Logi - ciągłe wysyłanie poczty (spam ?)

**Posty:** 311 · przez **jarosss** 11 Kwi 2009, 22:52

Witam !
Przy pobieraniu z neta plików ściągnął mi się jakiś wirus i teraz przez cały czas Norton AntiVirus pokazuje mi że wysyłana jest poczta.
Niżej zamieszczam logi:

Kod: Zaznacz wszystko: ComboFix 09-04-04.01 - komp 2009-04-11 22:35:25.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.475 [GMT 2:00] Uruchomiony z: F:\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *enabled* FW: Outpost Firewall Pro *enabled* * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . [color=purple]Następujące pliki zostały wyłączone z działania w czasie skanowania:[/color] d:\outpost firewall\wl_hook.dll ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\digiwet.dll c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\sdra64.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-11 do 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-11 22:18 . 2009-04-11 22:17 110,592 --a------ c:\windows\system32\OLD2A8.tmp 2009-04-11 22:18 . 2009-04-11 22:18 58,368 --a------ c:\windows\system32\OLD2B1.tmp 2009-04-11 22:18 . 2009-04-11 22:17 16,896 --a------ c:\windows\system32\OLD2AE.tmp 2009-04-11 22:18 . 2009-04-11 22:17 14,336 --a------ c:\windows\system32\OLD2AB.tmp 2009-04-11 22:17 . 2009-04-11 22:18 <DIR> d-------- C:\32788R22FWJFW.0.tmp 2009-04-11 22:12 . 2009-04-11 22:18 <DIR> d-------- c:\windows\LastGood 2009-04-11 22:12 . 2009-04-11 22:12 1,037,312 --a------ c:\windows\OLD20C.tmp 2009-04-11 22:12 . 2009-04-11 22:12 511,488 --a------ c:\windows\system32\OLD1F7.tmp 2009-04-11 22:11 . 2009-04-11 22:10 33,280 --a------ c:\windows\system32\hssma.exe 2009-04-11 22:11 . 2009-04-11 22:10 33,280 ---h----- c:\documents and settings\komp\ruq.exe 2009-04-03 13:55 . 2009-04-03 14:02 <DIR> d-------- C:\2009-04-03_135556 2009-03-26 14:19 . 2009-03-26 14:19 <DIR> d-------- c:\program files\LibUSB-Win32 2009-03-26 14:19 . 2007-03-20 12:33 43,520 --a------ c:\windows\system32\libusb0.dll 2009-03-26 14:19 . 2007-03-20 12:33 28,672 --a------ c:\windows\system32\drivers\libusb0.sys 2009-03-26 14:16 . 2009-02-15 22:54 933,888 --a------ c:\windows\system32\SENXPCTL.OCX 2009-03-26 14:16 . 2004-03-09 02:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX 2009-03-26 14:16 . 2009-02-26 00:43 65,536 --a------ c:\windows\system32\device.OCX 2009-03-26 14:16 . 2009-02-17 05:23 32,768 --a------ c:\windows\system32\Bar.OCX 2009-03-22 22:11 . 2009-03-24 01:48 <DIR> d-------- C:\vcs5BGEffects . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 19:40 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-25 14:06 --------- d-----w c:\program files\XviD 2009-03-25 14:06 --------- d-----w c:\program files\AVIcodec 2009-03-25 14:06 --------- d-----w c:\documents and settings\komp\Dane aplikacji\Azureus 2009-03-12 17:46 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 22:41 --------- d-----w c:\program files\Google 2009-03-08 21:04 --------- d-----w c:\documents and settings\komp\Dane aplikacji\Nowe Gadu-Gadu 2009-03-02 21:26 --------- d-----w c:\program files\Motorola Tools 2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys 2009-01-23 12:24 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-07-02 16:21 47,360 -c--a-w c:\documents and settings\komp\Dane aplikacji\pcouffin.sys 2008-01-03 13:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-01-03 13:19 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-01-03 13:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-01-03 13:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-01-03 13:19 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-04-10 16:06 56 --sh--r c:\windows\system32\536AD901CF.sys 2007-04-10 16:06 10,856 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-24 132208] "Gadu-Gadu"="d:\gadu-gadu\gg.exe" [2007-05-10 2111176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="d:\winamp\winampa.exe" [2006-06-09 35328] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 58728] "QuickTime Task"="d:\quicktime player\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-01-06 290088] "hssma"="c:\windows\system32\hssma.exe" [2009-04-11 33280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PAwdXCa"= {384E4D56-92E4-E7FC-A33A-1C8C65BD297D} - c:\windows\system32\lpy.dll [2008-04-14 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.XVID"= xvid.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] backup=c:\windows\pss\Action Manager 32.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^komp^Menu Start^Programy^Autostart^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^komp^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] path=c:\documents and settings\komp\Menu Start\Programy\ivo\Ivona_Demo-1.0\UniSpiker-2.6.lnk backup=c:\windows\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a--c--- 2004-12-14 12:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2005-03-16 19:16 970752 c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2006-06-25 19:58 463360 d:\anydvd\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] -----c--- 2007-03-12 14:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-01-31 13:54 58728 c:\program files\Common Files\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2005-05-19 15:47 57344 d:\clonecd\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] --------- 2007-01-26 15:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 22:51 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a--c--- 2007-01-29 21:10 46632 c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-01-06 14:06 290088 d:\itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-05-16 14:01 13529088 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a--c--- 2008-05-16 14:01 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack] --a------ 2006-12-29 15:06 335872 d:\outpost firewall\feedback.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a--c--- 2007-01-29 21:12 30248 c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe] --a------ 2008-12-29 13:30 111840 c:\progra~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 17:18 413696 d:\quicktime player\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 d:\powerdvd\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] --a------ 2008-04-28 20:25 2707456 d:\rivatuner v2.09\RivaTuner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a--c--- 2006-10-25 09:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-12-29 13:30 111840 c:\progra~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --a------ 2007-09-12 12:17 340136 d:\unlead videostudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2005-04-12 17:27 45056 d:\virtualclonedrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a--c--- 2005-12-14 16:14 176128 c:\program files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] --a------ 2008-04-14 22:50 177152 c:\windows\system32\mqrt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2008-05-16 14:01 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StarWindService"=2 (0x2) "Speed Disk service"=2 (0x2) "ose"=3 (0x3) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "Harmonogram automatycznej usługi LiveUpdate"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "e:\\Age of Empires III\\age3x.exe"= "e:\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Skype\\Skype.exe"= "d:\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\hssma.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows "3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP) "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328] R1 SandBox;Outpost Firewall Sandbox Driver;d:\outpost firewall\Kernel\SandBox.sys [2008-01-10 323816] R1 VFILT;Outpost Firewall Kernel Driver;d:\outpost firewall\Kernel\filtnt.sys [2008-01-10 163328] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-12-29 100032] R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-10-07 99432] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-03-26 28672] S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2006-06-22 15104] S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);d:\outpost firewall\Kernel\adblock.dll [2008-01-10 33568] S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);d:\outpost firewall\Kernel\arp.dll [2008-01-10 17408] S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);d:\outpost firewall\Kernel\content.dll [2008-01-10 4896] S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);d:\outpost firewall\Kernel\dnscache.dll [2008-01-10 14464] S3 EL59X;3Com Fast EtherLink 59x Adapter Driver;c:\windows\system32\drivers\el59x.sys [2006-07-28 39184] S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);d:\outpost firewall\Kernel\ftpfilt.dll [2008-01-10 9248] S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);d:\outpost firewall\Kernel\htmlfilt.dll [2008-01-10 11552] S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);d:\outpost firewall\Kernel\httpfilt.dll [2008-01-10 13216] S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);d:\outpost firewall\Kernel\imapfilt.dll [2008-01-10 7168] S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);d:\outpost firewall\Kernel\mailfilt.dll [2008-01-10 14880] S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);d:\outpost firewall\Kernel\nntpfilt.dll [2008-01-10 6752] S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);d:\outpost firewall\Kernel\pop3filt.dll [2008-01-10 10048] S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);d:\outpost firewall\Kernel\protect.dll [2008-01-10 15200] S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);d:\outpost firewall\Kernel\secret.dll [2008-01-10 12928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Zawartość folderu 'Zaplanowane zadania' 2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-01-12 c:\windows\Tasks\Funkcja One Button Checkup pakietu Norton SystemWorks.job - c:\program files\Norton SystemWorks\OBC.exe [2005-01-24 10:34] 2009-04-10 c:\windows\Tasks\Norton AntiVirus - Skanuj komputer - komp.job - c:\progra~1\NORTON~1\NORTON~3\Navw32.exe [2005-11-17 13:27] 2009-04-10 c:\windows\Tasks\Symantec Drmc.job - c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 11:48] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.allegro.pl/ mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download Link Using Mega Manager... - d:\mega manager\mm_file.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Konwertuj do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konwertuj miejsce docelowe łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konwertuj wybrane łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konwertuj wybrane łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Konwertuj zaznaczenie do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj zaznaczenie do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\komp\Dane aplikacji\Mozilla\Firefox\Profiles\yy8ln0jr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 22:38:37 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1547161642-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBD86516-7F2A-FA0C-5C36-4E862684EDBB}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oahjmbggkimmmdikjflhocncfmmolb"=hex:64,61,68,68,68,68,6e,63,00,c0 "oaljmonlgnldjldjdpdomgacnklpmb"=hex:6a,61,6d,67,65,67,6c,68,66,61,68,65,6c,66, 6e,6d,68,63,63,69,00,fd "nabkchmmgfpmapaihjkgfalijfoh"=hex:6a,61,6d,67,65,67,6c,68,66,61,68,65,6c,66, 6e,6d,68,63,63,69,00,fd [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a7da08f-a5f1-4b54-a09f-05fcd3290386}] @Denied: (Full) (Everyone) "Model"=dword:0000012b "Therad"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):c1,ba,55,cb,35,57,95,be,71,04,a4,31,e2,60,3e,0f,5f,df,d1,6b,3d, ca,af,b7,d9,fe,12,94,ef,6b,10,15,7d,61,dd,8a,6a,d5,f6,da,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*] "AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1144) d:\outpost firewall\wl_hook.dll . Czas ukończenia: 2009-04-11 22:41:59 ComboFix-quarantined-files.txt 2009-04-11 20:41:39 ComboFix2.txt 2009-04-11 20:25:28 Przed: 293 371 904 bajtów wolnych Po: 210,948,096 bajtów wolnych 291 --- E O F --- 2009-03-14 23:57:18

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:38, on 2009-04-11 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe D:\Gadu-Gadu\gg.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\iPod\bin\iPodService.exe D:\Winamp\winamp.exe C:\WINDOWS\system32\hssma.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\komp\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Mega Manager\MegaIEMn.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WinampAgent] "D:\Winamp\winampa.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime Player\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hssma] C:\WINDOWS\system32\hssma.exe \u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: PAwdXCa - {384E4D56-92E4-E7FC-A33A-1C8C65BD297D} - C:\WINDOWS\system32\lpy.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10418 bytes

**Posty:** 8001 · przez **Okocza** 11 Kwi 2009, 23:00

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 311 · przez **jarosss** 11 Kwi 2009, 23:47

zrobiłem tak jak napisałeś:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-04-11 at 23:27 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 23:32:07 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:9c7ea12e "s2"=dword:86ba2893 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:e5,01,79,96,b2,a5,5b,7d,53,56,5c,64,82,55,37,84,dd,52,4b,9b,05,.. "p0"="D:\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b3,8f,f5,92,98,b5,63,a2,af,31,47,70,05,01,7f,68,75,.. "khjeh"=hex:78,19,02,b7,db,6a,8f,a6,8a,f9,e2,af,48,f3,19,86,02,3a,7d,49,cf,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:7e,94,42,4e,55,ca,44,79,4d,2e,80,2c,64,b9,c9,53,f8,e0,ad,d9,90,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:ae,c2,5a,13,b8,91,51,fb,11,ff,c1,65,88,42,64,10,e9,4c,16,93,97,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:a5,5b,ff,e9,e6,07,03,61,b4,e5,e1,aa,26,6e,aa,f6,d6,60,cc,8e,b1,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:c0,7d,37,c4,ed,a3,3f,fb,45,61,5e,ec,63,dd,e7,b9,d6,92,d7,c9,57,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40] "ujdew"=hex:20,02,00,00,17,34,e0,70,e3,a4,1e,cd,da,95,a8,d5,a5,63,39,ad,a4,.. "ljej40"=hex:6e,0b,73,f2,5b,3e,f0,7d,33,73,a6,70,a0,a0,9b,4b,08,76,9a,dd,6f,.. "ljej41"=hex:cc,0a,f8,fe,33,3f,60,71,32,73,1e,7c,a1,a0,52,47,08,76,4c,d1,bf,.. "ljej42"=hex:cc,0a,0d,e9,33,3f,7e,66,32,73,30,6b,a1,a0,01,50,08,76,39,c6,bf,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:e5,01,79,96,b2,a5,5b,7d,53,56,5c,64,82,55,37,84,dd,52,4b,9b,05,.. "p0"="D:\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b3,8f,f5,92,98,b5,63,a2,af,31,47,70,05,01,7f,68,75,.. "khjeh"=hex:78,19,02,b7,db,6a,8f,a6,8a,f9,e2,af,48,f3,19,86,02,3a,7d,49,cf,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:57,1d,b7,bf,b8,e0,20,cc,2e,92,b1,c7,89,cd,54,40,63,6a,61,cc,da,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:ae,c2,5a,13,b8,91,51,fb,11,ff,c1,65,88,42,64,10,e9,4c,16,93,97,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:a5,5b,ff,e9,e6,07,03,61,b4,e5,e1,aa,26,6e,aa,f6,d6,60,cc,8e,b1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:c0,7d,37,c4,ed,a3,3f,fb,45,61,5e,ec,63,dd,e7,b9,d6,92,d7,c9,57,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:e5,01,79,96,b2,a5,5b,7d,53,56,5c,64,82,55,37,84,dd,52,4b,9b,05,.. "p0"="D:\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,b3,8f,f5,92,98,b5,63,a2,af,31,47,70,05,01,7f,68,75,.. "khjeh"=hex:78,19,02,b7,db,6a,8f,a6,8a,f9,e2,af,48,f3,19,86,02,3a,7d,49,cf,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:7e,94,42,4e,55,ca,44,79,4d,2e,80,2c,64,b9,c9,53,f8,e0,ad,d9,90,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:ae,c2,5a,13,b8,91,51,fb,11,ff,c1,65,88,42,64,10,e9,4c,16,93,97,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:a5,5b,ff,e9,e6,07,03,61,b4,e5,e1,aa,26,6e,aa,f6,d6,60,cc,8e,b1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:c0,7d,37,c4,ed,a3,3f,fb,45,61,5e,ec,63,dd,e7,b9,d6,92,d7,c9,57,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120% (Trial Version)" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "E:\\Age of Empires III\\age3x.exe"="E:\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "E:\\Age of Empires III\\age3y.exe"="E:\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe:*:Enabled:BlueSoleil" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\Skype\\Skype.exe"="D:\\Skype\\Skype.exe:*:Enabled:Skype" "D:\\iTunes\\iTunes.exe"="D:\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\WINDOWS\\system32\\hssma.exe"="C:\\WINDOWS\\system32\\hssma.exe:*:Enabled:ENABLE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Tue 10 Apr 2007 56 ..SHR --- "C:\WINDOWS\system32\536AD901CF.sys" Tue 10 Apr 2007 10,856 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Mon 26 May 2008 24,576 A..H. --- "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil__.exe" Mon 26 May 2008 661,776 A..H. --- "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe" Thu 17 Nov 2005 337,320 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll" Thu 18 May 2006 339,968 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\SDI_DD_Installation.exe" [b]Finished![/b]

Kod: Zaznacz wszystko: ComboFix 09-04-04.01 - komp 2009-04-11 23:39:57.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.642 [GMT 2:00] Uruchomiony z: F:\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *enabled* FW: Outpost Firewall Pro *enabled* UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . [color=purple]Następujące pliki zostały wyłączone z działania w czasie skanowania:[/color] d:\outpost firewall\wl_hook.dll ((((((((((((((((((((((((( Pliki utworzone od 2009-03-11 do 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-11 23:26 . 2009-04-11 23:26 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-04-11 23:24 . 2009-04-11 23:24 <DIR> d-------- c:\windows\ERUNT 2009-04-11 23:12 . 2009-04-11 23:35 <DIR> d-------- C:\SDFix 2009-04-11 22:17 . 2009-04-11 22:18 <DIR> d-------- C:\32788R22FWJFW.0.tmp 2009-04-11 22:11 . 2009-04-11 22:10 33,280 --a------ c:\windows\system32\hssma.exe 2009-04-11 22:11 . 2009-04-11 22:10 33,280 ---h----- c:\documents and settings\komp\ruq.exe 2009-04-03 13:55 . 2009-04-03 14:02 <DIR> d-------- C:\2009-04-03_135556 2009-03-26 14:19 . 2009-03-26 14:19 <DIR> d-------- c:\program files\LibUSB-Win32 2009-03-26 14:19 . 2007-03-20 12:33 43,520 --a------ c:\windows\system32\libusb0.dll 2009-03-26 14:19 . 2007-03-20 12:33 28,672 --a------ c:\windows\system32\drivers\libusb0.sys 2009-03-26 14:16 . 2009-02-15 22:54 933,888 --a------ c:\windows\system32\SENXPCTL.OCX 2009-03-26 14:16 . 2004-03-09 02:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX 2009-03-26 14:16 . 2009-02-26 00:43 65,536 --a------ c:\windows\system32\device.OCX 2009-03-26 14:16 . 2009-02-17 05:23 32,768 --a------ c:\windows\system32\Bar.OCX 2009-03-22 22:11 . 2009-03-24 01:48 <DIR> d-------- C:\vcs5BGEffects . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 19:40 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-25 14:06 --------- d-----w c:\program files\XviD 2009-03-25 14:06 --------- d-----w c:\program files\AVIcodec 2009-03-25 14:06 --------- d-----w c:\documents and settings\komp\Dane aplikacji\Azureus 2009-03-12 17:46 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 22:41 --------- d-----w c:\program files\Google 2009-03-08 21:04 --------- d-----w c:\documents and settings\komp\Dane aplikacji\Nowe Gadu-Gadu 2009-03-02 21:26 --------- d-----w c:\program files\Motorola Tools 2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys 2009-01-23 12:24 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-07-02 16:21 47,360 -c--a-w c:\documents and settings\komp\Dane aplikacji\pcouffin.sys 2008-01-03 13:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-01-03 13:19 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-01-03 13:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-01-03 13:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-01-03 13:19 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-04-10 16:06 56 --sh--r c:\windows\system32\536AD901CF.sys 2007-04-10 16:06 10,856 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2009-04-11_22.23.08,25 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-04-11 21:24:43 983,040 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat + 2009-04-11 21:24:43 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-04-11 21:24:29 983,040 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2009-04-11 21:24:29 8,192 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat - 2009-04-11 13:21:30 240,338 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-04-11 21:37:19 240,331 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-04-11 21:37:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_264.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-24 132208] "Gadu-Gadu"="d:\gadu-gadu\gg.exe" [2007-05-10 2111176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="d:\winamp\winampa.exe" [2006-06-09 35328] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 58728] "QuickTime Task"="d:\quicktime player\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-01-06 290088] "hssma"="c:\windows\system32\hssma.exe" [2009-04-11 33280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.XVID"= xvid.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] backup=c:\windows\pss\Action Manager 32.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^komp^Menu Start^Programy^Autostart^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^komp^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] path=c:\documents and settings\komp\Menu Start\Programy\ivo\Ivona_Demo-1.0\UniSpiker-2.6.lnk backup=c:\windows\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a--c--- 2004-12-14 12:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2005-03-16 19:16 970752 c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2006-06-25 19:58 463360 d:\anydvd\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] -----c--- 2007-03-12 14:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-01-31 13:54 58728 c:\program files\Common Files\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2005-05-19 15:47 57344 d:\clonecd\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] --------- 2007-01-26 15:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 22:51 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a--c--- 2007-01-29 21:10 46632 c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-01-06 14:06 290088 d:\itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-05-16 14:01 13529088 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a--c--- 2008-05-16 14:01 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack] --a------ 2006-12-29 15:06 335872 d:\outpost firewall\feedback.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a--c--- 2007-01-29 21:12 30248 c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe] --a------ 2008-12-29 13:30 111840 c:\progra~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 17:18 413696 d:\quicktime player\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 d:\powerdvd\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] --a------ 2008-04-28 20:25 2707456 d:\rivatuner v2.09\RivaTuner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a--c--- 2006-10-25 09:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-12-29 13:30 111840 c:\progra~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --a------ 2007-09-12 12:17 340136 d:\unlead videostudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2005-04-12 17:27 45056 d:\virtualclonedrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a--c--- 2005-12-14 16:14 176128 c:\program files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] --a------ 2008-04-14 22:50 177152 c:\windows\system32\mqrt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2008-05-16 14:01 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StarWindService"=2 (0x2) "Speed Disk service"=2 (0x2) "ose"=3 (0x3) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "Harmonogram automatycznej usługi LiveUpdate"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "e:\\Age of Empires III\\age3x.exe"= "e:\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Skype\\Skype.exe"= "d:\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\hssma.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows "3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP) "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328] R1 SandBox;Outpost Firewall Sandbox Driver;d:\outpost firewall\Kernel\SandBox.sys [2008-01-10 323816] R1 VFILT;Outpost Firewall Kernel Driver;d:\outpost firewall\Kernel\filtnt.sys [2008-01-10 163328] R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-10-07 99432] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-03-26 28672] S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2006-06-22 15104] S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);d:\outpost firewall\Kernel\adblock.dll [2008-01-10 33568] S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);d:\outpost firewall\Kernel\arp.dll [2008-01-10 17408] S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);d:\outpost firewall\Kernel\content.dll [2008-01-10 4896] S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);d:\outpost firewall\Kernel\dnscache.dll [2008-01-10 14464] S3 EL59X;3Com Fast EtherLink 59x Adapter Driver;c:\windows\system32\drivers\el59x.sys [2006-07-28 39184] S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);d:\outpost firewall\Kernel\ftpfilt.dll [2008-01-10 9248] S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);d:\outpost firewall\Kernel\htmlfilt.dll [2008-01-10 11552] S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);d:\outpost firewall\Kernel\httpfilt.dll [2008-01-10 13216] S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);d:\outpost firewall\Kernel\imapfilt.dll [2008-01-10 7168] S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);d:\outpost firewall\Kernel\mailfilt.dll [2008-01-10 14880] S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);d:\outpost firewall\Kernel\nntpfilt.dll [2008-01-10 6752] S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);d:\outpost firewall\Kernel\pop3filt.dll [2008-01-10 10048] S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);d:\outpost firewall\Kernel\protect.dll [2008-01-10 15200] S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);d:\outpost firewall\Kernel\secret.dll [2008-01-10 12928] S4 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-12-29 100032] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Zawartość folderu 'Zaplanowane zadania' 2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-01-12 c:\windows\Tasks\Funkcja One Button Checkup pakietu Norton SystemWorks.job - c:\program files\Norton SystemWorks\OBC.exe [2005-01-24 10:34] 2009-04-10 c:\windows\Tasks\Norton AntiVirus - Skanuj komputer - komp.job - c:\progra~1\NORTON~1\NORTON~3\Navw32.exe [2005-11-17 13:27] 2009-04-10 c:\windows\Tasks\Symantec Drmc.job - c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 11:48] . - - - - USUNIĘTO PUSTE WPISY - - - - SSODL-PAwdXCa-{384E4D56-92E4-E7FC-A33A-1C8C65BD297D} - c:\windows\system32\lpy.dll . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.allegro.pl/ mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download Link Using Mega Manager... - d:\mega manager\mm_file.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Konwertuj do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konwertuj miejsce docelowe łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konwertuj wybrane łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konwertuj wybrane łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Konwertuj zaznaczenie do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj zaznaczenie do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\komp\Dane aplikacji\Mozilla\Firefox\Profiles\yy8ln0jr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 23:43:24 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1547161642-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBD86516-7F2A-FA0C-5C36-4E862684EDBB}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oahjmbggkimmmdikjflhocncfmmolb"=hex:64,61,68,68,68,68,6e,63,00,c0 "oaljmonlgnldjldjdpdomgacnklpmb"=hex:6a,61,6d,67,65,67,6c,68,66,61,68,65,6c,66, 6e,6d,68,63,63,69,00,fd "nabkchmmgfpmapaihjkgfalijfoh"=hex:6a,61,6d,67,65,67,6c,68,66,61,68,65,6c,66, 6e,6d,68,63,63,69,00,fd [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a7da08f-a5f1-4b54-a09f-05fcd3290386}] @Denied: (Full) (Everyone) "Model"=dword:0000012b "Therad"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):c1,ba,55,cb,35,57,95,be,71,04,a4,31,e2,60,3e,0f,5f,df,d1,6b,3d, ca,af,b7,d9,fe,12,94,ef,6b,10,15,7d,61,dd,8a,6a,d5,f6,da,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*] "AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(892) d:\outpost firewall\wl_hook.dll . Czas ukończenia: 2009-04-11 23:46:43 ComboFix-quarantined-files.txt 2009-04-11 21:46:22 ComboFix2.txt 2009-04-11 20:25:28 Przed: 245 620 736 bajtów wolnych Po: 162,791,424 bajtów wolnych 290 --- E O F --- 2009-03-14 23:57:18

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:48:13, on 2009-04-11 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\hssma.exe C:\WINDOWS\system32\ctfmon.exe D:\Gadu-Gadu\gg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\komp\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Mega Manager\MegaIEMn.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [WinampAgent] "D:\Winamp\winampa.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime Player\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hssma] C:\WINDOWS\system32\hssma.exe \u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Mega Manager\mm_file.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9630 bytes

**Posty:** 18165 · przez **wojtas** 12 Kwi 2009, 10:15

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\hssma.exe
c:\documents and settings\komp\ruq.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hssma"=-

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 311 · przez **jarosss** 12 Kwi 2009, 14:26

Kod: Zaznacz wszystko: ComboFix 09-04-04.01 - komp 2009-04-12 14:20:05.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.543 [GMT 2:00] Uruchomiony z: F:\ComboFix.exe Użyto następujących komend :: F:\CFScript.txt AV: Norton AntiVirus *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *enabled* FW: Outpost Firewall Pro *enabled* * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: c:\documents and settings\komp\ruq.exe c:\windows\system32\hssma.exe . [color=purple]Następujące pliki zostały wyłączone z działania w czasie skanowania:[/color] d:\outpost firewall\wl_hook.dll ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\komp\ruq.exe c:\windows\system32\hssma.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-12 do 2009-04-12 ))))))))))))))))))))))))))))))) . 2009-04-11 23:26 . 2009-04-11 23:26 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-04-11 23:24 . 2009-04-11 23:24 <DIR> d-------- c:\windows\ERUNT 2009-04-11 23:12 . 2009-04-11 23:35 <DIR> d-------- C:\SDFix 2009-04-11 22:17 . 2009-04-11 22:18 <DIR> d-------- C:\32788R22FWJFW.0.tmp 2009-04-03 13:55 . 2009-04-03 14:02 <DIR> d-------- C:\2009-04-03_135556 2009-03-26 14:19 . 2009-03-26 14:19 <DIR> d-------- c:\program files\LibUSB-Win32 2009-03-26 14:19 . 2007-03-20 12:33 43,520 --a------ c:\windows\system32\libusb0.dll 2009-03-26 14:19 . 2007-03-20 12:33 28,672 --a------ c:\windows\system32\drivers\libusb0.sys 2009-03-26 14:16 . 2009-02-15 22:54 933,888 --a------ c:\windows\system32\SENXPCTL.OCX 2009-03-26 14:16 . 2004-03-09 02:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX 2009-03-26 14:16 . 2009-02-26 00:43 65,536 --a------ c:\windows\system32\device.OCX 2009-03-26 14:16 . 2009-02-17 05:23 32,768 --a------ c:\windows\system32\Bar.OCX 2009-03-22 22:11 . 2009-03-24 01:48 <DIR> d-------- C:\vcs5BGEffects . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 19:40 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-25 14:06 --------- d-----w c:\program files\XviD 2009-03-25 14:06 --------- d-----w c:\program files\AVIcodec 2009-03-25 14:06 --------- d-----w c:\documents and settings\komp\Dane aplikacji\Azureus 2009-03-12 17:46 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 22:41 --------- d-----w c:\program files\Google 2009-03-08 21:04 --------- d-----w c:\documents and settings\komp\Dane aplikacji\Nowe Gadu-Gadu 2009-03-02 21:26 --------- d-----w c:\program files\Motorola Tools 2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys 2009-01-23 12:24 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-07-02 16:21 47,360 -c--a-w c:\documents and settings\komp\Dane aplikacji\pcouffin.sys 2008-01-03 13:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-01-03 13:19 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-01-03 13:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-01-03 13:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-01-03 13:19 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-04-10 16:06 56 --sh--r c:\windows\system32\536AD901CF.sys 2007-04-10 16:06 10,856 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2009-04-11_22.23.08,25 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-04-11 21:24:43 983,040 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat + 2009-04-11 21:24:43 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-04-11 21:24:29 983,040 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2009-04-11 21:24:29 8,192 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat - 2009-04-11 13:21:30 240,338 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-04-12 12:07:27 240,332 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-04-12 12:03:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_280.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-24 132208] "Gadu-Gadu"="d:\gadu-gadu\gg.exe" [2007-05-10 2111176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="d:\winamp\winampa.exe" [2006-06-09 35328] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 58728] "QuickTime Task"="d:\quicktime player\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-01-06 290088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.XVID"= xvid.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] backup=c:\windows\pss\Action Manager 32.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^komp^Menu Start^Programy^Autostart^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^komp^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] path=c:\documents and settings\komp\Menu Start\Programy\ivo\Ivona_Demo-1.0\UniSpiker-2.6.lnk backup=c:\windows\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a--c--- 2004-12-14 12:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2005-03-16 19:16 970752 c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2006-06-25 19:58 463360 d:\anydvd\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] -----c--- 2007-03-12 14:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-01-31 13:54 58728 c:\program files\Common Files\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2005-05-19 15:47 57344 d:\clonecd\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] --------- 2007-01-26 15:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 22:51 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a--c--- 2007-01-29 21:10 46632 c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-01-06 14:06 290088 d:\itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-05-16 14:01 13529088 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a--c--- 2008-05-16 14:01 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack] --a------ 2006-12-29 15:06 335872 d:\outpost firewall\feedback.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a--c--- 2007-01-29 21:12 30248 c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe] --a------ 2008-12-29 13:30 111840 c:\progra~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 17:18 413696 d:\quicktime player\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 d:\powerdvd\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] --a------ 2008-04-28 20:25 2707456 d:\rivatuner v2.09\RivaTuner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a--c--- 2006-10-25 09:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-12-29 13:30 111840 c:\progra~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --a------ 2007-09-12 12:17 340136 d:\unlead videostudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2005-04-12 17:27 45056 d:\virtualclonedrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a--c--- 2005-12-14 16:14 176128 c:\program files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] --a------ 2008-04-14 22:50 177152 c:\windows\system32\mqrt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2008-05-16 14:01 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StarWindService"=2 (0x2) "Speed Disk service"=2 (0x2) "ose"=3 (0x3) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "Harmonogram automatycznej usługi LiveUpdate"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "e:\\Age of Empires III\\age3x.exe"= "e:\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Skype\\Skype.exe"= "d:\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows "3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP) "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328] R1 SandBox;Outpost Firewall Sandbox Driver;d:\outpost firewall\Kernel\SandBox.sys [2008-01-10 323816] R1 VFILT;Outpost Firewall Kernel Driver;d:\outpost firewall\Kernel\filtnt.sys [2008-01-10 163328] R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-10-07 99432] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-03-26 28672] S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2006-06-22 15104] S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-12-29 100032] S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);d:\outpost firewall\Kernel\adblock.dll [2008-01-10 33568] S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);d:\outpost firewall\Kernel\arp.dll [2008-01-10 17408] S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);d:\outpost firewall\Kernel\content.dll [2008-01-10 4896] S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);d:\outpost firewall\Kernel\dnscache.dll [2008-01-10 14464] S3 EL59X;3Com Fast EtherLink 59x Adapter Driver;c:\windows\system32\drivers\el59x.sys [2006-07-28 39184] S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);d:\outpost firewall\Kernel\ftpfilt.dll [2008-01-10 9248] S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);d:\outpost firewall\Kernel\htmlfilt.dll [2008-01-10 11552] S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);d:\outpost firewall\Kernel\httpfilt.dll [2008-01-10 13216] S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);d:\outpost firewall\Kernel\imapfilt.dll [2008-01-10 7168] S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);d:\outpost firewall\Kernel\mailfilt.dll [2008-01-10 14880] S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);d:\outpost firewall\Kernel\nntpfilt.dll [2008-01-10 6752] S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);d:\outpost firewall\Kernel\pop3filt.dll [2008-01-10 10048] S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);d:\outpost firewall\Kernel\protect.dll [2008-01-10 15200] S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);d:\outpost firewall\Kernel\secret.dll [2008-01-10 12928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Zawartość folderu 'Zaplanowane zadania' 2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-01-12 c:\windows\Tasks\Funkcja One Button Checkup pakietu Norton SystemWorks.job - c:\program files\Norton SystemWorks\OBC.exe [2005-01-24 10:34] 2009-04-10 c:\windows\Tasks\Norton AntiVirus - Skanuj komputer - komp.job - c:\progra~1\NORTON~1\NORTON~3\Navw32.exe [2005-11-17 13:27] 2009-04-11 c:\windows\Tasks\Symantec Drmc.job - c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 11:48] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.allegro.pl/ mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download Link Using Mega Manager... - d:\mega manager\mm_file.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Konwertuj do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konwertuj miejsce docelowe łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konwertuj wybrane łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konwertuj wybrane łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Konwertuj zaznaczenie do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj zaznaczenie do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\komp\Dane aplikacji\Mozilla\Firefox\Profiles\yy8ln0jr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-12 14:23:54 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1547161642-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBD86516-7F2A-FA0C-5C36-4E862684EDBB}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oahjmbggkimmmdikjflhocncfmmolb"=hex:64,61,68,68,68,68,6e,63,00,c0 "oaljmonlgnldjldjdpdomgacnklpmb"=hex:6a,61,6d,67,65,67,6c,68,66,61,68,65,6c,66, 6e,6d,68,63,63,69,00,fd "nabkchmmgfpmapaihjkgfalijfoh"=hex:6a,61,6d,67,65,67,6c,68,66,61,68,65,6c,66, 6e,6d,68,63,63,69,00,fd [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a7da08f-a5f1-4b54-a09f-05fcd3290386}] @Denied: (Full) (Everyone) "Model"=dword:0000012b "Therad"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):c1,ba,55,cb,35,57,95,be,71,04,a4,31,e2,60,3e,0f,5f,df,d1,6b,3d, ca,af,b7,d9,fe,12,94,ef,6b,10,15,7d,61,dd,8a,6a,d5,f6,da,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*] "AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(888) d:\outpost firewall\wl_hook.dll . Czas ukończenia: 2009-04-12 14:26:59 ComboFix-quarantined-files.txt 2009-04-12 12:26:39 ComboFix2.txt 2009-04-11 21:46:49 ComboFix3.txt 2009-04-11 20:25:28 Przed: 208 666 624 bajtów wolnych Po: 127,750,144 bajtów wolnych 295 --- E O F --- 2009-03-14 23:57:18

**Posty:** 18165 · przez **wojtas** 12 Kwi 2009, 16:24

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.