straszne spowolnienie kompa dolaczam log z hijackthisa :
prosze o jakies jasne wytlumaczenie bo jestem laikiem w tych sprawach
z gory dzieki pozdrawiam
Użyj w trybie awaryjnym VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone.
Po tym daj log z ComboFix
zadzialalo mi tylko virtumundobegone tu ci przesylam log z tego :
"[08/17/2007, 20:49:35] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\MARCIN\Pulpit\VirtumundoBeGone.exe” )
[08/17/2007, 20:49:46] - Detected System Information:
[08/17/2007, 20:49:46] - Windows Version: 5.1.2600, Dodatek Service Pack 2
[08/17/2007, 20:49:46] - Current Username: MARCIN (Admin)
[08/17/2007, 20:49:46] - Windows is in SAFE mode with Networking.
[08/17/2007, 20:49:46] - Searching for Browser Helper Objects:
[08/17/2007, 20:49:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/17/2007, 20:49:46] - BHO 2: {08B8A034-CEEA-4B2A-A91E-7FFDDEE4A817} ()
[08/17/2007, 20:49:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2007, 20:49:46] - Checking for HKLM…\Winlogon\Notify\awtqp
[08/17/2007, 20:49:46] - Found: HKLM…\Winlogon\Notify\awtqp - This is probably Virtumundo.
[08/17/2007, 20:49:46] - Assigning {08B8A034-CEEA-4B2A-A91E-7FFDDEE4A817} MSEvents Object
[08/17/2007, 20:49:46] - BHO list has been changed! Starting over…
[08/17/2007, 20:49:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/17/2007, 20:49:46] - BHO 2: {08B8A034-CEEA-4B2A-A91E-7FFDDEE4A817} (MSEvents Object)
[08/17/2007, 20:49:46] - ALERT: Found MSEvents Object!
[08/17/2007, 20:49:46] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/17/2007, 20:49:46] - BHO 4: {65303C85-8DFA-4804-A796-6D4A194494A3} (Editor plugin)
[08/17/2007, 20:49:46] - BHO 5: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} (Alcohol Toolbar Helper)
[08/17/2007, 20:49:46] - BHO 6: {98B822AD-6BE7-49BC-B773-97240B774080} (HttpGuard Class)
[08/17/2007, 20:49:46] - BHO 7: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[08/17/2007, 20:49:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2007, 20:49:46] - Checking for HKLM…\Winlogon\Notify\vgscfvam
[08/17/2007, 20:49:46] - Key not found: HKLM…\Winlogon\Notify\vgscfvam, continuing.
[08/17/2007, 20:49:46] - BHO 8: {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} ()
[08/17/2007, 20:49:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2007, 20:49:46] - Checking for HKLM…\Winlogon\Notify\vtusttq
[08/17/2007, 20:49:46] - Found: HKLM…\Winlogon\Notify\vtusttq - This is probably Virtumundo.
[08/17/2007, 20:49:46] - Assigning {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} MSEvents Object
[08/17/2007, 20:49:46] - BHO list has been changed! Starting over…
[08/17/2007, 20:49:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/17/2007, 20:49:46] - BHO 2: {08B8A034-CEEA-4B2A-A91E-7FFDDEE4A817} (MSEvents Object)
[08/17/2007, 20:49:46] - ALERT: Found MSEvents Object!
[08/17/2007, 20:49:46] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/17/2007, 20:49:46] - BHO 4: {65303C85-8DFA-4804-A796-6D4A194494A3} (Editor plugin)
[08/17/2007, 20:49:46] - BHO 5: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} (Alcohol Toolbar Helper)
[08/17/2007, 20:49:46] - BHO 6: {98B822AD-6BE7-49BC-B773-97240B774080} (HttpGuard Class)
[08/17/2007, 20:49:46] - BHO 7: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[08/17/2007, 20:49:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2007, 20:49:46] - Checking for HKLM…\Winlogon\Notify\vgscfvam
[08/17/2007, 20:49:46] - Key not found: HKLM…\Winlogon\Notify\vgscfvam, continuing.
[08/17/2007, 20:49:46] - BHO 8: {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} (MSEvents Object)
[08/17/2007, 20:49:46] - ALERT: Found MSEvents Object!
[08/17/2007, 20:49:46] - Finished Searching Browser Helper Objects
[08/17/2007, 20:49:46] - *** Detected MSEvents Object
[08/17/2007, 20:49:46] - Trying to remove MSEvents Object…
[08/17/2007, 20:49:47] - Terminating Process: IEXPLORE.EXE
[08/17/2007, 20:49:48] - Terminating Process: RUNDLL32.EXE
[08/17/2007, 20:49:48] - Disabling Automatic Shell Restart
[08/17/2007, 20:49:48] - Terminating Process: EXPLORER.EXE
[08/17/2007, 20:49:48] - Suspending the NT Session Manager System Service
[08/17/2007, 20:49:48] - Terminating Windows NT Logon/Logoff Manager
[08/17/2007, 20:49:48] - Re-enabling Automatic Shell Restart
[08/17/2007, 20:49:48] - File to disable: C:\WINDOWS\system32\awtqp.dll
[08/17/2007, 20:49:48] - Renaming C:\WINDOWS\system32\awtqp.dll -> C:\WINDOWS\system32\awtqp.dll.vir
[08/17/2007, 20:49:48] - File successfully renamed!
[08/17/2007, 20:49:48] - Removing HKLM…\Browser Helper Objects{08B8A034-CEEA-4B2A-A91E-7FFDDEE4A817}
[08/17/2007, 20:49:48] - Removing HKCR\CLSID{08B8A034-CEEA-4B2A-A91E-7FFDDEE4A817}
[08/17/2007, 20:49:48] - Adding Kill Bit for ActiveX for GUID: {08B8A034-CEEA-4B2A-A91E-7FFDDEE4A817}
[08/17/2007, 20:49:48] - Deleting ATLEvents/MSEvents Registry entries
[08/17/2007, 20:49:48] - Removing HKLM…\Winlogon\Notify\awtqp
[08/17/2007, 20:49:48] - Searching for Browser Helper Objects:
[08/17/2007, 20:49:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/17/2007, 20:49:48] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/17/2007, 20:49:48] - BHO 3: {65303C85-8DFA-4804-A796-6D4A194494A3} (Editor plugin)
[08/17/2007, 20:49:48] - BHO 4: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} (Alcohol Toolbar Helper)
[08/17/2007, 20:49:48] - BHO 5: {98B822AD-6BE7-49BC-B773-97240B774080} (HttpGuard Class)
[08/17/2007, 20:49:48] - BHO 6: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[08/17/2007, 20:49:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2007, 20:49:48] - Checking for HKLM…\Winlogon\Notify\vgscfvam
[08/17/2007, 20:49:48] - Key not found: HKLM…\Winlogon\Notify\vgscfvam, continuing.
[08/17/2007, 20:49:48] - BHO 7: {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} (MSEvents Object)
[08/17/2007, 20:49:48] - ALERT: Found MSEvents Object!
[08/17/2007, 20:49:48] - Finished Searching Browser Helper Objects
[08/17/2007, 20:49:48] - *** Detected MSEvents Object
[08/17/2007, 20:49:48] - Trying to remove MSEvents Object…
[08/17/2007, 20:49:49] - Terminating Process: IEXPLORE.EXE
[08/17/2007, 20:49:50] - Terminating Process: RUNDLL32.EXE
[08/17/2007, 20:49:50] - Disabling Automatic Shell Restart
[08/17/2007, 20:49:50] - Terminating Process: EXPLORER.EXE
[08/17/2007, 20:49:50] - Suspending the NT Session Manager System Service
[08/17/2007, 20:49:50] - Terminating Windows NT Logon/Logoff Manager
[08/17/2007, 20:49:50] - Re-enabling Automatic Shell Restart
[08/17/2007, 20:49:50] - File to disable: C:\WINDOWS\system32\vtusttq.dll
[08/17/2007, 20:49:50] - Removing HKLM…\Browser Helper Objects{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}
[08/17/2007, 20:49:50] - Removing HKCR\CLSID{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}
[08/17/2007, 20:49:50] - Adding Kill Bit for ActiveX for GUID: {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}
[08/17/2007, 20:49:50] - Deleting ATLEvents/MSEvents Registry entries
[08/17/2007, 20:49:50] - Removing HKLM…\Winlogon\Notify\vtusttq
[08/17/2007, 20:49:50] - Searching for Browser Helper Objects:
[08/17/2007, 20:49:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/17/2007, 20:49:50] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/17/2007, 20:49:50] - BHO 3: {65303C85-8DFA-4804-A796-6D4A194494A3} (Editor plugin)
[08/17/2007, 20:49:50] - BHO 4: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} (Alcohol Toolbar Helper)
[08/17/2007, 20:49:50] - BHO 5: {98B822AD-6BE7-49BC-B773-97240B774080} (HttpGuard Class)
[08/17/2007, 20:49:50] - BHO 6: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[08/17/2007, 20:49:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/17/2007, 20:49:50] - Checking for HKLM…\Winlogon\Notify\vgscfvam
[08/17/2007, 20:49:50] - Key not found: HKLM…\Winlogon\Notify\vgscfvam, continuing.
[08/17/2007, 20:49:50] - Finished Searching Browser Helper Objects
[08/17/2007, 20:49:50] - Finishing up…
[08/17/2007, 20:49:50] - A restart is needed.
[08/17/2007, 20:49:56] - Attempting to Restart via STOP error (Blue Screen!)
[08/18/2007, 0:10:19] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\MARCIN\Pulpit\VirtumundoBeGone.exe” )
[08/18/2007, 0:10:22] - Detected System Information:
[08/18/2007, 0:10:22] - Windows Version: 5.1.2600, Dodatek Service Pack 2
[08/18/2007, 0:10:22] - Current Username: MARCIN (Admin)
[08/18/2007, 0:10:22] - Windows is in SAFE mode with Networking.
[08/18/2007, 0:10:22] - Searching for Browser Helper Objects:
[08/18/2007, 0:10:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/18/2007, 0:10:22] - BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/18/2007, 0:10:22] - BHO 3: {65303C85-8DFA-4804-A796-6D4A194494A3} (Editor plugin)
[08/18/2007, 0:10:22] - BHO 4: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} (Alcohol Toolbar Helper)
[08/18/2007, 0:10:22] - BHO 5: {98B822AD-6BE7-49BC-B773-97240B774080} (HttpGuard Class)
[08/18/2007, 0:10:22] - BHO 6: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[08/18/2007, 0:10:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/18/2007, 0:10:22] - Checking for HKLM…\Winlogon\Notify\vgscfvam
[08/18/2007, 0:10:22] - Key not found: HKLM…\Winlogon\Notify\vgscfvam, continuing.
[08/18/2007, 0:10:22] - Finished Searching Browser Helper Objects
[08/18/2007, 0:10:22] - Finishing up…
[08/18/2007, 0:10:22] - Nothing found! Exiting…"
a TUTAJ DAJE CI LOGA Z COMBOFIX:
"ComboFix 07-08-14.4 - “MARCIN” 2007-08-18 0:16:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1573 [GMT 1:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\DANEAP~1\SeekmoSA
C:\DOCUME~1\ALLUSE~1\DANEAP~1\SeekmoSA\SeekmoSA.dat
C:\DOCUME~1\ALLUSE~1\DANEAP~1\SeekmoSA\SeekmoSA_kyf.dat
C:\DOCUME~1\ALLUSE~1\DANEAP~1\SeekmoSA\SeekmoSAAbout.mht
C:\DOCUME~1\ALLUSE~1\DANEAP~1\SeekmoSA\SeekmoSAau.dat
C:\DOCUME~1\ALLUSE~1\DANEAP~1\SeekmoSA\SeekmoSAEULA.mht
C:\DOCUME~1\MARCIN\DANEAP~1.\winantispyware 2007
C:\DOCUME~1\MARCIN\DANEAP~1.\winantispyware 2007 free
C:\DOCUME~1\MARCIN\DANEAP~1.\winantispyware 2007 free\DownloadUWAS7.url
C:\DOCUME~1\MARCIN\DANEAP~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\1.sdf
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\3852201.sdf
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\501087.sdf
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\domains.txt
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1587
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\268197
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33923
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44484
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\46013
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53595
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\57880
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\636407
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6368
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\733622
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753147
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90009
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93899
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93934
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\dynamic\ustat\3593.dat
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\btntrans.idx
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\buttondir.txt
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\components.cdf
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\cursors.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\default.cdf
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\icons2.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\ie_video.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\keywords.idx
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\keywords1.dat
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\layout.cdf
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\progress.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\seekmo.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\t2_bg.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\theweb.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\top7.cdf
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
C:\DOCUME~1\MARCIN\DANEAP~1\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiVirus Pro 2007
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiVirus Pro 2007\CookieList.dat
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\MARCIN\DANEAP~1\WinAntiVirus Pro 2007\PGE.dat
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantivirus pro 2007
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\Program Files\Common Files\winantivirus pro 2007\err.log
C:\Program Files\inetget2
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\UWA7P
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\7_exception.nls
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\dkloyyxq.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\jhfutifw.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\qdcafjiy.exe
C:\WINDOWS\system32\rrmmtggw.ini
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\vgscfvam.dll
C:\WINDOWS\system32\wfitufhj.dll
C:\WINDOWS\system32\wggtmmrr.dll
C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\xdtfeolx.dll
C:\WINDOWS\system32\xloeftdx.ini
C:\WINDOWS\system32\xmefscph.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_POOF
-------\LEGACY_RUNTIME
-------\DomainService
-------\kprof
-------\poof
-------\runtime
((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))
2007-08-18 00:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 00:04 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-15 10:07 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-15 10:07 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-15 10:07 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-15 10:07 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-15 10:06 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-15 10:06 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-15 10:06 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-15 10:06
2007-08-15 08:33
2007-08-15 08:31
2007-08-15 00:43 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-15 00:13
2007-08-15 00:12 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-08-15 00:12 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-08-15 00:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-15 00:12 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-15 00:12 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-14 20:35 1 --a------ C:\WINDOWS\system32\ps.dat
2007-08-14 10:28 243,296 --a------ C:\WINDOWS\system32\awtqp.dll.vir
2007-08-14 10:13 420,864 --a------ C:\WINDOWS\system32\AClient.dll
2007-08-14 00:33
2007-08-11 16:30 476,416 -ra------ C:\WINDOWS\system32\drivers\MRVW245.sys
2007-08-02 11:20 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-02 11:20 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-02 11:20 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-02 11:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-01 12:27 335,872 --a------ C:\WINDOWS\uninst.exe
2007-08-01 12:26
2007-07-31 10:31
2007-07-31 10:30 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-31 10:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-31 10:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-31 10:30 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-31 10:30 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-31 10:30 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-07-31 10:30
2007-07-31 10:17 143,360 --a------ C:\WINDOWS\system32\igfxres.dll
2007-07-31 10:11 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-07-31 10:11 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-07-31 09:48
2007-07-31 09:48
2007-07-31 09:08
2007-07-31 09:08
2007-07-31 09:05 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-31 09:05
2007-07-31 01:49
2007-07-29 22:02 8,704 --a–c— C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-07-29 22:02 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-29 22:02 8,192 --a–c— C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-07-29 22:02 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-29 22:02 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd106.dll
2007-07-29 22:02 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-07-29 22:02 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-07-29 22:02 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-29 22:02 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-29 22:02 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-29 22:02 5,632 --a–c— C:\WINDOWS\system32\dllcache\kbd103.dll
2007-07-29 22:02 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-29 21:57
2007-07-29 21:45
2007-07-29 21:45
2007-07-29 21:44
2007-07-29 21:34 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-29 21:34 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\vorbis.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\OggDS.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\ogg.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\mplvpx.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-07-29 21:29
2007-07-29 21:20
2007-07-29 20:52 88,204 --a------ C:\WINDOWS\AGRSMMSG.exe
2007-07-29 20:52 68,096 --a------ C:\WINDOWS\agrsmdel.exe
2007-07-29 20:52 68,096 --------- C:\WINDOWS\system32\agrsmdel.exe
2007-07-29 20:52 1,124,097 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2007-07-29 20:52
2007-07-29 20:47 90,203 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-07-29 20:47 82,014 --a------ C:\WINDOWS\system32\SynCOM.dll
2007-07-29 20:47 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2007-07-29 20:47 69,723 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2007-07-29 20:47 191,456 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-07-29 20:47 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-07-29 20:47
2007-07-29 20:37 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-07-29 20:37 94,208 --a------ C:\WINDOWS\system32\igfxext.exe
2007-07-29 20:37 899,194 --a------ C:\WINDOWS\system32\ialmdd5.dll
2007-07-29 20:37 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-07-29 20:37 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-14 01:16 --------- d-------- C:\Program Files\BitComet
2007-08-14 01:07 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-08-12 20:15 --------- d-------- C:\Program Files\Belkin
2007-08-11 16:27 --------- d–h----- C:\Program Files\InstallShield Installation Information
2007-07-31 10:11 --------- d-------- C:\Program Files\Realtek
2007-07-31 09:09 --------- d-------- C:\Program Files\Google
2007-07-09 00:56 --------- d-------- C:\DOCUME~1\MARCIN\DANEAP~1\Google
2007-07-08 19:10 --------- d-------- C:\DOCUME~1\MARCIN\DANEAP~1\WebCallDirect
2007-07-08 13:16 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-07 23:50 21393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-07 23:50 --------- d-------- C:\Program Files\Intel
2007-07-07 20:46 --------- d-------- C:\Program Files\Intel Desktop Board Audio Driver
2007-07-07 19:39 392704 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2007-07-07 19:39 --------- d-------- C:\DOCUME~1\MARCIN\DANEAP~1\Intel
2007-07-01 23:18 --------- d-------- C:\Program Files\Real Alternative
2007-07-01 23:18 --------- d-------- C:\Program Files\Media Player Classic
2007-07-01 22:29 --------- d-------- C:\Program Files\WebCallDirect.com
2007-07-01 22:13 --------- d-------- C:\Program Files\Microsoft Works
2007-07-01 21:26 --------- d-------- C:\Program Files\Gadu-Gadu
2007-07-01 21:00 --------- d-------- C:\Program Files\TOSHIBA
2007-07-01 20:39 --------- d-------- C:\Program Files\Ahead
2007-07-01 20:25 2724 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-07-01 20:23 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-01 20:22 --------- d-------- C:\Program Files\Movie Maker
2007-07-01 20:22 --------- d-------- C:\Program Files\Messenger
2007-07-01 20:21 --------- d-------- C:\Program Files\Windows NT
2007-07-01 20:07 --------- d–h----- C:\Program Files\WindowsUpdate
2007-07-01 18:43 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-01 18:42 0 -rahs---- C:\MSDOS.SYS
2007-07-01 18:42 0 -rahs---- C:\IO.SYS
2007-07-01 18:42 0 --a------ C:\CONFIG.SYS
2007-07-01 18:42 0 --a------ C:\AUTOEXEC.BAT
2007-07-01 18:40 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-01 18:39 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-01 18:31 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-01 18:31 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-15 16:45 1826816 --a------ C:\WINDOWS\SkyTel.exe
--------- C:\Program Files\Usługi online
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{65303C85-8DFA-4804-A796-6D4A194494A3}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{98B822AD-6BE7-49BC-B773-97240B774080}]
2007-08-14 10:13 420864 --a------ C:\WINDOWS\system32\AClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50]
“IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2007-04-16 11:24]
“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2007-04-16 11:22]
“USB Storage Toolbox”=“C:\Program Files\USB Disk Win98 Driver\Res.EXE” [2005-09-14 20:44]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-01-08 07:17]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-01-08 07:16]
“AGRSMMSG”=“AGRSMMSG.exe” [2006-03-16 17:24 C:\WINDOWS\AGRSMMSG.exe]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2007-01-08 22:26]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2007-01-08 22:17]
“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-11-28 13:55]
“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2005-11-28 13:52]
“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2005-11-28 13:55]
“RTHDCPL”=“RTHDCPL.EXE” [2006-02-27 17:28 C:\WINDOWS\RTHDCPL.exe]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-27 23:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2005-08-30 19:51]
“WebCallDirect”=“C:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe” [2007-07-04 22:53]
“ares”=“C:\Program Files\Ares\Ares.exe” []
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:44]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2007-07-01 21:00:56]
R2 PowerManager;Power Manager;C:\WINDOWS\svchost.exe
*Newly Created Service* - POWERMANAGER
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 00:20:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-18 0:20:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-08-18 00:20
— E O F —"
caly czas mam zpowolniony komp choc widze lekka poprawe z gory dzieki za pomoc
Ściągnij The Avenger,
wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:
Po wklejeniu > Done > klik na zielone światło > ok i będzie restart.
Po restarcie wchodzisz gdzie masz The Avenger wklejasz raport avenger.txt
Użyj:
http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html
http://www.sophos.com/support/disinfection/jeefoa.html
Użyj Skanerów Online ( te z opcją usuwania)
Po tym nowy log z combo.
zrobilem wszystko pokolei a tu dolaczam log z cobo:
"ComboFix 07-08-14.4 - “MARCIN” 2007-08-18 13:15:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1550 [GMT 1:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\svchost.exe
((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))
2007-08-18 12:50
2007-08-18 12:48
2007-08-18 00:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 00:04 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-18 00:04
2007-08-15 10:07 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-15 10:07 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-15 10:07 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-15 10:07 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-15 10:06 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-15 10:06 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-15 10:06 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-15 10:06
2007-08-15 08:33
2007-08-15 08:31
2007-08-15 00:43 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-15 00:13
2007-08-15 00:12 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-08-15 00:12 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-08-15 00:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-15 00:12 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-15 00:12 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-14 20:35 1 --a------ C:\WINDOWS\system32\ps.dat
2007-08-14 10:13 420,864 --a------ C:\WINDOWS\system32\AClient.dll
2007-08-14 00:33
2007-08-11 16:30 476,416 -ra------ C:\WINDOWS\system32\drivers\MRVW245.sys
2007-08-02 11:20 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-02 11:20 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-02 11:20 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-02 11:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-01 12:26
2007-07-31 10:31
2007-07-31 10:30 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-31 10:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-31 10:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-31 10:30 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-31 10:30 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-31 10:30 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-07-31 10:30
2007-07-31 10:17 143,360 --a------ C:\WINDOWS\system32\igfxres.dll
2007-07-31 10:11 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-07-31 09:48
2007-07-31 09:48
2007-07-31 09:08
2007-07-31 09:08
2007-07-31 09:05 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-31 09:05
2007-07-31 01:49
2007-07-29 22:02 8,704 --a–c— C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-07-29 22:02 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-29 22:02 8,192 --a–c— C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-07-29 22:02 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-29 22:02 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd106.dll
2007-07-29 22:02 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-07-29 22:02 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-07-29 22:02 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-29 22:02 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-29 22:02 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-29 22:02 5,632 --a–c— C:\WINDOWS\system32\dllcache\kbd103.dll
2007-07-29 22:02 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-29 21:57
2007-07-29 21:45
2007-07-29 21:45
2007-07-29 21:44
2007-07-29 21:34 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-29 21:34 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\vorbis.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\OggDS.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\ogg.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\mplvpx.dll
2007-07-29 21:34 234 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-07-29 21:29
2007-07-29 21:20
2007-07-29 20:52 88,204 --a------ C:\WINDOWS\AGRSMMSG.exe
2007-07-29 20:52 68,096 --a------ C:\WINDOWS\agrsmdel.exe
2007-07-29 20:52 68,096 --------- C:\WINDOWS\system32\agrsmdel.exe
2007-07-29 20:52 1,124,097 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2007-07-29 20:52
2007-07-29 20:47 90,203 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-07-29 20:47 82,014 --a------ C:\WINDOWS\system32\SynCOM.dll
2007-07-29 20:47 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2007-07-29 20:47 69,723 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2007-07-29 20:47 191,456 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-07-29 20:47 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-07-29 20:47
2007-07-29 20:37 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-07-29 20:37 94,208 --a------ C:\WINDOWS\system32\igfxext.exe
2007-07-29 20:37 899,194 --a------ C:\WINDOWS\system32\ialmdd5.dll
2007-07-29 20:37 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-07-29 20:37 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-07-29 20:37 73,728 --a------ C:\WINDOWS\system32\hccutils.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-18 12:29 --------- d-------- C:\Program Files\Real Alternative
2007-08-18 12:28 --------- d-------- C:\Program Files\Media Player Classic
2007-08-18 12:28 --------- d-------- C:\Program Files\Intel Desktop Board Audio Driver
2007-08-18 12:23 --------- d-------- C:\Program Files\BitComet
2007-08-14 01:07 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-08-12 20:15 --------- d-------- C:\Program Files\Belkin
2007-08-11 16:27 --------- d–h----- C:\Program Files\InstallShield Installation Information
2007-07-31 10:11 --------- d-------- C:\Program Files\Realtek
2007-07-31 09:09 --------- d-------- C:\Program Files\Google
2007-07-09 00:56 --------- d-------- C:\DOCUME~1\MARCIN\DANEAP~1\Google
2007-07-08 19:10 --------- d-------- C:\DOCUME~1\MARCIN\DANEAP~1\WebCallDirect
2007-07-08 13:16 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-07 23:50 21393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-07 23:50 --------- d-------- C:\Program Files\Intel
2007-07-07 19:39 --------- d-------- C:\DOCUME~1\MARCIN\DANEAP~1\Intel
2007-07-01 22:29 --------- d-------- C:\Program Files\WebCallDirect.com
2007-07-01 22:13 --------- d-------- C:\Program Files\Microsoft Works
2007-07-01 21:26 --------- d-------- C:\Program Files\Gadu-Gadu
2007-07-01 21:00 --------- d-------- C:\Program Files\TOSHIBA
2007-07-01 20:39 --------- d-------- C:\Program Files\Ahead
2007-07-01 20:25 2724 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-07-01 20:23 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-01 20:22 --------- d-------- C:\Program Files\Movie Maker
2007-07-01 20:22 --------- d-------- C:\Program Files\Messenger
2007-07-01 20:21 --------- d-------- C:\Program Files\Windows NT
2007-07-01 20:07 --------- d–h----- C:\Program Files\WindowsUpdate
2007-07-01 18:43 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-01 18:42 0 -rahs---- C:\MSDOS.SYS
2007-07-01 18:42 0 -rahs---- C:\IO.SYS
2007-07-01 18:42 0 --a------ C:\CONFIG.SYS
2007-07-01 18:42 0 --a------ C:\AUTOEXEC.BAT
2007-07-01 18:40 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-01 18:39 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-01 18:31 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-01 18:31 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-15 16:45 1826816 --a------ C:\WINDOWS\SkyTel.exe
--------- C:\Program Files\Usługi online
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{65303C85-8DFA-4804-A796-6D4A194494A3}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{98B822AD-6BE7-49BC-B773-97240B774080}]
2007-08-14 10:13 420864 --a------ C:\WINDOWS\system32\AClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50]
“IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2007-04-16 11:24]
“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2007-04-16 11:22]
“USB Storage Toolbox”=“C:\Program Files\USB Disk Win98 Driver\Res.EXE” [2005-09-14 20:44]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-01-08 07:17]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-01-08 07:16]
“AGRSMMSG”=“AGRSMMSG.exe” [2006-03-16 17:24 C:\WINDOWS\AGRSMMSG.exe]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2007-01-08 22:26]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2007-01-08 22:17]
“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-11-28 13:55]
“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2005-11-28 13:52]
“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2005-11-28 13:55]
“RTHDCPL”=“RTHDCPL.EXE” [2006-02-27 17:28 C:\WINDOWS\RTHDCPL.exe]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-27 23:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2005-08-30 19:51]
“WebCallDirect”=“C:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe” [2007-07-04 22:53]
“ares”=“C:\Program Files\Ares\Ares.exe” []
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:44]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
R2 PowerManager;Power Manager;C:\WINDOWS\svchost.exe
*Newly Created Service* - POWERMANAGER
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 13:16:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-18 13:16:40
C:\ComboFix-quarantined-files.txt … 2007-08-18 13:16
C:\ComboFix2.txt … 2007-08-18 00:20
— E O F "
Dalsze usuwanie różnych infekcji u Ciebie nie ma już sensu, bo Twój komputer jest zarażony “JEEFO”, który zaraża wszystkie *.exe , a więc wszystkie programy i wszystkie pliki wykonawcze systemu.
Spróbuj jeszcze ratować system przy pomocy szczepionki:
http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html
Ponieważ Twój Antivirus jest już na pewno zarażony, więc potem przeskanuj system skanerami on-line, wybieraj tylko takie, które oprócz opcji skanowania mają także opcję usuwania. Usuwaj wszystko, co znajdą, nawet jeśli to będą Twoje najulubieńsze programy - i tak już są bezużyteczne, bo zarażone.
Potem ewentualnie możesz dać nowy log z ComboFixa.
jessi