Bardzo wolna praca komputera, problem z otwieraniem stron

[mokkunia]

Witam,
ostatnio znów pojawiły się problemy z komputerem. Cały "muli" tak, że nie da się pracować, otwarcie do końca strony w Mozilli Forefox potrafi trwać nawet do 5 minut i często kończy się komunikatem, że zostało przerwane, bo trwało za długo. Często też komputer nie chce się wyłączyć.
Bardzo proszę o pomoc.
Pozdrawiam
mokkunia

Kod: Zaznacz wszystko

ComboFix 08-10-24.02 - AnQ 2008-10-26 10:42:23.11 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.721 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\AnQ\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Maciuś\Dane aplikacji\inst.exe
C:\Documents and Settings\Maciuś\Dane aplikacji\macromedia\Flash Player\#SharedObjects\STQEGHHV\interclick.com
C:\Documents and Settings\Maciuś\Dane aplikacji\macromedia\Flash Player\#SharedObjects\STQEGHHV\interclick.com\ud.sol
C:\Documents and Settings\Maciuś\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Maciuś\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Maciuś\Ustawienia lokalne\Temporary Internet Files\H10_series.gif
C:\Documents and Settings\Maciuś\Ustawienia lokalne\Temporary Internet Files\head_firmware.inf
C:\WINDOWS\BM57dbdba2.txt

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QANDR


(((((((((((((((((((((((((   Pliki utworzone od 2008-09-26 do 2008-10-26  )))))))))))))))))))))))))))))))
.

2008-10-26 09:55 . 2008-10-26 10:32   3,373,917   --a------   C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80271102}.BAK
2008-10-26 08:04 . 2008-10-26 10:32   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-10-26 08:04 . 2008-10-26 08:04   1,409   --a------   C:\WINDOWS\QTFont.for
2008-10-24 10:36 . 2008-10-24 10:36   <DIR>   d--------   C:\Bangkok.Dangerous.R5.LINE.XviD-COALiTiON1
2008-10-19 20:22 . 2008-10-19 20:33   <DIR>   d--------   C:\Program Files\Norton Security Scan
2008-10-19 20:21 . 2008-10-19 20:22   <DIR>   d--------   C:\WINDOWS\system32\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 09:33   ---------   d-----w   C:\Documents and Settings\AnQ\Dane aplikacji\OnlineArmor
2008-10-26 09:31   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\OnlineArmor
2008-10-26 09:29   97,928   ----a-w   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-26 09:29   76,040   ----a-w   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-26 09:29   10,520   ----a-w   C:\WINDOWS\system32\avgrsstx.dll
2008-10-26 08:56   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-10-26 08:46   ---------   d-----w   C:\Program Files\URUSoft
2008-10-26 08:46   ---------   d-----w   C:\Program Files\SlySoft
2008-10-26 08:46   ---------   d-----w   C:\Program Files\Replay Media Catcher
2008-10-26 08:46   ---------   d-----w   C:\Program Files\Dealio
2008-10-26 08:46   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Skype
2008-10-26 08:46   ---------   d-----w   C:\Documents and Settings\AnQ\Dane aplikacji\DivX
2008-10-26 08:46   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-26 08:46   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\OnlineArmor
2008-10-26 08:45   ---------   d-----w   C:\Program Files\Odkurzacz
2008-10-26 08:42   ---------   d-----w   C:\Program Files\eMule
2008-10-07 19:00   ---------   d-----w   C:\Program Files\SiteThief
2008-10-06 10:03   ---------   d-----w   C:\Program Files\UltraISO
2008-10-06 10:02   ---------   d-----w   C:\Program Files\MagicISO
2008-09-30 12:46   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Offline Explorer
2008-09-30 09:06   ---------   d-----w   C:\Program Files\Total Video Converter
2008-09-29 10:13   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Vso
2008-09-24 07:14   ---------   d-----w   C:\Program Files\AVI ReComp
2008-09-18 11:42   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\AVI ReComp
2008-09-18 08:53   ---------   d-----w   C:\Program Files\Gabest
2008-09-18 08:52   ---------   d-----w   C:\Program Files\Xvid
2008-09-18 08:52   ---------   d-----w   C:\Program Files\AviSynth 2.5
2008-09-16 19:59   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI
2008-09-16 16:43   ---------   d-----w   C:\Program Files\Common Files\Logishrd
2008-09-16 16:42   ---------   d-----w   C:\Program Files\Common Files\Logitech
2008-09-16 16:40   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-14 21:16   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
2008-09-14 18:08   ---------   d-----w   C:\Program Files\BurnAware Free
2008-09-14 12:20   29   ----a-w   C:\WINDOWS\Fonts\AWVEXA.INI
2008-09-14 11:58   262,144   ----a-w   C:\WINDOWS\system32\gfkernel.dll
2008-09-14 11:57   ---------   d-----w   C:\Program Files\GetFLV
2008-09-13 10:08   ---------   d-----w   C:\Program Files\Flash Saver
2008-09-13 05:56   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Orbit
2008-09-12 12:28   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\GrabPro
2008-09-12 07:30   237,568   ----a-w   C:\WINDOWS\system32\rmc_rtspdl.dll
2008-09-12 07:30   156,672   ----a-w   C:\WINDOWS\system32\rmc_fixasf.exe
2008-09-12 07:29   323,584   ----a-w   C:\WINDOWS\system32\AUDIOGENIE2.DLL
2008-09-02 17:09   ---------   d-----w   C:\Program Files\StreamDown v6.1
2008-09-02 15:51   ---------   d-----w   C:\Program Files\EasyDVDShrink
2008-09-01 11:14   ---------   d-----w   C:\Program Files\Common Files\Nero
2008-09-01 11:14   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-09-01 06:36   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\SlySoft
2008-09-01 06:17   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Any DVD Converter Professional
2008-08-28 16:52   ---------   d-----w   C:\Program Files\Mayoko
2008-08-20 10:44   47,360   ----a-w   C:\Documents and Settings\Maciuś\Dane aplikacji\pcouffin.sys
2008-08-16 05:27   499,712   ----a-w   C:\WINDOWS\system32\msvcp71.dll
2008-02-29 18:36   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

------- Sigcheck -------

2004-08-03 22:14  359040  1745b00fc1141404b28f4b94f69a8871   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 22:14  359040  1745b00fc1141404b28f4b94f69a8871   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot_2008-06-17_22.36.01,64   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2004-05-04 10:53:40   1,645,320   ----a-w   C:\WINDOWS\gdiplus.dll
+ 2008-09-16 16:43:57   10,134   ----a-r   C:\WINDOWS\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe
+ 2008-10-19 19:22:11   55,296   ----a-r   C:\WINDOWS\Installer\{48B82226-75E3-4E90-92CC-D30F79EA6380}\Icon6D246661.exe
- 2008-04-19 13:19:45   102,400   ----a-r   C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-10-04 18:03:48   102,400   ----a-r   C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-08-20 10:18:45   10,134   ----a-r   C:\WINDOWS\Installer\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}\ARPPRODUCTICON.exe
- 2007-04-11 14:32:22   56,080   ----a-w   C:\WINDOWS\KHALMNPR.Exe
+ 2008-02-29 01:12:38   76,304   ----a-w   C:\WINDOWS\KHALMNPR.Exe
- 2000-08-31 06:00:00   28,160   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2000-08-31 07:00:00   28,672   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2008-09-12 07:29:27   473,600   ----a-w   C:\WINDOWS\Replay Media Catcher\uninstall.exe
- 2000-08-31 06:00:00   161,792   ----a-w   C:\WINDOWS\swreg.exe
+ 2000-08-31 07:00:00   161,792   ----a-w   C:\WINDOWS\swreg.exe
+ 1999-09-10 10:06:00   5,600   ----a-w   C:\WINDOWS\system\WINASPI.DLL
+ 1999-09-10 10:06:00   4,672   ----a-w   C:\WINDOWS\system\WOWPOST.EXE
+ 2008-08-06 14:22:02   114,688   ----a-w   C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-08-06 14:30:48   202,168   ----a-w   C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-08-06 14:22:42   499,712   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-08-06 13:45:40   1,798,144   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-08-06 14:22:44   9,216   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-08-06 13:35:52   706,048   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-08-06 13:35:52   1,145,896   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-08-06 13:35:52   52,288   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-08-06 13:42:04   892,928   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-08-06 13:35:52   54,656   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\pccuapi.dll
+ 2008-08-06 14:21:14   266,240   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-08-06 14:24:14   446,464   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-08-06 14:30:30   447,928   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100465.exe
+ 2008-08-06 14:24:56   114,688   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-08-06 14:21:04   94,208   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-08-06 13:35:52   50,808   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 08:55:30   149,504   ----a-w   C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2006-12-31 02:16:36   313,344   ----a-w   C:\WINDOWS\system32\avisynth.dll
- 2008-03-02 07:47:33   15,360   ----a-w   C:\WINDOWS\system32\BASSMOD.dll
+ 2008-09-01 11:35:42   9,728   ----a-w   C:\WINDOWS\system32\BASSMOD.dll
+ 2008-05-02 00:38:42   301,656   ----a-w   C:\WINDOWS\system32\BtCoreIf.dll
+ 1998-07-12 17:00:00   32,768   ----a-w   C:\WINDOWS\system32\CMDLGFR.DLL
+ 2007-03-18 19:37:12   65,602   ----a-w   C:\WINDOWS\system32\cook3260.dll
+ 2001-08-18 05:00:00   557,128   ----a-w   C:\WINDOWS\system32\dao360.dll
+ 2004-05-26 12:37:34   719,872   ----a-w   C:\WINDOWS\system32\devil.dll
- 2004-08-03 23:36:16   53,504   -c--a-w   C:\WINDOWS\system32\dllcache\i8042prt.sys
+ 2004-08-03 22:36:16   53,504   -c--a-w   C:\WINDOWS\system32\dllcache\i8042prt.sys
- 2004-08-03 23:38:00   24,960   -c--a-w   C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-03 22:38:00   24,960   -c--a-w   C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-03 22:34:22   23,296   -c--a-w   C:\WINDOWS\system32\dllcache\mouclass.sys
- 2001-10-26 15:57:56   12,160   -c--a-w   C:\WINDOWS\system32\dllcache\mouhid.sys
+ 2001-10-26 14:57:56   12,160   -c--a-w   C:\WINDOWS\system32\dllcache\mouhid.sys
+ 1999-09-10 10:06:00   25,244   ----a-w   C:\WINDOWS\system32\drivers\ASPI32.SYS
- 2008-05-04 11:15:43   26,184   ----a-w   C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-10-26 09:29:11   26,824   ----a-w   C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2004-08-03 23:36:16   53,504   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
+ 2004-08-03 22:36:16   53,504   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
- 2004-08-03 23:38:00   24,960   ----a-w   C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-03 22:38:00   24,960   ----a-w   C:\WINDOWS\system32\drivers\kbdclass.sys
- 2007-04-11 14:32:30   20,496   ----a-w   C:\WINDOWS\system32\drivers\L8042Kbd.sys
+ 2008-02-29 01:12:48   20,240   ----a-w   C:\WINDOWS\system32\drivers\L8042Kbd.sys
- 2007-04-11 14:32:52   34,832   ----a-w   C:\WINDOWS\system32\drivers\LHidFilt.Sys
+ 2008-02-29 01:13:16   35,344   ----a-w   C:\WINDOWS\system32\drivers\LHidFilt.Sys
- 2007-04-11 14:32:58   36,112   ----a-w   C:\WINDOWS\system32\drivers\LMouFilt.Sys
+ 2008-02-29 01:13:24   36,880   ----a-w   C:\WINDOWS\system32\drivers\LMouFilt.Sys
- 2004-08-03 23:34:22   23,296   ----a-w   C:\WINDOWS\system32\drivers\mouclass.sys
+ 2004-08-03 22:34:22   23,296   ----a-w   C:\WINDOWS\system32\drivers\mouclass.sys
- 2001-10-26 15:57:56   12,160   ----a-w   C:\WINDOWS\system32\drivers\mouhid.sys
+ 2001-10-26 14:57:56   12,160   ----a-w   C:\WINDOWS\system32\drivers\mouhid.sys
+ 2008-08-20 10:44:43   47,360   ----a-w   C:\WINDOWS\system32\drivers\pcouffin.sys
+ 2006-09-29 11:26:22   176,165   ----a-w   C:\WINDOWS\system32\drv23260.dll
+ 2006-09-29 11:25:38   208,935   ----a-w   C:\WINDOWS\system32\drv33260.dll
+ 2006-09-29 11:24:48   217,127   ----a-w   C:\WINDOWS\system32\drv43260.dll
- 2008-05-27 07:08:40   210,488   ----a-w   C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-22 17:53:26   211,288   ----a-w   C:\WINDOWS\system32\FNTCACHE.DAT
+ 1999-02-25 10:32:56   122,880   ----a-w   C:\WINDOWS\system32\fxtls532.dll
+ 2008-09-14 11:58:10   262,144   ----a-w   C:\WINDOWS\system32\gfbaksm.dat
+ 1998-07-12 21:00:00   15,360   ----a-w   C:\WINDOWS\system32\inetfr.DLL
- 2007-04-23 03:00:00   163,840   ----a-w   C:\WINDOWS\system32\kemutb.dll
+ 2008-05-02 00:39:50   170,512   ----a-w   C:\WINDOWS\system32\kemutb.dll
- 2007-04-23 03:00:00   135,168   ----a-w   C:\WINDOWS\system32\KemUtil.dll
+ 2008-05-02 00:39:54   145,936   ----a-w   C:\WINDOWS\system32\KemUtil.dll
- 2007-04-23 03:00:00   110,592   ----a-w   C:\WINDOWS\system32\KemWnd.dll
+ 2008-05-02 00:40:02   117,264   ----a-w   C:\WINDOWS\system32\KemWnd.dll
- 2007-04-23 03:00:00   69,632   ----a-w   C:\WINDOWS\system32\KemXML.dll
+ 2008-05-02 00:40:08   84,496   ----a-w   C:\WINDOWS\system32\KemXML.dll
+ 2008-03-25 02:32:44   218,496   ----a-r   C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-08-17 18:49:32   74,137   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2005-05-14 18:09:30   2,179,072   ----a-w   C:\WINDOWS\system32\mfc71d.dll
+ 1998-07-12 21:00:00   141,312   ----a-w   C:\WINDOWS\system32\MSCMCFR.DLL
- 2004-08-03 22:44:06   1,392,671   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 17:42:40   1,386,496   ------w   C:\WINDOWS\system32\msvbvm60.dll
+ 2006-07-11 16:06:48   765,952   ----a-w   C:\WINDOWS\system32\msvcp71d.dll
+ 2006-07-11 16:06:32   544,768   ----a-w   C:\WINDOWS\system32\msvcr71d.dll
+ 1998-07-12 22:00:00   9,728   ----a-w   C:\WINDOWS\system32\PCCLPFR.DLL
- 2008-03-30 07:01:58   59,440   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 07:09:00   59,440   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 07:01:58   75,486   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-10-26 07:09:00   75,486   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-03-30 07:01:58   395,200   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 07:09:00   395,200   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-03-30 07:01:58   451,220   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-10-26 07:09:00   451,220   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 1999-01-29 04:28:10   29,184   ----a-w   C:\WINDOWS\system32\picn20.dll
- 2008-06-06 08:26:49   278,528   ----a-w   C:\WINDOWS\system32\pncrt.dll
+ 2008-08-16 05:27:41   278,528   ----a-w   C:\WINDOWS\system32\pncrt.dll
- 2008-06-06 08:26:58   6,656   ----a-w   C:\WINDOWS\system32\pndx5016.dll
+ 2008-08-16 05:27:50   6,656   ----a-w   C:\WINDOWS\system32\pndx5016.dll
- 2008-06-06 08:26:58   5,632   ----a-w   C:\WINDOWS\system32\pndx5032.dll
+ 2008-08-16 05:27:50   5,632   ----a-w   C:\WINDOWS\system32\pndx5032.dll
+ 2002-05-29 08:22:02   307,200   ----a-w   C:\WINDOWS\system32\PolarZIPLight.dll
+ 2004-08-03 23:34:22   23,296   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]010\DriverFiles\i386\mouclass.sys
+ 2001-10-26 15:57:56   12,160   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]010\DriverFiles\i386\mouhid.sys
+ 2007-04-11 14:32:22   56,080   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]010\DriverFiles\KHALMNPR.Exe
+ 2007-04-11 14:32:52   34,832   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]010\DriverFiles\LHidFilt.Sys
+ 2007-04-11 14:32:58   36,112   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]010\DriverFiles\LMouFilt.Sys
+ 2004-08-03 23:36:16   53,504   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]017\DriverFiles\i386\i8042prt.sys
+ 2004-08-03 23:38:00   24,960   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]017\DriverFiles\i386\kbdclass.sys
+ 2007-04-11 14:32:30   20,496   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]017\DriverFiles\L8042Kbd.sys
- 2008-06-06 08:27:12   185,952   ----a-w   C:\WINDOWS\system32\rmoc3260.dll
+ 2008-08-16 05:28:05   185,944   ----a-w   C:\WINDOWS\system32\rmoc3260.dll
+ 2006-10-17 20:29:06   487,479   ----a-w   C:\WINDOWS\system32\SkinMagic.dll
+ 2005-03-29 06:34:16   246,784   ----a-w   C:\WINDOWS\system32\sqlite3.dll
- 2007-09-04 16:56:10   164,352   ----a-w   C:\WINDOWS\system32\unrar.dll
+ 2002-10-15 22:54:04   153,088   ----a-w   C:\WINDOWS\system32\unrar.dll
+ 2000-10-01 17:00:00   119,568   ----a-w   C:\WINDOWS\system32\VB6FR.DLL
+ 2000-07-15 03:00:00   101,888   ----a-w   C:\WINDOWS\system32\VB6STKIT.DLL
+ 2008-06-19 16:32:10   947,200   ----a-w   C:\WINDOWS\system32\vbsgf.dll
+ 2002-12-11 08:19:32   368,640   ----a-w   C:\WINDOWS\system32\vobsub.dll
+ 2006-05-11 18:21:00   626,688   ----a-w   C:\WINDOWS\system32\vp7vfw.dll
- 2007-04-11 14:33:20   1,419,024   ----a-w   C:\WINDOWS\system32\WdfCoInstaller01005.dll
+ 2007-06-22 10:34:02   1,419,232   ----a-w   C:\WINDOWS\system32\WdfCoInstaller01005.dll
+ 2004-08-03 22:44:16   221,184   ----a-w   C:\WINDOWS\system32\wmpns.dll
+ 1999-09-10 10:06:00   45,056   ----a-w   C:\WINDOWS\system32\WNASPI32.DLL
+ 2006-05-20 15:16:00   1,184,984   ----a-w   C:\WINDOWS\system32\wvc1dmod.dll
- 2008-01-10 12:15:30   755,027   ----a-w   C:\WINDOWS\system32\xvidcore.dll
+ 2008-04-27 08:33:36   765,952   ----a-w   C:\WINDOWS\system32\xvidcore.dll
- 2008-01-10 12:16:20   159,839   ----a-w   C:\WINDOWS\system32\xvidvfw.dll
+ 2008-04-27 08:35:28   180,224   ----a-w   C:\WINDOWS\system32\xvidvfw.dll
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 294912]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 5545536]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-26 1234712]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-16 185896]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 C:\WINDOWS\system32\TWEAKUI.CPL]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"CTHelper"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-29 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57132:TCP"= 57132:TCP:Pando P2P TCP Listening Port
"57132:UDP"= 57132:UDP:Pando P2P UDP Listening Port
"57531:TCP"= 57531:TCP:Pando P2P TCP Listening Port
"57531:UDP"= 57531:UDP:Pando P2P UDP Listening Port
"56856:TCP"= 56856:TCP:Pando P2P TCP Listening Port
"56856:UDP"= 56856:UDP:Pando P2P UDP Listening Port

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-26 97928]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-04-17 80584]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-04-17 32456]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-04-17 28872]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-26 875288]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-26 231704]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-26 76040]
S2 SvcOnlineArmor;Online Armor;C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-04-17 5435968]
S3 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-01-27 246784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}]
\Shell\AutoRun\command - G:\AUTORUN\AUTORUN.EXE
.
Zawartość folderu 'Zaplanowane zadania'

2008-04-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-10-19 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-AutoRun - G:\AUTORUN\AutoRun.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\AnQ\Dane aplikacji\Mozilla\Firefox\Profiles\brhdtfxa.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 10:43:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Czas ukończenia: 2008-10-26 10:44:29
ComboFix-quarantined-files.txt  2008-10-26 09:44:16
ComboFix2.txt  2008-06-17 20:36:17
ComboFix3.txt  2008-05-04 10:10:16
ComboFix4.txt  2008-04-20 13:01:00
ComboFix5.txt  2008-08-03 17:36:31

Przed: 2,172,030,976 bajtów wolnych
Po: 2,171,830,272 bajtów wolnych

331


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:55, on 2008-10-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AnQ\Pulpit\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204304760718
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Usługa iPod (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7724 bytes


[Okocza]

wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80271102}.BAK

zapisz jako CFScript.txt i przeciągnij na ikonkę combofix.exe

To sfixuj w hijack this

Kod: Zaznacz wszystko

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

wróć z nowymi logami

[mokkunia]

To sfixuj w hijack this

Kod: Zaznacz wszystko

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

A mógłbyś mi dokładniej napisać jak mam to zrobić?

[Magik]

A mógłbyś mi dokładniej napisać jak mam to zrobić?

uruchamiasz Hijacka, wybierasz Do a scan only a nastepnie ten wpis "ptaszkujesz" i dajesz na FIX CHECKED

jest topic przyklejnony nt. obslugi Hijacka ale nie chce sie czytac, odrobina wlasnej inicjatywy...........

[mokkunia]

uruchamiasz Hijacka, wybierasz Do a scan only a nastepnie ten wpis "ptaszkujesz" i dajesz na FIX CHECKED
jest topic przyklejnony nt. obslugi Hijacka ale nie chce sie czytac, odrobina wlasnej inicjatywy...........

dziękuję za wyjaśnienie

Kod: Zaznacz wszystko

ComboFix 08-10-25.01 - AnQ 2008-10-26 13:34:26.13 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.590 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\AnQ\Pulpit\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\AnQ\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

FILE ::
C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80271102}.BAK
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-26 do 2008-10-26  )))))))))))))))))))))))))))))))
.

2008-10-26 13:13 . 2008-10-26 13:13   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-10-26 08:04 . 2008-10-26 12:26   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-10-26 08:04 . 2008-10-26 08:04   1,409   --a------   C:\WINDOWS\QTFont.for
2008-10-24 10:36 . 2008-10-24 10:36   <DIR>   d--------   C:\Bangkok.Dangerous.R5.LINE.XviD-COALiTiON1
2008-10-19 20:22 . 2008-10-19 20:33   <DIR>   d--------   C:\Program Files\Norton Security Scan
2008-10-19 20:21 . 2008-10-19 20:22   <DIR>   d--------   C:\WINDOWS\system32\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 11:07   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\OnlineArmor
2008-10-26 10:58   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-10-26 10:25   ---------   d-----w   C:\Program Files\Odkurzacz
2008-10-26 10:20   ---------   d-----w   C:\Program Files\SiteThief
2008-10-26 09:29   97,928   ----a-w   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-26 09:29   76,040   ----a-w   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-26 09:29   10,520   ----a-w   C:\WINDOWS\system32\avgrsstx.dll
2008-10-26 08:46   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Skype
2008-10-26 08:46   ---------   d-----w   C:\Documents and Settings\AnQ\Dane aplikacji\DivX
2008-10-26 08:46   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-26 08:42   ---------   d-----w   C:\Program Files\eMule
2008-10-06 10:03   ---------   d-----w   C:\Program Files\UltraISO
2008-10-06 10:02   ---------   d-----w   C:\Program Files\MagicISO
2008-09-30 12:46   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Offline Explorer
2008-09-30 09:06   ---------   d-----w   C:\Program Files\Total Video Converter
2008-09-29 10:13   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Vso
2008-09-24 07:14   ---------   d-----w   C:\Program Files\AVI ReComp
2008-09-18 11:42   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\AVI ReComp
2008-09-18 08:53   ---------   d-----w   C:\Program Files\Gabest
2008-09-18 08:52   ---------   d-----w   C:\Program Files\Xvid
2008-09-18 08:52   ---------   d-----w   C:\Program Files\AviSynth 2.5
2008-09-16 19:59   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI
2008-09-16 16:43   ---------   d-----w   C:\Program Files\Common Files\Logishrd
2008-09-16 16:42   ---------   d-----w   C:\Program Files\Common Files\Logitech
2008-09-16 16:40   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-14 21:16   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
2008-09-14 18:08   ---------   d-----w   C:\Program Files\BurnAware Free
2008-09-14 12:20   29   ----a-w   C:\WINDOWS\Fonts\AWVEXA.INI
2008-09-14 11:58   262,144   ----a-w   C:\WINDOWS\system32\gfkernel.dll
2008-09-14 11:57   ---------   d-----w   C:\Program Files\GetFLV
2008-09-13 10:08   ---------   d-----w   C:\Program Files\Flash Saver
2008-09-13 05:56   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Orbit
2008-09-12 12:28   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\GrabPro
2008-09-12 07:30   237,568   ----a-w   C:\WINDOWS\system32\rmc_rtspdl.dll
2008-09-12 07:30   156,672   ----a-w   C:\WINDOWS\system32\rmc_fixasf.exe
2008-09-12 07:29   323,584   ----a-w   C:\WINDOWS\system32\AUDIOGENIE2.DLL
2008-09-02 17:09   ---------   d-----w   C:\Program Files\StreamDown v6.1
2008-09-02 15:51   ---------   d-----w   C:\Program Files\EasyDVDShrink
2008-09-01 06:17   ---------   d-----w   C:\Documents and Settings\Maciuś\Dane aplikacji\Any DVD Converter Professional
2008-08-28 16:52   ---------   d-----w   C:\Program Files\Mayoko
2008-08-20 10:44   47,360   ----a-w   C:\Documents and Settings\Maciuś\Dane aplikacji\pcouffin.sys
2008-08-16 05:27   499,712   ----a-w   C:\WINDOWS\system32\msvcp71.dll
2008-02-29 18:36   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

------- Sigcheck -------

2004-08-03 22:14  359040  1745b00fc1141404b28f4b94f69a8871   C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 22:14  359040  1745b00fc1141404b28f4b94f69a8871   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot_2008-10-26_10.43.54.60   )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 06:00:00   73,728   ----a-w   C:\WINDOWS\fdsv.exe
+ 2000-08-31 07:00:00   89,504   ----a-w   C:\WINDOWS\fdsv.exe
- 2000-08-31 06:00:00   80,412   ----a-w   C:\WINDOWS\grep.exe
+ 2000-08-31 07:00:00   80,412   ----a-w   C:\WINDOWS\grep.exe
- 2000-08-31 06:00:00   98,816   ----a-w   C:\WINDOWS\sed.exe
+ 2000-08-31 07:00:00   98,816   ----a-w   C:\WINDOWS\sed.exe
- 2000-08-31 06:00:00   136,704   ----a-w   C:\WINDOWS\swsc.exe
+ 2000-08-31 07:00:00   136,704   ----a-w   C:\WINDOWS\SWSC.exe
- 2000-08-31 06:00:00   212,480   ----a-w   C:\WINDOWS\swxcacls.exe
+ 2000-08-31 07:00:00   212,480   ----a-w   C:\WINDOWS\SWXCACLS.exe
- 2000-08-31 06:00:00   49,152   ----a-w   C:\WINDOWS\VFind.exe
+ 2000-08-31 07:00:00   49,152   ----a-w   C:\WINDOWS\VFIND.exe
- 2000-08-31 06:00:00   68,096   ----a-w   C:\WINDOWS\zip.exe
+ 2000-08-31 07:00:00   68,096   ----a-w   C:\WINDOWS\zip.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 294912]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-26 1234712]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-29 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57132:TCP"= 57132:TCP:Pando P2P TCP Listening Port
"57132:UDP"= 57132:UDP:Pando P2P UDP Listening Port
"57531:TCP"= 57531:TCP:Pando P2P TCP Listening Port
"57531:UDP"= 57531:UDP:Pando P2P UDP Listening Port
"56856:TCP"= 56856:TCP:Pando P2P TCP Listening Port
"56856:UDP"= 56856:UDP:Pando P2P UDP Listening Port

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-26 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-26 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-26 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-26 76040]
S3 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-01-27 246784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}]
\Shell\AutoRun\command - G:\AUTORUN\AUTORUN.EXE

*Newly Created Service* - catchme
.
Zawartość folderu 'Zaplanowane zadania'

2008-04-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-10-19 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 13:35:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


C:\Documents and Settings\AnQ\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\brhdtfxa.default\Cache\258E67F7d01
C:\Documents and Settings\AnQ\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\brhdtfxa.default\Cache\2AB2FA55d01

skanowanie pomyślnie ukończone
ukryte pliki: 2

**************************************************************************
.
Czas ukończenia: 2008-10-26 13:36:16
ComboFix-quarantined-files.txt  2008-10-26 12:36:13
ComboFix2.txt  2008-10-26 12:30:23
ComboFix3.txt  2008-10-26 09:44:32
ComboFix4.txt  2008-06-17 20:36:17
ComboFix5.txt  2008-10-26 12:32:39

Przed: 2 176 843 776 bajtów wolnych
Po: 2,166,919,168 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

168


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:21, on 2008-10-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\AnQ\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204304760718
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Usługa iPod (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

--
End of file - 6017 bytes


[Magik]

to moj kolega zgubil//w HJT na fix:

Kod: Zaznacz wszystko

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
*.local

sciagnij i uruchom
http://swandog46.geekstogo.com/avenger.zip

Zaznaczasz tekst podany do usunięcia

Kod: Zaznacz wszystko

Files to delete:
C:\WINDOWS\fdsv.exe
C:\WINDOWS\fdsv.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\swsc.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\swxcacls.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\VFind.exe
C:\WINDOWS\VFIND.exe
C:\WINDOWS\zip.exe

kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt


wklej do notatnika

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}]


zapisz jako fix.reg i odpal

[mokkunia]

Kod: Zaznacz wszystko

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\fdsv.exe" deleted successfully.

Error:  file "C:\WINDOWS\fdsv.exe" not found!
Deletion of file "C:\WINDOWS\fdsv.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\grep.exe" deleted successfully.

Error:  file "C:\WINDOWS\grep.exe" not found!
Deletion of file "C:\WINDOWS\grep.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\sed.exe" deleted successfully.

Error:  file "C:\WINDOWS\sed.exe" not found!
Deletion of file "C:\WINDOWS\sed.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\swsc.exe" deleted successfully.

Error:  file "C:\WINDOWS\SWSC.exe" not found!
Deletion of file "C:\WINDOWS\SWSC.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\swxcacls.exe" deleted successfully.

Error:  file "C:\WINDOWS\SWXCACLS.exe" not found!
Deletion of file "C:\WINDOWS\SWXCACLS.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\VFind.exe" deleted successfully.

Error:  file "C:\WINDOWS\VFIND.exe" not found!
Deletion of file "C:\WINDOWS\VFIND.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\zip.exe" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.


Dodano 26.10.2008 14:57:57:

wklej do notatnika

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}]


zapisz jako fix.reg i odpal

tego nie udało mi się zrobić
Pojawił się komunikat:

Kod: Zaznacz wszystko

Nie można zaimportować C:Documents and Setting/AnQ/Pulpit/fix.reg Określony plik nie jest skryptem rejestru. Można importować tylko binarne pliki rejestru z wewnątrz Edytora rejestru

[Magik]

przeskanuj obszar kompuetra za pomoca IE i wklej raport na forum

http://www.kaspersky.com/virusscanner

i
program-szukajacy-trojanow-i-malware-vt97108.html

[mokkunia]

Kod: Zaznacz wszystko

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 26, 2008
Operating System: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 26, 2008 06:21:05
Records in database: 1347147
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\
   J:\

Scan statistics:
   Files scanned: 95802
   Threat name: 3
   Infected objects: 3
   Suspicious objects: 6
   Duration of the scan: 06:55:47


File name / Threat name / Threats count
C:\Documents and Settings\AnQ\Ustawienia lokalne\Dane aplikacji\Identities\{50770227-1B07-4B8B-92DC-55984F147E9A}\Microsoft\Outlook Express\Skrzynka odbiorcza.dbx   Infected: not-a-virus:PSWTool.Win32.RAS.a   2
D:\The Bat!\The Bat!\Maciek\Trash\MESSAGES.TBB   Suspicious: Email-Worm.Win32.Bagle.mail   6
D:\The Bat!\The Bat!\Maciek\Trash\MESSAGES.TBB   Infected: Email-Worm.Win32.Bagle.gen   1

The selected area was scanned.


Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.6.10.6705                             *
*                                                                              *
********************************************************************************

Created at 21:25:17 on Sunday, October 26, 2008

Time Zone            :

Logged On User       : AnQ

Operating System     : Microsoft Windows XP Professional Dodatek Service Pack 2
OS Version           : 5.1.2600
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X86 AMD Athlon(tm) XP 1800+

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 20.48 GB
System Drive Free    : 2.28 GB

Total Physical Memory: 1023 MB
Free Physical Memory : 572 MB
Total Page File      : 1023 MB
Free Page File       : 2057 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1968 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\system32\clkcnt.txt

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

[Magik]

W koszu od The bat! masz niby 2 zawirusowane wiadomosci email//skasuj

to samo tyczy sie skrzynki odbiorczej Outlooka//wyczysc poczte a najlepiej usun ten plik

Kod: Zaznacz wszystko

Skrzynka odbiorcza.dbx

za nia odpowiadajacy

[mokkunia]

Dziękuję bardzo za szybką pomoc cały ten plik

Kod: Zaznacz wszystko

Skrzynka odbiorcza.dbx

wyrzuciłam, bo i tak nie korzystam już z Outlooka. Cały folder z The bat! też wyrzucony, bo nie używany.

Czy coś jeszcze mogę teraz zrobić, czy powinno już być ok? Czy możesz mi powiedzieć, czy to były jakieś wirusy/trojany i to przez nie cały mój problem?

Strony teraz wydają się chodzić ok, cały komp też.

[Magik]

Czy coś jeszcze mogę teraz zrobić, czy powinno już być ok?

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

Czy coś jeszcze mogę teraz zrobić, czy powinno już być ok? Czy możesz mi powiedzieć, czy to były jakieś wirusy/trojany i to przez nie cały mój problem?

zadnych problemow z siecia nie mialas, wiec prawdopodnie tak, ten badziew mogll blokowac porty etc...

Pozdrawiam

Autor postu otrzymał pochwałę

[mokkunia]

Dzięki - wszystko zrobione
Komputer chodzi bardzo ładnie, strony też Mam nadzieję, że tak już zostanie