problem z plikami *.vbs

[mseifer]

Skaner czasu rzeczywistego co jakiś czas przy dostępie do dysku w plikach

pagefile.sys.vbs

znajdujeVBS/Solow.D

auorn.inf na dysku c

znajduje VBS/IE.Title!inf.B
Przy włączaniu pendrive to samo się dzieje.

Pomóżcie prośba wielka

[Serafin]

Daj tutaj loga z hijacka. To wygląda na jakiś grubszy syf.

[mseifer]

Daj tutaj loga z hijacka. To wygląda na jakiś grubszy syf.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:45, on 2008-04-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAviraAvira Premium Security Suitesched.exe
Crogram FilesAviraAvira Premium Security Suiteavguard.exe
Crogram FilesAviraAvira Premium Security Suiteavesvc.exe
Crogram FilesIVT CorporationBlueSoleilBTNtService.exe
C:WINDOWSExplorer.EXE
Crogram FilesMagicTune PremiumMagicTuneEngine.exe
Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
Crogram FilesGoogleGmail Notifiergnotify.exe
Crogram FilesMicrosoft OfficeOffice12GrooveMonitor.exe
Crogram FilesNeroNero8Nero BackItUpNBService.exe
Crogram FilesWindows DefenderMSASCui.exe
Crogram FilesJavajre1.6.0_05binjusched.exe
Crogram FilesWinampwinampa.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesRaxcoPerfectDisk2008PD91Agent.exe
C:WINDOWSsystem32IoctlSvc.exe
Crogram FilesCyberLinkShared filesRichVideo.exe
Crogram FilesPcBoostPcBoost.exe
Crogram FilesAviraAvira Premium Security Suiteavmailc.exe
Crogram FilesAviraAvira Premium Security SuiteAVWEBGRD.EXE
C:WINDOWSsystem32ctfmon.exe
Crogram FilesWinamp RemotebinOrbTray.exe
Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe
CROGRA~1MyPortalSpeed-XSpeedX.exe
Crogram FilesDAEMON Tools Litedaemon.exe
Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe
Crogram FilesWinamp RemotebinOrb.exe
Crogram FilesMagicTune PremiumGammaTray.exe
Crogram FilesSECNatural Color ProNCProTray.exe
Crogram FilesuTorrentuTorrent.exe
Crogram FilesMagicTune PremiumMagicTune.exe
Crogram FilesCommon FilesNeroLibNMIndexingService.exe
Crogram FilesCommon FilesTeleca SharedGeneric.exe
Crogram FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
Crogram FilesTlen.pltlen.exe
Crogram FilesGadu-Gadugg.exe
CROGRA~1FOXITS~1FOXITR~1FOXITR~1.EXE
Crogram FilesInternet Exploreriexplore.exe
Crogram FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32wscript.exe
C:WINDOWSsystem32wscript.exe
C:WINDOWSsystem32wscript.exe
Crogram FilesOperaOpera.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - Crogram FilesWinamp Toolbarwinamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - Crogram FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_05binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Crogram FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]Crogram FilesGoogleGmail Notifiergnotify.exe
O4 - HKLM..Run: [GrooveMonitor]"Crogram FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [Windows Defender]"Crogram FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [SunJavaUpdateSched]"Crogram FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [WinampAgent]"Crogram FilesWinampwinampa.exe"
O4 - HKLM..Run: [NBKeyScan]"Crogram FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [Sony Ericsson PC Suite]"Crogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [SoundMan]SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck]Crogram FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [KernelFaultCheck]%systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [AVP]"Crogram FilesKaspersky LabKaspersky Internet Security 7.0avp.exe"
O4 - HKLM..Run: [avgnt]"Crogram FilesAviraAvira Premium Security Suiteavgnt.exe" /min
O4 - HKLM..Run: [QuickTime Task]"Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [TrojanScanner]Crogram FilesTrojan RemoverTrjscan.exe
O4 - HKLM..Run: [PcBoost]"Crogram FilesPcBoostPcBoost.exe" /start
O4 - HKLM..Run: [MSRegInfo]C:WINDOWSpagefile.sys.vbs
O4 - HKCU..Run: [CTFMON.EXE]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Orb]"Crogram FilesWinamp RemotebinOrbTray.exe" /background
O4 - HKCU..Run: [swg]Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]"Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU..Run: [Gadu-Gadu]"Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [SpeedX]CROGRA~1MyPortalSpeed-XSpeedX.exe
O4 - HKCU..Run: [DAEMON Tools Lite]"Crogram FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O4 - Startup: µTorrent.lnk = Crogram FilesuTorrentuTorrent.exe
O4 - Global Startup: BlueSoleil.lnk = Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - Cocuments and SettingsAll UsersDane aplikacjiWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: Dodaj do blokowanych banerów - Crogram FilesKaspersky LabKaspersky Internet Security 7.0ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel -

[Aby zobaczyć linki, zarejestruj się tutaj]

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll
O15 - Trusted Zone:

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - Crogram FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Crogram FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O20 - AppInit_DLLs: CROGRA~1KASPER~1KASPER~1.0adialhk.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - Crogram FilesAviraAvira Premium Security Suiteavfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - Crogram FilesAviraAvira Premium Security Suiteavmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAviraAvira Premium Security Suitesched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - Crogram FilesAviraAvira Premium Security Suiteavguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - Crogram FilesAviraAvira Premium Security SuiteAVWEBGRD.EXE
O23 - Service: BugSoft AnyTrial (AnyTrial) - Avira GmbH - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - Crogram FilesAviraAvira Premium Security Suiteavesvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - Crogram FilesIVT CorporationBlueSoleilBTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: MagicTuneEngine - Unknown owner - Crogram FilesMagicTune PremiumMagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - Crogram FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - Crogram FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - Crogram FilesRaxcoPerfectDisk2008PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - Crogram FilesRaxcoPerfectDisk2008PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:WINDOWSsystem32IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - Crogram FilesCyberLinkShared filesRichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--
End of file - 11096 bytes

[Serafin]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
O4 - HKLM..Run: [KernelFaultCheck]%systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [MSRegInfo]C:WINDOWSpagefile.sys.vbs

Skasuj te wpisy.
Daj loga z

[Aby zobaczyć linki, zarejestruj się tutaj]

[mseifer]

ComboFix 08-04-18.3 - Leszek 2008-04-20 16:35:30.1 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.499 [GMT 2:00]
Running from: Cocuments and SettingsLeszekPulpitComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Cocuments and SettingsLeszekUlubioneOnline Security Test.url
C:WINDOWSmsvrc20.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20)))))))))))))))))))))))))))))))
.

2008-04-20 16:35 . 2008-04-20 16:35 1,024 --ah----- C:WINDOWSsystem32configsystemprofilentuser.dat.LOG
2008-04-20 14:34 . 2008-04-20 16:41 <DIR> d-------- Crogram FilesPeerGuardian2
2008-04-20 14:28 . 2008-04-20 14:28 <DIR> d-------- Crogram FilesTrend Micro
2008-04-20 14:14 . 2008-04-20 14:14 <DIR> d-------- Crogram FilesToniArts
2008-04-17 13:22 . 2008-04-17 13:22 <DIR> d-------- Crogram FilesPcBoost
2008-04-16 16:56 . 2008-04-16 16:59 <DIR> d-------- Crogram FilesTrojan Remover
2008-04-16 16:56 . 2008-04-16 16:56 <DIR> d-------- Cocuments and SettingsLeszekDane aplikacjiSimply Super Software
2008-04-16 16:56 . 2008-04-16 16:56 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiSimply Super Software
2008-04-16 16:22 . 2008-04-16 16:22 <DIR> d-------- Cocuments and SettingsLeszekDane aplikacjiAvira
2008-04-16 16:08 . 2008-04-16 16:08 <DIR> d-------- Crogram FilesAvira
2008-04-16 16:08 . 2008-04-16 16:08 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiAvira
2008-04-16 16:08 . 2008-03-06 12:15 71,464 --a------ C:WINDOWSsystem32driversavfwim.sys
2008-04-16 16:08 . 2008-02-07 10:00 66,176 --a------ C:WINDOWSsystem32driversavfwot.sys
2008-04-16 16:02 . 2008-04-20 16:41 11,833,376 --ahs---- C:WINDOWSsystem32driversfidbox.dat
2008-04-16 16:02 . 2008-04-20 15:55 135,260 --ahs---- C:WINDOWSsystem32driversfidbox.idx
2008-04-16 16:02 . 2008-04-20 16:41 88,608 --ahs---- C:WINDOWSsystem32driversfidbox2.dat
2008-04-16 16:02 . 2008-04-20 15:55 11,960 --ahs---- C:WINDOWSsystem32driversfidbox2.idx
2008-04-16 16:01 . 2008-04-16 16:01 <DIR> d-------- Crogram FilesKaspersky Lab
2008-04-16 16:01 . 2008-04-16 16:01 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiKaspersky Lab
2008-04-16 15:42 . 2008-02-08 18:37 219,664 --a------ C:WINDOWSsystem32klogon.dll
2008-04-15 18:20 . 2008-04-15 18:20 545 --a------ C:WINDOWSeReg.dat
2008-04-13 16:00 . 2008-04-13 16:00 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiRaxco
2008-04-13 16:00 . 2008-01-09 22:00 68,624 -ra------ C:WINDOWSsystem32driversDefragFS.sys
2008-04-12 12:56 . 2002-12-12 18:13 4,296,704 -ra------ C:WINDOWSunasetup.exe
2008-04-12 12:56 . 2008-04-12 12:56 53,248 --a------ C:WINDOWSsystem32unrar.dll
2008-04-11 21:14 . 2008-04-11 21:14 <DIR> d-------- Cocuments and SettingsLeszekDane aplikacjiSereniti
2008-04-10 13:49 . 2008-04-10 13:49 <DIR> d-------- Crogram FilesReal Alternative
2008-04-10 13:49 . 2008-04-10 13:49 <DIR> d-------- Crogram FilesMedia Player Classic
2008-04-10 13:49 . 2008-04-10 13:50 <DIR> d-------- Cocuments and SettingsLeszekDane aplikacjiMedia Player Classic
2008-04-08 16:27 . 2008-04-08 16:27 226 --a------ C:WINDOWSAWS.ini
2008-04-08 15:52 . 2008-04-08 15:52 <DIR> d-------- Crogram FilesMyPortal
2008-04-08 15:52 . 2008-04-08 15:52 0 --ah----- C:WINDOWSsystem32sx.inf
2008-04-06 22:43 . 2008-04-06 22:43 0 --a------ C:WINDOWSnsreg.dat
2008-03-29 19:08 . 2008-03-29 19:08 2,550 --a------ C:WINDOWSsystem32Uninstall.ico
2008-03-29 19:08 . 2008-03-29 19:08 1,406 --a------ C:WINDOWSsystem32Help.ico
2008-03-29 17:51 . 2008-03-29 17:51 <DIR> d-------- Cocuments and SettingsLeszekDane aplikacjiArcaBit
2008-03-28 21:50 . 2008-03-28 21:50 38 --a------ C:WINDOWSAviSplitter.INI
2008-03-27 18:46 . 2008-03-27 18:46 <DIR> d-------- Crogram FilesIObit
2008-03-26 23:16 . 2008-03-26 23:16 <DIR> d-------- Cocuments and SettingsLeszekDane aplikacjiThinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 14:42 --------- d-----w Cocuments and SettingsLeszekDane aplikacjiuTorrent
2008-04-20 12:14 --------- d--h--w Crogram FilesInstallShield Installation Information
2008-04-20 09:09 --------- d-----w Crogram FilesWinamp Remote
2008-04-19 17:17 --------- d-----w Cocuments and SettingsLeszekDane aplikacjiTlen.pl
2008-04-18 19:58 --------- d-----w Crogram FilesCommon FilesAdobe
2008-04-17 12:45 --------- d-----w Crogram FilesMoorHunt
2008-04-17 11:16 --------- d---a-w Cocuments and SettingsAll UsersDane aplikacjiTEMP
2008-04-15 15:59 --------- d-----w Crogram FilesDAEMON Tools Lite
2008-04-15 15:54 717,296 ----a-w C:WINDOWSsystem32driverssptd.sys
2008-04-13 14:00 --------- d-----w Crogram FilesRaxco
2008-04-11 20:32 --------- d-----w Crogram FilesUltraISO
2008-04-11 20:32 --------- d-----w Crogram FilesCommon FilesEZB Systems
2008-04-10 10:21 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiMicrosoft Help
2008-04-06 09:50 --------- d-----w Crogram FilesGlary Utilities
2008-04-03 14:31 --------- d-----w Crogram FilesOpera
2008-03-22 19:17 --------- d-----w Crogram FilesSopCast
2008-03-20 08:09 1,845,504 ----a-w C:WINDOWSsystem32win32k.sys
2008-03-19 17:14 --------- d-----w Crogram FilesIrfanView
2008-03-19 12:14 10,345 ----a-w C:WINDOWSsystem32drivershamachi.sys
2008-03-19 12:14 --------- d-----w Crogram FilesHamachi
2008-03-16 21:59 --------- d-----w Cocuments and SettingsLeszekDane aplikacjiApple Computer
2008-03-15 18:55 --------- d-----w Crogram FilesCommon FilesNero
2008-03-15 18:53 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiNero
2008-03-14 22:35 --------- d-----w Crogram FilesGadu-Gadu
2008-03-11 15:44 --------- d-----w Crogram FilesQuickTime
2008-03-11 15:39 --------- d-----w Crogram FilesApple Software Update
2008-03-11 15:39 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiApple Computer
2008-03-11 15:39 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiApple
2008-03-10 20:22 --------- d-----w Crogram FilesSlySoft
2008-03-10 20:22 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiSlySoft
2008-03-10 17:49 --------- d-----w Crogram FilesWindows Installer Clean Up
2008-03-10 17:49 --------- d-----w Crogram FilesMSECACHE
2008-03-09 14:23 --------- d-----w Crogram FilesRealtek AC97
2008-03-09 10:57 --------- d-----w Crogram FilesJava
2008-03-08 12:25 17,408 --sha-w C:WINDOWSAnyTrial.exe
2008-03-07 19:31 --------- d-----w Crogram FilesFDRLab
2008-03-07 10:21 --------- d-----w Crogram FilesWinAce
2008-03-04 21:34 --------- d-----w Crogram FilesSUPERAntiSpyware
2008-03-04 21:34 --------- d-----w Crogram FilesCommon FilesWise Installation Wizard
2008-03-04 14:19 --------- d-----w Cocuments and SettingsLeszekDane aplikacjiDAEMON Tools
2008-03-03 21:22 --------- d-----w Crogram FilesTC UP
2008-03-02 17:16 --------- d-----w Crogram FilesYour Uninstaller 2008
2008-03-02 17:02 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiSUPERAntiSpyware.com
2008-03-01 13:02 826,368 ----a-w C:WINDOWSsystem32wininet.dll
2008-02-28 16:38 972,072 ----a-w C:WINDOWSUNNeroMediaHome.exe
2008-02-28 12:16 307,968 ----a-w C:WINDOWSsystem32TuneUpDefragService.exe
2008-02-28 12:15 --------- d-----w Crogram FilesTuneUp Utilities 2008
2008-02-28 12:15 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiTuneUp Software
2008-02-28 11:40 --------- d-----w Crogram FilesSmarty Uninstaller Pro
2008-02-28 11:38 --------- d-----w Cocuments and SettingsLeszekDane aplikacjiURSoft
2008-02-27 14:00 --------- d-----w Cocuments and SettingsLeszekDane aplikacjiCyberLink
2008-02-27 12:15 28,416 ----a-w C:WINDOWSsystem32uxtuneup.dll
2008-02-26 15:14 972,072 ----a-w C:WINDOWSUNRecode.exe
2008-02-26 05:51 2,863,616 ----a-w C:WINDOWSsystem32driversati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:WINDOWSsystem32ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:WINDOWSsystem32atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:WINDOWSsystem32ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:WINDOWSsystem32atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:WINDOWSsystem32Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:WINDOWSsystem32ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:WINDOWSsystem32Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:WINDOWSsystem32ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:WINDOWSsystem32ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:WINDOWSsystem32atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:WINDOWSsystem32ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:WINDOWSsystem32ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:WINDOWSsystem32ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:WINDOWSsystem32amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:WINDOWSsystem32atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:WINDOWSsystem32atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:WINDOWSsystem32driversati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:WINDOWSsystem32atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:WINDOWSsystem32atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:WINDOWSsystem32ati2cqag.dll
2008-02-25 20:05 593,920 ------w C:WINDOWSsystem32ati2sgag.exe
2008-02-25 17:28 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiCyberLink
2008-02-25 17:23 --------- d-----w Crogram FilesCyberLink
2008-02-25 12:23 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiBluetooth
2008-02-25 12:17 --------- d-----w Crogram FilesIVT Corporation
2008-02-23 16:22 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiElaborate Bytes
2008-02-21 12:57 --------- d-----w Crogram FilesXP Codec Pack
2008-02-20 06:51 282,624 ----a-w C:WINDOWSsystem32gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:WINDOWSsystem32dnsrslvr.dll
2008-02-18 15:04 95,600 ----a-w C:WINDOWSsystem32NeroCo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ Crogram FilesWinamp Toolbarwinamptb.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "Crogram FilesWinamp Toolbarwinamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOTclsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= Crogram FilesWinamp Toolbarwinamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOTclsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLToolBand]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44 15360]
"Orb"="Crogram FilesWinamp RemotebinOrbTray.exe" [2008-01-07 22:02 495616]
"swg"="Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [2008-02-07 18:13 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"Gadu-Gadu"="Crogram FilesGadu-Gadugg.exe" [2008-03-20 12:04 2127296]
"SpeedX"="CROGRA~1MyPortalSpeed-XSpeedX.exe" [2006-06-27 14:11 46718]
"DAEMON Tools Lite"="Crogram FilesDAEMON Tools Litedaemon.exe" [2008-04-01 11:39 486856]
"PeerGuardian"="Crogram FilesPeerGuardian2pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="Crogram FilesGoogleGmail Notifiergnotify.exe" [2005-07-15 23:48 479232]
"GrooveMonitor"="Crogram FilesMicrosoft OfficeOffice12GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Windows Defender"="Crogram FilesWindows DefenderMSASCui.exe" [2006-11-03 20:20 866584]
"SunJavaUpdateSched"="Crogram FilesJavajre1.6.0_05binjusched.exe" [2008-02-22 05:25 144784]
"WinampAgent"="Crogram FilesWinampwinampa.exe" [2007-10-10 07:28 36352]
"NBKeyScan"="Crogram FilesNeroNero8Nero BackItUpNBKeyScan.exe" [2008-02-18 17:29 2221352]
"Sony Ericsson PC Suite"="Crogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 17:17 159744]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:WINDOWSsoundman.exe]
"NeroFilterCheck"="Crogram FilesCommon FilesNeroLibNeroCheck.exe" [2008-02-28 10:59 570664]
"avgnt"="Crogram FilesAviraAvira Premium Security Suiteavgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="Crogram FilesQuickTimeqttask.exe" [2008-01-10 16:27 385024]
"TrojanScanner"="Crogram FilesTrojan RemoverTrjscan.exe" [2008-04-07 19:51 873040]
"PcBoost"="Crogram FilesPcBoostPcBoost.exe" [2008-04-12 23:34 1615536]
"MSRegInfo"="C:WINDOWSpagefile.sys.vbs" [ ]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 00:44 15360]

Cocuments and SettingsLeszekMenu StartProgramyAutostart
uTorrent.lnk - Crogram FilesuTorrentuTorrent.exe [2008-02-07 16:54:15 219952]

Cocuments and SettingsAll UsersMenu StartProgramyAutostart
BlueSoleil.lnk - Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe [2006-07-16 18:33:36 626176]
GammaTray.lnk - Crogram FilesMagicTune PremiumGammaTray.exe [2008-02-07 15:34:30 36864]
NCProTray.lnk - Crogram FilesSECNatural Color ProNCProTray.exe [2008-02-07 15:34:08 49220]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=CROGRA~1KASPER~1KASPER~1.0adialhk.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLanguageShortcut]
--a------ 2007-02-07 17:21 54832 Crogram FilesCyberLinkPowerDVDLanguageLanguage.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
--a------ 2008-01-10 16:27 385024 Crogram FilesQuickTimeQTTask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
--------- 2007-02-07 17:24 71216 Crogram FilesCyberLinkPowerDVDPDVDServ.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
--a------ 2006-11-10 13:35 90112 Crogram FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"C:\Program Files\uTorrent\uTorrent.exe"=
"C:\Program Files\Winamp Remote\bin\Orb.exe"=
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"=
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"=
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"=
"E:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"=
"C:\Program Files\Gadu-Gadu\gg.exe"=
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"=

R1 avfwot;avfwot;C:WINDOWSsystem32DRIVERSavfwot.sys [2008-02-07 10:00]
R1 VD_FileDisk;VD_FileDisk;C:WINDOWSsystem32driversVD_FileDisk.sys [2006-01-13 15:00]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};Crogram FilesCyberLinkPowerDVD 0 00.fcl [2006-11-02 17:51]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"Crogram FilesAviraAvira Premium Security Suiteavfwsvc.exe" [2008-03-26 15:33]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"Crogram FilesAviraAvira Premium Security Suiteavmailc.exe" [2008-03-26 15:35]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"Crogram FilesAviraAvira Premium Security SuiteAVWEBGRD.EXE" [2008-04-09 15:57]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"Crogram FilesAviraAvira Premium Security Suiteavesvc.exe" [2008-02-07 10:06]
R2 PD91Agent;PD91Agent;"Crogram FilesRaxcoPerfectDisk2008PD91Agent.exe" [2008-01-16 10:52]
R2 UxTuneUp;TuneUp Theme Extension;C:WINDOWSSystem32svchost.exe [2004-08-04 00:44]
R3 avfwim;AvFw Packet Filter Miniport;C:WINDOWSsystem32DRIVERSavfwim.sys [2008-03-06 12:15]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys [2007-12-13 13:28]
S3 PD91Engine;PD91Engine;"Crogram FilesRaxcoPerfectDisk2008PD91Engine.exe" [2008-01-16 10:52]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:WINDOWSSystem32TuneUpDefragService.exe [2008-02-28 14:16]
S3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 00:08]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost- NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the ''Scheduled Tasks'' folder
"2008-04-20 14:06:51 C:WINDOWSTasks1-Click Maintenance.job"
- Crogram FilesTuneUp Utilities 2008OneClickStarter.exe
"2008-04-18 12:58:10 C:WINDOWSTasksAppleSoftwareUpdate.job"
- Crogram FilesApple Software UpdateSoftwareUpdate.exe
"2008-04-20 14:06:57 C:WINDOWSTasksGlaryInitialize.job"
- Crogram FilesGlary Utilitiesinitialize.exe
"2008-04-20 14:32:26 C:WINDOWSTasksMP Scheduled Scan.job"
- Crogram FilesWindows DefenderMpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

[Aby zobaczyć linki, zarejestruj się tutaj]

Rootkit scan 2008-04-20 16:41:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINEsystemControlSet001Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="??Crogram FilesCyberLinkPowerDVD 0 00.fcl"
.
Completion time: 2008-04-20 16:45:01
ComboFix-quarantined-files.txt2008-04-20 14:44:09

Pre-Run: 13,812,346,880 bajtów wolnych
Post-Run: 13,960,638,464 bajtów wolnych

266 --- E O F --- 2008-04-18 09:42:11

[Serafin]

Otwórz notatnik i wklej w nim to:

Kod:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"MSRegInfo"=-

Plik>zapisz jako>zmień rozszerzenie na: wszystkie pliki> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG w trybie awaryjnym i wyłączonym przywracaniem systemu.
Po zabiegach dajesz nowe logi.

[Lost World]

Kod:

C:WINDOWSAnyTrial.exe

Na forum nie tolerujemy piractwa.Proszę o wyjaśnienie tego czegoś na PW.Masz 72 godziny inaczej temat poleci do kosza.