chyba poważny problem z internetem

**Posty:** 14 · przez **kennedy** 28 Mar 2008, 23:33

Jestem użytkownikiem bezprzewodowej sieci radiowej. Jestem pewnien, że problem ten nie występuje u innych użytkowników. Program od karty sieciowej wkazuje, że wszystko jest OK, ale klikając dwukrotnie na "połączenie", "odebranych" jest zaledwie kilka. Coś blokuje mój internet. Dziwne po czasem po prostu przestaje działać, nie chodzi kilka godzin, a potem wszystko jest w pożądku, dołączam LOG

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:16:09, on 2008-03-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\Opera.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<< R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ip:port R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing) O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing) O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ADS] C:\Windows\ADS.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz używając Download &Express'a - C:\Program Files\Download Express\Add_Url.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 6809 bytes

Z góry dziękuje za pomoc, jeśli coś jest nie tak, proszę o wyrozumiałość, jestem nowy :]
ps
Używam Kaspersky Internt Security 7.0, spybota - search&destroy oraz "spyware doctor", po skanowaniu programy te wskazują, że nie ma problemów

**Posty:** 18165 · przez **wojtas** 28 Mar 2008, 23:36

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 14 · przez **kennedy** 29 Mar 2008, 00:51

Zgodnie ze wskazówkami:
z Hijacka:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:50, on 2008-03-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ip:port
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ADS] C:\Windows\ADS.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz używając Download &Express'a - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7018 bytes

Z ComboFixa

ComboFix 08-03-27.1 - user 2008-03-28 23:36:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.629 [GMT 1:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-28 23:35 . 2008-03-28 23:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-28 23:35 . 2008-03-28 23:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-28 22:53 . 2008-03-28 22:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-28 22:50 . 2008-03-28 22:59 <DIR> d-------- C:\SDFix
2008-03-28 22:42 . 2008-03-28 22:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-28 22:15 . 2008-03-28 22:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 19:20 . 2005-07-29 11:44 340,992 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2008-03-28 19:20 . 2005-05-17 16:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-03-28 19:20 . 2005-06-17 19:19 242,048 --a------ C:\WINDOWS\system32\drivers\RT2500.sys
2008-03-28 19:20 . 2005-08-25 11:15 81,920 --a------ C:\WINDOWS\system32\Install6x.dll
2008-03-28 19:20 . 2008-03-28 19:20 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-28 19:20 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2008-03-28 19:20 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
2008-03-28 19:20 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2008-03-28 19:20 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x
2008-03-28 17:01 . 2008-03-28 17:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-28 17:01 . 2008-03-28 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-03-28 17:01 . 2008-03-28 23:46 2,139,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-28 17:01 . 2008-03-28 17:01 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-28 17:01 . 2008-03-28 17:01 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-28 17:01 . 2008-03-28 22:51 31,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-28 17:01 . 2008-03-28 23:46 11,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-28 17:01 . 2008-03-28 22:51 3,908 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-26 16:33 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-26 16:33 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-26 16:25 . 2008-03-28 18:11 <DIR> d-------- C:\Lineage II
2008-03-20 12:57 . 2008-03-20 12:57 <DIR> d-------- C:\Documents and Settings\Paulina\Dane aplikacji\MetaProducts
2008-03-20 12:57 . 2008-03-20 12:57 <DIR> d-------- C:\Documents and Settings\Gość\Dane aplikacji\MetaProducts
2008-03-20 12:57 . 2008-03-20 12:57 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MetaProducts
2008-03-08 12:08 . 2008-03-08 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-03-07 16:36 . 2008-03-07 16:36 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-07 16:36 . 2008-03-07 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-03-07 16:36 . 2008-03-07 16:36 476,752 --a------ C:\Documents and Settings\All Users\Dane aplikacji\pswi_preloaded.exe
2008-03-07 16:35 . 2008-03-28 18:31 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-07 16:35 . 2008-03-28 18:31 88 -r-hs---- C:\WINDOWS\system32\0A047FF4AA.sys
2008-03-07 14:58 . 2008-03-07 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 14:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-03-28 18:22 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\AdobeUM
2008-03-28 18:19 --------- d-----w C:\Program Files\RALINK
2008-03-28 17:31 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Corel
2008-03-28 15:48 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-26 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 18:35 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\teamspeak2
2008-03-19 15:18 21,688 ----a-w C:\Documents and Settings\user\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-03-14 17:01 --------- d-----w C:\Program Files\Winamp
2008-03-08 19:39 --------- d-----w C:\Program Files\Nero
2008-02-20 18:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-15 11:39 --------- d-----w C:\Program Files\Activision
2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-02-01 19:01 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-01 19:01 6,112 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-01 19:01 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
.

------- Sigcheck -------

2004-08-03 23:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\wininet.dll
2004-08-03 23:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-03 23:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\explorer.exe
2004-08-03 23:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58 1716224]
"ADS"="C:\Windows\ADS.exe" [2007-04-28 08:28 0]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-31 08:23 7630848]
"nwiz"="nwiz.exe" [2006-08-31 08:23 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-31 08:23 86016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 03:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-25 17:57 77824]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-03-04 20:15:54 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Hamachi.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hamachi.lnk
backup=C:\WINDOWS\pss\Hamachi.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\user\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADS]
--a------ 2007-04-28 08:28 0 C:\Windows\ADS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\YDPDict\watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-06-17 20:16]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 03:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11bdd51c-8a13-11dc-9531-0002449314c4}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 23:46:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-28 23:47:55
ComboFix-quarantined-files.txt 2008-03-28 22:47:51
Pre-Run: 15,703,556,096 bajtów wolnych
Post-Run: 15,681,925,120 bajtów wolnych

Z SDfixa:

SDFix: Version 1.163

Run by Administrator on 2008-03-28 at 22:54

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 22:57:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2d9aee54
"s2"=dword:e98ea077
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:27,31,c9,cc,13,69,c2,e2,8f,a6,4f,71,c0,47,06,4e,d1,4b,73,62,ae,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:db,5d,9b,0d,98,4b,77,ad,32,7b,63,16,19,a6,12,29,f1,b7,9a,f4,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:27,31,c9,cc,13,69,c2,e2,8f,a6,4f,71,c0,47,06,4e,d1,4b,73,62,ae,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:db,5d,9b,0d,98,4b,77,ad,32,7b,63,16,19,a6,12,29,f1,b7,9a,f4,53,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 84

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares"
"C:\\Documents and Settings\\user\\Pulpit\\Lineage files\\L2_BOt\\l2asrv.exe"="C:\\Documents and Settings\\user\\Pulpit\\Lineage files\\L2_BOt\\l2asrv.exe:*:Disabled:l2asrv"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 2 Jan 2008 363,243 A..H. --- "C:\RECYCLER\S-1-5-21-602162358-1958367476-725345543-1003\Dc94.exe"
Wed 2 Jan 2008 363,243 A..H. --- "C:\RECYCLER\S-1-5-21-602162358-1958367476-725345543-1003\Dc95.exe"
Fri 28 Mar 2008 88 ..SHR --- "C:\WINDOWS\system32\0A047FF4AA.sys"
Fri 28 Mar 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 5 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 25 Mar 2008 24,576 ...H. --- "C:\Documents and Settings\user\Pulpit\~WRL3160.tmp"
Wed 27 Feb 2008 0 A..H. --- "C:\Documents and Settings\user\Ustawienia lokalne\Temp\BIT251.tmp"
Mon 5 Feb 2007 4,348 A..H. --- "C:\Documents and Settings\user\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak"
Sat 17 Feb 2007 20 A..H. --- "C:\Documents and Settings\user\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak"
Mon 5 Feb 2007 312 A..H. --- "C:\Documents and Settings\user\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak"
Sat 17 Feb 2007 1,536 A..H. --- "C:\Documents and Settings\user\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2lic.bak"
Sat 8 Mar 2008 0 A..H. --- "C:\Documents and Settings\user\Ustawienia lokalne\Temp\dotnetfx3521022.08\1033\dotnetfx30\BIT168.tmp"

Finished!

Pozdrawiam i proszę o pomoc ;]

**Posty:** 18165 · przez **wojtas** 29 Mar 2008, 09:35

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKCU\..\Run: [ADS] C:\Windows\ADS.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg

skasuj te wpisy w hijacku i pogrubiony plik wywal do kosza.

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11bdd51c-8a13-11dc-9531-0002449314c4}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach) po chwili włącz

i daj nowe logi

**Posty:** 14 · przez **kennedy** 29 Mar 2008, 16:34

Logi zrobione podczas gdy internet nie chodził chociaż tak jak wsponiałem wszystko powinno być OK.
Z hijacka

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:53:38, on 2008-03-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\RALINK\Common\RaUI.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ip:port R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing) O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz używając Download &Express'a - C:\Program Files\Download Express\Add_Url.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{23F29AEE-0C3C-427D-AD6C-FA4755852524}: NameServer = 192.168.30.1 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 6788 bytes

Z sdfixa

Kod: Zaznacz wszystko: [b]SDFix: Version 1.163 [/b] Run by Administrator on 2008-03-29 at 13:58 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 14:05:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2d9aee54 "s2"=dword:e98ea077 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:27,31,c9,cc,13,69,c2,e2,8f,a6,4f,71,c0,47,06,4e,d1,4b,73,62,ae,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:db,5d,9b,0d,98,4b,77,ad,32,7b,63,16,19,a6,12,29,f1,b7,9a,f4,53,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:27,31,c9,cc,13,69,c2,e2,8f,a6,4f,71,c0,47,06,4e,d1,4b,73,62,ae,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:db,5d,9b,0d,98,4b,77,ad,32,7b,63,16,19,a6,12,29,f1,b7,9a,f4,53,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000000 "TracesSuccessful"=dword:00000000 "LastTraceFailure"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 84 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser" "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Fri 28 Mar 2008 88 ..SHR --- "C:\WINDOWS\system32\0A047FF4AA.sys" Fri 28 Mar 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Mon 5 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" [b]Finished![/b]

Z combofixa

Kod: Zaznacz wszystko: ComboFix 08-03-27.1 - user 2008-03-29 14:08:23.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.645 [GMT 1:00] Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))) . 2008-03-28 22:53 . 2008-03-28 22:53 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-28 22:50 . 2008-03-29 14:06 <DIR> d-------- C:\SDFix 2008-03-28 22:42 . 2008-03-28 22:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-03-28 22:15 . 2008-03-28 22:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-28 19:20 . 2005-07-29 11:44 340,992 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2008-03-28 19:20 . 2005-05-17 16:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe 2008-03-28 19:20 . 2005-06-17 19:19 242,048 --a------ C:\WINDOWS\system32\drivers\RT2500.sys 2008-03-28 19:20 . 2005-08-25 11:15 81,920 --a------ C:\WINDOWS\system32\Install6x.dll 2008-03-28 19:20 . 2008-03-28 19:20 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-28 19:20 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2008-03-28 19:20 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2008-03-28 19:20 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2008-03-28 19:20 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x 2008-03-28 17:01 . 2008-03-28 17:01 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-03-28 17:01 . 2008-03-29 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-03-28 17:01 . 2008-03-29 14:19 2,333,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-28 17:01 . 2008-03-28 17:01 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-03-28 17:01 . 2008-03-28 17:01 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-03-28 17:01 . 2008-03-29 13:54 34,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-28 17:01 . 2008-03-29 13:54 14,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-28 17:01 . 2008-03-29 13:54 4,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-26 16:33 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-03-26 16:33 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-03-26 16:25 . 2008-03-29 10:50 <DIR> d-------- C:\Lineage II 2008-03-20 12:57 . 2008-03-20 12:57 <DIR> d-------- C:\Documents and Settings\Paulina\Dane aplikacji\MetaProducts 2008-03-20 12:57 . 2008-03-20 12:57 <DIR> d-------- C:\Documents and Settings\Gość\Dane aplikacji\MetaProducts 2008-03-20 12:57 . 2008-03-20 12:57 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MetaProducts 2008-03-08 12:08 . 2008-03-08 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-03-07 16:36 . 2008-03-07 16:36 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-03-07 16:36 . 2008-03-07 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel 2008-03-07 16:36 . 2008-03-07 16:36 476,752 --a------ C:\Documents and Settings\All Users\Dane aplikacji\pswi_preloaded.exe 2008-03-07 16:35 . 2008-03-28 18:31 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-07 16:35 . 2008-03-28 18:31 88 -r-hs---- C:\WINDOWS\system32\[u]0[/u]A047FF4AA.sys 2008-03-07 14:58 . 2008-03-07 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 14:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-03-28 18:22 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\AdobeUM 2008-03-28 18:19 --------- d-----w C:\Program Files\RALINK 2008-03-28 17:31 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Corel 2008-03-28 15:48 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-03-26 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-25 18:35 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\teamspeak2 2008-03-19 15:18 21,688 ----a-w C:\Documents and Settings\user\Dane aplikacji\GDIPFONTCACHEV1.DAT 2008-03-14 17:01 --------- d-----w C:\Program Files\Winamp 2008-03-08 19:39 --------- d-----w C:\Program Files\Nero 2008-02-20 18:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-15 11:39 --------- d-----w C:\Program Files\Activision 2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll 2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat 2008-02-01 19:01 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-02-01 19:01 6,112 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-01 19:01 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll . ------- Sigcheck ------- 2004-08-03 23:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\wininet.dll 2004-08-03 23:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\dllcache\wininet.dll 2004-08-03 23:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\explorer.exe 2004-08-03 23:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-28_23.46.59.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-28 21:53:37 704,512 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-03-29 12:57:16 745,472 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-03-28 21:53:37 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-03-29 12:57:16 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat - 2008-03-28 18:13:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-29 09:42:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-03-28 18:13:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-03-29 09:42:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2008-03-28 18:13:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-03-29 09:42:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58 1716224] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-31 08:23 7630848] "nwiz"="nwiz.exe" [2006-08-31 08:23 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-31 08:23 86016] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152] "RTHDCPL"="RTHDCPL.EXE" [2006-05-27 03:47 16208384 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "NWEReboot"="" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-25 17:57 77824] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632] "BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-03-04 20:15:54 598016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Hamachi.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hamachi.lnk backup=C:\WINDOWS\pss\Hamachi.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Ralink Wireless Utility.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\user\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADS] C:\Windows\ADS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] C:\Program Files\Tlen.pl\tlen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\YDPDict\watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Mail Scanner"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-06-17 20:16] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 03:03] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 14:18:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-29 14:20:11 ComboFix-quarantined-files.txt 2008-03-29 13:20:07 ComboFix2.txt 2008-03-28 22:47:58 Pre-Run: 16,393,117,696 bajtów wolnych Post-Run: 16,373,891,072 bajtów wolnych

**Posty:** 18165 · przez **wojtas** 29 Mar 2008, 17:23

czysto

**Posty:** 14 · przez **kennedy** 07 Kwi 2008, 19:13

Po kilku dniach bez problemów problem nasilił się, dziś po 5h wreszcie internet dziala (nie wiem na ile ;/) zamieszczam logi.
Zdziwila mnie częstość wystepowanie procesu svchost wiec dolaczam zrzut, nie wiem czy to normalne.
http://img221.imageshack.us/my.php?image=procesyei7.jpg
logi:
hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:59, on 2008-04-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ip:port
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B77251E-EFDF-422A-88E7-C0569FA6095F}: NameServer = 192.168.30.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5955 bytes

sdfix

SDFix: Version 1.163

Run by Administrator on 2008-04-07 at 17:49

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 17:58:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2d9aee54
"s2"=dword:e98ea077
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:27,31,c9,cc,13,69,c2,e2,8f,a6,4f,71,c0,47,06,4e,d1,4b,73,62,ae,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:db,5d,9b,0d,98,4b,77,ad,32,7b,63,16,19,a6,12,29,f1,b7,9a,f4,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:27,31,c9,cc,13,69,c2,e2,8f,a6,4f,71,c0,47,06,4e,d1,4b,73,62,ae,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:db,5d,9b,0d,98,4b,77,ad,32,7b,63,16,19,a6,12,29,f1,b7,9a,f4,53,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 84

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 28 Mar 2008 88 ..SHR --- "C:\WINDOWS\system32\0A047FF4AA.sys"
Fri 28 Mar 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 5 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

combo fix

ComboFix 08-03-27.1 - user 2008-04-07 18:06:33.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.657 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.

2008-04-07 15:25 . 2005-07-29 11:44 340,992 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2008-04-07 15:25 . 2005-05-17 16:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-04-07 15:25 . 2005-06-17 19:19 242,048 --a------ C:\WINDOWS\system32\drivers\RT2500.sys
2008-04-07 15:25 . 2005-08-25 11:15 81,920 --a------ C:\WINDOWS\system32\Install6x.dll
2008-04-07 15:25 . 2008-04-07 15:25 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-07 15:25 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2008-04-07 15:25 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
2008-04-07 15:25 . 2005-07-29 11:43 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2008-04-07 15:25 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x
2008-03-31 15:20 . 2008-03-31 15:20 <DIR> d-------- C:\Program Files\DNA
2008-03-31 15:20 . 2008-03-31 15:20 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-28 23:53 . 2008-03-28 23:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-28 23:50 . 2008-04-07 17:59 <DIR> d-------- C:\SDFix
2008-03-28 23:42 . 2008-03-28 23:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-28 23:15 . 2008-03-28 23:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 18:01 . 2008-03-28 18:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-28 18:01 . 2008-04-07 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-03-28 18:01 . 2008-04-07 17:46 4,182,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-28 18:01 . 2008-03-28 18:01 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-28 18:01 . 2008-03-28 18:01 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-28 18:01 . 2008-04-07 18:07 68,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-28 18:01 . 2008-04-07 17:46 59,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-28 18:01 . 2008-04-07 17:46 9,308 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-26 17:33 . 2006-02-04 04:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-26 17:33 . 2006-02-04 04:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-26 17:25 . 2008-04-07 17:43 <DIR> d-------- C:\Lineage II
2008-03-20 13:57 . 2008-03-20 13:57 <DIR> d-------- C:\Documents and Settings\Paulina\Dane aplikacji\MetaProducts
2008-03-20 13:57 . 2008-03-20 13:57 <DIR> d-------- C:\Documents and Settings\Gość\Dane aplikacji\MetaProducts
2008-03-20 13:57 . 2008-03-20 13:57 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MetaProducts
2008-03-08 13:08 . 2008-03-08 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-03-07 17:36 . 2008-03-07 17:36 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-07 17:36 . 2008-03-07 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-03-07 17:36 . 2008-03-07 17:36 476,752 --a------ C:\Documents and Settings\All Users\Dane aplikacji\pswi_preloaded.exe
2008-03-07 17:35 . 2008-03-28 19:31 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-07 17:35 . 2008-03-28 19:31 88 -r-hs---- C:\WINDOWS\system32\0A047FF4AA.sys
2008-03-07 15:58 . 2008-03-07 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 14:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-07 15:45 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\DNA
2008-04-06 11:11 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\AdobeUM
2008-04-06 10:44 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\BitTorrent
2008-04-03 17:57 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-31 14:00 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\DivX
2008-03-28 18:19 --------- d-----w C:\Program Files\RALINK
2008-03-28 17:31 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Corel
2008-03-26 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 18:35 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\teamspeak2
2008-03-19 15:18 21,688 ----a-w C:\Documents and Settings\user\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-03-14 17:01 --------- d-----w C:\Program Files\Winamp
2008-03-08 19:39 --------- d-----w C:\Program Files\Nero
2008-02-20 18:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-15 11:39 --------- d-----w C:\Program Files\Activision
2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-02-01 19:01 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-01 19:01 6,112 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-01 19:01 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
.

------- Sigcheck -------

2004-08-04 00:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\wininet.dll
2004-08-04 00:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-04 00:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\explorer.exe
2004-08-04 00:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot_2008-04-07_13.38.15,51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-29 12:57:16 745,472 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-07 15:48:04 745,472 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-03-29 12:57:16 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-07 15:48:04 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06 94208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 16:58 1716224]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-31 15:20 288576]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-31 09:23 7630848]
"nwiz"="nwiz.exe" [2006-08-31 09:23 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-31 09:23 86016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-25 18:57 77824]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 13:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 19:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-03-04 21:15:54 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Hamachi.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hamachi.lnk
backup=C:\WINDOWS\pss\Hamachi.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\user\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADS]
C:\Windows\ADS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-03-25 01:25 587568 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\YDPDict\watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-06-17 21:16]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 04:03]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 18:07:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{23F29AEE-0C3C-427D-AD6C-FA4755852524}]

.
Completion time: 2008-04-07 18:08:42
ComboFix-quarantined-files.txt 2008-04-07 16:08:39
ComboFix2.txt 2008-04-07 11:39:02
ComboFix3.txt 2008-04-02 10:55:41
ComboFix4.txt 2008-03-29 13:20:12
ComboFix5.txt 2008-03-28 22:47:58
Pre-Run: 17,997,234,176 bajtów wolnych
Post-Run: 17,987,452,928 bajtów wolnych

Proszę o pomoc, jeżeli logi są OK proszę o ewentualne sugestie, propozycje czy rade co z tym zrobić i jak to naprawic. Pozdrawiam

**Posty:** 18165 · przez **wojtas** 07 Kwi 2008, 21:08

wklej do notatnika:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADS]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....
i bedzie ok... kto jest Twoim dostawca neta?

**Posty:** 14 · przez **kennedy** 07 Kwi 2008, 21:59

Moim dostawcą jest firma IT Systematic (taka chyba nazwa) dlaczego pytasz?? Może wina leży po ich stronie?

**Posty:** 18165 · przez **wojtas** 07 Kwi 2008, 22:35

własnie zadzwon do nich

powiedz ze nie masz wirusow ( bo pewnie beda podawac przyczyne tego spowolnienia) moze Ci pomoga

chyba poważny problem z internetem

Chyba poważny problem z internetem

..

ponownie

...

Kto jest na forum