Proszę o sprawdzenie loga - amvo.exe - problem!

ghost.007 · 6 Luty 2008 18:02

Witam moj problem polega na tym iz avast pokazuje wirusa ale go nie usuwa! Uruchomiłem ComboFIX i chciałbym poprosić o sprawdzenie loga czy coś zostało

Z góry dziekuję!

Pozdrawiam

ComboFix 08-02.05.3 - Daniel 2008-02-06 18:47:59.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.553 [GMT 1:00] Running from: C:\Documents and Settings\Daniel\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\eeecaf5_r.dll . ((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))) . 2008-02-05 00:24 . 2008-02-05 00:23 103,367 -r-hs---- C:\2ifetri.cmd 2008-02-03 13:44 . 2007-02-05 17:45 583,232 --a------ C:\WINDOWS\system32\tvt_gina.dll 2008-02-03 13:44 . 2007-02-05 17:45 292,416 --a------ C:\WINDOWS\system32\tvt_gina_api.dll 2008-02-03 13:44 . 2005-11-08 09:27 11,520 --a------ C:\WINDOWS\system32\drivers\ANC.sys 2008-02-03 13:44 . 2007-04-02 11:24 4,224 --a------ C:\WINDOWS\system32\drivers\IBMBLDID.sys 2008-02-03 13:43 . 2008-02-03 13:43 0 --a------ C:\WINDOWS\system32\AccConnAdvanced.html 2008-01-26 17:47 . 2008-01-12 10:42 106,183 -r-hs---- C:\d.com 2008-01-20 13:47 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-01-20 13:45 . 2008-01-20 13:48 2008-01-20 13:45 . 2008-01-20 13:45 2008-01-20 13:45 . 2008-01-20 13:47 2008-01-20 13:45 . 2008-01-20 13:45 2008-01-09 17:52 . 1997-06-02 12:32 314,880 --a------ C:\WINDOWS\IsUninst.exe 2008-01-09 17:52 . 2008-01-09 17:53 21,052 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2008-01-09 17:52 . 2008-01-09 17:53 15,144 --a----t- C:\WINDOWS\system32\SIntf32.dll 2008-01-09 17:52 . 2008-01-09 17:53 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2008-01-09 17:48 . 2008-01-09 17:48 420 --a------ C:\WINDOWS\WININIT.INI 2008-01-09 17:48 . 2008-01-09 17:48 123 --a------ C:\WINDOWS\TMPCPYIS.BAT 2008-01-09 17:48 . 2008-01-09 17:48 122 --a------ C:\WINDOWS\TMPDELIS.BAT 2008-01-09 17:48 . 2008-01-09 17:48 26 --a------ C:\WINDOWS\WINSTART.BAT 2008-01-09 17:46 . 1997-06-04 16:29 271,248 --a------ C:\WINDOWS\ISUN16.EXE 2008-01-09 17:46 . 1995-07-13 17:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL 2008-01-08 19:11 . 2008-01-08 19:11 38 --a------ C:\WINDOWS\avisplitter.INI 2008-01-06 12:05 . 2008-01-06 12:05 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-06 17:51 --------- d-----w C:\Program Files\Kalendarz XP 2008-02-05 11:00 --------- d-----w C:\Program Files\Winamp 2008-02-03 12:53 0 —ha-r C:\WINDOWS\system32\drivers\IBM_2373_SA1_TP.MRK 2008-02-03 12:43 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-02-03 12:43 --------- d-----w C:\Program Files\ThinkPad 2008-01-31 08:51 --------- d-----w C:\Program Files\a-squared Free 2008-01-29 18:26 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-27 22:11 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\uTorrent 2007-12-24 12:19 --------- d-----w C:\Program Files\PDFCreator 2007-12-17 22:09 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\Skype 2007-12-16 10:51 --------- d-----w C:\Program Files\Picasa2 2007-12-16 10:35 --------- d-----w C:\Program Files\Google 2007-12-16 09:51 --------- d-----w C:\Program Files\eMule 2007-12-14 15:51 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\LimeWire 2007-12-10 11:00 --------- d-----w C:\Program Files\Ultra RM Converter 2007-12-07 16:28 --------- d-----w C:\Documents and Settings\Daniel\Dane aplikacji\Winamp 2007-10-22 09:42 51,552 ------w C:\Documents and Settings\Daniel\Dane aplikacji\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360] “Copernic Desktop Search 2”=“C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe” [2007-08-01 20:26 1514016] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-10-23 22:18 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “S3TRAY2”=“S3Tray2.exe” [2001-10-11 22:32 69632 C:\WINDOWS\system32\S3Tray2.exe] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 00:44 110592 C:\WINDOWS\system32\bthprops.cpl] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2007-02-06 21:00 344064] “TpShocks”=“TpShocks.exe” [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe] “TPHOTKEY”=“C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe” [2006-10-02 10:19 94208] “AGRSMMSG”=“AGRSMMSG.exe” [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2007-08-10 18:30 110592] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-08-10 18:30 512000] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2005-09-25 19:11 155648] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496] “QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 06:24 286720] “EZEJMNAP”=“C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe” [2007-04-27 02:33 243248] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224] “TVT Scheduler Proxy”=“C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe” [2007-11-06 15:27 487424] “cssauth”=“C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe” [2006-08-21 02:36 1997568] “ACTray”=“C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe” [2007-07-05 14:58 413696] “ACWLIcon”=“C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe” [2007-07-05 14:51 126976] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Aktywacja Testera.lnk - C:\Programy\YDPDICT\Watch.exe [2008-01-09 17:47:02 352768] Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-09-28 08:53:34 882176] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll R0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys [2006-08-21 01:04] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24] R2 Dnscache;Klient DNS;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:44] R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2006-08-21 01:44] R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-08-21 01:10] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9a799096-c900-11dc-a96b-00054e460743}] \Shell\AutoRun\command - E:\xo8wr9.exe \Shell\explore\Command - E:\xo8wr9.exe \Shell\open\Command - E:\xo8wr9.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a37b86ad-9c24-11dc-a936-00054e460743}] \Shell\AutoRun\command - E:\2ifetri.cmd \Shell\explore\Command - E:\2ifetri.cmd \Shell\open\Command - E:\2ifetri.cmd . Contents of the ‘Scheduled Tasks’ folder “2008-01-11 20:28:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 18:54:08 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe - C:\WINDOWS\system32\tphklock.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe c:\program files\lenovo\system update\suservice.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe . ************************************************************************** . Completion time: 2008-02-06 18:55:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-06 17:55:36 . 2008-01-09 10:34:19 — E O F — i z Hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:58:19, on 2008-02-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe c:\program files\lenovo\system update\suservice.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programy\YDPDICT\Watch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Daniel\Pulpit\Programy\LOGI\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll O4 - HKLM…\Run: [s3TRAY2] S3Tray2.exe O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [TpShocks] TpShocks.exe O4 - HKLM…\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime O4 - HKLM…\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM…\Run: [cssauth] “C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe” silent O4 - HKLM…\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM…\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Copernic Desktop Search 2] “C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe” /tray O4 - HKCU…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Aktywacja Testera.lnk = C:\Programy\YDPDICT\Watch.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 0300118009 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 0301053237 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{AA508C7F-8739-4882-932E-CBD63A054301}: NameServer = 10.0.4.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe – End of file - 10734 bytes Jeszcze raz dziękuję!

Leon1 · 6 Luty 2008 18:43

wpisy

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

usuń HijackThisem >> Fix checked otwórz notatnik i wklej

File::

C:\2ifetri.cmd

C:\d.com


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania

Po restarcie usuń ręcznie folder C: \Qoobox

Potem nowy log HijackThis

Gutek · 6 Luty 2008 19:26

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Na forum używamy polskich znaczków (ę, ą, ś, ż, ź, ć, ń, ł, ó).

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350