Trojan.proxy.agent.ls pomocy nie do usuniecia

sklacz · 21 Listopad 2006 14:36

nie dawno moj mlodszy brat klikna chyba w jeden z linkow ktore teraz krazom w gg zrobilem przywracanie systemu ale nadal cos jest nie tak internet strasznie mi sie muli. Zgory dziekuje wszystkim ktorzy mi pomoga!

ps.jeszcze cos mi sie z winampem porobilo jak chce wlaczyc mp3 to nie widze zadnego okienka winampa ale muzyka leci :shock:

LOG:

Logfile of HijackThis v1.99.1 Scan saved at 15:31:09, on 2006-11-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\CpuIdle\cpuidle.exe E:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\xp\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adtest.gadu-gadu.pl/click.asp?ad … te=ggrozm1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 200.124.131.116 casinocontroller.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM…\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [CpuIdle] E:\Program Files\CpuIdle\cpuidle.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iTunesHelper] “E:\Program Files\iTunes\iTunesHelper.exe” O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/ … search.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/ … tedata.htm O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O8 - Extra context menu item: Mail to a Friend… - http://client.alexa.com/holiday/script/ … mailto.htm O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/ … elated.htm O8 - Extra context menu item: Write a Review… - http://client.alexa.com/holiday/script/ … review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra ‘Tools’ menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O17 - HKLM\System\CCS\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Bieniol · 21 Listopad 2006 15:22

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

O1 - Hosts: 200.124.131.116 casinocontroller.com O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/ … search.htm O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/ … tedata.htm O8 - Extra context menu item: Mail to a Friend… - http://client.alexa.com/holiday/script/ … mailto.htm O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/ … elated.htm O8 - Extra context menu item: Write a Review… - http://client.alexa.com/holiday/script/ … review.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Po zabiegach nowy log z Hijacka + log z Silent Runners

sklacz · 14 Styczeń 2007 13:47

nie chce robic nowego tematu jak ten dalej jest ale znowu mam problem oto log:

Logfile of HijackThis v1.99.1 Scan saved at 14:40:30, on 2007-01-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\DAEMON Tools\daemon.exe E:\Program Files\CpuIdle\cpuidle.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files{84F5E538-04E2-1045-0628-051021020030}\Update.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchosts.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\msasvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe E:\Program Files\KONAMI\Pro Evolution Soccer 6\pes6.exe C:\Documents and Settings\xp\Pulpit\pulp\hijackthis\HijackThis.exe C:\Program Files\Opera\Opera.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adtest.gadu-gadu.pl/click.asp?ad … te=ggrozm1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [CpuIdle] E:\Program Files\CpuIdle\cpuidle.exe O4 - HKLM…\Run: [iTunesHelper] “E:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [{84F5E538-04E2-1045-0628-051021020030}] “C:\Program Files\Common Files{84F5E538-04E2-1045-0628-051021020030}\Update.exe” mc-110-12-0000272 O4 - HKLM…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe O4 - HKLM…\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra ‘Tools’ menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra ‘Tools’ menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe O9 - Extra ‘Tools’ menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra ‘Tools’ menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O17 - HKLM\System\CCS\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

prosilbym o jak najszybsza pomoc bo internet strasznie mi zwolnil i caly komp, z gory dzieki za pomoc

adam9870 · 14 Styczeń 2007 14:13

Pobierz The avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avangera i skasuj plik backup.zip czyli np. c:\avanger\backup.zip.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O4 - HKLM…\Run: [{84F5E538-04E2-1045-0628-051021020030}] “C:\Program Files\Common Files{84F5E538-04E2-1045-0628-051021020030}\Update.exe” mc-110-12-0000272 O4 - HKLM…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe O4 - HKLM…\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe

Usuń HJT.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners.

sklacz · 14 Styczeń 2007 14:45

dzieki OGROMNE za tak szybka odpowiedz i pomoc

a tu nowe logi:

Logfile of HijackThis v1.99.1 Scan saved at 15:42:14, on 2007-01-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\DAEMON Tools\daemon.exe E:\Program Files\CpuIdle\cpuidle.exe E:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\xp\Pulpit\pulp\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adtest.gadu-gadu.pl/click.asp?ad … te=ggrozm1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [CpuIdle] E:\Program Files\CpuIdle\cpuidle.exe O4 - HKLM…\Run: [iTunesHelper] “E:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [{84F5E538-04E2-1045-0628-051021020030}] “C:\Program Files\Common Files{84F5E538-04E2-1045-0628-051021020030}\Update.exe” mc-110-12-0000272 O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra ‘Tools’ menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra ‘Tools’ menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe O9 - Extra ‘Tools’ menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra ‘Tools’ menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O17 - HKLM\System\CCS\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”” [“Nero AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.6.0\bin\jusched.exe” [“Sun Microsystems, Inc.”] “ASUS Probe” = “C:\Program Files\ASUS\Probe\AsusProb.exe” [null data] “RaidTool” = “C:\Program Files\VIA\RAID\raid_tool.exe” [“VIA Technologies”] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “CpuIdle” = “E:\Program Files\CpuIdle\cpuidle.exe” [“Andreas Goetz”] “iTunesHelper” = ““E:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “{84F5E538-04E2-1045-0628-051021020030}” = ““C:\Program Files\Common Files{84F5E538-04E2-1045-0628-051021020030}\Update.exe” mc-110-12-0000272” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0\bin\ssv.dll” [“Sun Microsystems, Inc.”] {E5A1691B-D188-4419-AD02-90002030B8EE}(Default) = (no title provided) -> {HKLM…CLSID} = “FlashFXP Helper for Internet Explorer” \InProcServer32(Default) = “C:\PROGRA~1\FlashFXP\IEFlash.dll” [“IniCom Networks, Inc.”] {EBE9E2B5-B526-48BC-AD46-687263EDCB0E}(Default) = (no title provided) -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll” [“RealNetworks, Inc.”] “{00020000-0000-1011-8004-0000C06B5161}” = “WIBU-SYSTEMS Shell Extension” -> {HKLM…CLSID} = “WIBU-SYSTEMS Shell Extension” \InProcServer32(Default) = “C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll” [“WIBU-SYSTEMS AG”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “E:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {00020000-0000-1011-8004-0000C06B5161}(Default) = (no title provided) -> {HKLM…CLSID} = “WIBU-SYSTEMS Shell Extension” \InProcServer32(Default) = “C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll” [“WIBU-SYSTEMS AG”] {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\xp\Dane aplikacji\Opera\Opera\profile\Skin\17.bmp” Startup items in “xp” & “All Users” startup folders: ---------------------------------------------------- C:\Documents and Settings\xp\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4D5C8C2A-D075-11D0-B416-00C04FB90376}” -> {HKLM…CLSID} = “Pasek poleceń Microsoft” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}” = “Kwyshell MidpX” -> {HKLM…CLSID} = “Kwyshell MidpX” \InProcServer32(Default) = “C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll” [“Kwyshell G.Corp”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll” [“Sun Microsystems, Inc.”] {13C1DBF6-7535-495C-91F6-8C13714ED485}\ “ButtonText” = “Absolute Poker” “MenuText” = “Absolute Poker” “Exec” = “C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk” [null data] {49783ED4-258D-4F9F-BE11-137C18D3E543}\ “ButtonText” = “Titan Poker” “MenuText” = “Titan Poker” “Exec” = “C:\Program Files\Titan Poker\casino.exe” [null data] {59A861EE-32B3-42CD-8CCA-FC130EDF3A44}\ “ButtonText” = “PartyGammon.com” “MenuText” = “PartyGammon.com” “Exec” = “C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe” [empty string] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {94EDF7B4-4272-4AF3-8F8B-4E2F68E225B7}\ “ButtonText” = “PacificPoker” “Exec” = “C:\PROGRA~1\PACIFI~1\pacificpoker.exe” [“Cassava Ent.”] {A68FC757-51CF-4F3C-B13A-BFB8CA69BB99}\ “ButtonText” = “CDPoker” “MenuText” = “CDPoker” “Exec” = “C:\Program Files\CDPoker\casino.exe” [null data] {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ “ButtonText” = “PartyPoker.com” “MenuText” = “PartyPoker.com” “Exec” = “C:\Program Files\PartyGaming\PartyPoker\RunApp.exe” [empty string] {F47C1DB5-ED21-4DC1-853E-D1495792D4C5}\ “ButtonText” = “Bodog Poker” “Exec” = “C:\Program Files\Bodog Poker\BPGame.exe” [“Bodog”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [null data] SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 102 seconds. ---------- (total run time: 195 seconds)

adam9870 · 14 Styczeń 2007 14:49

Usuń hijackiem powyższy wpis i możesz pokazać nowy log.

Pozamykaj porty robakom. W tym celu użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

sklacz · 14 Styczeń 2007 17:42

Logfile of HijackThis v1.99.1 Scan saved at 18:45:53, on 2007-01-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\VIA\RAID\raid_tool.exe E:\Program Files\CpuIdle\cpuidle.exe E:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\xp\Pulpit\pulp\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adtest.gadu-gadu.pl/click.asp?ad … te=ggrozm1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [CpuIdle] E:\Program Files\CpuIdle\cpuidle.exe O4 - HKLM…\Run: [iTunesHelper] “E:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra ‘Tools’ menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra ‘Tools’ menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe O9 - Extra ‘Tools’ menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra ‘Tools’ menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O17 - HKLM\System\CCS\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

dzieki teraz mam nadzieje ze wszystko bedzie ok

adam9870 · 14 Styczeń 2007 18:27

@sklacz

Już jest ok.

Możesz zajrzeć: Optymalizacja i odchudzanie Windowsa XP.

sklacz · 15 Styczeń 2007 11:28

dzieki wielkie za twoja pomoc mam jeszcze jedno pytanie troche nie zwiazane z wirusami ale moze ktos bedzie wiedzial przy kazdym starcie systemu Checkdisk chce sprwdzac poprawnosc spojnosci danych na moim dysku e, i teraz pytanie czy cos jest nie tak z tym dyskiem i czy mozna to wylaczyc bo itak przerywam jak chce sprawdzac??

edit:

gdy chce defragmentowac ten dysk prog. diskeeper wyskakuje komunikat:

“zaplanowany jest scandisc na woluminie !s!. to jest spowodowane, albo ustawieniami uzytkownika albo sys operacyjny znalazl bledy w systemie plikow. scandisc bedzie uruchomiony automatycznie podczas nastepnego restartu, dopoki scandisc jest uruchomiony diskeeper nie moze defragmentowac tego woluminu” i teraz pytanie co zrobic??

adam9870 · 15 Styczeń 2007 14:10

Zajrzyj tutaj:

http://forum.dobreprogramy.pl/viewtopic.php?t=88789

sklacz · 15 Styczeń 2007 17:13

teraz to porobilem weszlem w ten temat “Optymalizacja i odchudzanie Windowsa XP” i od tej pory co sie tam bawilem to internet zamula tak jak jeszcze nigdy a system wylancza sie przez 3-4 minuty :o co robic??

Gutek · 15 Styczeń 2007 19:39

Jak szybciej zamknąć system masz - http://www.searchengines.pl/phpbb203/in … topic=5989

sklacz · 31 Marzec 2007 06:40

Witam ponownie, znów potrzebuje waszej pomocy [chodzi o coś innego niż wcześniej jednak pisze w tym samym temacie by nie zaśmiecać forum]

Zaczne od tego ze wczoraj zaczęło się coś dziwnego dziać z moim kompem. Z mojego komputera ktoś cały czas próbował wysyłać wiadomości e-mail, jednak mój avast to blokuje, zrobiłem skan avastem, niestety nic nie wykrył, a więc włączyłem mks-vir on-line i wykrył ok.10 trojanów niestety jednego nie może usunąć i tu potrzebuje waszej pomocy.

Ścieżka do wira:

log hijack:

Logfile of HijackThis v1.99.1 Scan saved at 08:30:29, on 2007-03-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe E:\Program Files\CpuIdle\cpuidle.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Opera\Opera.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Winamp\Winamp.exe C:\Documents and Settings\xp\Pulpit\pulp\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mks.com.pl/skaner/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [iTunesHelper] “E:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [DiskeeperSystray] “E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [CpuIdle] E:\Program Files\CpuIdle\cpuidle.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [uvnx] c:\windows\system32\uvnx.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra ‘Tools’ menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra ‘Tools’ menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra ‘Tools’ menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Klient DNS DnscacheUPS (DnscacheUPS) - Unknown owner - C:\WINDOWS\system32\3ivxVfWCodecx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Z góry dzięki za pomoc.

Edit:

no i po problemie dzieki ci http://www.arcabit.pl/

polecam bardzo tego anty vira robiłem skan on-line i dal rade nie to co mks, mimo wszystko jak ktoś znajdzie jeszcze coś w logu to prosze o pomoc.

Edit2:

właśnie przeczytałem że mks i arca to z jednej firmy, tylko dziwne że arca dał rade a mks nie :o

adam9870 · 31 Marzec 2007 08:25

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

c:\windows\system32\uvnx.exe

Klikasz X czerwony i restart kompa.

Usuń wpis HJT.

To Twoje? Jeśli nie to start => wpisz services.msc => zatrzymaj i wyłącz usługę Klient DNS DnscacheUPS, następnie plik skasuj ręcznie z dysku w trybie awaryjnym.

Użyj programu ATF Cleaner w trybie awaryjnym i przeczyść TEMP’y.

Po wykonaniu wklej log z ComboScan.

sklacz · 31 Marzec 2007 10:13

adam9870 dzieki jeszcze raz za pomoc

a tu ComboScan:

ComboScan v20070306.20 run by xp on 2007-03-31 at 12:07:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. – Last 1 Restore Point(s) – 1: 2007-03-31 10:07:47 UTC - RP14 - ComboScan Restore Point Performed disk cleanup. – HijackThis (run as xp.exe) -------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 12:07:58, on 2007-03-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\VIA\RAID\raid_tool.exe E:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe E:\Program Files\CpuIdle\cpuidle.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\xp\Pulpit\KillBox\comboscan.exe C:\DOCUME~1\xp\Pulpit\pulp\HIJACK~1\xp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mks.com.pl/skaner/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [iTunesHelper] “E:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [DiskeeperSystray] “E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [CpuIdle] E:\Program Files\CpuIdle\cpuidle.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra ‘Tools’ menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\xp\Menu Start\Programy\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra ‘Tools’ menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra ‘Tools’ menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip…{052DB402-7177-46AC-98BF-EA26C1936C04}: NameServer = 192.168.0.1,194.204.152.34 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe – HijackThis Fixed Entries (C:\DOCUME~1\xp\Pulpit\pulp\HIJACK~1\backups) ----- backup-20070106-221129-126 O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL backup-20070106-221129-533 O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll backup-20070106-221129-678 O1 - Hosts: 200.124.131.116 casinocontroller.com backup-20070106-221129-928 O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/ … search.htm backup-20070106-221424-399 O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/ … elated.htm backup-20070106-221424-619 O8 - Extra context menu item: Mail to a Friend… - http://client.alexa.com/holiday/script/ … mailto.htm backup-20070106-221424-702 O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/ … tedata.htm backup-20070106-221424-794 O8 - Extra context menu item: Write a Review… - http://client.alexa.com/holiday/script/ … review.htm backup-20070114-153924-133 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html backup-20070114-153924-165 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html backup-20070114-153924-238 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm backup-20070114-153924-343 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html backup-20070114-153924-419 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html backup-20070114-153924-432 O4 - HKLM…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070114-153924-528 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html backup-20070114-153924-564 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html backup-20070114-153924-569 O4 - HKLM…\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe backup-20070114-153925-740 O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing) backup-20070114-153925-750 O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm backup-20070114-183926-117 O4 - HKLM…\Run: [{84F5E538-04E2-1045-0628-051021020030}] “C:\Program Files\Common Files{84F5E538-04E2-1045-0628-051021020030}\Update.exe” mc-110-12-0000272 backup-20070309-164241-403 O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing) backup-20070309-164241-491 O9 - Extra ‘Tools’ menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing) backup-20070309-164241-672 O1 - Hosts: 200.124.131.116 casinocontroller.com backup-20070309-164241-699 O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file) backup-20070309-164241-703 O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) backup-20070331-113634-811 O4 - HKLM…\Run: [uvnx] c:\windows\system32\uvnx.exe – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys 3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys 1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys 2R aslm75 - C:\WINDOWS\system32\drivers\ASLM75.SYS 3S ASUSHWIO - C:\WINDOWS\system32\drivers\ASUSHWIO.sys (not found) 2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys 3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys 1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys 1R cpuidlep (CpuIdle Pro System Driver) - C:\WINDOWS\system32\drivers\cpuidlep.sys 3R dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys 3S ENTECH - C:\WINDOWS\system32\drivers\entech.sys 3R FETNDIS (Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet) - C:\WINDOWS\system32\drivers\fetnd5.sys 3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 3R HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys 3S kvpndev (Kerio VPN adapter) - C:\WINDOWS\system32\drivers\kvpndrv.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3S P2k (Motorola USB Device) - C:\WINDOWS\system32\drivers\P2k.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys 0R sptd - C:\WINDOWS\system32\drivers\sptd.sys 0R uagp35 (Filtr AGPv3.5 firmy Microsoft) - C:\WINDOWS\system32\drivers\UAGP35.SYS 3S usbccgp (Rodzajowy sterownik nadrzędny USB Microsoft) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbser (Motorola USB Modem Driver) - C:\WINDOWS\system32\drivers\usbser.sys 3S usbsermpt (Motorola USB Modem Driver for MPT) - C:\WINDOWS\system32\drivers\usbsermpt.sys 3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 0R viamraid - C:\WINDOWS\system32\drivers\viamraid.sys 2R WIBUKEY (WIBU-KEY Kernel Driver) - C:\WINDOWS\system32\drivers\Wibukey.sys pe386 driver present – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S Adobe LM Service - “C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe” 2R aswUpdSv (avast! iAVS4 Control Service) - “C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe” 2R avast! Antivirus - “C:\Program Files\Alwil Software\Avast4\ashServ.exe” 3R avast! Mail Scanner - “C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service 3R avast! Web Scanner - “C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service 2S Diskeeper - “E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe” 4S DnscacheUPS (Klient DNS DnscacheUPS) - C:\WINDOWS\system32\3ivxVfWCodecx.exe srv 3S IDriverT (InstallDriver Table Manager) - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe” 3R iPod Service - “C:\Program Files\iPod\bin\iPodService.exe” 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S ose (Office Source Engine) - “C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE” 2R SoundMAX Agent Service (default) (SoundMAX Agent Service) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2R StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 2R UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe – Scheduled Tasks ------------------------------------------------------------- 2007-03-27 21:26:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job – Files created between 2007-02-28 and 2007-03-31 ----------------------------- 2007-03-31 11:30:58 0 d-------- C:!KillBox 2007-03-31 08:48:06 0 d-------- C:\Program Files\ArcaMicroScan 2007-03-30 21:49:44 0 d-------- C:\Program Files\SkanerOnline 2007-03-30 20:05:52 109 --ahs---- C:\WINDOWS\system32\2230707512.dat<223070~1.DAT> 2007-03-30 20:05:46 30332 -r-hs---- C:\WINDOWS\system32\3ivxVfWCodecx.exe<3IVXVF~1.EXE> 2007-03-20 16:46:53 0 d-------- C:\Poker 2007-03-18 20:09:45 0 d-------- C:\Program Files\Deluxe Ski Jump 3 2007-03-15 12:00:36 466432 --a------ C:\WINDOWS\system32\SkanerOnline.dll 2007-03-15 10:29:38 0 d-------- C:\Program Files\Deluxe Ski Jump 2007-03-10 12:40:38 0 d-------- C:\WINDOWS\system32\FlashAX 2007-03-10 12:40:04 0 d-------- C:\Program Files\Aspinalls 2007-03-08 16:49:43 0 d-------- C:\Program Files\FreeCall.com 2007-03-05 17:16:49 0 d-------- C:\Program Files\SecondLife 2007-03-04 13:40:41 0 d-------- C:\Program Files\Action Poker – Find3M Report --------------------------------------------------------------- 2007-03-31 11:17:26 0 d-------- C:\Program Files\Mozilla Firefox 2007-03-31 09:45:51 0 d-------- C:\Documents and Settings\xp\Dane aplikacji\ArcaBit 2007-03-30 16:51:09 0 d-------- C:\Program Files\BingoCafe 2007-03-25 11:20:55 0 d-------- C:\Program Files\B2BPOKER 2007-03-25 08:00:46 352670 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-25 08:00:46 48012 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-24 21:04:01 0 d-------- C:\Program Files\Absolute Poker 2007-03-20 16:47:37 0 d-------- C:\Program Files\Expekt 2007-03-09 17:30:49 0 d-------- C:\Program Files\PartyGaming 2007-03-08 16:58:10 0 d-------- C:\Documents and Settings\xp\Dane aplikacji\FreeCall 2007-03-05 17:17:21 0 d-------- C:\Documents and Settings\xp\Dane aplikacji\SecondLife 2007-03-04 14:30:27 0 d-------- C:\Program Files\SopCast 2007-03-04 14:25:33 0 d-------- C:\Program Files\G2GPoker_com 2007-03-04 14:23:49 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-04 14:22:24 0 d-------- C:\Program Files\Bodog Poker 2007-03-04 14:21:06 0 d-------- C:\Program Files\Atlantic Lounge 2007-03-04 13:40:35 0 d-------- C:\Program Files\Opera 2007-02-28 17:22:31 0 d-------- C:\Program Files\FlashFXP 2007-02-23 11:42:23 4608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-02-23 11:42:23 2272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-02-20 22:28:10 0 d-------- C:\Program Files\Apple Software Update 2007-02-18 01:08:16 0 d-------- C:\Program Files\Titan Poker 2007-02-16 20:05:00 0 d-------- C:\Program Files\FlashGet 2007-02-11 12:21:08 0 d-------- C:\Documents and Settings\xp\Dane aplikacji\Microgaming 2007-02-11 10:14:37 0 d-------- C:\Program Files\AZApoker 2007-02-08 17:24:58 0 d-------- C:\Program Files\Poker.com 2007-02-04 12:06:17 32854 --a------ C:\WINDOWS\iniLS.dat 2007-02-03 22:50:44 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-01-24 16:27:30 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-01-19 09:40:42 89088 --a------ C:\WINDOWS\system32\SkanerOnlineUninstall.exe 2007-01-17 17:03:32 349454 --a------ C:\WINDOWS\system32\prfh0415.dat 2007-01-17 17:03:30 46756 --a------ C:\WINDOWS\system32\prfc0415.dat 2007-01-15 12:17:44 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-01-14 09:46:50 32177 —hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe 2007-01-14 09:08:26 32179 —hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe 2007-01-08 16:30:42 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”="“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0\bin\jusched.exe” “RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” “nwiz”=“nwiz.exe /install” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “iTunesHelper”="“E:\Program Files\iTunes\iTunesHelper.exe”" “DiskeeperSystray”="“E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe”" “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" “CpuIdle”=“E:\Program Files\CpuIdle\cpuidle.exe” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “ASUS Probe”=“C:\Program Files\ASUS\Probe\AsusProb.exe” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=dword:00000001 “ClearRecentDocsOnExit”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=dword:00000000 “ClearRecentDocsOnExit”=dword:00000001 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F] Shell\AutoRun\command F:\Setup\rsrc\autorun.exe Shell\dinstall\command F:\Directx\dxsetup.exe – End of ComboScan: finished at 2007-03-31 at 12:08:44 ------------------------

ComboScan v20070306.20 run by xp on 2007-03-31 at 12:07:41 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Polish CPU 0: AMD Athlon XP 2000+ Percentage of Memory in Use: 45% Physical Memory (total/avail): 511.53 MiB / 280.98 MiB Pagefile Memory (total/avail): 3591.67 MiB / 3391.15 MiB Virtual Memory (total/avail): 2047.88 MiB / 1999 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 19.53 GiB total, 2.56 GiB free. D: is CDROM (No Media) E: is Fixed (NTFS) - 54.99 GiB total, 2.46 GiB free. F: is CDROM (CDFS) G: is CDROM (No Media) – Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\xp\Dane aplikacji CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=XP-A9BD72FD9751 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\xp LOGONSERVER=\XP-A9BD72FD9751 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0801 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\xp\USTAWI~1\Temp TMP=C:\DOCUME~1\xp\USTAWI~1\Temp USERDOMAIN=XP-A9BD72FD9751 USERNAME=xp USERPROFILE=C:\Documents and Settings\xp windir=C:\WINDOWS – User Profiles --------------------------------------------------------------- xp (admin) – Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> Rundll32 AlxTB1.dll,Uninstall RunDll32 syssetup.dll,SetupInfObjectInstallAction DefaultUnInstall.NT 4 alexa7.inf --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf “SubEdit-Player + CodecPack” --> C:\Program Files\SubEdit-Player\Odinstaluj.exe 3DMark03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe” -l0x9 Absolute Poker --> C:\Program Files_uninstallation_info\Absolute Poker\CasinoUninstall.exe ACE Mega CoDecS Pack --> “C:\Program Files\ACE Mega CoDecS Pack\unins000.exe” ActionPoker.com --> C:\Program Files\Action Poker\uninst.exe Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101} Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0415-2E257A25E34D} Adobe Reader 7.0.5 - Polish --> MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A70500000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110} ALLPlayer V2.2.L --> “E:\Program Files\MarBit\ALLPlayer\unins000.exe” Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} AquaMark3 --> C:\PROGRA~1\AQUAMA~1\UNWISE.EXE C:\PROGRA~1\AQUAMA~1\INSTALL.LOG ArcaOnline - ArcaBit Online Scanner --> C:\WINDOWS\system32\ArcaOnlineUninstall.exe Archiwizator WinRAR --> E:\Program Files\WinRAR\uninstall.exe ASUS Probe V2.22.02 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll" AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu" Atlantic Lounge --> “C:\Program Files\Atlantic Lounge\Install.exe” -u Audacity 1.2.4 --> “C:\Program Files\Audacity\unins000.exe” Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe” -l0x15 -removeonly avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup Betsson Poker (remove only) --> “C:\Program Files\Betsson Poker\uninst.exe” Bingo Cafe --> C:\PROGRA~1\BINGOC~1\UNWISE.EXE C:\PROGRA~1\BINGOC~1\INSTALL.LOG BingoCafe --> C:\PROGRA~1\BINGOC~1\UNWISE.EXE C:\PROGRA~1\BINGOC~1\INSTALL.LOG Call of Duty® 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057 CCleaner (remove only) --> “C:\Program Files\CCleaner\uninst.exe” CDPoker --> “C:\Program Files\CDPoker\ptsetup.exe” /uninstall Championship Manager 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{ADA3C3A9-B788-4233-845A-D8AFF7D0115A}\Setup.exe” -l0x9 -removeonly Cirrus Casino --> “C:\Program Files\Cirrus Casino\Install.exe” -u Clean My Registry 4.2 --> “E:\Program Files\Smart PC Solutions\Clean My Registry\unins000.exe” Codec 7.8k --> “C:\Program Files\Codec\Uninstall\unins000.exe” Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe CpuIdle (remove only) --> “E:\Program Files\CpuIdle\uninstall.exe” Deluxe Ski Jump 2.1 --> “C:\Program Files\Deluxe Ski Jump\unins000.exe” Deluxe Ski Jump 3 v1.5.0 --> “C:\Program Files\Deluxe Ski Jump 3\Uninstall\unins000.exe” Diskeeper 2007 Pro Premier --> MsiExec.exe /X{B1D8CAE1-62E8-4259-8B57-1755629F71EC} DivX Codec 3.1alpha release --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf DivXG400 --> “C:\WINDOWS\IPUI_DivXG400.exe” /U /D Expekt Poker --> “C:\Poker\Expekt Poker_t2c.exe” /uninstall Expekt Poker --> “C:\Program Files\Expekt\unins000.exe” FlashFXP v3 --> “C:\Program Files\FlashFXP\Uninstall.exe” “C:\Program Files\FlashFXP\install.log” -u FlashGet(Jetcar) 1.81 --> C:\PROGRA~1\FlashGet_UNWISE.EXE FreeCall --> “C:\Program Files\FreeCall.com\FreeCall\unins000.exe” Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe GTA San Andreas --> C:\Game\GTA-SA~1\UNWISE.EXE C:\Game\GTA-SA~1\INSTALL.LOG Hide IP Platinum 2.61 --> “C:\Program Files\Hide IP Platinum\unins000.exe” HijackThis 1.99.1 --> C:\Documents and Settings\xp\Pulpit\HijackThis.exe /uninstall hp deskjet 3600 --> MsiExec.exe /X{BA21038F-51A4-4E6D-8B03-59F094B9CC91} HyperSnap-DX 5 --> C:\Program Files\HyperSnap-DX 5\HprUnInst.exe iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E6696A8C-C55A-405C-AFEB-F3880A8BAA45} /l1033 IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe iTunes --> MsiExec.exe /I{885894A5-BA0A-460E-AB4C-96C5C9B2C5E2} IVONA - syntezator mowy, wersja rehabilitacyjna --> E:\Program Files\ivo\Ivona_Rehab-1.0\UsunIvonaRehab.exe J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070} Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} K-Lite Codec Pack --> “C:\Program Files\K-Lite Codec Pack\unins000.exe” Kwyshell MidpX Emulator Package 1.0 --> C:\Program Files\Kwyshell\MidpX\uninst.exe Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe MadOnion.com/3DMark2001 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{91B323B5-A79C-4D23-BD6D-046C565F9BCF}\Setup.exe” -l0x9 uninstall -uninst MAGIX hip hop music maker --> E:\Program Files\Music maker\hiphopmusicmaker\unwise.exe Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} MIKSOFT Mobile AMR converter --> “C:\Program Files\MIKSOFT\Mobile AMR converter\unins000.exe” mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe” -l0x15 Mozilla Firefox (1.5.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua “1.5.0.11 (pl)” MSN Messenger 7.5 --> MsiExec.exe /I{04A56716-03EE-11DA-BFBD-00065BBDC0B5} Need For Speed Underground --> E:\Program Files\EA GAMES\Need For Speed Underground\EAUninstall.exe Nero 7 Demo --> MsiExec.exe /I{1CBCC734-E92F-C744-D86C-3699D5351045} NGO NVIDIA Optimized Driver v1.8362 --> C:\WINDOWS\unvise32.exe C:\Program Files\NGO NVIDIA Optimized Driver v1.8362\uninstal.log NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OIN --> “C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe” OIN --> “C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe” Onet.pl - Skype 3.0 --> “C:\Program Files\Skype\Phone\unins000.exe” Opera --> C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG PartyPoker --> “C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe” “C:\Program Files\PartyGaming\PartyPoker\install.log” Poker Ocean --> “C:\WINDOWS\Poker Ocean setup.exe” /uninstall Prince of Persia - Warrior Within (remove only) --> “E:\Program Files\Ubisoft\Prince of Persia - Warrior Within\Uninstall.exe” Pro Evolution Soccer 5 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{85C3FA3C-4832-4204-B21E-168E4920936A} /l1033 Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1045 QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} SecondLife (remove only) --> “C:\Program Files\SecondLife\uninst.exe” /P=“SecondLife” Skaner on-line mks_vir --> C:\WINDOWS\system32\SkanerOnlineUninstall.exe Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe” Sp5 --> MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C} Sp5Intl --> MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD} Sp5TTInt --> MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124} SpCommon --> MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5} SpPhones --> MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991} SWAT 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall Titan Poker --> “C:\Program Files\Titan Poker\ptsetup.exe” /uninstall TMU --> “E:\Program Files\TMU\unins000.exe” Total Commander (Remove or Repair) --> e:\Program Files\totalcmd\tcuninst.exe Ulead GIF Animator 5 Trial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe” Uninstall Messenger-PRO 3 --> “E:\Program Files\Clickatell Messenger-PRO 3\unins000.exe” VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Winamp (remove only) --> “C:\Program Files\Winamp\UninstWA.exe” Xfire (remove only) --> “E:\Program Files\Xfire\uninst.exe” XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe – End of ComboScan: finished at 2007-03-31 at 12:08:44 ------------------------

adam9870 · 31 Marzec 2007 10:24

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\system32\2230707512.dat

C:\WINDOWS\system32\3ivxVfWCodecx.exe

C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Użyj narzędzia Rustock.b-fix.

Po wykonaniu wklej log z ComboFix plus dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

sklacz · 31 Marzec 2007 14:38

Log, niestety tylko z ComboFix’a [nie wiem ile trwa skan w Gmer’u, ale ja czekałem 1,5h i nie zrobiło]:

“xp” - 07-03-31 13:24:15 Dodatek Service Pack 2 ComboFix 07-03-27.4.2 - Running from: “C:\Documents and Settings\xp\Pulpit\pulp\KillBox” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\unsvchosts.lzma C:\Program Files\inetget2 ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-31 )))))))))))))))))))))))))))))))))) 2007-03-31 13:18 2007-03-31 13:11 2007-03-31 12:30 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-03-31 12:30 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-03-31 12:30 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-03-31 11:30 2007-03-31 09:45 2007-03-31 08:48 2007-03-30 21:49 2007-03-20 16:46 2007-03-18 20:09 2007-03-15 12:00 466,432 --a------ C:\WINDOWS\system32\SkanerOnline.dll 2007-03-15 10:29 2007-03-13 08:49 2007-03-10 12:40 2007-03-10 12:40 2007-03-08 16:52 2007-03-08 16:49 2007-03-05 17:17 2007-03-05 17:16 2007-03-04 13:40 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-30 16:51 -------- d-------- C:\Program Files\bingocafe 2007-03-25 11:20 -------- d-------- C:\Program Files\b2bpoker 2007-03-25 08:00 48012 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-25 08:00 352670 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-20 16:47 -------- d-------- C:\Program Files\expekt 2007-03-09 17:30 -------- d-------- C:\Program Files\partygaming 2007-03-04 14:30 -------- d-------- C:\Program Files\sopcast 2007-03-04 14:25 -------- d-------- C:\Program Files\g2gpoker_com 2007-03-04 14:23 -------- d–h----- C:\Program Files\installshield installation information 2007-03-04 14:22 -------- d-------- C:\Program Files\bodog poker 2007-03-04 14:21 -------- d-------- C:\Program Files\atlantic lounge 2007-03-04 13:40 -------- d-------- C:\Program Files\opera 2007-02-28 17:22 -------- d-------- C:\Program Files\flashfxp 2007-02-23 11:42 4608 --a------ C:\WINDOWS\system32\w95inf32.dll 2007-02-23 11:42 2272 --a------ C:\WINDOWS\system32\w95inf16.dll 2007-02-20 22:28 -------- d-------- C:\Program Files\apple software update 2007-02-19 12:10 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-02-18 01:08 -------- d-------- C:\Program Files\titan poker 2007-02-16 20:05 -------- d-------- C:\Program Files\flashget 2007-02-11 12:21 -------- d-------- C:\DOCUME~1\xp\DANEAP~1\microgaming 2007-02-11 10:14 -------- d-------- C:\Program Files\azapoker 2007-02-08 17:24 -------- d-------- C:\Program Files\poker.com 2007-02-04 12:06 32854 --a------ C:\WINDOWS\inils.dat 2007-02-03 22:50 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-01-24 16:27 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-01-19 09:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2007-01-17 17:03 46756 --a------ C:\WINDOWS\system32\prfc0415.dat 2007-01-17 17:03 349454 --a------ C:\WINDOWS\system32\prfh0415.dat 2007-01-15 12:17 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-01-08 16:30 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”="“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0\bin\jusched.exe” “RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” “nwiz”=“nwiz.exe /install” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “iTunesHelper”="“E:\Program Files\iTunes\iTunesHelper.exe”" “DiskeeperSystray”="“E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe”" “CpuIdle”=“E:\Program Files\CpuIdle\cpuidle.exe” “ASUS Probe”=“C:\Program Files\ASUS\Probe\AsusProb.exe” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “nod32kui”="“C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=dword:00000001 “ClearRecentDocsOnExit”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=dword:00000000 “ClearRecentDocsOnExit”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F] Shell\AutoRun\command F:\Setup\rsrc\autorun.exe Shell\dinstall\command F:\Directx\dxsetup.exe ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070331-113634-811 O4 - HKLM…\Run: [uvnx] c:\windows\system32\uvnx.exe backup-20070309-164241-703 O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) backup-20070309-164241-699 O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file) backup-20070309-164241-491 O9 - Extra ‘Tools’ menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing) backup-20070309-164241-403 O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing) backup-20070309-164241-672 O1 - Hosts: 200.124.131.116 casinocontroller.com backup-20070114-183926-117 O4 - HKLM…\Run: [{84F5E538-04E2-1045-0628-051021020030}] “C:\Program Files\Common Files{84F5E538-04E2-1045-0628-051021020030}\Update.exe” mc-110-12-0000272 backup-20070114-153925-740 O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing) backup-20070114-153925-750 O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm backup-20070114-153924-238 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm backup-20070114-153924-569 O4 - HKLM…\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe backup-20070114-153924-165 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html backup-20070114-153924-432 O4 - HKLM…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070114-153924-528 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html backup-20070114-153924-133 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html backup-20070114-153924-343 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html backup-20070114-153924-419 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html backup-20070114-153924-564 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html backup-20070106-221424-794 O8 - Extra context menu item: Write a Review… - http://client.alexa.com/holiday/script/ … review.htm backup-20070106-221424-702 O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/ … tedata.htm backup-20070106-221424-619 O8 - Extra context menu item: Mail to a Friend… - http://client.alexa.com/holiday/script/ … mailto.htm backup-20070106-221424-399 O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/ … elated.htm backup-20070106-221129-126 O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL backup-20070106-221129-928 O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/ … search.htm backup-20070106-221129-533 O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll backup-20070106-221129-678 O1 - Hosts: 200.124.131.116 casinocontroller.com Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdcorkstation HKLM\SYSTEM\CurrentControlSet\Services\ldapfdc HKLM\SYSTEM\CurrentControlSet\Services\LmHostsService HKLM\SYSTEM\CurrentControlSet\Services\MDMosts HKLM\SYSTEM\CurrentControlSet\Services\mnmddnger HKLM\SYSTEM\CurrentControlSet\Services\Modemvc HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV5x HKLM\SYSTEM\CurrentControlSet\Services\MSDTCb HKLM\SYSTEM\CurrentControlSet\Services\MsfsC HKLM\SYSTEM\CurrentControlSet\Services\MSKSSRVer HKLM\SYSTEM\CurrentControlSet\Services\MSPQMOCK HKLM\SYSTEM\CurrentControlSet\Services\Mupmbios HKLM\SYSTEM\CurrentControlSet\Services\Ndisuioi HKLM\SYSTEM\CurrentControlSet\Services\NetBTOS HKLM\SYSTEM\CurrentControlSet\Services\Netlogondm HKLM\SYSTEM\CurrentControlSet\Services\Netmanon HKLM\SYSTEM\CurrentControlSet\Services\Nlaman HKLM\SYSTEM\CurrentControlSet\Services\Npfs2krn HKLM\SYSTEM\CurrentControlSet\Services\NullSvc HKLM\SYSTEM\CurrentControlSet\Services\nvll HKLM\SYSTEM\CurrentControlSet\Services\osenkFwd HKLM\SYSTEM\CurrentControlSet\Services\P2klook HKLM\SYSTEM\CurrentControlSet\Services\Parportrag HKLM\SYSTEM\CurrentControlSet\Services\ParVdmr HKLM\SYSTEM\CurrentControlSet\Services\PCIVdm HKLM\SYSTEM\CurrentControlSet\Services\PCIIdep HKLM\SYSTEM\CurrentControlSet\Services\PDRELIE HKLM\SYSTEM\CurrentControlSet\Services\perc2AME HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt HKLM\SYSTEM\CurrentControlSet\Services\PtilinkedStorage HKLM\SYSTEM\CurrentControlSet\Services\PxHelp20dStorage HKLM\SYSTEM\CurrentControlSet\Services\ql108020 HKLM\SYSTEM\CurrentControlSet\Services\Ql10wnt0 HKLM\SYSTEM\CurrentControlSet\Services\ql12400 HKLM\SYSTEM\CurrentControlSet\Services\ql12800 HKLM\SYSTEM\CurrentControlSet\Services\RasManp HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe HKLM\SYSTEM\CurrentControlSet\Services\Rdbssioe HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD HKLM\SYSTEM\CurrentControlSet\Services\rdpdrD HKLM\SYSTEM\CurrentControlSet\Services\redbookgr HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry HKLM\SYSTEM\CurrentControlSet\Services\RpcSscatorstry HKLM\SYSTEM\CurrentControlSet\Services\RSVPscator HKLM\SYSTEM\CurrentControlSet\Services\Secdrvle HKLM\SYSTEM\CurrentControlSet\Services\SENSogon HKLM\SYSTEM\CurrentControlSet\Services\serenumn HKLM\SYSTEM\CurrentControlSet\Services\Serialm HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection HKLM\SYSTEM\CurrentControlSet\Services\smwdmdWDetection HKLM\SYSTEM\CurrentControlSet\Services\SparrowX Agent Service (default) HKLM\SYSTEM\CurrentControlSet\Services\splitter Agent Service (default) HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr HKLM\SYSTEM\CurrentControlSet\Services\sptdlerr HKLM\SYSTEM\CurrentControlSet\Services\srtdler HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRVce HKLM\SYSTEM\CurrentControlSet\Services\stisvcndService HKLM\SYSTEM\CurrentControlSet\Services\swenumndService HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi HKLM\SYSTEM\CurrentControlSet\Services\sym_hix HKLM\SYSTEM\CurrentControlSet\Services\sym_u3x HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprvog HKLM\SYSTEM\CurrentControlSet\Services\TDPIPEv HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice HKLM\SYSTEM\CurrentControlSet\Services\TlntSvrvice HKLM\SYSTEM\CurrentControlSet\Services\TosIder HKLM\SYSTEM\CurrentControlSet\Services\TrkWksr HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs HKLM\SYSTEM\CurrentControlSet\Services\Udfs35 HKLM\SYSTEM\CurrentControlSet\Services\ultra5 HKLM\SYSTEM\CurrentControlSet\Services\UPSphost HKLM\SYSTEM\CurrentControlSet\Services\usbccgpt HKLM\SYSTEM\CurrentControlSet\Services\usbhubi HKLM\SYSTEM\CurrentControlSet\Services\usbsernt HKLM\SYSTEM\CurrentControlSet\Services\USBSTORpt HKLM\SYSTEM\CurrentControlSet\Services\usbuhcipt HKLM\SYSTEM\CurrentControlSet\Services\VgaSaveess7 HKLM\SYSTEM\CurrentControlSet\Services\ViaIdeeess7 HKLM\SYSTEM\CurrentControlSet\Services\VolSnapd HKLM\SYSTEM\CurrentControlSet\Services\VSSSnapd HKLM\SYSTEM\CurrentControlSet\Services\VXDSnap HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme HKLM\SYSTEM\CurrentControlSet\Services\Wanarpe HKLM\SYSTEM\CurrentControlSet\Services\WDICAp HKLM\SYSTEM\CurrentControlSet\Services\WIBUKEYnt HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN HKLM\SYSTEM\CurrentControlSet\Services\WS2IFSLv HKLM\SYSTEM\CurrentControlSet\Services\wscsvcLv HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv HKLM\SYSTEM\CurrentControlSet\Services\xmlprovv scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 94 hidden files: 0 ******************************************************************** Completion time: 07-03-31 13:25:36

adam9870 · 31 Marzec 2007 14:51

Koniecznie wklej dwa logi z Gmer’a, o które prosiłem.

sklacz · 31 Marzec 2007 15:35

o nie wiem co jest z tym Gmer’em zacina się dokładnie w tym samym miejscu cały czas

http://uploaded.to/?id=dbtrh3

to log według 2 sposobu, ale nie dokończony

ZACINA SIĘ W TYM MOMENCIE:

100% użycia procka