Zamykanie programu brdr...ciagle to wyskakuje

bronkaaa · 15 Wrzesień 2007 21:34

wr… od pewneczo czasu pokazuje mi sie dziwne okienko przy zamykaniu komputera… zamykanie porbgramu brdr… czytalam troche w necie na roznych frach i ponoc to jakis wirus…blagam neich mi ktos pomoze bo chyba oszaleje… mam prawie nowego kompa…znaczy kilka miesiecy temu byl nowyyyyy… i juz cos sie zrypalo… nie…ratunku!!

squeet · 15 Wrzesień 2007 21:56

bronkaaa witaj na Forum.

Proszę o lekturę poniższych tematów:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

http://forum.dobreprogramy.pl/viewtopic.php?t=66889

1. Logi wstawiamy w tagach quote. Powyższe już sformatowałem, następne wklejaj już poprawnie.

bronkaaa · 15 Wrzesień 2007 22:23

ComboFix 07-09-14.2 - “zzz” 2007-09-16 0:15:17.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.101 [GMT 2:00] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\DOCUME~1\zzz\MENUST~1\Programy\AUTOST~1.\TA_Start.lnk E:\DOCUME~1\zzz\MENUST~1\Programy\AUTOST~1\ta_start.lnk E:\DOCUME~1\zzz\MENUST~1\Programy\AUTOST~1\think-adz.lnk E:\WINDOWS\system32\dwdsrngt.exe E:\WINDOWS\system32\msnav32.ax E:\WINDOWS\system32\zxdnt3d.cfg . ((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 ))))))))))))))))))))))))))))))) . 2007-09-15 23:41 51,200 --a------ E:\WINDOWS\NirCmd.exe 2007-09-14 17:48 2007-09-14 17:47 2007-08-31 01:45 79,360 --a------ E:\WINDOWS\system32\mkzlib.dll 2007-08-31 01:45 23,552 --a------ E:\WINDOWS\system32\mkunicode.dll 2007-08-31 01:45 167,936 --a------ E:\WINDOWS\system32\ts.dll 2007-08-31 01:45 151,040 --a------ E:\WINDOWS\system32\mkx.dll 2007-08-31 01:45 142,848 --a------ E:\WINDOWS\system32\mp4.dll 2007-08-21 21:55 1,060,864 --a------ E:\WINDOWS\system32\mfc71.dll 2007-08-17 18:58 2007-08-17 15:58 921,600 --a------ E:\WINDOWS\system32\vorbisenc.dll 2007-08-17 15:58 237,568 --a------ E:\WINDOWS\system32\OggDS.dll 2007-08-17 15:57 9,216 --a------ E:\WINDOWS\system32\cpuinf32.dll 2007-08-17 15:57 740,442 --a------ E:\WINDOWS\system32\DivX.dll 2007-08-17 15:57 45,056 --a------ E:\WINDOWS\system32\ogg.dll 2007-08-17 15:57 245,760 --a------ E:\WINDOWS\system32\mplvpx.dll 2007-08-17 15:57 188,416 --a------ E:\WINDOWS\system32\vorbis.dll 2007-08-17 15:57 1,415,680 --a------ E:\WINDOWS\system32\WMV9VCM.dll 2007-08-17 15:54 2007-08-17 15:54 2007-08-17 15:54 2007-08-17 15:53 2007-08-17 15:40 2007-08-17 15:03 2007-08-17 13:58 77,824 --a------ E:\WINDOWS\system32\MMSwitch.dll 2007-08-17 13:58 61,440 --a------ E:\WINDOWS\system32\libfaac.dll 2007-08-17 13:58 421,888 --a------ E:\WINDOWS\system32\OpenQuicktimeLib.dll 2007-08-17 13:58 40,960 --a------ E:\WINDOWS\system32\MMAVILNG.exe 2007-08-17 13:58 301,056 --a------ E:\WINDOWS\system32\VSFilter.dll 2007-08-17 13:58 180,224 --a------ E:\WINDOWS\system32\xvidvfw.dll 2007-08-17 13:58 1,559,040 --a------ E:\WINDOWS\system32\xvidcore.dll 2007-08-17 13:58 1,024,000 --a------ E:\WINDOWS\system32\3ivx.dll 2007-08-17 13:58 2007-08-17 13:58 2007-08-17 01:19 109,568 --------- E:\WINDOWS\system32\pxinsi64.exe 2007-08-17 01:19 108,544 --------- E:\WINDOWS\system32\pxcpyi64.exe 2007-08-17 01:18 2007-08-16 01:26 6,144 --a------ E:\WINDOWS\system32\ff_vfw.dll 2007-08-16 01:26 217,088 --a------ E:\WINDOWS\system32\yv12vfw.dll 2007-08-16 01:26 163,840 --a------ E:\WINDOWS\system32\unrar.dll 2007-08-16 01:26 2007-08-16 00:17 57,378 --a------ E:\WINDOWS\system32\lrdsrngp(2).exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 00:14 --------- d-------- E:\Program Files\Neostrada TP 2007-09-14 17:48 --------- d-------- E:\Program Files\MSN Messenger 2007-08-30 22:35 --------- d-------- E:\Program Files\Winamp 2007-08-23 21:35 55540 --a------ E:\WINDOWS\system32\adssite-remove.exe 2007-08-19 02:45 755200 --a------ E:\WINDOWS\system32\ir50_32.dll 2007-08-17 15:14 --------- d-------- E:\Program Files\QuickTime 2007-08-17 13:45 --------- d-------- E:\Program Files\Common Files\LightScribe 2007-08-17 13:45 --------- d-------- E:\Program Files\Atheros 2007-08-15 23:42 192580 --a------ E:\WINDOWS\system32\rwinsmdt(2).exe 2007-08-08 02:40 --------- d-------- E:\Program Files\Windows Media Connect 2 2007-08-05 01:30 --------- d-------- E:\Program Files\BearShare 2007-07-30 19:19 92504 --a------ E:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ E:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ E:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ E:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ E:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ E:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ E:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ E:\WINDOWS\system32\wups.dll 2007-07-26 18:42 --------- d-------- E:\Program Files\SpyVampire 2007-07-24 16:46 --------- d-------- E:\DOCUME~1\zzz\DANEAP~1\Ahead 2007-07-17 21:54 --------- d-------- E:\Program Files\MSXML 4.0 2007-07-16 16:18 --------- d-------- E:\DOCUME~1\zzz\DANEAP~1\OLYMPUS 2007-07-16 16:15 --------- d-------- E:\Program Files\OLYMPUS 2007-07-16 16:14 --------- d–h----- E:\Program Files\InstallShield Installation Information 2007-07-16 16:14 --------- d-------- E:\Program Files\PIXELA 2007-07-16 16:13 --------- d-------- E:\DOCUME~1\ALLUSE~1\DANEAP~1\QuickTime 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(4).dll 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(3).dll 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(2).dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3(3).dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3(2).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(4).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(3).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(2).dll . ((((((((((((((((((((((((((((( snapshot_2007-09-15_234433,42 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 258,048 2000-05-25 12:23:04 E:\WINDOWS\system32\Adobe\SVG Viewer\NPSVGVw.dll . ------w 258,048 2000-05-25 12:23:04 E:\WINDOWS\system32\Adobe\SVG Viewer\NPSVGVw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{F31B3634-12AA-41ca-B021-0685C3B3E4CA}] E:\WINDOWS\system32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“E:\WINDOWS\system32\NvCpl.dll” [2006-04-27 04:48] “nwiz”=“nwiz.exe” [2006-04-27 04:48 E:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“E:\WINDOWS\system32\NvMcTray.dll” [2006-04-27 04:48] “HControl”=“E:\WINDOWS\ATK0100\HControl.exe” [2006-10-14 11:37] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 E:\WINDOWS\SkyTel.exe] “SMSERIAL”=“E:\WINDOWS\sm56hlpr.exe” [2006-03-21 16:54] “RTHDCPL”=“RTHDCPL.EXE” [2006-10-30 13:49 E:\WINDOWS\RTHDCPL.exe] “SynTPEnh”=“E:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-25 14:02] “ACMON”=“E:\Program Files\ASUS\Splendid\ACMON.exe” [2006-05-30 10:28] “ACU”=“E:\Program Files\Atheros\ACU.exe” [2006-07-04 15:09] “NeroFilterCheck”=“E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40] “WinampAgent”=“E:\Program Files\Winamp\winampa.exe” [2006-03-10 19:45] “KAVPersonal50”=“E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” [2005-06-16 18:49] “WooCnxMon”=“E:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07] “WOOWATCH”=“E:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07] “WOOTASKBARICON”=“E:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [2003-10-16 19:07] “SunJavaUpdateSched”=“E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “QuickTime Task”=“E:\Program Files\QuickTime\qttask.exe” [2007-07-16 16:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“E:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “swg”=“E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-06-27 22:52] “Odkurzacz-MCD”=“E:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “msnmsgr”=“E:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 12:54] E:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-27 23:27:14] Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] desktop(2).ini [2007-06-20 19:35:24] DSLMON.lnk - E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-06-21 11:18:49] E:\DOCUME~1\zzz\MENUST~1\Programy\AUTOST~1\ Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-27 23:27:14] desktop(2).ini [2007-06-20 19:35:24] TA_Start(2).lnk - E:\WINDOWS\system32\lrdsrngp(2).exe [2007-08-16 00:17:54] Think-Adz(2).lnk - E:\WINDOWS\system32\rwinsmdt(2).exe [2007-08-15 23:42:23] R1 Klmc;Klmc;E:\WINDOWS\system32\drivers\klmc.sys R3 ASNDIS5;ASNDIS5 Protocol Driver;??\E:\WINDOWS\ATK0100\ASNDIS5.SYS R3 nvsmu;nvsmu;E:\WINDOWS\system32\DRIVERS\nvsmu.sys R3 RTSTOR;USB Mass Stroage Device;E:\WINDOWS\system32\drivers\RTSTOR.SYS R3 SynMini;USB2.0 1.3M WebCam;E:\WINDOWS\system32\Drivers\SynMini.sys R3 SynScan;USB2.0 1.3M WebCam Still Image;E:\WINDOWS\system32\Drivers\SynScan.sys S2 Windows Management Service;Windows Management Service;E:\WINDOWS\system32\dmncr.exe -service . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-16 00:16:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-09-16 0:17:59 E:\ComboFix-quarantined-files.txt … 2007-09-16 00:17 . — E O F —

Złączono Posta : 16.09.2007 (Nie) 0:24

prosze o pomoc, bo na prawde nie wiem o co chodzi nie jestem jakims zawodowcem hehhee… jestem amatorka i na serio nie wiem co robic

jessica · 16 Wrzesień 2007 08:04

Masz ukraińską infekcję czyli Rootkit “Windows Security Center”.

Użyj -->FixWareout

Po jego użyciu może zajść potrzeba ustawiania od nowa DNS Twojego dostawcy internetowego.

–>Jak przywrócić prawidłowe DNS.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: adssite - {F31B3634-12AA-41ca-B021-0685C3B3E4CA} - E:\WINDOWS\system32.dll (file missing) O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [{00-00-00-04-ZN}] E:\windows\system32\lrdsrngp.exe P2D002 O4 - HKLM…\Run: [ExploreUpdSched] E:\WINDOWS\system32\rwinsmdt.exe P2D002 O4 - HKLM…\Run: [sDR6_Check] “E:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe” O4 - HKLM…\Run: [PAS_Check] “E:\Program Files\Common Files\DriveCleaner Free\udcpas.exe” O4 - Startup: desktop(2).ini O4 - Startup: TA_Start(2).lnk = E:\WINDOWS\system32\lrdsrngp.exe O4 - Startup: TA_Start.lnk = E:\WINDOWS\system32\lrdsrngp.exe O4 - Startup: Think-Adz(2).lnk = E:\WINDOWS\system32\rwinsmdt.exe O4 - Startup: Think-Adz.lnk = E:\WINDOWS\system32\rwinsmdt.exe O4 - Global Startup: desktop(2).ini O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.43 85.255.112.124 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.43 85.255.112.124 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.43 85.255.112.124 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.43 85.255.112.124

Potem: Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked. (tylko nie pomyl się przy “O17”!).

Potem:

Wklej do Notatnika :

File::

E:\WINDOWS\system32\lrdsrngp(2).exe

E:\WINDOWS\system32\adssite-remove.exe

E:\WINDOWS\system32\rwinsmdt(2).exe

E:\windows\system32\lrdsrngp.exe

E:\WINDOWS\system32\rwinsmdt.exe

E:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe

E:\Program Files\Common Files\DriveCleaner Free\udcpas.exe

E:\WINDOWS\system32\dmncr.exe

E:\DOCUME~1\zzz\MENUST~1\Programy\AUTOST~1\desktop(2).ini


Folder::

E:\Program Files\Common Files\DriveCleaner Free

E:\Program Files\SpyVampire


Driver::

"Windows Management Service"

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie,

jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

(czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –> Klik

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Potem daj tu:

raport z E:\Fixwareout
log z ComboFixa

Log wklej na http://wklej.org/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)

jessi

bronkaaa · 16 Wrzesień 2007 10:15

wszystko w tym fixowaniu czy co tam poszlo mi dobrze ale

ale jak te dwa zaznaczam zeby sfixowac czy jak to sie tam nazywa…to mi wyswitla komunikat po angielski i wydaje mi sie ze tam cos pisze ze one sa uzywane zeby zamknac je. wszystko mam pozamykane. Wiec o co tutaj chodzi.

jessica · 16 Wrzesień 2007 10:44

Daj ten raport z Fixwareout oraz logi - zobaczymy, co poszło “nie tak”.

jessi

bronkaaa · 16 Wrzesień 2007 10:55

już daje proszę…

Username “zzz” - 2007-09-16 11:42:59 [Fixwareout edited 9/01/2007] ~Prerun check Service: “Windows Management Service” = E:\WINDOWS\System32\dmncr.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “nameserver”=“85.255.115.43 85.255.112.124” Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS. System was rebooted successfully.~ Postrun check HKLM\SOFTWARE~\Winlogon\ “System”="" … HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion_r “}950E4ACB8A26-CAFB-4EC4-FF89-B26F1B6D{” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion_r “}81FAF2B44C7A-0038-2314-9A2F-242F728A{” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion_r “rcnmd” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion “vehsc” Value deleted HKCR\CLSID{B5ED9378-CB5C-48A8-8C7A-D434D3559D63}_h\4 Deleted. … ~~~Misc files. E:\Program Files\SpyVampire Deleted …~~~ Checking for older varients. … ~Current runs (hklm hkcu “run” Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “HControl”=“E:\WINDOWS\ATK0100\HControl.exe” “SkyTel”=“SkyTel.EXE” “SMSERIAL”=“E:\WINDOWS\sm56hlpr.exe” “RTHDCPL”=“RTHDCPL.EXE” “SynTPEnh”=“E:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “ACMON”=“E:\Program Files\ASUS\Splendid\ACMON.exe” “ACU”="“E:\Program Files\Atheros\ACU.exe” -nogui" “NeroFilterCheck”=“E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “WinampAgent”=“E:\Program Files\Winamp\winampa.exe” “KAVPersonal50”="“E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize" “WooCnxMon”=“E:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“E:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“E:\PROGRA~1\NEOSTR~1\taskbaricon.exe” “SunJavaUpdateSched”="“E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”" “QuickTime Task”="“E:\Program Files\QuickTime\qttask.exe” -atboottime" “{00-00-00-04-ZN}”=“e:\windows\system32\dwdsrngt.exe P2D002” “ExploreUpdSched”=“E:\WINDOWS\system32\rwinsmdt(2).exe P2D002” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“E:\WINDOWS\system32\ctfmon.exe” “swg”=“E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” “Odkurzacz-MCD”=“E:\Program Files\Odkurzacz\odk_mcd.exe” “msnmsgr”="“E:\Program Files\MSN Messenger\msnmsgr.exe” /background" … Hosts file was reset, If you use a custom hosts file please replace it…~ End report ~~~~~

ComboFix 07-09-14.2 - “zzz” 2007-09-16 12:50:19.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.79 [GMT 2:00] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\WINDOWS\system32\dwdsrngt.exe E:\WINDOWS\system32\msnav32.ax E:\WINDOWS\system32\winpfz32.sys E:\WINDOWS\system32\zxdnt3d.cfg . ((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 ))))))))))))))))))))))))))))))) . 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-15 23:41 51,200 --a------ E:\WINDOWS\NirCmd.exe 2007-09-14 17:48 2007-09-14 17:47 2007-08-31 01:45 79,360 --a------ E:\WINDOWS\system32\mkzlib.dll 2007-08-31 01:45 23,552 --a------ E:\WINDOWS\system32\mkunicode.dll 2007-08-31 01:45 167,936 --a------ E:\WINDOWS\system32\ts.dll 2007-08-31 01:45 151,040 --a------ E:\WINDOWS\system32\mkx.dll 2007-08-31 01:45 142,848 --a------ E:\WINDOWS\system32\mp4.dll 2007-08-21 21:55 1,060,864 --a------ E:\WINDOWS\system32\mfc71.dll 2007-08-17 18:58 2007-08-17 15:58 921,600 --a------ E:\WINDOWS\system32\vorbisenc.dll 2007-08-17 15:58 237,568 --a------ E:\WINDOWS\system32\OggDS.dll 2007-08-17 15:57 9,216 --a------ E:\WINDOWS\system32\cpuinf32.dll 2007-08-17 15:57 740,442 --a------ E:\WINDOWS\system32\DivX.dll 2007-08-17 15:57 45,056 --a------ E:\WINDOWS\system32\ogg.dll 2007-08-17 15:57 245,760 --a------ E:\WINDOWS\system32\mplvpx.dll 2007-08-17 15:57 188,416 --a------ E:\WINDOWS\system32\vorbis.dll 2007-08-17 15:57 1,415,680 --a------ E:\WINDOWS\system32\WMV9VCM.dll 2007-08-17 15:54 2007-08-17 15:54 2007-08-17 15:54 2007-08-17 15:53 2007-08-17 15:40 2007-08-17 15:03 2007-08-17 13:58 77,824 --a------ E:\WINDOWS\system32\MMSwitch.dll 2007-08-17 13:58 61,440 --a------ E:\WINDOWS\system32\libfaac.dll 2007-08-17 13:58 421,888 --a------ E:\WINDOWS\system32\OpenQuicktimeLib.dll 2007-08-17 13:58 40,960 --a------ E:\WINDOWS\system32\MMAVILNG.exe 2007-08-17 13:58 301,056 --a------ E:\WINDOWS\system32\VSFilter.dll 2007-08-17 13:58 180,224 --a------ E:\WINDOWS\system32\xvidvfw.dll 2007-08-17 13:58 1,559,040 --a------ E:\WINDOWS\system32\xvidcore.dll 2007-08-17 13:58 1,024,000 --a------ E:\WINDOWS\system32\3ivx.dll 2007-08-17 13:58 2007-08-17 13:58 2007-08-17 01:19 109,568 --------- E:\WINDOWS\system32\pxinsi64.exe 2007-08-17 01:19 108,544 --------- E:\WINDOWS\system32\pxcpyi64.exe 2007-08-17 01:18 2007-08-16 01:26 6,144 --a------ E:\WINDOWS\system32\ff_vfw.dll 2007-08-16 01:26 217,088 --a------ E:\WINDOWS\system32\yv12vfw.dll 2007-08-16 01:26 163,840 --a------ E:\WINDOWS\system32\unrar.dll 2007-08-16 01:26 2007-08-16 00:17 57,378 --a------ E:\WINDOWS\system32\lrdsrngp(2).exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 12:12 --------- d-------- E:\Program Files\Neostrada TP 2007-09-14 17:48 --------- d-------- E:\Program Files\MSN Messenger 2007-08-30 22:35 --------- d-------- E:\Program Files\Winamp 2007-08-23 21:35 55540 --a------ E:\WINDOWS\system32\adssite-remove.exe 2007-08-19 02:45 755200 --a------ E:\WINDOWS\system32\ir50_32.dll 2007-08-17 15:14 --------- d-------- E:\Program Files\QuickTime 2007-08-17 13:45 --------- d-------- E:\Program Files\Common Files\LightScribe 2007-08-17 13:45 --------- d-------- E:\Program Files\Atheros 2007-08-15 23:42 192580 --a------ E:\WINDOWS\system32\rwinsmdt(2).exe 2007-08-08 02:40 --------- d-------- E:\Program Files\Windows Media Connect 2 2007-08-05 01:30 --------- d-------- E:\Program Files\BearShare 2007-07-30 19:19 92504 --a------ E:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ E:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ E:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ E:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ E:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ E:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ E:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ E:\WINDOWS\system32\wups.dll 2007-07-24 16:46 --------- d-------- E:\DOCUME~1\zzz\DANEAP~1\Ahead 2007-07-17 21:54 --------- d-------- E:\Program Files\MSXML 4.0 2007-07-16 16:18 --------- d-------- E:\DOCUME~1\zzz\DANEAP~1\OLYMPUS 2007-07-16 16:15 --------- d-------- E:\Program Files\OLYMPUS 2007-07-16 16:14 --------- d–h----- E:\Program Files\InstallShield Installation Information 2007-07-16 16:14 --------- d-------- E:\Program Files\PIXELA 2007-07-16 16:13 --------- d-------- E:\DOCUME~1\ALLUSE~1\DANEAP~1\QuickTime 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(4).dll 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(3).dll 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(2).dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3(3).dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3(2).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(4).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(3).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(2).dll . ((((((((((((((((((((((((((((( snapshot_2007-09-15_234433,42 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 258,048 2000-05-25 12:23:04 E:\WINDOWS\system32\Adobe\SVG Viewer\NPSVGVw.dll . ------w 258,048 2000-05-25 12:23:04 E:\WINDOWS\system32\Adobe\SVG Viewer\NPSVGVw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“E:\WINDOWS\system32\NvCpl.dll” [2006-04-27 04:48] “nwiz”=“nwiz.exe” [2006-04-27 04:48 E:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“E:\WINDOWS\system32\NvMcTray.dll” [2006-04-27 04:48] “HControl”=“E:\WINDOWS\ATK0100\HControl.exe” [2006-10-14 11:37] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 E:\WINDOWS\SkyTel.exe] “SMSERIAL”=“E:\WINDOWS\sm56hlpr.exe” [2006-03-21 16:54] “RTHDCPL”=“RTHDCPL.EXE” [2006-10-30 13:49 E:\WINDOWS\RTHDCPL.exe] “SynTPEnh”=“E:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-25 14:02] “ACMON”=“E:\Program Files\ASUS\Splendid\ACMON.exe” [2006-05-30 10:28] “ACU”=“E:\Program Files\Atheros\ACU.exe” [2006-07-04 15:09] “NeroFilterCheck”=“E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40] “WinampAgent”=“E:\Program Files\Winamp\winampa.exe” [2006-03-10 19:45] “KAVPersonal50”=“E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” [2005-06-16 18:49] “WooCnxMon”=“E:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07] “WOOWATCH”=“E:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07] “WOOTASKBARICON”=“E:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [2003-10-16 19:07] “SunJavaUpdateSched”=“E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “QuickTime Task”=“E:\Program Files\QuickTime\qttask.exe” [2007-07-16 16:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“E:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “swg”=“E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-06-27 22:52] “Odkurzacz-MCD”=“E:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “msnmsgr”=“E:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 12:54] E:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-27 23:27:14] Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] desktop(2).ini [2007-06-20 19:35:24] DSLMON.lnk - E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-06-21 11:18:49] E:\DOCUME~1\zzz\MENUST~1\Programy\AUTOST~1\ Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-27 23:27:14] desktop(2).ini [2007-06-20 19:35:24] R1 Klmc;Klmc;E:\WINDOWS\system32\drivers\klmc.sys R3 ASNDIS5;ASNDIS5 Protocol Driver;??\E:\WINDOWS\ATK0100\ASNDIS5.SYS R3 nvsmu;nvsmu;E:\WINDOWS\system32\DRIVERS\nvsmu.sys R3 RTSTOR;USB Mass Stroage Device;E:\WINDOWS\system32\drivers\RTSTOR.SYS R3 SynMini;USB2.0 1.3M WebCam;E:\WINDOWS\system32\Drivers\SynMini.sys R3 SynScan;USB2.0 1.3M WebCam Still Image;E:\WINDOWS\system32\Drivers\SynScan.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-16 12:51:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-09-16 12:53:14 E:\ComboFix-quarantined-files.txt … 2007-09-16 12:52 E:\ComboFix2.txt … 2007-09-16 00:49 E:\ComboFix3.txt … 2007-09-16 00:17 . — E O F —

Logfile of HijackThis v1.99.1 Scan saved at 11:54:04, on 2007-09-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\acs.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\ATK0100\HControl.exe E:\WINDOWS\sm56hlpr.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\ASUS\Splendid\ACMON.exe E:\WINDOWS\system32\ACEngSvr.exe E:\WINDOWS\ATK0100\ATKOSD.exe E:\Program Files\Atheros\ACU.exe E:\Program Files\Winamp\winampa.exe E:\PROGRA~1\NEOSTR~1\CnxMon.exe E:\PROGRA~1\NEOSTR~1\taskbaricon.exe E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe E:\Program Files\QuickTime\qttask.exe E:\windows\system32\dwdsrngt.exe E:\WINDOWS\system32\rwinsmdt(2).exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\Program Files\Neostrada TP\NeostradaTP.exe E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe E:\Program Files\Neostrada TP\ComComp.exe E:\Program Files\Neostrada TP\Watch.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe E:\Program Files\MSN Messenger\usnsvc.exe E:\Program Files\WinRAR\WinRAR.exe E:\DOCUME~1\zzz\USTAWI~1\Temp\Rar$EX00.156\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: adssite - {F31B3634-12AA-41ca-B021-0685C3B3E4CA} - E:\WINDOWS\system32.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [sMSERIAL] E:\WINDOWS\sm56hlpr.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [synTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [ACMON] E:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM…\Run: [ACU] “E:\Program Files\Atheros\ACU.exe” -nogui O4 - HKLM…\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [KAVPersonal50] “E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize O4 - HKLM…\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] E:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “E:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [{00-00-00-04-ZN}] E:\windows\system32\dwdsrngt.exe P2D002 O4 - HKLM…\Run: [ExploreUpdSched] E:\WINDOWS\system32\rwinsmdt(2).exe P2D002 O4 - HKCU…\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Odkurzacz-MCD] E:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [msnmsgr] “E:\Program Files\MSN Messenger\msnmsgr.exe” /background O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: desktop(2).ini O4 - Startup: TA_Start(2).lnk = E:\WINDOWS\system32\lrdsrngp(2).exe O4 - Startup: TA_Start.lnk = E:\WINDOWS\system32\dwdsrngt.exe O4 - Startup: Think-Adz(2).lnk = E:\WINDOWS\system32\rwinsmdt(2).exe O4 - Startup: Think-Adz.lnk = E:\WINDOWS\system32\rwinsmdt(2).exe O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: desktop(2).ini O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blondynaaa.spaces.live.com//Phot … nPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blondynaaa.spaces.live.com/Photo … nPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip…{25924298-6F63-40C5-A8A8-8170D1C0CDAF}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.43 85.255.112.124 O17 - HKLM\System\CS2\Services\Tcpip…{25924298-6F63-40C5-A8A8-8170D1C0CDAF}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - E:\WINDOWS\system32\acs.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

prosze mam nadzieje ze wszystko tutaj zamiescilam. Czekam na odpowiedz

jessica · 16 Wrzesień 2007 11:22

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Spróbujemy inaczej to usuwać:

Jeśli nie masz jakiegoś narzędzia usuwającego, to ściągnij OTMoveIt

Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:

Następnie wciśnij przycisk MoveIt!

Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes.

Po restarcie usuń ręcznie folder C:** _OTMoveIt** (Prawoklik >>> Usuń >>> Opróżnij Kosz.

Izmów nowe logi z Hijacka i ComboFixa.

jessi

bronkaaa · 16 Wrzesień 2007 11:56

Logfile of HijackThis v1.99.1 Scan saved at 13:55:20, on 2007-09-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\acs.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\ATK0100\HControl.exe E:\WINDOWS\sm56hlpr.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\ASUS\Splendid\ACMON.exe E:\Program Files\Atheros\ACU.exe E:\WINDOWS\ATK0100\ATKOSD.exe E:\Program Files\Winamp\winampa.exe E:\PROGRA~1\NEOSTR~1\CnxMon.exe E:\PROGRA~1\NEOSTR~1\taskbaricon.exe E:\WINDOWS\system32\ACEngSvr.exe E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe E:\Program Files\QuickTime\qttask.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe E:\PROGRA~1\NEOSTR~1\NeostradaTP.exe E:\PROGRA~1\NEOSTR~1\ComComp.exe E:\PROGRA~1\NEOSTR~1\Watch.exe E:\WINDOWS\explorer.exe E:\Program Files\WinRAR\WinRAR.exe E:\DOCUME~1\zzz\USTAWI~1\Temp\Rar$EX00.562\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [sMSERIAL] E:\WINDOWS\sm56hlpr.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [synTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [ACMON] E:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM…\Run: [ACU] “E:\Program Files\Atheros\ACU.exe” -nogui O4 - HKLM…\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [KAVPersonal50] “E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize O4 - HKLM…\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] E:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “E:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Odkurzacz-MCD] E:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [msnmsgr] “E:\Program Files\MSN Messenger\msnmsgr.exe” /background O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: desktop(2).ini O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: desktop(2).ini O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blondynaaa.spaces.live.com//Phot … nPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blondynaaa.spaces.live.com/Photo … nPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip…{25924298-6F63-40C5-A8A8-8170D1C0CDAF}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{25924298-6F63-40C5-A8A8-8170D1C0CDAF}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - E:\WINDOWS\system32\acs.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

jessica · 16 Wrzesień 2007 12:45

bronkaaa · 16 Wrzesień 2007 12:59

w tym folderze internet update jest jeden plik tekstowy “update” a drogie to ikonka z komputerem… do aktualizacji chyba.

Złączono Posta : 16.09.2007 (Nie) 15:17

a co do usuwania tego w hijackthis to nie da rady, trzeba chyba co innego wymyslic. Bo co te dwie rezczy chce usunac… to mi wyswietla ze nie mozna ich usunac…zeby wylaczyc program i spróbowac jeszcze raz usunac. Nie wiem dlaczego taks ie robi…ale nie da rady!

Logfile of HijackThis v1.99.1 Scan saved at 15:13:56, on 2007-09-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\acs.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\ATK0100\HControl.exe E:\WINDOWS\sm56hlpr.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\ASUS\Splendid\ACMON.exe E:\Program Files\Atheros\ACU.exe E:\Program Files\Winamp\winampa.exe E:\PROGRA~1\NEOSTR~1\CnxMon.exe E:\PROGRA~1\NEOSTR~1\taskbaricon.exe E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe E:\Program Files\QuickTime\qttask.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\WINDOWS\system32\ACEngSvr.exe E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe E:\WINDOWS\ATK0100\ATKOSD.exe E:\PROGRA~1\NEOSTR~1\NeostradaTP.exe E:\PROGRA~1\NEOSTR~1\ComComp.exe E:\PROGRA~1\NEOSTR~1\Watch.exe E:\Program Files\MSN Messenger\usnsvc.exe E:\WINDOWS\explorer.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe E:\DOCUME~1\zzz\USTAWI~1\Temp\Rar$EX00.312\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [sMSERIAL] E:\WINDOWS\sm56hlpr.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [synTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [ACMON] E:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM…\Run: [ACU] “E:\Program Files\Atheros\ACU.exe” -nogui O4 - HKLM…\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [KAVPersonal50] “E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize O4 - HKLM…\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] E:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “E:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Odkurzacz-MCD] E:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [msnmsgr] “E:\Program Files\MSN Messenger\msnmsgr.exe” /background O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: desktop(2).ini O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: desktop(2).ini O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blondynaaa.spaces.live.com//Phot … nPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blondynaaa.spaces.live.com/Photo … nPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip…{25924298-6F63-40C5-A8A8-8170D1C0CDAF}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{25924298-6F63-40C5-A8A8-8170D1C0CDAF}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - E:\WINDOWS\system32\acs.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

jessica · 16 Wrzesień 2007 13:29

W takim razie ściągaj -->GMER.

Otwórz Notatnik i wklej do niego:

bronkaaa · 16 Wrzesień 2007 13:57

ComboFix 07-09-14.2 - “zzz” 2007-09-16 15:51:28.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.54 [GMT 2:00] . ((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 ))))))))))))))))))))))))))))))) . 2007-09-16 15:46 570 --a------ E:\FIX.BAT 2007-09-16 15:06 51,200 --a------ E:\WINDOWS\NirCmd.exe 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-16 11:36 2007-09-14 17:48 2007-09-14 17:47 2007-08-31 01:45 79,360 --a------ E:\WINDOWS\system32\mkzlib.dll 2007-08-31 01:45 23,552 --a------ E:\WINDOWS\system32\mkunicode.dll 2007-08-31 01:45 167,936 --a------ E:\WINDOWS\system32\ts.dll 2007-08-31 01:45 151,040 --a------ E:\WINDOWS\system32\mkx.dll 2007-08-31 01:45 142,848 --a------ E:\WINDOWS\system32\mp4.dll 2007-08-21 21:55 1,060,864 --a------ E:\WINDOWS\system32\mfc71.dll 2007-08-17 18:58 2007-08-17 15:58 921,600 --a------ E:\WINDOWS\system32\vorbisenc.dll 2007-08-17 15:58 237,568 --a------ E:\WINDOWS\system32\OggDS.dll 2007-08-17 15:57 9,216 --a------ E:\WINDOWS\system32\cpuinf32.dll 2007-08-17 15:57 740,442 --a------ E:\WINDOWS\system32\DivX.dll 2007-08-17 15:57 45,056 --a------ E:\WINDOWS\system32\ogg.dll 2007-08-17 15:57 245,760 --a------ E:\WINDOWS\system32\mplvpx.dll 2007-08-17 15:57 188,416 --a------ E:\WINDOWS\system32\vorbis.dll 2007-08-17 15:57 1,415,680 --a------ E:\WINDOWS\system32\WMV9VCM.dll 2007-08-17 15:54 2007-08-17 15:54 2007-08-17 15:54 2007-08-17 15:53 2007-08-17 15:40 2007-08-17 15:03 2007-08-17 13:58 77,824 --a------ E:\WINDOWS\system32\MMSwitch.dll 2007-08-17 13:58 61,440 --a------ E:\WINDOWS\system32\libfaac.dll 2007-08-17 13:58 421,888 --a------ E:\WINDOWS\system32\OpenQuicktimeLib.dll 2007-08-17 13:58 40,960 --a------ E:\WINDOWS\system32\MMAVILNG.exe 2007-08-17 13:58 301,056 --a------ E:\WINDOWS\system32\VSFilter.dll 2007-08-17 13:58 180,224 --a------ E:\WINDOWS\system32\xvidvfw.dll 2007-08-17 13:58 1,559,040 --a------ E:\WINDOWS\system32\xvidcore.dll 2007-08-17 13:58 1,024,000 --a------ E:\WINDOWS\system32\3ivx.dll 2007-08-17 13:58 2007-08-17 13:58 2007-08-17 01:19 109,568 --------- E:\WINDOWS\system32\pxinsi64.exe 2007-08-17 01:19 108,544 --------- E:\WINDOWS\system32\pxcpyi64.exe 2007-08-17 01:18 2007-08-16 01:26 6,144 --a------ E:\WINDOWS\system32\ff_vfw.dll 2007-08-16 01:26 217,088 --a------ E:\WINDOWS\system32\yv12vfw.dll 2007-08-16 01:26 163,840 --a------ E:\WINDOWS\system32\unrar.dll 2007-08-16 01:26 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 15:05 --------- d-------- E:\Program Files\Neostrada TP 2007-09-14 17:48 --------- d-------- E:\Program Files\MSN Messenger 2007-08-30 22:35 --------- d-------- E:\Program Files\Winamp 2007-08-19 02:45 755200 --a------ E:\WINDOWS\system32\ir50_32.dll 2007-08-17 15:14 --------- d-------- E:\Program Files\QuickTime 2007-08-17 13:45 --------- d-------- E:\Program Files\Common Files\LightScribe 2007-08-17 13:45 --------- d-------- E:\Program Files\Atheros 2007-08-08 02:40 --------- d-------- E:\Program Files\Windows Media Connect 2 2007-08-05 01:30 --------- d-------- E:\Program Files\BearShare 2007-07-30 19:19 92504 --a------ E:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ E:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ E:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ E:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ E:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ E:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ E:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ E:\WINDOWS\system32\wups.dll 2007-07-24 16:46 --------- d-------- E:\DOCUME~1\zzz\DANEAP~1\Ahead 2007-07-17 21:54 --------- d-------- E:\Program Files\MSXML 4.0 2007-07-16 16:18 --------- d-------- E:\DOCUME~1\zzz\DANEAP~1\OLYMPUS 2007-07-16 16:15 --------- d-------- E:\Program Files\OLYMPUS 2007-07-16 16:14 --------- d–h----- E:\Program Files\InstallShield Installation Information 2007-07-16 16:14 --------- d-------- E:\Program Files\PIXELA 2007-07-16 16:13 --------- d-------- E:\DOCUME~1\ALLUSE~1\DANEAP~1\QuickTime 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(4).dll 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(3).dll 2007-06-26 16:53 668160 --a------ E:\WINDOWS\system32\wininet(2).dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3(3).dll 2007-06-26 08:10 1104896 --a------ E:\WINDOWS\system32\msxml3(2).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(4).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(3).dll 2007-06-19 15:32 282112 --a------ E:\WINDOWS\system32\gdi32(2).dll . ((((((((((((((((((((((((((((( snapshot_2007-09-16_151632,23 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 585,791 2007-09-16 13:46:44 E:\WINDOWS\gmer.dll ----a-w 581,632 2007-06-29 07:38:18 E:\WINDOWS\gmer.exe ----a-w 70,001 2007-09-16 13:46:44 E:\WINDOWS\system32\drivers\gmer.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“E:\WINDOWS\system32\NvCpl.dll” [2006-04-27 04:48] “nwiz”=“nwiz.exe” [2006-04-27 04:48 E:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“E:\WINDOWS\system32\NvMcTray.dll” [2006-04-27 04:48] “HControl”=“E:\WINDOWS\ATK0100\HControl.exe” [2006-10-14 11:37] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 E:\WINDOWS\SkyTel.exe] “SMSERIAL”=“E:\WINDOWS\sm56hlpr.exe” [2006-03-21 16:54] “RTHDCPL”=“RTHDCPL.EXE” [2006-10-30 13:49 E:\WINDOWS\RTHDCPL.exe] “SynTPEnh”=“E:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-25 14:02] “ACMON”=“E:\Program Files\ASUS\Splendid\ACMON.exe” [2006-05-30 10:28] “ACU”=“E:\Program Files\Atheros\ACU.exe” [2006-07-04 15:09] “NeroFilterCheck”=“E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40] “WinampAgent”=“E:\Program Files\Winamp\winampa.exe” [2006-03-10 19:45] “KAVPersonal50”=“E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” [2005-06-16 18:49] “WooCnxMon”=“E:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07] “WOOWATCH”=“E:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07] “WOOTASKBARICON”=“E:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [2003-10-16 19:07] “SunJavaUpdateSched”=“E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “QuickTime Task”=“E:\Program Files\QuickTime\qttask.exe” [2007-07-16 16:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“E:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “swg”=“E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-06-27 22:52] “Odkurzacz-MCD”=“E:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “msnmsgr”=“E:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 12:54] E:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-27 23:27:14] Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] desktop(2).ini [2007-06-20 19:35:24] DSLMON.lnk - E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-06-21 11:18:49] E:\DOCUME~1\zzz\MENUST~1\Programy\AUTOST~1\ Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-27 23:27:14] desktop(2).ini [2007-06-20 19:35:24] R1 Klmc;Klmc;E:\WINDOWS\system32\drivers\klmc.sys R3 ASNDIS5;ASNDIS5 Protocol Driver;??\E:\WINDOWS\ATK0100\ASNDIS5.SYS R3 nvsmu;nvsmu;E:\WINDOWS\system32\DRIVERS\nvsmu.sys R3 RTSTOR;USB Mass Stroage Device;E:\WINDOWS\system32\drivers\RTSTOR.SYS R3 SynMini;USB2.0 1.3M WebCam;E:\WINDOWS\system32\Drivers\SynMini.sys R3 SynScan;USB2.0 1.3M WebCam Still Image;E:\WINDOWS\system32\Drivers\SynScan.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-16 15:52:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-09-16 15:54:26 E:\ComboFix2.txt … 2007-09-16 15:17 E:\ComboFix3.txt … 2007-09-16 15:10 . — E O F — Logfile of HijackThis v1.99.1 Scan saved at 15:50:47, on 2007-09-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\acs.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\ATK0100\HControl.exe E:\WINDOWS\sm56hlpr.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\ASUS\Splendid\ACMON.exe E:\Program Files\Atheros\ACU.exe E:\Program Files\Winamp\winampa.exe E:\PROGRA~1\NEOSTR~1\CnxMon.exe E:\PROGRA~1\NEOSTR~1\taskbaricon.exe E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe E:\Program Files\QuickTime\qttask.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\WINDOWS\system32\ACEngSvr.exe E:\WINDOWS\ATK0100\ATKOSD.exe E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe E:\Program Files\WinRAR\WinRAR.exe E:\WINDOWS\system32\wuauclt.exe E:\DOCUME~1\zzz\USTAWI~1\Temp\Rar$EX02.032\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [HControl] E:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [sMSERIAL] E:\WINDOWS\sm56hlpr.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [synTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [ACMON] E:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM…\Run: [ACU] “E:\Program Files\Atheros\ACU.exe” -nogui O4 - HKLM…\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [KAVPersonal50] “E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize O4 - HKLM…\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] E:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “E:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Odkurzacz-MCD] E:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [msnmsgr] “E:\Program Files\MSN Messenger\msnmsgr.exe” /background O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: desktop(2).ini O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: desktop(2).ini O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blondynaaa.spaces.live.com//Phot … nPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blondynaaa.spaces.live.com/Photo … nPUpld.cab O17 - HKLM\System\CS3\Services\Tcpip…{25924298-6F63-40C5-A8A8-8170D1C0CDAF}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - E:\WINDOWS\system32\acs.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe