Mam wira TrojanProxy.Dlena trojan.Co mam robic?
Cześć.Mam wira TrojanProxy.Dlena.Nie wiem jak go usunąćpoprosze o pomoc.Wewalam jeszcze loga
Logfile of HijackThis v1.99.1
Scan saved at 15:53:28, on 2007-02-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svcchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\WDVRCtrl.exe
C:\WINDOWS\system32\sysem.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Sorry Andzej\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [odk_mon] C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe
O4 - HKLM\..\Run: [sysms] C:\WINDOWS\system32\sysem.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [sysms] C:\WINDOWS\system32\sysem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C00857B-2B91-4A4E-A490-CB84F172F841}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:53:28, on 2007-02-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svcchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\WDVRCtrl.exe
C:\WINDOWS\system32\sysem.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Sorry Andzej\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [odk_mon] C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe
O4 - HKLM\..\Run: [sysms] C:\WINDOWS\system32\sysem.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [sysms] C:\WINDOWS\system32\sysem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C00857B-2B91-4A4E-A490-CB84F172F841}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Odpowiedzi: 1
sciagnij ze strony www.9down.com Symantec Client Security Corporate Edition zainstaluj i sproboj w safe mode zrobic scan moze zadziala
Strona 1 / 1
<strong>C:\WINDOWS\System32\svcchost.exe<br />C:\WINDOWS\system32\sysem.exe<br />O4 - HKLM\..\Run: [msvcc25] svcchost.exe<br />O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe<br />O4 - HKLM\..\Run: [sysms] C:\WINDOWS\system32\sysem.exe<br />O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe<br />O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe<br />O4 - HKCU\..\Run: [sysms] C:\WINDOWS\system32\sysem.exe<br />O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll</strong><br />Większość z tego powinien usunąć ComboFix automatycznie.<br />Ściągnij stąd: <a href="http://download.bleepingcomputer.com/sUBs/combofix.exe" target="_blank" title="http://download.bleepingcomputer.com/sUBs/combofix.exe"><b><span>ComboFix</span></b></a>.<br />Uruchom go >>ComboFix.exe>>gdy pojawi się pytanie: „Y” or „N”, to wklepujesz literkę <b>Y</b> + ENTER>>czekasz, aż zniknie Combo, a pojawi się Notatnik. Ten raport wklej tu do postu. Jeśli Notatnik nie pojawi się na ekranie, to znajdź go w <b>C:\ComboFix.txt</b>.<br />Jeśli któregoś z tych w/w "szkodników" nie będzie w raporcie w części "Other deletions", to daj też nowy log z Hijacka. Powodzenia!<br />
Siemka Morda. Zrobiłem tak jak radziłeś.Wrzucam raport...tylko nie wiem co dalej robić :<BR /><BR />ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Sorry Andzej\Pulpit"<BR /><BR />(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))<BR /><BR /><BR />C:\WINDOWS\system32\recsl.exe<BR />C:\WINDOWS\system32\rpcc.dll<BR /><BR /><BR />((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))<BR /> 2007-02-10 23:28 30,334 --a------ C:\WINDOWS\system32\28177332ld.exe<BR />2007-02-10 17:34 30,334 --a------ C:\WINDOWS\system32\34509662ld.exe<BR />2007-02-10 17:24 30,334 --a------ C:\WINDOWS\system32\2431442ld.exe<BR />2007-02-10 17:09 30,334 --a------ C:\WINDOWS\system32\9198572ld.exe<BR />2007-02-10 16:35 30,770 --a------ C:\WINDOWS\system32\35469042ld.exe<BR />2007-02-10 15:28 30,618 --a------ C:\WINDOWS\system32\28122632ld.exe<BR />2007-02-10 15:07 30,770 --a------ C:\WINDOWS\system32\773102ld.exe<BR />2007-02-10 13:55 30,922 --a------ C:\WINDOWS\system32\55264342ld.exe<BR />2007-02-10 13:45 17,478 --a------ C:\WINDOWS\system32\4518892ld.exe<BR />2007-02-10 13:18 21,858 --a------ C:\WINDOWS\system32\18412012ld.exe<BR />2007-02-10 13:16 21,858 --a------ C:\WINDOWS\system32\16429822ld.exe<BR />2007-02-10 13:14 21,858 --a------ C:\WINDOWS\system32\14323572ld.exe<BR />2007-02-10 13:12 17,478 --a------ C:\WINDOWS\system32\12313892ld.exe<BR />2007-02-10 13:10 21,858 --a------ C:\WINDOWS\system32\1033762ld.exe<BR />2007-02-10 13:08 21,858 --a------ C:\WINDOWS\system32\8347012ld.exe<BR />2007-02-10 13:06 23,318 --a------ C:\WINDOWS\system32\6363732ld.exe<BR />2007-02-10 13:04 13,098 --a------ C:\WINDOWS\system32\4348732ld.exe<BR />2007-02-10 13:02 18,938 --a------ C:\WINDOWS\system32\2331232ld.exe<BR />2007-02-10 13:00 23,318 --a------ C:\WINDOWS\system32\0344512ld.exe<BR />2007-02-10 12:58 21,858 --a------ C:\WINDOWS\system32\58331852ld.exe<BR />2007-02-10 12:56 21,858 --a------ C:\WINDOWS\system32\56349202ld.exe<BR />2007-02-10 12:54 21,858 --a------ C:\WINDOWS\system32\54337172ld.exe<BR />2007-02-10 12:52 21,858 --a------ C:\WINDOWS\system32\52354982ld.exe<BR />2007-02-10 12:50 23,318 --a------ C:\WINDOWS\system32\50372952ld.exe<BR />2007-02-10 12:48 18,938 --a------ C:\WINDOWS\system32\48391542ld.exe<BR />2007-02-10 12:46 21,858 --a------ C:\WINDOWS\system32\46403892ld.exe<BR />2007-02-10 12:44 18,938 --a------ C:\WINDOWS\system32\44422642ld.exe<BR />2007-02-10 12:42 21,858 --a------ C:\WINDOWS\system32\42409512ld.exe<BR />2007-02-10 12:40 21,858 --a------ C:\WINDOWS\system32\40427172ld.exe<BR />2007-02-10 12:38 21,858 --a------ C:\WINDOWS\system32\38404672ld.exe<BR />2007-02-10 12:36 17,478 --a------ C:\WINDOWS\system32\36392012ld.exe<BR />2007-02-10 12:34 18,938 --a------ C:\WINDOWS\system32\3441602ld.exe<BR />2007-02-10 12:32 21,858 --a------ C:\WINDOWS\system32\32424822ld.exe<BR />2007-02-10 12:30 21,858 --a------ C:\WINDOWS\system32\3041602ld.exe<BR />2007-02-10 12:28 24,778 --a------ C:\WINDOWS\system32\28144352ld.exe<BR />2007-02-10 12:25 21,858 --a------ C:\WINDOWS\system32\2518892ld.exe<BR />2007-02-10 12:22 21,858 --a------ C:\WINDOWS\system32\22444822ld.exe<BR />2007-02-10 12:20 13,098 --a------ C:\WINDOWS\system32\20448102ld.exe<BR />2007-02-10 12:18 21,858 --a------ C:\WINDOWS\system32\18455762ld.exe<BR />2007-02-10 12:16 21,858 --a------ C:\WINDOWS\system32\16467642ld.exe<BR />2007-02-10 12:14 24,778 --a------ C:\WINDOWS\system32\14478102ld.exe<BR />2007-02-10 12:12 21,858 --a------ C:\WINDOWS\system32\12493102ld.exe<BR />2007-02-10 12:10 21,858 --a------ C:\WINDOWS\system32\10508732ld.exe<BR />2007-02-10 12:08 21,858 --a------ C:\WINDOWS\system32\8519352ld.exe<BR />2007-02-10 11:48 21,858 --a------ C:\WINDOWS\system32\48309982ld.exe<BR />2007-02-10 11:27 26,238 --a------ C:\WINDOWS\system32\2768102ld.exe<BR />2007-02-10 11:19 40 --a------ C:\WINDOWS\system32\profile.dat<BR />2007-02-10 11:16 <DIR> d-------- C:\Program Files\Symantec<BR />2007-02-10 11:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared<BR />2007-02-10 11:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Dane aplikacji\Symantec<BR />2007-02-10 11:08 30,334 --a------ C:\WINDOWS\system32\8279812ld.exe<BR />2007-02-10 10:42 30,334 --a------ C:\WINDOWS\system32\42332942ld.exe<BR />2007-02-10 10:22 30,334 --a------ C:\WINDOWS\system32\22244192ld.exe<BR />2007-02-10 09:41 30,334 --a------ C:\WINDOWS\system32\41472312ld.exe<BR />2007-02-10 01:23 30,334 --a------ C:\WINDOWS\system32\2325762ld.exe<BR />2007-02-10 01:02 30,618 --a------ C:\WINDOWS\system32\2514822ld.exe<BR />2007-02-10 00:42 30,334 --a------ C:\WINDOWS\system32\42417012ld.exe<BR />2007-02-10 00:22 30,334 --a------ C:\WINDOWS\system32\22312322ld.exe<BR />2007-02-10 00:02 30,790 --a------ C:\WINDOWS\system32\222292ld.exe<BR />2007-02-09 23:42 30,790 --a------ C:\WINDOWS\system32\42104042ld.exe<BR />2007-02-09 23:22 30,618 --a------ C:\WINDOWS\system32\21568572ld.exe<BR />2007-02-09 23:02 73,609 --a------ C:\DOCUME~1\SORRYA~1\1.exe<BR />2007-02-09 23:01 30,770 --a------ C:\WINDOWS\system32\1426542ld.exe<BR />2007-02-09 17:54 30,334 --a------ C:\WINDOWS\system32\54219052ld.exe<BR />2007-02-09 17:34 30,486 --a------ C:\WINDOWS\system32\3484982ld.exe<BR />2007-02-09 17:14 30,334 --a------ C:\WINDOWS\system32\13596082ld.exe<BR />2007-02-09 16:55 30,334 --a------ C:\WINDOWS\system32\5549142ld.exe<BR />2007-02-09 15:57 30,618 --a------ C:\WINDOWS\system32\57398572ld.exe<BR />2007-02-09 15:37 30,334 --a------ C:\WINDOWS\system32\37245612ld.exe<BR />2007-02-09 14:41 30,334 --a------ C:\WINDOWS\system32\41589352ld.exe<BR />2007-02-08 16:23 73,609 ---hs---- C:\WINDOWS\system32\sysem.exe<BR />2007-02-08 16:22 2,560 ---hs---- C:\WINDOWS\system32\helpersysem.exe<BR />2007-02-08 16:03 <DIR> d-------- C:\Program Files\Anti Trojan Elite<BR />2007-01-14 12:33 <DIR> d-------- C:\Program Files\FlashGet<BR />2007-01-14 00:52 <DIR> d-------- C:\DOCUME~1\SORRYA~1\Dane aplikacji\Ulead Systems<BR />2007-01-13 23:48 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems<BR />2007-01-13 23:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Dane aplikacji\Ulead Systems<BR />2007-01-13 22:33 <DIR> d-------- C:\Program Files\NimoCodec Pack<BR />2007-01-13 22:32 <DIR> d-------- C:\Program Files\AVIcodec<BR />2007-01-13 22:31 <DIR> d-------- C:\WINDOWS\system32\windows media<BR />2007-01-13 22:31 <DIR> d-------- C:\WINDOWS\msdownld.tmp<BR />2007-01-13 22:31 <DIR> d-------- C:\Program Files\Windows Media Components<BR />2007-01-13 22:22 <DIR> d-------- C:\Program Files\Odkurzacz 9.3 Pro<BR />2007-01-13 22:18 <DIR> d-------- C:\Program Files\DivX<BR />2007-01-13 21:18 <DIR> d-------- C:\Program Files\XviD<BR />2007-01-13 18:44 <DIR> d-------- C:\Video Wonder Pro II V2<BR />2007-01-13 18:40 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll<BR />2007-01-13 18:40 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll<BR />2007-01-13 18:40 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll<BR /><BR /><BR />(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))<BR /><BR /><BR />2007-02-10 23:33 -------- d-------- C:\Program Files\opera<BR />2007-02-10 23:29 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\skype<BR />2007-02-10 23:27 -------- d-------- C:\Program Files\neostrada tp<BR />2007-02-10 12:17 30618 --a------ C:\WINDOWS\system32\3201842ld.vexe<BR />2007-02-10 10:15 76772 --a------ C:\WINDOWS\system32\salvage.exe<BR />2007-02-09 14:47 30334 --a------ C:\WINDOWS\system32\21443732ld.vexe<BR />2007-02-09 13:02 -------- d-------- C:\Program Files\bearshare<BR />2007-02-09 13:02 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\lavasoft<BR />2007-02-06 16:17 -------- d--h----- C:\Program Files\installshield installation information<BR />2007-01-21 13:52 3580 --a------ C:\WINDOWS\system32\d3d9caps.dat<BR />2007-01-14 00:52 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\ulead systems<BR />2007-01-13 23:48 -------- d-------- C:\Program Files\Common Files\installshield<BR />2007-01-13 22:27 -------- d-------- C:\Program Files\winamp<BR />2007-01-13 22:27 -------- d-------- C:\Program Files\quicktime<BR />2007-01-13 22:27 -------- d-------- C:\Program Files\movie maker<BR />2007-01-13 16:22 -------- d-------- C:\Program Files\ffdshow<BR />2007-01-07 15:40 -------- d---s---- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\microsoft<BR />2006-12-30 17:04 76017 --a------ C:\WINDOWS\system32\salvage.vexe<BR />2006-12-28 21:59 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\adobe<BR />2006-12-26 23:19 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\sun<BR />2006-12-26 23:18 -------- d-------- C:\Program Files\java<BR />2006-12-26 23:18 -------- d-------- C:\Program Files\Common Files\java<BR />2006-12-23 21:22 -------- d-------- C:\Program Files\2k games<BR />2006-12-23 21:21 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\installshield<BR />2006-12-23 01:21 -------- d-------- C:\Program Files\damian pasternak<BR />2006-12-22 23:40 -------- d-------- C:\Program Files\Common Files\adobe<BR />2006-12-21 18:58 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll<BR />2006-12-17 15:44 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\ahead<BR />2006-12-17 15:43 -------- d-------- C:\Program Files\Common Files\ahead<BR />2006-12-17 15:43 -------- d-------- C:\Program Files\ahead<BR />2006-12-17 14:57 -------- d-------- C:\Program Files\subedit-player<BR />2006-12-17 12:20 -------- d-------- C:\Program Files\bitcomet<BR />2006-12-17 00:24 -------- d-------- C:\Program Files\Common Files\vbox<BR />2006-12-16 23:55 -------- d-------- C:\Program Files\coolpro2<BR />2006-12-16 23:49 -------- d-------- C:\Program Files\mp3directcut<BR />2006-12-16 23:49 -------- d-------- C:\Program Files\easy cd-da extractor 6<BR />2006-12-16 23:22 729088 --a------ C:\WINDOWS\iun6002.exe<BR />2006-12-16 12:25 -------- d-------- C:\Program Files\gadu-gadu<BR />2006-12-16 12:17 -------- d-------- C:\Program Files\virtualdubmod<BR />2006-12-16 12:17 -------- d-------- C:\Program Files\virtualdub-1.6.9<BR />2006-12-13 15:41 -------- d-------- C:\Program Files\nero<BR />2006-12-12 21:40 89984 --a------ C:\WINDOWS\system32\drivers\sptd6541.sys<BR />2006-12-12 21:40 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys<BR />2006-12-10 13:21 499712 --a------ C:\WINDOWS\system32\msvcp71.dll<BR />2006-12-10 13:21 348160 --a------ C:\WINDOWS\system32\msvcr71.dll<BR />2006-12-02 12:25 270336 --a------ C:\WINDOWS\system32\imon.dll<BR />2006-12-02 12:05 49492 --a------ C:\WINDOWS\system32\perfc015.dat<BR />2006-12-02 12:05 355486 --a------ C:\WINDOWS\system32\perfh015.dat<BR />2006-12-02 11:44 0 -rahs---- C:\MSDOS.SYS<BR />2006-12-02 11:44 0 -rahs---- C:\IO.SYS<BR />2006-12-02 11:44 0 --a------ C:\CONFIG.SYS<BR />2006-12-02 11:44 0 --a------ C:\AUTOEXEC.BAT<BR />2006-12-02 11:41 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<BR />2006-12-02 11:25 62 --ahs---- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\desktop.ini<BR /> (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))<BR /><BR />*Note* empty entries & legit default entries are not shown<BR /><BR />[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]<BR />"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"<BR />"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"<BR />"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""<BR />"sysms"="C:\\WINDOWS\\system32\\sysem.exe"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]<BR />"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"<BR />"SoundMan"="SOUNDMAN.EXE"<BR />"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"<BR />"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"<BR />"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"<BR />"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"<BR />"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"<BR />"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1045"<BR />"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"<BR />"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"<BR />"msvcc25"="svcchost.exe"<BR />"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"<BR />"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"<BR />"WinDVRCtrl"="C:\\WINDOWS\\WDVRCtrl.exe"<BR />"odk_mon"="C:\\Program Files\\Odkurzacz 9.3 Pro\\odk_mon.exe"<BR />"sysms"="C:\\WINDOWS\\system32\\sysem.exe"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]<BR />"Installed"="1"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]<BR />"Installed"="1"<BR />"NoChange"="1"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]<BR />"Installed"="1"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]<BR />"msvcc25"="svcchost.exe"<BR /> <BR />[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]<BR />"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"<BR /><BR />[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]<BR />LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0<BR />NetworkService REG_MULTI_SZ DnsCache\0\0<BR />rpcss REG_MULTI_SZ RpcSs\0\0<BR />imgsvc REG_MULTI_SZ StiSvc\0\0<BR />termsvcs REG_MULTI_SZ TermService\0\0<BR /><BR /><BR /><BR />********************************************************************<BR /><BR />catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006<BR />http://www.gmer.net<BR /><BR />scanning hidden processes ...<BR /><BR />scanning hidden services ...<BR /><BR />scanning hidden autostart entries ...<BR /><BR />scanning hidden files ...<BR /><BR />scan completed successfully<BR />hidden processes: 0<BR />hidden services: 0<BR />hidden files: 0<BR /><BR />********************************************************************<BR />Completion time: 07-02-10 23:42:19<BR /><BR /><BR /><BR /><BR /><BR />
Wrzucam raport tak jak radziłeś...tylko nie wiem o co chodzi w tym :/<BR /><BR />ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Sorry Andzej\Pulpit"<BR /><BR />(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))<BR /><BR /><BR />C:\WINDOWS\system32\recsl.exe<BR />C:\WINDOWS\system32\rpcc.dll<BR /><BR /><BR />((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))<BR /> 2007-02-10 23:28 30,334 --a------ C:\WINDOWS\system32\28177332ld.exe<BR />2007-02-10 17:34 30,334 --a------ C:\WINDOWS\system32\34509662ld.exe<BR />2007-02-10 17:24 30,334 --a------ C:\WINDOWS\system32\2431442ld.exe<BR />2007-02-10 17:09 30,334 --a------ C:\WINDOWS\system32\9198572ld.exe<BR />2007-02-10 16:35 30,770 --a------ C:\WINDOWS\system32\35469042ld.exe<BR />2007-02-10 15:28 30,618 --a------ C:\WINDOWS\system32\28122632ld.exe<BR />2007-02-10 15:07 30,770 --a------ C:\WINDOWS\system32\773102ld.exe<BR />2007-02-10 13:55 30,922 --a------ C:\WINDOWS\system32\55264342ld.exe<BR />2007-02-10 13:45 17,478 --a------ C:\WINDOWS\system32\4518892ld.exe<BR />2007-02-10 13:18 21,858 --a------ C:\WINDOWS\system32\18412012ld.exe<BR />2007-02-10 13:16 21,858 --a------ C:\WINDOWS\system32\16429822ld.exe<BR />2007-02-10 13:14 21,858 --a------ C:\WINDOWS\system32\14323572ld.exe<BR />2007-02-10 13:12 17,478 --a------ C:\WINDOWS\system32\12313892ld.exe<BR />2007-02-10 13:10 21,858 --a------ C:\WINDOWS\system32\1033762ld.exe<BR />2007-02-10 13:08 21,858 --a------ C:\WINDOWS\system32\8347012ld.exe<BR />2007-02-10 13:06 23,318 --a------ C:\WINDOWS\system32\6363732ld.exe<BR />2007-02-10 13:04 13,098 --a------ C:\WINDOWS\system32\4348732ld.exe<BR />2007-02-10 13:02 18,938 --a------ C:\WINDOWS\system32\2331232ld.exe<BR />2007-02-10 13:00 23,318 --a------ C:\WINDOWS\system32\0344512ld.exe<BR />2007-02-10 12:58 21,858 --a------ C:\WINDOWS\system32\58331852ld.exe<BR />2007-02-10 12:56 21,858 --a------ C:\WINDOWS\system32\56349202ld.exe<BR />2007-02-10 12:54 21,858 --a------ C:\WINDOWS\system32\54337172ld.exe<BR />2007-02-10 12:52 21,858 --a------ C:\WINDOWS\system32\52354982ld.exe<BR />2007-02-10 12:50 23,318 --a------ C:\WINDOWS\system32\50372952ld.exe<BR />2007-02-10 12:48 18,938 --a------ C:\WINDOWS\system32\48391542ld.exe<BR />2007-02-10 12:46 21,858 --a------ C:\WINDOWS\system32\46403892ld.exe<BR />2007-02-10 12:44 18,938 --a------ C:\WINDOWS\system32\44422642ld.exe<BR />2007-02-10 12:42 21,858 --a------ C:\WINDOWS\system32\42409512ld.exe<BR />2007-02-10 12:40 21,858 --a------ C:\WINDOWS\system32\40427172ld.exe<BR />2007-02-10 12:38 21,858 --a------ C:\WINDOWS\system32\38404672ld.exe<BR />2007-02-10 12:36 17,478 --a------ C:\WINDOWS\system32\36392012ld.exe<BR />2007-02-10 12:34 18,938 --a------ C:\WINDOWS\system32\3441602ld.exe<BR />2007-02-10 12:32 21,858 --a------ C:\WINDOWS\system32\32424822ld.exe<BR />2007-02-10 12:30 21,858 --a------ C:\WINDOWS\system32\3041602ld.exe<BR />2007-02-10 12:28 24,778 --a------ C:\WINDOWS\system32\28144352ld.exe<BR />2007-02-10 12:25 21,858 --a------ C:\WINDOWS\system32\2518892ld.exe<BR />2007-02-10 12:22 21,858 --a------ C:\WINDOWS\system32\22444822ld.exe<BR />2007-02-10 12:20 13,098 --a------ C:\WINDOWS\system32\20448102ld.exe<BR />2007-02-10 12:18 21,858 --a------ C:\WINDOWS\system32\18455762ld.exe<BR />2007-02-10 12:16 21,858 --a------ C:\WINDOWS\system32\16467642ld.exe<BR />2007-02-10 12:14 24,778 --a------ C:\WINDOWS\system32\14478102ld.exe<BR />2007-02-10 12:12 21,858 --a------ C:\WINDOWS\system32\12493102ld.exe<BR />2007-02-10 12:10 21,858 --a------ C:\WINDOWS\system32\10508732ld.exe<BR />2007-02-10 12:08 21,858 --a------ C:\WINDOWS\system32\8519352ld.exe<BR />2007-02-10 11:48 21,858 --a------ C:\WINDOWS\system32\48309982ld.exe<BR />2007-02-10 11:27 26,238 --a------ C:\WINDOWS\system32\2768102ld.exe<BR />2007-02-10 11:19 40 --a------ C:\WINDOWS\system32\profile.dat<BR />2007-02-10 11:16 <DIR> d-------- C:\Program Files\Symantec<BR />2007-02-10 11:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared<BR />2007-02-10 11:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Dane aplikacji\Symantec<BR />2007-02-10 11:08 30,334 --a------ C:\WINDOWS\system32\8279812ld.exe<BR />2007-02-10 10:42 30,334 --a------ C:\WINDOWS\system32\42332942ld.exe<BR />2007-02-10 10:22 30,334 --a------ C:\WINDOWS\system32\22244192ld.exe<BR />2007-02-10 09:41 30,334 --a------ C:\WINDOWS\system32\41472312ld.exe<BR />2007-02-10 01:23 30,334 --a------ C:\WINDOWS\system32\2325762ld.exe<BR />2007-02-10 01:02 30,618 --a------ C:\WINDOWS\system32\2514822ld.exe<BR />2007-02-10 00:42 30,334 --a------ C:\WINDOWS\system32\42417012ld.exe<BR />2007-02-10 00:22 30,334 --a------ C:\WINDOWS\system32\22312322ld.exe<BR />2007-02-10 00:02 30,790 --a------ C:\WINDOWS\system32\222292ld.exe<BR />2007-02-09 23:42 30,790 --a------ C:\WINDOWS\system32\42104042ld.exe<BR />2007-02-09 23:22 30,618 --a------ C:\WINDOWS\system32\21568572ld.exe<BR />2007-02-09 23:02 73,609 --a------ C:\DOCUME~1\SORRYA~1\1.exe<BR />2007-02-09 23:01 30,770 --a------ C:\WINDOWS\system32\1426542ld.exe<BR />2007-02-09 17:54 30,334 --a------ C:\WINDOWS\system32\54219052ld.exe<BR />2007-02-09 17:34 30,486 --a------ C:\WINDOWS\system32\3484982ld.exe<BR />2007-02-09 17:14 30,334 --a------ C:\WINDOWS\system32\13596082ld.exe<BR />2007-02-09 16:55 30,334 --a------ C:\WINDOWS\system32\5549142ld.exe<BR />2007-02-09 15:57 30,618 --a------ C:\WINDOWS\system32\57398572ld.exe<BR />2007-02-09 15:37 30,334 --a------ C:\WINDOWS\system32\37245612ld.exe<BR />2007-02-09 14:41 30,334 --a------ C:\WINDOWS\system32\41589352ld.exe<BR />2007-02-08 16:23 73,609 ---hs---- C:\WINDOWS\system32\sysem.exe<BR />2007-02-08 16:22 2,560 ---hs---- C:\WINDOWS\system32\helpersysem.exe<BR />2007-02-08 16:03 <DIR> d-------- C:\Program Files\Anti Trojan Elite<BR />2007-01-14 12:33 <DIR> d-------- C:\Program Files\FlashGet<BR />2007-01-14 00:52 <DIR> d-------- C:\DOCUME~1\SORRYA~1\Dane aplikacji\Ulead Systems<BR />2007-01-13 23:48 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems<BR />2007-01-13 23:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Dane aplikacji\Ulead Systems<BR />2007-01-13 22:33 <DIR> d-------- C:\Program Files\NimoCodec Pack<BR />2007-01-13 22:32 <DIR> d-------- C:\Program Files\AVIcodec<BR />2007-01-13 22:31 <DIR> d-------- C:\WINDOWS\system32\windows media<BR />2007-01-13 22:31 <DIR> d-------- C:\WINDOWS\msdownld.tmp<BR />2007-01-13 22:31 <DIR> d-------- C:\Program Files\Windows Media Components<BR />2007-01-13 22:22 <DIR> d-------- C:\Program Files\Odkurzacz 9.3 Pro<BR />2007-01-13 22:18 <DIR> d-------- C:\Program Files\DivX<BR />2007-01-13 21:18 <DIR> d-------- C:\Program Files\XviD<BR />2007-01-13 18:44 <DIR> d-------- C:\Video Wonder Pro II V2<BR />2007-01-13 18:40 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll<BR />2007-01-13 18:40 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll<BR />2007-01-13 18:40 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll<BR /><BR /><BR />(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))<BR /><BR /><BR />2007-02-10 23:33 -------- d-------- C:\Program Files\opera<BR />2007-02-10 23:29 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\skype<BR />2007-02-10 23:27 -------- d-------- C:\Program Files\neostrada tp<BR />2007-02-10 12:17 30618 --a------ C:\WINDOWS\system32\3201842ld.vexe<BR />2007-02-10 10:15 76772 --a------ C:\WINDOWS\system32\salvage.exe<BR />2007-02-09 14:47 30334 --a------ C:\WINDOWS\system32\21443732ld.vexe<BR />2007-02-09 13:02 -------- d-------- C:\Program Files\bearshare<BR />2007-02-09 13:02 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\lavasoft<BR />2007-02-06 16:17 -------- d--h----- C:\Program Files\installshield installation information<BR />2007-01-21 13:52 3580 --a------ C:\WINDOWS\system32\d3d9caps.dat<BR />2007-01-14 00:52 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\ulead systems<BR />2007-01-13 23:48 -------- d-------- C:\Program Files\Common Files\installshield<BR />2007-01-13 22:27 -------- d-------- C:\Program Files\winamp<BR />2007-01-13 22:27 -------- d-------- C:\Program Files\quicktime<BR />2007-01-13 22:27 -------- d-------- C:\Program Files\movie maker<BR />2007-01-13 16:22 -------- d-------- C:\Program Files\ffdshow<BR />2007-01-07 15:40 -------- d---s---- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\microsoft<BR />2006-12-30 17:04 76017 --a------ C:\WINDOWS\system32\salvage.vexe<BR />2006-12-28 21:59 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\adobe<BR />2006-12-26 23:19 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\sun<BR />2006-12-26 23:18 -------- d-------- C:\Program Files\java<BR />2006-12-26 23:18 -------- d-------- C:\Program Files\Common Files\java<BR />2006-12-23 21:22 -------- d-------- C:\Program Files\2k games<BR />2006-12-23 21:21 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\installshield<BR />2006-12-23 01:21 -------- d-------- C:\Program Files\damian pasternak<BR />2006-12-22 23:40 -------- d-------- C:\Program Files\Common Files\adobe<BR />2006-12-21 18:58 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll<BR />2006-12-17 15:44 -------- d-------- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\ahead<BR />2006-12-17 15:43 -------- d-------- C:\Program Files\Common Files\ahead<BR />2006-12-17 15:43 -------- d-------- C:\Program Files\ahead<BR />2006-12-17 14:57 -------- d-------- C:\Program Files\subedit-player<BR />2006-12-17 12:20 -------- d-------- C:\Program Files\bitcomet<BR />2006-12-17 00:24 -------- d-------- C:\Program Files\Common Files\vbox<BR />2006-12-16 23:55 -------- d-------- C:\Program Files\coolpro2<BR />2006-12-16 23:49 -------- d-------- C:\Program Files\mp3directcut<BR />2006-12-16 23:49 -------- d-------- C:\Program Files\easy cd-da extractor 6<BR />2006-12-16 23:22 729088 --a------ C:\WINDOWS\iun6002.exe<BR />2006-12-16 12:25 -------- d-------- C:\Program Files\gadu-gadu<BR />2006-12-16 12:17 -------- d-------- C:\Program Files\virtualdubmod<BR />2006-12-16 12:17 -------- d-------- C:\Program Files\virtualdub-1.6.9<BR />2006-12-13 15:41 -------- d-------- C:\Program Files\nero<BR />2006-12-12 21:40 89984 --a------ C:\WINDOWS\system32\drivers\sptd6541.sys<BR />2006-12-12 21:40 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys<BR />2006-12-10 13:21 499712 --a------ C:\WINDOWS\system32\msvcp71.dll<BR />2006-12-10 13:21 348160 --a------ C:\WINDOWS\system32\msvcr71.dll<BR />2006-12-02 12:25 270336 --a------ C:\WINDOWS\system32\imon.dll<BR />2006-12-02 12:05 49492 --a------ C:\WINDOWS\system32\perfc015.dat<BR />2006-12-02 12:05 355486 --a------ C:\WINDOWS\system32\perfh015.dat<BR />2006-12-02 11:44 0 -rahs---- C:\MSDOS.SYS<BR />2006-12-02 11:44 0 -rahs---- C:\IO.SYS<BR />2006-12-02 11:44 0 --a------ C:\CONFIG.SYS<BR />2006-12-02 11:44 0 --a------ C:\AUTOEXEC.BAT<BR />2006-12-02 11:41 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<BR />2006-12-02 11:25 62 --ahs---- C:\Documents and Settings\Sorry Andzej\Dane aplikacji\desktop.ini<BR /> (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))<BR /><BR />*Note* empty entries & legit default entries are not shown<BR /><BR />[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]<BR />"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"<BR />"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"<BR />"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""<BR />"sysms"="C:\\WINDOWS\\system32\\sysem.exe"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]<BR />"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"<BR />"SoundMan"="SOUNDMAN.EXE"<BR />"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"<BR />"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"<BR />"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"<BR />"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"<BR />"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"<BR />"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1045"<BR />"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"<BR />"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"<BR />"msvcc25"="svcchost.exe"<BR />"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"<BR />"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"<BR />"WinDVRCtrl"="C:\\WINDOWS\\WDVRCtrl.exe"<BR />"odk_mon"="C:\\Program Files\\Odkurzacz 9.3 Pro\\odk_mon.exe"<BR />"sysms"="C:\\WINDOWS\\system32\\sysem.exe"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]<BR />"Installed"="1"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]<BR />"Installed"="1"<BR />"NoChange"="1"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]<BR />"Installed"="1"<BR /><BR />[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]<BR />"msvcc25"="svcchost.exe"<BR /> <BR />[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]<BR />"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"<BR /><BR />[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]<BR />LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0<BR />NetworkService REG_MULTI_SZ DnsCache\0\0<BR />rpcss REG_MULTI_SZ RpcSs\0\0<BR />imgsvc REG_MULTI_SZ StiSvc\0\0<BR />termsvcs REG_MULTI_SZ TermService\0\0<BR /><BR /><BR /><BR />********************************************************************<BR /><BR />catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006<BR />http://www.gmer.net<BR /><BR />scanning hidden processes ...<BR /><BR />scanning hidden services ...<BR /><BR />scanning hidden autostart entries ...<BR /><BR />scanning hidden files ...<BR /><BR />scan completed successfully<BR />hidden processes: 0<BR />hidden services: 0<BR />hidden files: 0<BR /><BR />********************************************************************<BR /><BR />Completion time: 07-02-10 23:42:19<BR /><BR /><BR /><BR /><BR /><BR /><BR />
Nie wiem dlaczego Combo nie usunął tych kilku podanych infekcji - dotychczas usuwał je automatycznie. <br />Albo więc są one tym razem czymś chronione, albo zastosowałeś już jakiś "usuwacz", albo też zmyliłeś go fixem w Hijacku. Nieważne.<br />Na początek zamknij porty przed następnymi robakami. Użyj do tego: <a href="http://www.searchengines.pl/phpbb203/index.php?showtopic=12532" target="_blank" title="http://www.searchengines.pl/phpbb203/index.php?showtopic=12532"><b><span>Windows Worms Doors Cleaner</span></b></a>.<br />Ponieważ w raporcie Combo widzę bardzo dużo do usuwania, więc ściągnij stąd <a href="http://www.searchengines.pl/phpbb203/pliki/picasso/downloads/gmer.zip" target="_blank" title="http://www.searchengines.pl/phpbb203/pliki/picasso/downloads/gmer.zip"><b><span>GMER</span></b></a>.<br /> Uruchom go>>gmer.exe<br />Przejdź do zakładki>>><strong>CMD</strong>>>zaznacz<strong> CMD</strong> i w czarne pole wklej to:<br /><br /><strong>gmer -killall<br />gmer -del file C:\WINDOWS\system32\sysem.exe<br />gmer -del file C:\WINDOWS\System32\svcchost.exe<br />gmer -del file C:\WINDOWS\system32\28177332ld.exe<br />gmer -del file C:\WINDOWS\system32\34509662ld.exe<br />gmer -del file C:\WINDOWS\system32\2431442ld.exe<br />gmer -del file C:\WINDOWS\system32\9198572ld.exe<br />gmer -del file C:\WINDOWS\system32\35469042ld.exe<br />gmer -del file C:\WINDOWS\system32\28122632ld.exe<br />gmer -del file C:\WINDOWS\system32\773102ld.exe<br />gmer -del file C:\WINDOWS\system32\55264342ld.exe<br />gmer -del file C:\WINDOWS\system32\4518892ld.exe<br />gmer -del file C:\WINDOWS\system32\18412012ld.exe<br /> </strong><strong>gmer -del file C:\WINDOWS\system32\salvage.vexe</strong><strong><br />gmer -del file C:\WINDOWS\system32\16429822ld.exe<br />gmer -del file C:\WINDOWS\system32\14323572ld.exe<br />gmer -del file C:\WINDOWS\system32\12313892ld.exe<br />gmer -del file C:\WINDOWS\system32\1033762ld.exe<br />gmer -del file C:\WINDOWS\system32\8347012ld.exe<br />gmer -del file C:\WINDOWS\system32\6363732ld.exe<br />gmer -del file C:\WINDOWS\system32\4348732ld.exe<br />gmer -del file C:\WINDOWS\system32\2331232ld.exe<br />gmer -del file C:\WINDOWS\system32\0344512ld.exe<br />gmer -del file C:\WINDOWS\system32\58331852ld.exe<br />gmer -del file C:\WINDOWS\system32\56349202ld.exe<br />gmer -del file C:\WINDOWS\system32\54337172ld.exe<br />gmer -del file C:\WINDOWS\system32\52354982ld.exe</strong><br /><strong>gmer -reboot</strong><br />i kliknij na <strong>Uruchom</strong> z prawej strony. Komputer <u>powinien się sam wyłączyć i włączyć<br /></u><br />Nie daję wszystkiego naraz do usuwania, bo GMER mógłby się zawiesić od nadmiaru.<br />Teraz przystąpimy do drugiej rundy usuwania.<br />Znów uruchom>>gmer.exe<br />W zakładce >>><strong>CMD</strong>>><strong>CMD</strong> wklej:<br /><br /><strong>gmer -killall<br />gmer -del file C:\WINDOWS\system32\50372952ld.exe<br />gmer -del file C:\WINDOWS\System32\48391542ld.exe<br />gmer -del file C:\WINDOWS\system32\46403892ld.exe<br />gmer -del file C:\WINDOWS\system32\44422642ld.exe<br />gmer -del file C:\WINDOWS\system32\42409512ld.exe<br />gmer -del file C:\WINDOWS\system32\40427172ld.exe<br />gmer -del file C:\WINDOWS\system32\38404672ld.exe<br />gmer -del file C:\WINDOWS\system32\36392012ld.exe<br />gmer -del file C:\WINDOWS\system32\3441602ld.exe<br />gmer -del file C:\WINDOWS\system32\32424822ld.exe<br />gmer -del file C:\WINDOWS\system32\3041602ld.exe<br />gmer -del file C:\WINDOWS\system32\28144352ld.exe <br />gmer -del file C:\WINDOWS\system32\2518892ld.exe<br />gmer -del file C:\WINDOWS\system32\22444822ld.exe<br />gmer -del file C:\WINDOWS\system32\20448102ld.exe<br />gmer -del file C:\WINDOWS\system32\18455762ld.exe<br />gmer -del file C:\WINDOWS\system32\16467642ld.exe<br />gmer -del file C:\WINDOWS\system32\14478102ld.exe<br />gmer -del file C:\WINDOWS\system32\12493102ld.exe<br />gmer -del file C:\WINDOWS\system32\10508732ld.exe<br />gmer -del file C:\WINDOWS\system32\8519352ld.exe<br />gmer -del file C:\WINDOWS\system32\48309982ld.exe<br />gmer -del file C:\WINDOWS\system32\2768102ld.exe<br />gmer -del file C:\WINDOWS\system32\mysvcc.exe<br />gmer -del file C:\WINDOWS\system32\mysvcc.exe</strong><br /><strong>gmer -reboot</strong><br />i kliknij na <strong>Uruchom</strong> z prawej strony. Komputer <u>powinien się sam wyłączyć i włączyć<br /><br /></u>Przechodzimy do trzeciej rundy.<br />Znów>>gmer.exe>><strong>CMD</strong>>><strong>CMD</strong>>wklej:<br /><br /><strong>gmer -killall<br />gmer -del file C:\WINDOWS\system32\svcchost.exe<br />gmer -del file C:\WINDOWS\System32\8279812ld.exe<br />gmer -del file C:\WINDOWS\system32\42332942ld.exe<br />gmer -del file C:\WINDOWS\system32\sysem.exe<br />gmer -del file C:\WINDOWS\system32\22244192ld.exe<br />gmer -del file C:\WINDOWS\system32\41472312ld.exe<br />gmer -del file C:\WINDOWS\system32\2325762ld.exe<br />gmer -del file C:\WINDOWS\system32\2514822ld.exe<br />gmer -del file C:\WINDOWS\system32\42417012ld.exe<br />gmer -del file C:\WINDOWS\system32\22312322ld.exe<br />gmer -del file C:\WINDOWS\system32\222292ld.exe<br />gmer -del file C:\WINDOWS\system32\42104042ld.exe <br />gmer -del file C:\WINDOWS\system32\21568572ld.exe<br />gmer -del file C:\WINDOWS\system32\1426542ld.exe<br />gmer -del file C:\WINDOWS\system32\54219052ld.exe<br />gmer -del file C:\WINDOWS\system32\3484982ld.exe<br />gmer -del file C:\WINDOWS\system32\13596082ld.exe<br />gmer -del file C:\WINDOWS\system32\5549142ld.exe<br />gmer -del file C:\WINDOWS\system32\57398572ld.exe<br />gmer -del file C:\WINDOWS\system32\37245612ld.exe<br />gmer -del file C:\WINDOWS\system32\41589352ld.exe<br />gmer -del file C:\WINDOWS\system32\helpersysem.exe<br />gmer -del file C:\DOCUME~1\SORRYA~1\1.exe<br />gmer -del file C:\WINDOWS\system32\3201842ld.vexe<br />gmer -del file C:\WINDOWS\system32\21443732ld.vexe</strong><br /><strong>gmer -del file C:\WINDOWS\system32\salvage.exe</strong><strong><br /></strong><strong>gmer -reboot</strong><br />i kliknij na <strong>Uruchom</strong> z prawej strony. Komputer <u>powinien się sam wyłączyć i włączyć<br /></u>Na razie wystarczy.<br /> <b><span>Daj nowy raport z ComboFixa</span></b>, bo na pewno w międzyczasie szkodnik się rozmnożył - rozmnaża się co 2 minuty. Do usuwania dałem tylko te, które na pewno są infekcją, ale jest kilka wpisów w raporcie, których nie znam - ale to jeszcze zdążymy wyjaśnić, na razie je zostawiamy.<br />Powodzenia!<br />