Skocz do zawartości


Close Open
Close Open

I to by było na tyle

Dołączył: 18 paź 2007
Offline Ostatnio aktywny: paź 17 2011 20:47
-----

Moje posty

W temacie:proszę osprawdzenie loga OTL

17 października 2011 - 20:49

Uruchom OTL i w dolne białe pole wklej to:

:OTL
O4 - HKCU..\RunOnce: [aA21703FcIoD21703] C:\ProgramData\aA21703FcIoD21703\aA21703FcIoD21703.exe ()
MsConfig - StartUpReg: [b]OODefragTray[/b] - hkey= - key= -  File not found

:Files 
C:\ProgramData\aA21703FcIoD21703
C:\Users\Katarzyna\AppData\Local\Temp*.html

:Commands
[emptyflash]
[emptytemp]
[Reboot]
Kliknij w Wykonaj Script. Zapisz raport, który się pokaże.

C:\ProgramData\aA21703FcIoD21703

Sprawdź, czy ten powyższy folder zniknął - jeśli nie, to spróbujesz go usunąć ręcznie.

.



po wykonaniu skryptu chyba wszytsko jest ok. folder zniknął.
raport z OTL
http://wklejto.pl/107064

dzięki za pomoc

W temacie:proszę o sprawdzenie loga

23 sierpnia 2011 - 08:07

W logu widzę tylko resztkę infekcji z Facebooka, i nic więcej.
Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:


:OTL
[2011-08-22 13:05:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-3-0-lnk
[2011-08-22 13:05:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-3-0
[2011-08-22 11:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011-08-22 11:11:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0-lnk
[2011-08-22 11:11:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0
[2011-08-22 15:05:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011-08-22 15:05:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
MsConfig - StartUpReg: egui - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: wxpdrv - hkey= - key= -  File not found
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
O4 - HKLM..\Run: []  File not found
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found

:Commands
[emptyflash]
[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.
.


Witam!
Dziękuję za skrypt, wykonałem go według zaleceń i zrobiłem nowy log w OTL
http://wklejto.pl/103604

W temacie:proszę o sprawdzenie loga

22 sierpnia 2011 - 18:07

Na dobry początek usuń trojana. Wyłącz w Menadżerze Zadań proces: C:\WINDOWS\services32.exe i użyj tej instrukcji
Resztę wypunktuje Ci dokładnie Gajedan


Wyłączyłem trojana z menadżera ale instrukcji nie rozumiem.
Zrobiłem nowy log
http://wklejto.pl/103550

W temacie:Logi do sprawdzenia

27 lutego 2009 - 19:36

Urzytkowniczka filutka poleciła mi, żebym wrzucił pewien skrypt (CFScript.txt) w combofixa i dał tu nowy log

(przepraszam za zamieszanie ;-) )

Oto nowy log

ComboFix 08-09-16.05 - Zonku 2009-02-27 19:16:18.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.397 [GMT 1:00]
Running from: C:\PROGRAMY\combofix\ComboFix.exe
Command switches used :: C:\PROGRAMY\combofix\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((   Files Created from 2009-01-27 to 2009-02-27  )))))))))))))))))))))))))))))))
.

2009-02-11 14:15 . 2009-02-25 17:28 <DIR> d-------- C:\strona www
2009-02-10 23:51 . 2009-02-10 23:54 <DIR> d-------- C:\Documents and Settings\Zonku\Application Data\HateML
2009-02-10 16:32 . 2006-10-23 11:57 92,160 --a------ C:\WINDOWS\system32\drivers\nwusbser.sys
2009-02-10 16:32 . 2006-10-23 11:57 92,160 --a------ C:\WINDOWS\system32\drivers\nwusbmdm.sys
2009-02-10 16:25 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2009-02-10 16:24 . 2009-02-10 16:24 <DIR> d-------- C:\Program Files\OrangeBS
2009-02-10 16:22 . 2009-02-10 16:32 <DIR> d-------- C:\Program Files\Common Files\France Telecom
2009-02-08 15:20 . 2009-02-10 23:57 21 --a------ C:\WINDOWS\TemplateWizard.INI
2009-02-04 18:05 . 2009-02-04 18:05 725 --a------ C:\WINDOWS\COD.INI
2009-01-28 20:57 . 2009-01-28 20:57 98 --a------ C:\WINDOWS\WirelessFTP.INI
2009-01-28 20:55 . 2009-01-28 20:55 0 --a------ C:\WINDOWS\TosOBEX.INI

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 18:07 --------- d-----w C:\Program Files\GetRight
2009-02-11 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-28 19:51 --------- d-----w C:\Program Files\Microsoft Plus! Dancer LE
2009-01-23 22:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-17 18:49 --------- d-----w C:\Documents and Settings\Zonku\Application Data\Teleca
2009-01-17 18:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2009-01-17 18:44 --------- d-----w C:\Documents and Settings\Zonku\Application Data\iPlus
2008-08-15 09:23 0 ----a-w C:\Documents and Settings\Zonku\Application Data\wklnhst.dat
2007-03-21 17:57 251 ----a-w C:\Program Files\wt3d.ini
2008-02-01 22:13 88 --sh--r C:\WINDOWS\system32\FA42A584D7.sys
2008-02-01 22:13 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-09 20:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070920080710\index.dat
.

------- Sigcheck -------

2008-04-14 01:12  975872  561a50497324f378e30f55d09b4e1258 C:\WINDOWS\explorer.exe
2007-06-13 12:26  1033216  7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 11:23  1033216  97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-10 13:00  974336  a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 01:12  975872  561a50497324f378e30f55d09b4e1258 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\PROGRAMY\zegarek tray\LClock\lclock.exe" [2004-09-19 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="C:\PROGRAMY\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"Gadu-Gadu"="C:\PROGRAMY\GADU GADU\Gadu-Gadu\gg.exe" [2007-07-09 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 40960]
"AvMenu"="C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe" [2008-11-12 514568]
"ABRegmon"="C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe" [2007-10-23 348160]
"ArcaCheck"="C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe" [2008-09-23 630784]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"BEWINTERNET-PLSessionManager"="C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" [2007-07-24 102400]
"TDispVol"="TDispVol.exe" [2005-03-12 C:\WINDOWS\system32\TDispVol.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-06-01 C:\WINDOWS\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

C:\Documents and Settings\Zonku\Start Menu\Programs\Startup\
Client Default.lnk - C:\PROGRAMY\samurize\Client.exe [2007-04-07 2010624]
RocketDock.lnk - C:\PROGRAMY\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
Stardock ObjectDock.lnk - C:\PROGRAMY\object dock\ObjectDock\ObjectDock.exe [2008-03-25 3450608]
UniSpiker-2.6.lnk - C:\PROGRAMY\syntezator mowy iwona\UniSpiker-2.6\UniSpiker-2.6\uni_spiker-2.6.exe [2005-07-20 86016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
"vidc.mjpg"= pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Zonku^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Zonku\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Zonku^Start Menu^Programs^Startup^UberIcon.lnk]
path=C:\Documents and Settings\Zonku\Start Menu\Programs\Startup\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Zonku^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=C:\Documents and Settings\Zonku\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-12-04 02:07 61440 C:\PROGRAMY\PS Lightroom\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-04 01:32 961024 C:\PROGRAMY\ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 08:39 2119104 C:\PROGRAMY\GADU GADU\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-10-23 19:51 233472 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-12-13 07:49 217088 C:\PROGRAMY\NOKIAP~1\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 C:\PROGRAMY\powerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-17 18:06 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 23:22 35328 C:\PROGRAMY\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\PROGRAMY\\GADU GADU\\Gadu-Gadu\\gg.exe"=
"C:\\PROGRAMY\\ares\\Ares.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\PROGRAMY\\blutut\\BlueSoleil.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\PROGRAMY\\opera\\Opera.exe"=
"C:\\PROGRAMY\\SopCast\\SopCast.exe"=
"C:\\PROGRAMY\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\PROGRAMY\\pinnacle\\Programs\\RM.exe"=
"C:\\PROGRAMY\\pinnacle\\Programs\\Studio.exe"=
"C:\\PROGRAMY\\pinnacle\\Programs\\umi.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\gry\\CALL OF DUTY\\CoDMP.exe"=
"C:\\PROGRAMY\\do projektowania stron www\\WebCanvas 2006\\bin\\WebCanvas.exe"=
"C:\\PROGRAMY\\do projektowania stron www\\nemo webeditor\\bin\\WebEditor.exe"=
"C:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"=
"C:\\PROGRAMY\\HateML\\DbgListener\\DbgListener.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12965:TCP"= 12965:TCP:BitComet 12965 TCP
"12965:UDP"= 12965:UDP:BitComet 12965 UDP

R1 ABTDI;ABTDI;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-26 51208]
R2 ABFileMon;ArcaBit FileMonitor;C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe [2009-02-10 158216]
R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;C:\Program Files\ArcaBit\Common\TaskScheduler.exe [2007-10-25 151552]
R2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe [2009-02-10 117256]
R2 io.sys;IO.DLL Driver;C:\WINDOWS\system32\drivers\io.sys [2008-04-24 5152]
R2 SG_Service;SoftGuard Service;C:\Program Files\Common Files\RbtProt\sgsrv.exe [2003-10-25 155648]
R3 ABFLT;ArcaBit File Monitor Driver;C:\PROGRA~1\ArcaBit\ArcaVir\ABFLT.sys [2007-12-10 37896]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2008-01-30 200704]
R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2008-09-22 241664]
R3 axvdkbus;axvdkbus;C:\WINDOWS\system32\DRIVERS\axvdkbus.sys [2003-02-25 8672]
R3 axvodka;axvodka;C:\WINDOWS\system32\DRIVERS\axvodka.sys [2003-02-27 102272]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 64000]
S2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys [2002-04-26 95484]
S3 autorun;autorun;C:\huadio.tmp [ ]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 228352]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [ ]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [ ]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [ ]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 116992]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 ps_drv;ps_drv;C:\Program Files\ArcaBit\ArcaVir\ps_drv.sys [2009-02-25 135680]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\WINDOWS\system32\DRIVERS\sffp_mmc.sys [2008-04-13 10240]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-02-20 301696]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 19:16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\PROGRAMY\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\PROGRAMY\object dock\ObjectDock\DockShellHook.dll
-> C:\WINDOWS\system32\TDispVol.dll
.
Completion time: 2009-02-27 19:23:40
ComboFix-quarantined-files.txt  2009-02-27 18:23:35

Pre-Run: 7,957,602,304 bytes free
Post-Run: 7,939,305,472 bytes free

232 --- E O F --- 2009-02-25 12:17:29


Zaraz wezmę się za skanowanie komputera tak jak polecił djarta
pozdrawiam

W temacie:Logi do sprawdzenia

27 lutego 2009 - 12:30

Witam, mój antywirus pokazuje mi informację o trojanie jednak sam Antywirus nie daje rady skasować tego wirusa. Jeżeli ktoś by chciał mi pomóc to poniżej zamieszczam log z Combofixa. Pozdrawiam i proszę o pomoc.



ComboFix 08-09-16.05 - Zonku 2009-02-27 12:10:16.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.380 [GMT 1:00]
Running from: C:\PROGRAMY\combofix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo0.dll

.
(((((((((((((((((((((((((   Files Created from 2009-01-27 to 2009-02-27  )))))))))))))))))))))))))))))))
.

2009-02-11 14:15 . 2009-02-25 17:28 <DIR> d-------- C:\strona www
2009-02-10 23:51 . 2009-02-10 23:54 <DIR> d-------- C:\Documents and Settings\Zonku\Application Data\HateML
2009-02-10 16:32 . 2006-10-23 11:57 92,160 --a------ C:\WINDOWS\system32\drivers\nwusbser.sys
2009-02-10 16:32 . 2006-10-23 11:57 92,160 --a------ C:\WINDOWS\system32\drivers\nwusbmdm.sys
2009-02-10 16:25 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2009-02-10 16:24 . 2009-02-10 16:24 <DIR> d-------- C:\Program Files\OrangeBS
2009-02-10 16:22 . 2009-02-10 16:32 <DIR> d-------- C:\Program Files\Common Files\France Telecom
2009-02-08 15:20 . 2009-02-10 23:57 21 --a------ C:\WINDOWS\TemplateWizard.INI
2009-02-04 18:05 . 2009-02-04 18:05 725 --a------ C:\WINDOWS\COD.INI
2009-02-03 19:08 . 2009-02-03 19:08 85,504 -r-hs---- C:\WINDOWS\system32\gasretyw0.dll
2009-01-28 20:57 . 2009-01-28 20:57 98 --a------ C:\WINDOWS\WirelessFTP.INI
2009-01-28 20:55 . 2009-01-28 20:55 0 --a------ C:\WINDOWS\TosOBEX.INI

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-28 19:51 --------- d-----w C:\Program Files\Microsoft Plus! Dancer LE
2009-01-23 22:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-17 18:49 --------- d-----w C:\Documents and Settings\Zonku\Application Data\Teleca
2009-01-17 18:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2009-01-17 18:44 --------- d-----w C:\Documents and Settings\Zonku\Application Data\iPlus
2008-12-20 23:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-12-04 19:42 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-12-04 19:42 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-12-04 19:42 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-08-15 09:23 0 ----a-w C:\Documents and Settings\Zonku\Application Data\wklnhst.dat
2007-03-21 17:57 251 ----a-w C:\Program Files\wt3d.ini
2008-02-01 22:13 88 --sh--r C:\WINDOWS\system32\FA42A584D7.sys
2008-02-01 22:13 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-09 20:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070920080710\index.dat
.

------- Sigcheck -------

2008-04-14 01:12  975872  561a50497324f378e30f55d09b4e1258 C:\WINDOWS\explorer.exe
2007-06-13 12:26  1033216  7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 11:23  1033216  97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-10 13:00  974336  a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 01:12  975872  561a50497324f378e30f55d09b4e1258 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\PROGRAMY\zegarek tray\LClock\lclock.exe" [2004-09-19 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="C:\PROGRAMY\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"Gadu-Gadu"="C:\PROGRAMY\GADU GADU\Gadu-Gadu\gg.exe" [2007-07-09 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 40960]
"AvMenu"="C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe" [2008-11-12 514568]
"ABRegmon"="C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe" [2007-10-23 348160]
"ArcaCheck"="C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe" [2008-09-23 630784]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"BEWINTERNET-PLSessionManager"="C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" [2007-07-24 102400]
"TDispVol"="TDispVol.exe" [2005-03-12 C:\WINDOWS\system32\TDispVol.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-06-01 C:\WINDOWS\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

C:\Documents and Settings\Zonku\Start Menu\Programs\Startup\
Client Default.lnk - C:\PROGRAMY\samurize\Client.exe [2007-04-07 2010624]
RocketDock.lnk - C:\PROGRAMY\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
Stardock ObjectDock.lnk - C:\PROGRAMY\object dock\ObjectDock\ObjectDock.exe [2008-03-25 3450608]
UniSpiker-2.6.lnk - C:\PROGRAMY\syntezator mowy iwona\UniSpiker-2.6\UniSpiker-2.6\uni_spiker-2.6.exe [2005-07-20 86016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
"vidc.mjpg"= pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Zonku^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Zonku\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Zonku^Start Menu^Programs^Startup^UberIcon.lnk]
path=C:\Documents and Settings\Zonku\Start Menu\Programs\Startup\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Zonku^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=C:\Documents and Settings\Zonku\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-12-04 02:07 61440 C:\PROGRAMY\PS Lightroom\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-04 01:32 961024 C:\PROGRAMY\ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 08:39 2119104 C:\PROGRAMY\GADU GADU\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-10-23 19:51 233472 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-12-13 07:49 217088 C:\PROGRAMY\NOKIAP~1\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 C:\PROGRAMY\powerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-17 18:06 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 23:22 35328 C:\PROGRAMY\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\PROGRAMY\\GADU GADU\\Gadu-Gadu\\gg.exe"=
"C:\\PROGRAMY\\ares\\Ares.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\PROGRAMY\\blutut\\BlueSoleil.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\PROGRAMY\\opera\\Opera.exe"=
"C:\\PROGRAMY\\SopCast\\SopCast.exe"=
"C:\\PROGRAMY\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\PROGRAMY\\pinnacle\\Programs\\RM.exe"=
"C:\\PROGRAMY\\pinnacle\\Programs\\Studio.exe"=
"C:\\PROGRAMY\\pinnacle\\Programs\\umi.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\gry\\CALL OF DUTY\\CoDMP.exe"=
"C:\\PROGRAMY\\do projektowania stron www\\WebCanvas 2006\\bin\\WebCanvas.exe"=
"C:\\PROGRAMY\\do projektowania stron www\\nemo webeditor\\bin\\WebEditor.exe"=
"C:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"=
"C:\\PROGRAMY\\HateML\\DbgListener\\DbgListener.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12965:TCP"= 12965:TCP:BitComet 12965 TCP
"12965:UDP"= 12965:UDP:BitComet 12965 UDP

R1 ABTDI;ABTDI;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-26 51208]
R2 ABFileMon;ArcaBit FileMonitor;C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe [2009-02-10 158216]
R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;C:\Program Files\ArcaBit\Common\TaskScheduler.exe [2007-10-25 151552]
R2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe [2009-02-10 117256]
R2 io.sys;IO.DLL Driver;C:\WINDOWS\system32\drivers\io.sys [2008-04-24 5152]
R2 SG_Service;SoftGuard Service;C:\Program Files\Common Files\RbtProt\sgsrv.exe [2003-10-25 155648]
R3 ABFLT;ArcaBit File Monitor Driver;C:\PROGRA~1\ArcaBit\ArcaVir\ABFLT.sys [2007-12-10 37896]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2008-01-30 200704]
R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2008-09-22 241664]
R3 axvdkbus;axvdkbus;C:\WINDOWS\system32\DRIVERS\axvdkbus.sys [2003-02-25 8672]
R3 axvodka;axvodka;C:\WINDOWS\system32\DRIVERS\axvodka.sys [2003-02-27 102272]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 64000]
S2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys [2002-04-26 95484]
S3 autorun;autorun;C:\huadio.tmp [ ]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 228352]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [ ]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [ ]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [ ]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 116992]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 ps_drv;ps_drv;C:\Program Files\ArcaBit\ArcaVir\ps_drv.sys [2009-02-25 135680]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\WINDOWS\system32\DRIVERS\sffp_mmc.sys [2008-04-13 10240]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-02-20 301696]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a6a5e14-7537-11dd-a7b9-4d6564696130}]
\Shell\AutoRun\command - E:\gy.exe
\Shell\open\Command - E:\gy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a1d5e9-fa77-11db-a2ff-101111111111}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a1d5ea-fa77-11db-a2ff-101111111111}]
\Shell\AutoRun\command - H:\a2h2.com
\Shell\open\Command - H:\a2h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6641eaec-5288-11db-a07c-00038a000015}]
\Shell\AutoRun\command - G:\gy.exe
\Shell\open\Command - G:\gy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99926fde-7789-11dd-a7c4-4d6564696130}]
\Shell\AutoRun\command - gy.exe
\Shell\open\Command - gy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c16f4f2e-9499-11dd-a830-001302d74474}]
\Shell\AutoRun\command - E:\gy.exe
\Shell\open\Command - E:\gy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c716d196-f78d-11dd-a947-001302d74474}]
\Shell\AutoRun\command - E:\gy.exe
\Shell\open\Command - E:\gy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb6dfb34-70f0-11db-a105-101111111111}]
\Shell\AutoRun\command - E:\2fiy.bat
\Shell\open\Command - E:\2fiy.bat
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cdoosoft - C:\WINDOWS\system32\olhrwef.exe
MSConfigStartUp-iPlusManager - C:\PROGRAMY\iPlus\iPlusChecker.exe
MSConfigStartUp-mRouterConfig - C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
MSConfigStartUp-PC Suite for Smartphones - C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {76EE578D-314B-4755-8365-6E1722C001A2} - hxxp://www.bahu.com/BahuPhotoUploader.cab
C:\WINDOWS\Downloaded Program Files\BahuPhotoUploader.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\BahuPhotoUploader.ocx

O16 -: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab
C:\WINDOWS\Downloaded Program Files\SignActivX.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 12:12:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
Completion time: 2009-02-27 12:19:40
ComboFix-quarantined-files.txt  2009-02-27 11:19:35

Pre-Run: 5,513,330,688 bytes free
Post-Run: 5,614,460,928 bytes free

275 --- E O F --- 2009-02-25 12:17:29