iworm_attck_v122.02a

[pylus89]

dopadł mnie: iworm_attck_v122.02a

A konkretnie "wirus" który powoduje wyskakujące chmurki z prawej strony... chmurki te informuja o rzekomych zagrożeniach dla komputera, po ich kliknięciu otwiera sie strona z "polecanymi" programami antywirusowymi które "rzekomo" maja nam pomóc...

Nagminne wyskakiwanie tychże chmurek skłania mnie do tego aby usunąć tenm problem raz na zawsze...

Skanowałem system progeramami typu AVG,Ad-Awere... nie wykrywają problemu...

Zrobiem loga HiJAckiem... jak co to go wrzuce...chciałbym wiedzieć czy ktoś mógły mi pomoc... z góry dziękuje bardzo!

Pozdrawiam pylus89

[Vis Maior]

Jak wiesz gdzie sie ulokował to go usuń. Spróbuj moze przeskanować jeszcze jakimis innymi antyvirami. Jak chcesz uniknąc problemu mozesz zainstalowac np xpanty spy i odznaczyc wyskakujące chmurki.

[CatchMe]

Wklej logi: HijackThis i ComboFix.

[pylus89]

LOG HIJACK :

Logfile of HijackThis v1.99.1

Scan saved at 14:06:58, on 2007-07-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:Program FilesJavajre1.6.0_01binjusched.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesD-Toolsdaemon.exe

C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesSkypePhoneSkype.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesGadu-Gadugg.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32notepad.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsPaweł_2Pulpithijackthis_199HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://gadnet.hit.gemius.pl/hitredir/id=nG...zkaniowy.bph.pl

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"

O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Startup: DrAntispy.lnk = C:Program FilesDrAntispyDrAntispy.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe

--------------------------------------------------------------------------------------

LOG COMBOFIX:

"Pawe_2" - 2007-07-06 13:48:57 - ComboFix 07-07-04.4 - Dodatek Service Pack 2

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:WINDOWSsystem32wingob32.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:d.exe

C:DOCUME~1ALLUSE~1DANEAP~1.TEMP

C:DOCUME~1PAWE_2~1Pulpit.internet explorer.lnk

C:Program Filesvideo activex access

C:Program Filesvideo activex accessiesmin.exe~

C:Program Filesvideo activex accessiesmn.exe~

C:Program Filesvideo activex accessiesplg.dll

C:Program Filesvideo activex accessimsmain.exe~

C:Program Filesvideo activex accessimsmn.exe~

C:Program Filesvideo activex accessimsunst.exe

C:Program Filesvideo activex accessot.ico

C:Program Filesvideo activex accessts.ico

((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))

2007-07-06 13:48 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-06 11:40 42,093 --a------ C:hivtvru.exe

2007-07-06 11:34 <DIR> d-------- C:Program FilesXoftSpySE

2007-07-06 11:12 89,088 --a------ C:WINDOWSsystem32atl71.dll

2007-07-05 21:18 5,632 --a------ C:WINDOWSsystem32ptpusb.dll

2007-07-05 21:18 159,232 --a------ C:WINDOWSsystem32ptpusd.dll

2007-07-05 21:18 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys

2007-07-02 15:51 <DIR> d-------- C:Program Files01-mp3search

2007-06-27 11:21 4 --a------ C:WINDOWSinfo147.sys

2007-06-10 22:06 <DIR> d-------- C:WINDOWSCache

2007-06-06 06:57 <DIR> d-------- C:DOCUME~1PaulinaDANEAP~1Media Player Classic

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-06 11:47:40 -------- d-----w C:DOCUME~1PAWE_2~1DANEAP~1Skype

2007-07-06 09:40:37 -------- d-----w C:Program FilesWinamp

2007-06-27 09:19:57 8,704 --s-a-w C:WINDOWSsystem32xnvaogd.dll

2007-06-17 11:28:41 49,492 ----a-w C:WINDOWSsystem32perfc015.dat

2007-06-17 11:28:41 355,486 ----a-w C:WINDOWSsystem32perfh015.dat

2007-05-22 12:44:01 -------- d-----w C:DOCUME~1PAWE_2~1DANEAP~1MSN6

2007-05-16 15:18:58 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll

2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll

2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:WINDOWSsystem32wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:WINDOWSsystem32wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:WINDOWSsystem32wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:WINDOWSsystem32wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:WINDOWSsystem32wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:WINDOWSsystem32wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll

2007-04-10 15:08:58 98,304 ----a-w C:WINDOWSsystem32CmdLineExt.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2005-12-07 16:06 399424 --a------ C:Program FilesYahoo!CompanionInstallscpnyt.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-04 00:17 54248 --a------ C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

2006-11-17 20:30 202304 --a------ C:Program FilesBitComettoolsBitCometBHO.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:PROGRA~1SPYBOT~1SDHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [2007-04-23 08:55]

"nwiz"="nwiz.exe" [2006-08-11 21:43 C:WINDOWSsystem32nwiz.exe]

"WinampAgent"="C:Program FilesWinampwinampa.exe" []

"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43]

"DAEMON Tools-1033"="C:Program FilesD-Toolsdaemon.exe" [2004-08-22 18:05]

"HP Component Manager"="C:Program FilesHPhpcoretechhpcmpmgr.exe" [2003-10-23 19:51]

"HP Software Update"="C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe" [2003-06-25 11:24]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]

"Skype"="C:Program FilesSkypePhoneSkype.exe" [2006-10-13 17:33]

"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24]

"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2006-11-14 11:12]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskSched

ler]

"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="C:WINDOWSsystem32xnvaogd.dll" [2007-06-27 11:19]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

"C:Program FilesMessengermsmsgs.exe" /background

Contents of the 'Scheduled Tasks' folder

2007-07-06 11:54:00 C:WINDOWStasksXoftSpySE 2.job

2007-07-06 09:34:18 C:WINDOWStasksXoftSpySE.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-06 13:54:13

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

C:WINDOWSsystem32cmd.exe [3860] 0xFF70BDA0

scanning hidden autostart entries ...

scanning hidden files ...

C:WINDOWS0.log

scan completed successfully

hidden files: 1

**************************************************************************

Completion time: 2007-07-06 13:56:14 - machine was rebooted

C:ComboFix-quarantined-files.txt ... 2007-07-06 13:56

--- E O F ---

Czekam na odpowiedź Pozdrawiam

[CatchMe]

Zablokuj porty programami WWDC i Seconfig XP

VAX... a raczej resztki.

Dla pewności użyj SmitFraudFix z opcji 2 w trybie awaryjnym.

Następnie nowe logi.

[pylus89]

ze mnie kompletny laik... mógłyś mi to jakoś przetworzyć na język dla mnie zrozumiały to co napisałeś? plizz

[Przemek]

pylus89, od czego jest dzial PORADNIKI ?

[pylus89]

Chciałem tylko wiedzieć co znaczy VAX...?

[CatchMe]

video activex access - tylko inna grupa Czekam na logi.

[pylus89]

LOG HIJACK:

Logfile of HijackThis v1.99.1

Scan saved at 15:43:44, on 2007-07-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:WINDOWSExplorer.EXE

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:Program FilesJavajre1.6.0_01binjusched.exe

C:Program FilesD-Toolsdaemon.exe

C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesSkypePhoneSkype.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesGadu-Gadugg.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32notepad.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSsystem32NOTEPAD.EXE

C:Documents and SettingsPaweł_2Pulpithijackthis_199HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://gadnet.hit.gemius.pl/hitredir/id=nG...zkaniowy.bph.pl

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"

O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Startup: DrAntispy.lnk = C:Program FilesDrAntispyDrAntispy.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe

-------------------------------------------------------------------------------------------------------------------

LOG COMBOFIX

"Pawe_2" - 2007-07-06 15:34:34 - ComboFix 07-07-04.4 - Dodatek Service Pack 2

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------LEGACY_NPF

((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))

2007-07-06 15:28 2,200 --a------ C:WINDOWSsystem32tmp.reg

2007-07-06 13:48 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-06 11:40 42,093 --a------ C:hivtvru.exe

2007-07-06 11:34 <DIR> d-------- C:Program FilesXoftSpySE

2007-07-06 11:12 89,088 --a------ C:WINDOWSsystem32atl71.dll

2007-07-05 21:18 5,632 --a------ C:WINDOWSsystem32ptpusb.dll

2007-07-05 21:18 159,232 --a------ C:WINDOWSsystem32ptpusd.dll

2007-07-05 21:18 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys

2007-07-02 15:51 <DIR> d-------- C:Program Files01-mp3search

2007-06-27 11:21 4 --a------ C:WINDOWSinfo147.sys

2007-06-10 22:06 <DIR> d-------- C:WINDOWSCache

2007-06-06 06:57 <DIR> d-------- C:DOCUME~1PaulinaDANEAP~1Media Player Classic

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-06 13:33:40 -------- d-----w C:DOCUME~1PAWE_2~1DANEAP~1Skype

2007-07-06 09:40:37 -------- d-----w C:Program FilesWinamp

2007-06-17 11:28:41 49,492 ----a-w C:WINDOWSsystem32perfc015.dat

2007-06-17 11:28:41 355,486 ----a-w C:WINDOWSsystem32perfh015.dat

2007-05-22 12:44:01 -------- d-----w C:DOCUME~1PAWE_2~1DANEAP~1MSN6

2007-05-16 15:18:58 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll

2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll

2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:WINDOWSsystem32wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:WINDOWSsystem32wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:WINDOWSsystem32wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:WINDOWSsystem32wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:WINDOWSsystem32wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:WINDOWSsystem32wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll

2007-04-10 15:08:58 98,304 ----a-w C:WINDOWSsystem32CmdLineExt.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2005-12-07 16:06 399424 --a------ C:Program FilesYahoo!CompanionInstallscpnyt.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-04 00:17 54248 --a------ C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

2006-11-17 20:30 202304 --a------ C:Program FilesBitComettoolsBitCometBHO.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:PROGRA~1SPYBOT~1SDHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [2007-04-23 08:55]

"nwiz"="nwiz.exe" [2006-08-11 21:43 C:WINDOWSsystem32nwiz.exe]

"WinampAgent"="C:Program FilesWinampwinampa.exe" []

"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43]

"DAEMON Tools-1033"="C:Program FilesD-Toolsdaemon.exe" [2004-08-22 18:05]

"HP Component Manager"="C:Program FilesHPhpcoretechhpcmpmgr.exe" [2003-10-23 19:51]

"HP Software Update"="C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe" [2003-06-25 11:24]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]

"Skype"="C:Program FilesSkypePhoneSkype.exe" [2006-10-13 17:33]

"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24]

"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2006-11-14 11:12]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

"C:Program FilesMessengermsmsgs.exe" /background

Contents of the 'Scheduled Tasks' folder

2007-07-06 13:39:43 C:WINDOWStasksXoftSpySE 2.job

2007-07-06 09:34:18 C:WINDOWStasksXoftSpySE.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-06 15:39:54

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

C:WINDOWSsystem32cmd.exe [3224] 0xFF72D598

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-06 15:41:48 - machine was rebooted

C:ComboFix-quarantined-files.txt ... 2007-07-06 15:41

C:ComboFix2.txt ... 2007-07-06 13:56

--- E O F ---

Zrobiłem wszystko wg wskazówek... po czyszczeniu SmitFraudFix'em problem jak ręką odjął... jak narazie spokój;) Dziękuje bardzo za pomoc!!! POZDRAWIAM

[CatchMe]

Resztka do usunięcia: (w trybie awaryjnym)

C:hivtvru.exe

Kosmetycznie usuń:

C:WINDOWSsystem32tmp.reg

C:WINDOWSnircmd.exe

i wklej combofixa