDM]

--------- 2004-04-19 08:34 1017856 D:\Program Files\EPoX\USDM\USDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“D:\WINDOWS\system32\dpnsvr.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=

“D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“D:\WINDOWS\system32\sessmgr.exe”=

“D:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe”=

“D:\Program Files\Azureus\Azureus.exe”=

“D:\Program Files\eMule\emule.exe”=

“D:\Program Files\Gadu-Gadu\gg.exe”=

“D:\Program Files\Neostrada TP\NeostradaTP.exe”=

“D:\Program Files\Outlook Express\msimn.exe”=

“D:\Program Files\Real Alternative\settings.exe”=

“D:\Program Files\Spyware Doctor\swdoctor.exe”=

“D:\Program Files\K-Lite Codec Pack\filters\ac3config.exe”=

“D:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“9978:TCP”= 9978:TCP:BitComet 9978 TCP

“9978:UDP”= 9978:UDP:BitComet 9978 UDP

“20717:TCP”= 20717:TCP:BitComet 20717 TCP

“20717:UDP”= 20717:UDP:BitComet 20717 UDP

“8747:TCP”= 8747:TCP:BitComet 8747 TCP

“8747:UDP”= 8747:UDP:BitComet 8747 UDP

“20910:TCP”= 20910:TCP:BitComet 20910 TCP

“20910:UDP”= 20910:UDP:BitComet 20910 UDP

R0 xmasbus;xmasbus;D:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]

R0 xmasscsi;xmasscsi;D:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]

R1 atitray;atitray;D:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray.sys [2005-07-31 17:08]

R1 pctfw2;pctfw2;D:\WINDOWS\system32\drivers\pctfw2.sys [2007-11-09 17:00]

R1 pctmp;PC Tools Firewall Memory Protection Driver;D:\WINDOWS\system32\drivers\pctmp.sys [2007-11-09 17:00]

R1 pctssipc;PC Tools Security Suite IPC Driver;D:\WINDOWS\system32\drivers\pctssipc.sys [2007-11-09 17:00]

R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;D:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 20:27]

R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;D:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 20:27]

R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;D:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 20:28]

R3 SNP325;USB PC Camera (SNPSTD325);D:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-26 11:03]

S2 SVKP;SVKP;D:\WINDOWS\system32\SVKP.sys []

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);D:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\autorun.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-01 17:08:24

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-01 17:10:11

ComboFix-quarantined-files.txt 2008-05-01 15:10:04

Pre-Run: 8,954,703,872 bajtów wolnych

Post-Run: 8,933,462,016 bajtów wolnych

151 — E O F — 2007-10-14 10:51:34

W dniu 01.05.2008, o godzinie 18:03 został dopisany post przez darlem

i co wporzadku jest ten log?

#8

otwórz notatnik i wklej

Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

Log wyglada na czysty

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Usuń ręcznie folder C: \Qoobox

usuń instalkę Combofix z dysku.