Your computer is infected..POMOCY!

mario1212 · 17 Marzec 2008 14:40

W pasku zadań pojawiła się ikonka biały krzyżyk w czerwonym tle “Your computer is infected”. Jak to usunąć? Oto log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:37:35, on 2008-03-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

i:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

i:\Program Files\Alwil Software\Avast4\ashServ.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\Softwin\BitDefender10\bdmcon.exe

H:\Program Files\Softwin\BitDefender10\bdagent.exe

H:\WINDOWS\RTHDCPL.EXE

H:\Program Files\HP\hpcoretech\hpcmpmgr.exe

H:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

H:\WINDOWS\system32\braviax.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

H:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

H:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

H:\Program Files\Softwin\BitDefender10\vsserv.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Mozilla Firefox\firefox.exe

i:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [bDMCon] “H:\Program Files\Softwin\BitDefender10\bdmcon.exe” /reg

O4 - HKLM…\Run: [bDAgent] “H:\Program Files\Softwin\BitDefender10\bdagent.exe”

O4 - HKLM…\Run: [Adobe Photo Downloader] “D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”

O4 - HKLM…\Run: [sony Ericsson PC Suite] “H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [HP Component Manager] “H:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [HPDJ Taskbar Utility] H:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM…\Run: [HP Software Update] “H:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [avast!] i:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [braviax] braviax.exe

O4 - HKCU…\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [uTorrent] “H:\Program Files\uTorrent\uTorrent.exe”

O4 - HKCU…\Run: [braviax] H:\WINDOWS\system32\braviax.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - H:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - H:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 5170555500

O17 - HKLM\System\CCS\Services\Tcpip…{BE67CC63-42D9-4A26-9CB6-3C5B415791A0}: NameServer = 194.204.159.1,194.204.152.34

O21 - SSODL: MonVolume - {42e67386-a4b2-4d69-aa80-8294f65a248d} - H:\WINDOWS\Installer{42e67386-a4b2-4d69-aa80-8294f65a248d}\MonVolume.dll

O21 - SSODL: zip - {20eed52d-98d5-45dc-b34c-ecc55fa2ea1f} - H:\WINDOWS\Installer{20eed52d-98d5-45dc-b34c-ecc55fa2ea1f}\zip.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - i:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - i:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - i:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - i:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - H:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - H:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - H:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - H:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

–

End of file - 6810 bytes

Proszę Was o pomoc w usunięciu tego wirusa;]

Monczkin · 17 Marzec 2008 14:56

viewtopic.php?f=16&t=66889

viewtopic.php?f=16&t=213350

Popraw tytuł i posta.

baldys16 · 17 Marzec 2008 15:58

sfixuj:

H:\WINDOWS\system32\braviax.exe

O4 - HKLM…\Run: [braviax] braviax.exe

O4 - HKCU…\Run: [braviax] H:\WINDOWS\system32\braviax.exe

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - H:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - H:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O21 - SSODL: MonVolume - {42e67386-a4b2-4d69-aa80-8294f65a248d} - H:\WINDOWS\Installer{42e67386-a4b2-4d69-aa80-8294f65a248d}\MonVolume.dll

O21 - SSODL: zip - {20eed52d-98d5-45dc-b34c-ecc55fa2ea1f} - H:\WINDOWS\Installer{20eed52d-98d5-45dc-b34c-ecc55fa2ea1f}\zip.dll

baldys16 · 17 Marzec 2008 16:00

poco masz zainstalowane 2 antywirusy,zdecyduj się na 1,według mnie lepiej wywalić badziewnego Avasta i zostawić Bitdefendera.

Zainstaluj firewalla np ZoneAlarm Free.

Zrób scana tym:

http://dobreprogramy.pl/index.php?dz=2& … Build+2522

Gutek · 17 Marzec 2008 16:19

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym nowy log

mario1212 · 17 Marzec 2008 18:15

ComboFix 08-03-14.4 - Bojdoł 2008-03-17 19:11:03.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1527 [GMT 1:00]

Running from: H:\Documents and Settings\Bojdoł\Pulpit\ComboFix.exe

Command switches used :: H:\Documents and Settings\Bojdo-\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))

.

2008-03-17 13:54 . 2008-03-17 13:54 19,200 --a------ H:\WINDOWS\lyzake.lib

2008-03-17 13:54 . 2008-03-17 13:54 17,454 --a------ H:\WINDOWS\benini.bat

2008-03-17 13:54 . 2008-03-17 13:54 17,256 --a------ H:\Documents and Settings\Bojdoł\Dane aplikacji\tijojinuri.bin

2008-03-17 13:54 . 2008-03-17 13:54 17,056 --a------ H:\Program Files\Common Files\vuxan.pif

2008-03-17 13:54 . 2008-03-17 13:54 17,048 --a------ H:\Documents and Settings\All Users\Dane aplikacji\wofe.dat

2008-03-17 13:54 . 2008-03-17 13:54 17,046 --a------ H:\Program Files\Common Files\kototecocu.dll

2008-03-17 13:54 . 2008-03-17 13:54 15,688 --a------ H:\WINDOWS\isetyqaso.bat

2008-03-17 13:54 . 2008-03-17 13:54 15,040 --a------ H:\Program Files\Common Files\ihutunaxok.vbs

2008-03-17 13:54 . 2008-03-17 13:54 14,283 --a------ H:\WINDOWS\system32\zewapafa.vbs

2008-03-17 13:54 . 2008-03-17 13:54 13,403 --a------ H:\WINDOWS\docywu.bin

2008-03-17 13:54 . 2008-03-17 13:54 12,458 --a------ H:\WINDOWS\evar._sy

2008-03-17 13:54 . 2008-03-17 13:54 12,074 --a------ H:\Program Files\Common Files\amyjutezud.exe

2008-03-17 13:54 . 2008-03-17 13:54 11,597 --a------ H:\WINDOWS\vohijopes.inf

2008-03-17 13:54 . 2008-03-17 13:54 11,014 --a------ H:\Documents and Settings\All Users\Dane aplikacji\ozaxa.pif

2008-03-17 13:54 . 2008-03-17 13:54 10,655 --a------ H:\Documents and Settings\Bojdoł\Dane aplikacji\aqegi.bat

2008-03-17 13:54 . 2008-03-17 13:54 10,308 --a------ H:\Documents and Settings\All Users\Dane aplikacji\ewigymy.scr

2008-03-17 13:51 . 2008-03-17 13:51 54,156 --ah----- H:\WINDOWS\QTFont.qfn

2008-03-17 13:51 . 2008-03-17 13:51 1,409 --a------ H:\WINDOWS\QTFont.for

2008-03-17 13:50 . 2008-03-17 13:50

2008-03-17 13:50 . 2008-03-17 13:50 16,508 --a------ H:\Program Files\tmp1032421.exe

2008-03-17 13:50 . 2008-03-17 13:50 13,520 --a------ H:\Program Files\tmp1034406.exe

2008-03-17 13:50 . 2008-03-17 13:50 11,776 --a------ H:\Program Files\tmp1050625.exe

2008-03-17 13:35 . 2005-05-26 15:34 2,297,552 --a------ H:\WINDOWS\system32\d3dx9_26.dll

2008-03-17 13:32 . 2008-03-17 13:32

2008-03-17 13:32 . 2008-03-17 13:32 716,272 --a------ H:\WINDOWS\system32\drivers\sptd.sys

2008-03-15 15:59 . 2008-03-15 15:59

2008-03-12 19:09 . 2008-03-12 19:09

2008-03-12 19:09 . 2008-02-22 02:33 69,632 --a------ H:\WINDOWS\system32\javacpl.cpl

2008-03-12 19:08 . 2008-03-12 19:08

2008-03-12 18:59 . 2003-12-11 11:15 626,960 -ra------ H:\WINDOWS\system32\hpvaut32.dll

2008-03-12 18:59 . 2003-12-11 11:15 487,424 -ra------ H:\WINDOWS\system32\hpvcp70.dll

2008-03-12 18:59 . 2003-12-11 11:15 344,064 -ra------ H:\WINDOWS\system32\hpvcr70.dll

2008-03-12 18:59 . 2003-12-11 11:15 44,544 -ra------ H:\WINDOWS\system32\MSXML4a.dll

2008-03-12 18:58 . 2008-03-12 18:58

2008-03-12 18:58 . 2008-03-12 18:59

2008-03-12 18:58 . 2008-03-12 18:57 59,532 --a------ H:\WINDOWS\hpdj3740.hi2

2008-03-12 18:58 . 2008-03-12 18:57 4,977 --a------ H:\WINDOWS\hpdj3740.bu2

2008-03-12 18:57 . 2008-03-12 18:58 499,273 --a------ H:\WINDOWS\hpdj3740.hi1

2008-03-12 18:57 . 2008-03-12 18:58 9,047 --a------ H:\WINDOWS\hpdj3740.bu1

2008-03-12 18:56 . 2008-03-12 18:59 520,194 --a------ H:\WINDOWS\hpdj3740.his

2008-03-12 18:56 . 2008-03-12 18:59 10,572 --a------ H:\WINDOWS\hpdj3740.ini

2008-03-12 18:46 . 2008-03-12 18:46

2008-03-12 18:46 . 2008-03-12 18:46 940,794 --a------ H:\WINDOWS\system32\LoopyMusic.wav

2008-03-12 18:46 . 2008-03-12 18:46 146,650 --a------ H:\WINDOWS\system32\BuzzingBee.wav

2008-03-12 18:44 . 2008-03-12 18:44

2008-03-12 18:13 . 2008-03-12 18:13

2008-03-12 12:10 . 2008-03-12 12:10

2008-03-11 16:32 . 2008-03-11 16:32

2008-03-11 16:15 . 2008-03-11 16:15 16 --a------ H:\WINDOWS\wininit.ini

2008-03-10 20:31 . 2008-03-10 20:31 427 --a------ H:\WINDOWS\ODBC.INI

2008-03-10 20:30 . 2008-03-10 20:30

2008-03-10 20:29 . 2008-03-10 20:29

2008-03-10 20:15 . 2008-03-10 20:15

2008-03-10 19:53 . 2008-03-17 19:09

2008-03-10 19:50 . 2008-03-17 13:43 1,043 --a------ H:\WINDOWS\wincmd.ini

2008-03-10 19:50 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\UC.PIF

2008-03-10 19:50 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\RAR.PIF

2008-03-10 19:50 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\PKZIP.PIF

2008-03-10 19:50 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\PKUNZIP.PIF

2008-03-10 19:50 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\NOCLOSE.PIF

2008-03-10 19:50 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\LHA.PIF

2008-03-10 19:50 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\ARJ.PIF

2008-03-10 19:28 . 2008-03-10 19:28

2008-03-10 19:27 . 2008-03-10 19:27

2008-03-10 19:27 . 2008-03-16 20:03

2008-03-10 19:26 . 2008-03-10 19:38

2008-03-10 19:26 . 2008-03-10 19:26

2008-03-10 19:25 . 2008-03-10 19:25

2008-03-10 19:25 . 2008-03-10 19:26

2008-03-10 19:25 . 2008-03-10 19:25

2008-03-10 19:24 . 2008-03-10 19:24

2008-03-10 19:24 . 2008-03-10 19:24 94,064 --a------ H:\WINDOWS\system32\drivers\k510mdm.sys

2008-03-10 19:24 . 2008-03-10 19:24 85,408 --a------ H:\WINDOWS\system32\drivers\k510mgmt.sys

2008-03-10 19:24 . 2008-03-10 19:24 83,344 --a------ H:\WINDOWS\system32\drivers\k510obex.sys

2008-03-10 19:24 . 2008-03-10 19:24 58,288 --a------ H:\WINDOWS\system32\drivers\k510bus.sys

2008-03-10 19:24 . 2008-03-10 19:24 8,336 --a------ H:\WINDOWS\system32\drivers\k510mdfl.sys

2008-03-10 19:24 . 2008-03-10 19:24 6,176 --a------ H:\WINDOWS\system32\drivers\k510cmnt.sys

2008-03-10 19:24 . 2008-03-10 19:24 6,176 --a------ H:\WINDOWS\system32\drivers\k510cm.sys

2008-03-10 19:24 . 2008-03-10 19:24 5,808 --a------ H:\WINDOWS\system32\drivers\k510whnt.sys

2008-03-10 19:24 . 2008-03-10 19:24 5,808 --a------ H:\WINDOWS\system32\drivers\k510wh.sys

2008-03-10 19:19 . 2008-03-10 19:19

2008-03-10 19:07 . 2008-03-10 19:53

2008-03-10 19:00 . 2008-03-14 09:46 1,289 --a------ H:\WINDOWS\mozver.dat

2008-03-10 18:59 . 2008-03-10 18:59 0 --a------ H:\WINDOWS\nsreg.dat

2008-03-10 18:50 . 2008-03-11 15:09

2008-03-10 18:43 . 2005-06-28 10:21 22,752 --a------ H:\WINDOWS\system32\spupdsvc.exe

2008-03-10 18:37 . 2007-07-30 19:19 43,352 --a------ H:\WINDOWS\system32\wups2.dll

2008-03-10 18:37 . 2007-07-30 19:19 38,232 --a------ H:\WINDOWS\system32\wucltui.dll.mui

2008-03-10 18:37 . 2007-07-30 19:20 30,040 --a------ H:\WINDOWS\system32\wuaucpl.cpl.mui

2008-03-10 18:37 . 2007-07-30 19:20 30,040 --a------ H:\WINDOWS\system32\wuapi.dll.mui

2008-03-10 18:37 . 2007-07-30 19:18 21,336 --a------ H:\WINDOWS\system32\wuaueng.dll.mui

2008-03-10 18:35 . 2008-03-10 18:35

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-17 12:54 11,897 ----a-w H:\Program Files\Common Files\narahi._sy

2008-03-12 17:44 315,392 ----a-w H:\WINDOWS\HideWin.exe

2008-03-09 02:22 --------- d-----w H:\Program Files\microsoft frontpage

2008-03-08 20:58 --------- d-----w H:\Program Files\Usługi online

2008-01-30 10:28 4,725,760 ------r H:\WINDOWS\system32\drivers\RtkHDAud.sys

2008-01-29 14:47 16,859,648 ------r H:\WINDOWS\RTHDCPL.exe

.

----a-w 16,384 2004-12-01 15:56:02 H:\Documents and Settings\Bojdoł\Pulpit\INNE\Medal Of Honor Pacific Assault_KeyGen .exe

----a-w 16,384 2004-12-01 15:56:02 H:\Documents and Settings\Bojdoł\Pulpit\INNE\[CRACK] - Medal of Honor Pacific Assault (DVD Version) - NoCDCrack e KeyGen-\Medal Of Honor Pacific Assault_KeyGen .exe

[/code]

((((((((((((((((((((((((((((( snapshot@2008-03-17_16.43.28,68 )))))))))))))))))))))))))))))))))))))))))

.

2008-03-17 15:21:36 81,984 ----a-w H:\WINDOWS\system32\bdod.bin

2008-03-17 16:21:23 81,984 ----a-w H:\WINDOWS\system32\bdod.bin
2008-03-17 15:53:33 262,144 ----a-w H:\WINDOWS\system32\config\systemprofile\NtUser.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“H:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00 15360]

“Gadu-Gadu”=“D:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-10-28 16:25 94208]

“uTorrent”=“H:\Program Files\uTorrent\uTorrent.exe” [2008-03-15 15:59 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“H:\WINDOWS\system32\NvCpl.dll” [2007-09-16 18:07 8491008]

“nwiz”=“nwiz.exe” [2007-09-16 18:07 1626112 H:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“H:\WINDOWS\system32\NvMcTray.dll” [2007-09-16 18:07 81920]

“BDMCon”=“H:\Program Files\Softwin\BitDefender10\bdmcon.exe” [2007-04-02 16:48 290816]

“BDAgent”=“H:\Program Files\Softwin\BitDefender10\bdagent.exe” [2007-03-26 15:49 69632]

“Adobe Photo Downloader”=“D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 23:46 57344]

“Sony Ericsson PC Suite”=“H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 16:17 159744]

“QuickTime Task”=“D:\Program Files\QuickTime\qttask.exe” [2008-03-10 19:27 155648]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-01-15 23:54 37376]

“NeroFilterCheck”=“H:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]

“RTHDCPL”=“RTHDCPL.EXE” [2008-01-29 15:47 16859648 H:\WINDOWS\RTHDCPL.exe]

“HP Component Manager”=“H:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2003-12-22 08:38 241664]

“HPDJ Taskbar Utility”=“H:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe” [2004-05-13 02:28 172032]

“HP Software Update”=“H:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [2004-05-13 02:28 49152]

“SunJavaUpdateSched”=“H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“H:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00 15360]

H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - D:\Program Files\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]

Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“MonVolume”= {42e67386-a4b2-4d69-aa80-8294f65a248d} - H:\WINDOWS\Installer{42e67386-a4b2-4d69-aa80-8294f65a248d}\MonVolume.dll [2008-03-17 13:49 19082]

“zip”= {20eed52d-98d5-45dc-b34c-ecc55fa2ea1f} - H:\WINDOWS\Installer{20eed52d-98d5-45dc-b34c-ecc55fa2ea1f}\zip.dll [2008-03-17 13:50 22730]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“D:\Program Files\Gadu-Gadu\gg.exe”=

“H:\Program Files\uTorrent\uTorrent.exe”=

“D:\Program Files\Avant Browser\avant.exe”=

“I:\Program Files\BearShare\BearShare.exe”=

“C:\Program Files\EA GAMES\Medal of Honor Pacific Assault\mohpa_server.exe”=

“C:\Program Files\EA GAMES\Medal of Honor Pacific Assault\mohpa.exe”=

R3 usbstor;Sterownik magazynu masowego USB;H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 13:00]

S3 {FBE1D620-5418-4aae-A0F0-316D590663A1};{FBE1D620-5418-4aae-A0F0-316D590663A1};H:\WINDOWS\system32{FBE1D620-5418-4aae-A0F0-316D590663A1} []

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);H:\WINDOWS\system32\DRIVERS\k510bus.sys [2008-03-10 19:24]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;H:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2008-03-10 19:24]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;H:\WINDOWS\system32\DRIVERS\k510mdm.sys [2008-03-10 19:24]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);H:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2008-03-10 19:24]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;H:\WINDOWS\system32\DRIVERS\k510obex.sys [2008-03-10 19:24]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-17 19:11:51

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xseaqwt]

“ImagePath”="??\H:\WINDOWS\system32\ras\slipmenu1.scp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services{FBE1D620-5418-4aae-A0F0-316D590663A1}]

“ImagePath”="??\H:\WINDOWS\system32{FBE1D620-5418-4aae-A0F0-316D590663A1}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: H:\WINDOWS\explorer.exe [6.00.2900.3156]

H:\WINDOWS\Installer{42e67386-a4b2-4d69-aa80-8294f65a248d}\MonVolume.dll
H:\WINDOWS\Installer{20eed52d-98d5-45dc-b34c-ecc55fa2ea1f}\zip.dll

.

Completion time: 2008-03-17 19:12:10

ComboFix-quarantined-files.txt 2008-03-17 18:12:08

ComboFix2.txt 2008-03-17 18:06:02

ComboFix3.txt 2008-03-17 17:14:21

ComboFix4.txt 2008-03-17 15:43:44

.

2008-03-13 11:59:51 — E O F —

ps.Avasta wywaliłem