wykonałem, loga z gmera nie bardzo wiem gdzie wkleić bo ten link ktory podaoles nie działa. a co do tego syfu to pewnie nadal jest,bo antywirus pokazuje ze go zneutralizowano po każdym restarcie kompa. i nadal otwoiera sie IE w mozilli. daje logi.
Logfile of HijackThis v1.99.1 Scan saved at 21:14:13, on 2007-03-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe C:\Documents and Settings\Blemer\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“odk_mcd” = “(empty string)” [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“AVPDWIN” = ““C:\Program Files\Panda Software\Panda Demo\pandasft.exe”” [file not found]
“APVXDWIN” = ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s” [“Panda Software International”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = “flashget urlcatch”
-> {HKLM…CLSID} = “Flashget Catch Url Class”
\InProcServer32(Default) = “C:\Program Files\FlashGet\jccatch.dll” [“www.flashget.com ”]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
{C5E11614-D5D8-4F10-BB80-473738B6167F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\system32\sstts.dll” [null data]
{F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided)
-> {HKLM…CLSID} = “FlashGet GetFlash Class”
\InProcServer32(Default) = “C:\Program Files\FlashGet\getflash.dll” [“www.flashget.com ”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension”
-> {HKLM…CLSID} = “SimpleShlExt Class”
\InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx”
-> {HKLM…CLSID} = “AlcoholShellEx”
\InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”]
“{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager”
-> {HKLM…CLSID} = “Sony Ericsson File Manager”
\InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real Alternative\rpshell.dll” [“RealNetworks, Inc.”]
“{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus”
-> {HKLM…CLSID} = “Panda Antivirus”
\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5”
-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
<> avldr\DLLName = “avldr.dll” [“Panda Software”]
<> sstts\DLLName = “C:\WINDOWS\system32\sstts.dll” [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”
-> {HKLM…CLSID} = “CContextScan Object”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [file not found]
Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}”
-> {HKLM…CLSID} = “Panda Antivirus”
\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”
-> {HKLM…CLSID} = “CContextScan Object”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [file not found]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}”
-> {HKLM…CLSID} = “Panda Antivirus”
\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ShellTit.DLL” [“Panda Software International”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Blemer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Startup items in “Blemer” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“WlanUtility” -> shortcut to: “C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe” [empty string]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
c:\program files\panda software\panda antivirus + firewall 2007\pavlsp.dll [“Panda Software International”], 01 - 03, 15
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08
Toolbars, Explorer Bars, Extensions:
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet”
-> {HKLM…CLSID} = “FlashGet”
\InProcServer32(Default) = “C:\Program Files\FlashGet\fgiebar.dll” [“Amaze Soft”]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
“ButtonText” = “FlashGet”
“MenuText” = “FlashGet”
“Exec” = “C:\PROGRA~1\FlashGet\flashget.exe” [“FlashGet.com ”]
Running Services (Display Name, Service Name, Path {Service DLL}):
Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”]
Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]
Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe”” [“Panda Software International”]
Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe”” [“Panda Software International”]
Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe”” [“Panda Software”]
Panda Network Manager, PNMSRV, ““c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE”” [“Panda Software International”]
Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”]
Panda TPSrv, TPSrv, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe”” [“Panda Software”]
StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
<>: Suspicious data at a malware launch point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 48 seconds, including 2 seconds for message boxes)
no i combofix.
“Blemer” - 07-03-25 20:56:23 Dodatek Service Pack 2 ComboFix 07-03-23 - Running from: “C:\Documents and Settings\Blemer\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Blemer\DANEAP~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt C:\DOCUME~1\Blemer\DANEAP~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt C:\Program Files\vsadd-in\VSAdd-in.dll C:\WINDOWS\system32\pp.exe.exe C:\WINDOWS\system32\ddcyx.dll C:\WINDOWS\system32\pmkjh.dll C:\DOCUME~1\Blemer\DANEAP~1.\searchtoolbarcorp C:\Program Files\vsadd-in ((((((((((((((((((((((((((((((( Files Created from 2007-02-25 to 2007-03-25 )))))))))))))))))))))))))))))))))) 2007-03-25 17:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:33 2007-03-25 17:24 48,660 --a------ C:\WINDOWS\system32\bkxpiekm.dll 2007-03-25 17:04 88,340 --a------ C:\WINDOWS\system32\mongiovx.exe 2007-03-25 00:26 2007-03-24 18:20 2007-03-24 16:04 2007-03-24 11:51 26,730 --a------ C:\WINDOWS\system32\xxyaayv.dll 2007-03-23 23:38 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys 2007-03-23 23:37 9,216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys 2007-03-23 23:37 57,344 --a------ C:\WINDOWS\system32\pavipc.dll 2007-03-23 23:37 45,056 --a------ C:\WINDOWS\system32\avldr.dll 2007-03-23 23:37 44,544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS 2007-03-23 23:37 36,864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys 2007-03-23 23:37 245,760 --a------ C:\WINDOWS\system32\PavSHook.dll 2007-03-23 23:37 23,296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys 2007-03-23 23:37 185,472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys 2007-03-23 23:37 171,232 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2007-03-23 23:37 16,640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys 2007-03-23 23:37 16,256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys 2007-03-23 23:37 141,312 --a------ C:\WINDOWS\system32\drivers\netflt.sys 2007-03-23 23:37 139,264 --a------ C:\WINDOWS\system32\TpUtil.dll 2007-03-23 23:37 103,936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys 2007-03-23 23:37 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL 2007-03-23 23:37 2007-03-23 23:36 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2007-03-23 23:36 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2007-03-23 23:36 2007-03-23 22:59 76,412 --a------ C:\WINDOWS\system32\jcwhkgri.dll 2007-03-23 22:58 132,116 --a------ C:\WINDOWS\system32\lftonqkf.dll 2007-03-23 15:45 2007-03-23 10:59 9,488 --a------ C:\WINDOWS\system32\sporder.dll 2007-03-23 10:16 2007-03-22 23:40 123,972 --a------ C:\WINDOWS\system32\mmbtpgvh.dll 2007-03-21 23:39 280,676 --------- C:\WINDOWS\system32\sstts.dll 2007-03-21 23:30 26,697 --a------ C:\WINDOWS\system32\ljjjkhi.dll 2007-03-21 23:29 26,697 --a------ C:\WINDOWS\system32\yayvuut.dll 2007-03-21 23:29 26,697 --a------ C:\WINDOWS\system32\jkkijjg.dll 2007-03-21 23:27 26,697 --------- C:\WINDOWS\system32\ddcdedd.dll 2007-03-21 22:19 2007-03-17 15:21 81,920 --a------ C:\WINDOWS\system32\InstallDll.dll 2007-03-17 15:21 45,056 --a------ C:\WINDOWS\system32\Base64.dll 2007-03-17 00:20 2007-03-16 23:08 2007-03-16 16:55 2007-03-16 16:55 2007-03-13 00:08 2007-03-11 14:59 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-03-10 17:32 2007-03-10 17:29 2007-03-07 12:35 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-03-05 23:38 2007-03-05 01:26 2007-03-04 23:58 53 --a------ C:\WINDOWS\nsreg2.dat 2007-03-02 12:47 2007-02-28 22:48 2007-02-28 22:48 2007-02-28 22:48 2007-02-28 22:48 2007-02-28 22:48 2007-02-28 13:14 92,208 --a------ C:\WINDOWS\system32\Wing.dll 2007-02-28 13:14 12,800 --a------ C:\WINDOWS\system32\Wing32.dll 2007-02-28 13:14 2007-02-28 12:31 2007-02-28 00:04 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-02-26 23:04 2007-02-26 20:38 2007-02-26 20:38 2007-02-26 20:38 2007-02-25 16:55 2007-02-25 14:24 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-25 17:00 -------- d-------- C:\Program Files\winamp 2007-03-25 16:25 -------- d-------- C:\Program Files\netmeter 2007-03-25 13:15 -------- d-------- C:\Program Files\gadu-gadu 2007-03-25 12:32 68334 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-25 12:32 439194 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-24 18:17 -------- d-------- C:\Program Files\flashget 2007-03-24 12:01 -------- d-------- C:\Program Files\irfanview 2007-03-23 23:37 -------- d–h----- C:\Program Files\installshield installation information 2007-03-23 23:33 5808 --a------ C:\WINDOWS\unins000.dat 2007-03-17 13:55 -------- d-------- C:\Program Files\odkurzacz 2007-03-12 23:41 2004 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-10 19:25 -------- d-------- C:\Program Files\Common Files\teleca shared 2007-03-06 22:22 -------- d-------- C:\Program Files\quicktime 2007-03-05 23:45 12338 --a------ C:\WINDOWS\mozver.dat 2007-02-25 15:04 -------- d-------- C:\Program Files\speedfan 2007-02-25 13:55 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\help 2007-02-24 15:16 -------- d-------- C:\Program Files\lavalys 2007-02-20 12:38 -------- d-------- C:\Program Files\photofiltre 2007-02-19 16:28 -------- d-------- C:\Program Files\xnview 2007-02-17 00:08 -------- d-------- C:\Program Files\xvid 2007-02-16 23:50 -------- d-------- C:\Program Files\divx 2007-02-16 14:52 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\xnview 2007-02-13 14:24 -------- d-------- C:\Program Files\bohemia interactive 2007-02-07 11:20 -------- d-------- C:\Program Files\ffdshow 2007-02-06 14:46 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\divx 2007-02-06 12:55 -------- d-------- C:\Program Files\google 2007-02-06 12:17 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\google 2007-02-06 00:47 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\sun 2007-02-04 13:29 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\cyberlink 2007-02-02 15:35 100482 --a------ C:\WINDOWS\uninstallfirefox.exe 2007-02-01 06:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-02-01 06:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-02-01 06:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-02-01 06:56 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 23:27 524288 --a------ C:\WINDOWS\system32\divxsm.exe 2007-01-31 17:17 -------- d-------- C:\Program Files\lavasoft 2007-01-31 17:17 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\lavasoft 2007-01-31 14:33 -------- d-------- C:\Program Files\xp-antispy 2007-01-31 14:11 -------- d-------- C:\Program Files\toniarts 2007-01-31 14:04 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\teleca 2007-01-31 14:02 -------- d-------- C:\Program Files\sony ericsson 2007-01-31 14:01 6144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys 2007-01-31 14:01 5744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys 2007-01-31 13:56 -------- d-------- C:\Program Files\alcohol soft 2007-01-31 13:50 -------- d-------- C:\Program Files\webteh 2007-01-31 13:49 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\talkback 2007-01-31 13:47 -------- d-------- C:\Program Files\Common Files\nero 2007-01-31 13:44 -------- d-------- C:\Program Files\cyberlink 2007-01-31 13:38 -------- d-------- C:\Program Files\Common Files\speechengines 2007-01-31 13:38 -------- d-------- C:\Program Files\Common Files\odbc 2007-01-31 13:37 62 --ahs---- C:\DOCUME~1\Blemer\DANEAP~1\desktop.ini 2007-01-31 13:36 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\apple computer 2007-01-31 13:32 -------- d-------- C:\Program Files\java 2007-01-31 13:32 -------- d-------- C:\Program Files\Common Files\java 2007-01-31 13:31 -------- d-------- C:\Program Files\marbit 2007-01-31 13:21 -------- d-------- C:\Program Files\microsoft works 2007-01-31 13:19 -------- d-------- C:\Program Files\microsoft.net 2007-01-31 13:14 -------- d-------- C:\DOCUME~1\Blemer\DANEAP~1\ati 2007-01-31 13:08 -------- d-------- C:\Program Files\Common Files\installshield 2007-01-31 13:08 -------- d-------- C:\Program Files\ati technologies 2007-01-31 13:00 -------- d-------- C:\Program Files\realtek sound manager 2007-01-31 13:00 -------- d-------- C:\Program Files\avrack 2007-01-31 12:59 -------- d-------- C:\Program Files\amd 2007-01-31 12:51 -------- d-------- C:\Program Files\microsoft frontpage 2007-01-31 12:50 0 -rahs---- C:\MSDOS.SYS 2007-01-31 12:50 0 -rahs---- C:\IO.SYS 2007-01-31 12:50 0 --a------ C:\CONFIG.SYS 2007-01-31 12:50 0 --a------ C:\AUTOEXEC.BAT 2007-01-31 12:49 -------- d–h----- C:\Program Files\windowsupdate 2007-01-31 12:49 -------- d-------- C:\Program Files\usugi online 2007-01-31 12:48 -------- d-------- C:\Program Files\movie maker 2007-01-31 12:48 -------- d-------- C:\Program Files\Common Files\mssoap 2007-01-31 12:47 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-01-31 12:46 -------- d-------- C:\Program Files\windows nt 2007-01-31 12:46 -------- d-------- C:\Program Files\msn gaming zone 2007-01-31 01:15 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe 2007-01-30 07:03 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 06:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-26 03:19 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-01-26 03:19 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-01-26 03:19 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-01-26 03:19 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-01-26 03:19 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-01-26 03:19 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-01-26 03:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-26 03:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-26 03:13 593920 --a------ C:\WINDOWS\system32\dpugui11.dll 2007-01-26 03:13 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-01-26 03:13 53248 --a------ C:\WINDOWS\system32\dpugui10.dll 2007-01-26 03:13 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-01-26 03:13 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-01-26 03:13 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-01-26 03:13 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-25 19:31 88952 --a------ C:\WINDOWS\system32\packet.dll 2007-01-25 19:31 68480 --a------ C:\WINDOWS\system32\wanpacket.dll 2007-01-25 19:31 53299 --a------ C:\WINDOWS\system32\pthreadvc.dll 2007-01-25 19:31 42000 --a------ C:\WINDOWS\system32\drivers\npf.sys 2007-01-25 19:31 240496 --a------ C:\WINDOWS\system32\wpcap.dll 2007-01-09 19:46 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” “odk_mcd”="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “AVPDWIN”="“C:\Program Files\Panda Software\Panda Demo\pandasft.exe”" “APVXDWIN”="“C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST – pasek zadań.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST – pasek zadań.lnk” “backup”=“C:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray” “item”=“ATI CATALYST – pasek zadań” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=”" “hkey”=“HKLM” “command”="" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“cli” “hkey”=“HKLM” “command”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NewAutoUpdate” “hkey”=“HKLM” “command”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe /tsr” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPal] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PalAgnt” “hkey”=“HKCU” “command”="“C:\Program Files\PCPal\PalAgnt.exe” /startup" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“qttask” “hkey”=“HKLM” “command”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PDVDServ” “hkey”=“HKLM” “command”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Application Launcher” “hkey”=“HKLM” “command”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“mmbtpgvh” “hkey”=“HKLM” “command”=“rundll32.exe “C:\WINDOWS\system32\mmbtpgvh.dll”,setvm” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Steam” “hkey”=“HKCU” “command”=“C:\Valve\Steam\Steam.exe -silent” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“jusched” “hkey”=“HKLM” “command”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“C:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-25 20:57:40 vundofix.
VundoFix V4.2.22
Scan started at 17:27:27 2007-03-25
Listing files found while scanning…
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
VundoFix V4.2.22
Scan started at 17:54:34 2007-03-25
Listing files found while scanning…
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
VundoFix V4.2.22
Scan started at 18:28:53 2007-03-25
Listing files found while scanning…
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sstts.dll
Attempting to delete C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sttss.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V4.2.22
Scan started at 20:58:13 2007-03-25
Listing files found while scanning…
No infected files were found.
Złączono Posta : 25.03.2007 (Nie) 20:42
no i wykonałem ale syf chyba jeszcze siedzi bo dzieje sie to samo co na początk. daj linka do serwisu hostingowego bo ten co podałeś nie działa. daję logi.
Logfile of HijackThis v1.99.1 Scan saved at 21:14:13, on 2007-03-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe C:\Documents and Settings\Blemer\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe