oto logi z komputera z trojanami prosze o pomoc

[bicka1]

ComboFix 07-09-21.2 - "BiCkA" 2007-09-21 22:59:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1599 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\BiCkA\DANEAP~1\addon.dat
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 22:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-21 22:58 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\TrojanHunter
2007-09-21 22:49 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-09-21 21:36 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-09-21 21:36 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-09-21 21:36 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-09-21 21:36 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-09-21 21:36 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-09-21 21:36 <DIR> d-------- C:\Program Files\Trojan Remover
2007-09-21 21:36 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Simply Super Software
2007-09-21 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Simply Super Software
2007-09-21 21:34 <DIR> d-------- C:\Program Files\BillP Studios
2007-09-21 21:34 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\WinPatrol
2007-09-16 11:39 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\ArcaBit
2007-09-14 14:11 <DIR> d-------- C:\Program Files\Grupa IMAGE
2007-09-12 20:26 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar
2007-09-12 20:26 <DIR> d-------- C:\Program Files\Common Files\WhenU
2007-09-12 20:26 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\WhenU
2007-09-12 20:24 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-12 20:23 1,315 --a------ C:\WINDOWS\system32\sdbackup.reg
2007-09-09 17:18 <DIR> d-------- C:\Program Files\AnalogX
2007-09-08 23:44 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-08 23:44 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Hamachi
2007-09-08 17:03 3,584 --a------ C:\WINDOWS\EAddress.dll
2007-09-08 13:09 97,552 --a------ C:\WINDOWS\system32\rdocurs.dll
2007-09-08 13:09 376,592 --a------ C:\WINDOWS\system32\msrdo20.dll
2007-09-08 13:09 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll
2007-09-08 13:09 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll
2007-09-08 13:09 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll
2007-09-08 13:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-09-08 12:55 <DIR> d-------- C:\SQLEVAL
2007-09-08 11:27 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-09-06 17:59 <DIR> d-------- C:\Program Files\Intel
2007-09-06 17:42 31,872 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-09-06 17:42 31,872 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-09-06 15:54 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-09-06 15:54 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-09-06 15:54 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-09-06 15:54 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-09-05 22:17 <DIR> d--h----- C:\DOCUME~1\BiCkA\DANEAP~1\ijjigame
2007-09-05 20:18 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-04 21:14 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-04 18:25 <DIR> d-------- C:\Program Files\FlashGet
2007-09-01 23:33 <DIR> d-------- C:\Program Files\ArcaMicroScan
2007-09-01 19:00 <DIR> d-------- C:\Program Files\hp deskjet 845c series
2007-09-01 19:00 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-25 16:17 <DIR> d-------- C:\Program Files\MarBit
2007-08-24 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-08-22 13:50 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
2007-08-22 13:50 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2007-08-22 13:27 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 22:25 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-21 22:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-21 21:58 --------- d-------- C:\Program Files\Common Files\Real
2007-09-21 21:58 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Real
2007-09-05 20:22 --------- d-------- C:\Program Files\Google
2007-09-05 19:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google
2007-08-29 21:49 --------- d-------- C:\Program Files\Neostrada TP
2007-08-22 15:49 --------- d-------- C:\Program Files\AutoConnect
2007-08-21 14:24 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-13 22:27 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\InterTrust
2007-08-13 12:48 --------- d-------- C:\Program Files\Common Files\DirectX
2007-08-11 15:40 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Ahead
2007-08-07 10:47 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-08-07 10:47 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-03 13:04 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Google
2007-07-31 12:40 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Gadu-Gadu
2007-07-31 12:06 --------- d-------- C:\Program Files\Gadu-Gadu
2007-07-30 16:00 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-07-30 16:00 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-07-30 15:54 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\DivX
2007-07-30 15:36 --------- d-------- C:\Program Files\SystemRequirementsLab
2007-07-30 15:35 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-30 12:02 315392 --a------ C:\WINDOWS\HideWin.exe
2007-07-30 11:57 --------- d-------- C:\Program Files\VIA
2007-07-30 11:57 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-30 11:48 --------- d-------- C:\Program Files\Nero
2007-07-30 11:48 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-30 10:48 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Help
2007-07-30 09:57 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg
2007-07-30 09:57 --------- d-------- C:\Program Files\SAGEM
2007-07-30 09:44 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-20 12:01 767280 --a------ C:\WINDOWS\system32\ArcaMicroScanUpdater.exe
2007-07-20 10:34 847872 --a------ C:\WINDOWS\system32\ArcaOnline.dll
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
--------- C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-17 16:42]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]

C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-30 09:57:28]

R3 rtl8029;Sterownik NT karty Realtek RTL8029(AS)-based PCI Ethernet;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S3 jswmidin;jswmidin;\??\C:\DOCUME~1\BiCkA\USTAWI~1\Temp\jswmidin.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 23:00:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [2688] 0x891C4860


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 23:00:19
C:\ComboFix-quarantined-files.txt ... 2007-09-21 23:00
.
--- E O F ---

[bicka1]

ComboFix 07-09-21.2 - "daniel" 2007-09-21 23:26:59.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.337 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 23:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-21 23:13 <DIR> d-------- C:\DOCUME~1\daniel\DANEAP~1\TrojanHunter
2007-09-21 23:05 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-09-21 22:18 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-09-21 22:18 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-09-21 22:18 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-09-21 22:18 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-09-21 22:18 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-09-21 22:18 <DIR> d-------- C:\Program Files\Trojan Remover
2007-09-21 22:18 <DIR> d-------- C:\DOCUME~1\daniel\DANEAP~1\Simply Super Software
2007-09-21 22:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-09-21 22:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Simply Super Software
2007-09-21 22:15 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-21 22:11 <DIR> d--hs---- C:\Recycled
2007-09-21 22:09 <DIR> dr-h----- C:\DOCUME~1\daniel\Dane aplikacji
2007-09-21 22:09 <DIR> dr------- C:\DOCUME~1\daniel\Ulubione
2007-09-21 22:09 <DIR> dr------- C:\DOCUME~1\daniel\Moje dokumenty
2007-09-21 22:09 <DIR> dr------- C:\DOCUME~1\daniel\Menu Start
2007-09-21 22:09 <DIR> d--h----- C:\DOCUME~1\daniel\Ustawienia lokalne
2007-09-21 22:09 <DIR> d--h----- C:\DOCUME~1\daniel\Szablony
2007-09-21 22:09 <DIR> d-------- C:\DOCUME~1\daniel\Pulpit
2007-09-21 22:07 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Ustawienia lokalne
2007-09-21 22:07 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Ustawienia lokalne
2007-09-21 22:07 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dane aplikacji
2007-09-21 22:07 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dane aplikacji
2007-09-21 22:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-09-21 22:00 <DIR> d-------- C:\Program Files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--------- C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-09-21 16:45]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0EA66AD2-CF26-2E23-532B-B292E22F3266}"= C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll [2007-09-21 22:13 10794]


*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 23:27:38
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 23:28:03
C:\ComboFix-quarantined-files.txt ... 2007-09-21 23:28
.
--- E O F ---

[pp3088]

Co do pierwszego komputera:
C:\Program Files\Common Files\WhenU
C:\DOCUME~1\BiCkA\DANEAP~1\WhenU
C:\DOCUME~1\BiCkA\USTAWI~1\Temp\jswmidin.sys
Usuń pogrubione foldery.

Drugi log wygląda na czysty.

[slake1]

C:\DOCUME~1\BiCkA\USTAWI~1\Temp\jswmidin.sys

Dla mojej ciekawości przeskanuj ten plik na http://virustotal.com i podaj wynik skanowania, ponieważ na innym forum nie dowiedzieliśmy się czy jest to syf czy poprawny plik.

Następnie możesz przeczyścić Tempy programem ATF-Cleaner. Zaznaczasz trzy pierwsze kwadraciki i klikasz na Empty Selected.

Pokaż po pracy nowy log oraz standardowe logi z Hijacka i Silent Runners.

[bicka1]

Oto logi z 1 PC po zabiegu.

ComboFix 07-09-21.2 - "BiCkA" 2007-09-22 11:30:16.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1585 [GMT 2:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))
.

2007-09-21 23:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-21 23:41 <DIR> d-------- C:\Deckard
2007-09-21 22:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-21 22:58 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\TrojanHunter
2007-09-21 22:49 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-09-21 21:36 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-09-21 21:36 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-09-21 21:36 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-09-21 21:36 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-09-21 21:36 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-09-21 21:36 <DIR> d-------- C:\Program Files\Trojan Remover
2007-09-21 21:36 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Simply Super Software
2007-09-21 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Simply Super Software
2007-09-21 21:34 <DIR> d-------- C:\Program Files\BillP Studios
2007-09-21 21:34 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\WinPatrol
2007-09-16 11:39 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\ArcaBit
2007-09-14 14:11 <DIR> d-------- C:\Program Files\Grupa IMAGE
2007-09-12 20:26 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar
2007-09-12 20:24 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-12 20:23 1,315 --a------ C:\WINDOWS\system32\sdbackup.reg
2007-09-09 17:18 <DIR> d-------- C:\Program Files\AnalogX
2007-09-08 23:44 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-08 23:44 <DIR> d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Hamachi
2007-09-08 17:03 3,584 --a------ C:\WINDOWS\EAddress.dll
2007-09-08 13:09 97,552 --a------ C:\WINDOWS\system32\rdocurs.dll
2007-09-08 13:09 376,592 --a------ C:\WINDOWS\system32\msrdo20.dll
2007-09-08 13:09 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll
2007-09-08 13:09 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll
2007-09-08 13:09 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll
2007-09-08 13:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-09-08 11:27 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-09-06 17:59 <DIR> d-------- C:\Program Files\Intel
2007-09-06 17:42 31,872 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-09-06 17:42 31,872 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-09-06 15:54 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-09-06 15:54 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-09-06 15:54 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-09-06 15:54 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-09-05 20:18 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-04 21:14 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-04 18:25 <DIR> d-------- C:\Program Files\FlashGet
2007-09-01 23:33 <DIR> d-------- C:\Program Files\ArcaMicroScan
2007-09-01 19:00 <DIR> d-------- C:\Program Files\hp deskjet 845c series
2007-09-01 19:00 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-25 16:17 <DIR> d-------- C:\Program Files\MarBit
2007-08-24 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-08-22 13:50 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
2007-08-22 13:50 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2007-08-22 13:27 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 22:25 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-21 22:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-21 21:58 --------- d-------- C:\Program Files\Common Files\Real
2007-09-21 21:58 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Real
2007-09-05 20:22 --------- d-------- C:\Program Files\Google
2007-09-05 19:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google
2007-08-29 21:49 --------- d-------- C:\Program Files\Neostrada TP
2007-08-22 15:49 --------- d-------- C:\Program Files\AutoConnect
2007-08-21 14:24 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-13 22:27 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\InterTrust
2007-08-13 12:48 --------- d-------- C:\Program Files\Common Files\DirectX
2007-08-11 15:40 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Ahead
2007-08-07 10:47 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-08-07 10:47 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-03 13:04 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Google
2007-07-31 12:40 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Gadu-Gadu
2007-07-31 12:06 --------- d-------- C:\Program Files\Gadu-Gadu
2007-07-30 16:00 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-07-30 16:00 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-07-30 15:54 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\DivX
2007-07-30 15:36 --------- d-------- C:\Program Files\SystemRequirementsLab
2007-07-30 15:35 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-30 12:02 315392 --a------ C:\WINDOWS\HideWin.exe
2007-07-30 11:57 --------- d-------- C:\Program Files\VIA
2007-07-30 11:57 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-30 11:48 --------- d-------- C:\Program Files\Nero
2007-07-30 11:48 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-30 10:48 --------- d-------- C:\DOCUME~1\BiCkA\DANEAP~1\Help
2007-07-30 09:57 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg
2007-07-30 09:57 --------- d-------- C:\Program Files\SAGEM
2007-07-30 09:44 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-20 12:01 767280 --a------ C:\WINDOWS\system32\ArcaMicroScanUpdater.exe
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
--------- C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-17 16:42]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]

C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-30 09:57:28]

R3 rtl8029;Sterownik NT karty Realtek RTL8029(AS)-based PCI Ethernet;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c4d0084-4c98-11dc-b9f8-0019db70b673}]
Auto\command- K:\PegeFile.pif
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 11:30:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-22 11:31:09
C:\ComboFix-quarantined-files.txt ... 2007-09-21 23:00
C:\ComboFix2.txt ... 2007-09-22 10:59
C:\ComboFix3.txt ... 2007-09-21 23:00
.
--- E O F ---






Aha a ten 2pc jest bardziej zawirusowany nie moge pozbyc sie: autorun.inf pegefile.pif desktop.ini

[slake1]

Do Notatnika wklej zawartość z http://wklej.org/id/51e7ffe0c7

Następnie: Plik-> Zapisz jako-> Ustaw rozszerzenie na Wszystkie pliki-> zapisz plik pod nazwą FIX.REG i odpal plik w trybie awaryjnym.

Po pracy nowy log.