Problem z netem, chiba jakis sasser.

**Posty:** 45 · przez **magic666** 16 Sie 2008, 15:09

No wiec nawiedzaja mnie od czasu do czasu dziwne disconnecty. Polaczenie zostaje aktywne ale internet znika.
Problemy z netem to raczej nie sa bo sasiad takich problemow nie miewa a ma tego samego dostawce.
Wiec moze jest to jakis robal.

Kod: Zaznacz wszystko: ComboFix 08-08-15.04 - Administrator 2008-08-16 14:57:00.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1613 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\actskn43.ocx . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NETWM -------\Service_netwm ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-11 14:06 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-08-11 14:06 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-08-02 22:47 . 2008-02-12 15:16 717,016 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2008-08-02 22:47 . 2008-02-12 15:16 285,912 --a------ C:\WINDOWS\system32\cfosspeed.dll 2008-07-31 16:49 . 2008-07-31 16:49 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-28 16:53 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-28 01:48 . 2005-01-28 13:44 258,296 --a------ C:\WINDOWS\system32\setb0.tmp 2008-07-28 01:48 . 2005-01-28 13:44 224,768 --a------ C:\WINDOWS\system32\setb1.tmp 2008-07-28 01:47 . 2008-07-28 02:02 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-07-16 17:48 . 2008-07-16 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser 2008-07-16 17:48 . 2008-08-11 14:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-16 17:48 . 2008-07-16 17:48 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-16 17:45 . 2008-07-16 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\DIFX 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite 2008-07-16 17:41 . 2008-07-16 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Nokia 2008-07-16 17:41 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-07-16 17:41 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-07-16 17:41 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-07-16 17:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-07-16 17:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-07-16 17:41 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-07-16 17:40 . 2008-07-16 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-07-16 17:37 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-07-16 17:37 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-16 17:37 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-07-16 11:32 . 2008-07-16 11:32 <DIR> d-------- C:\Documents and Settings\Administrator\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 07:05 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000 2008-08-08 15:25 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-08-08 10:25 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\mIRC 2008-08-02 20:18 --------- d-----w C:\Program Files\cFosSpeed 2008-08-01 14:49 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent 2008-07-31 14:25 --------- d-----w C:\Program Files\ICQToolbar 2008-07-31 02:44 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\LimeWire 2008-07-24 13:43 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-07-14 02:27 --------- d-----w C:\Program Files\SpeedFan 2008-07-11 18:58 --------- d-----w C:\Program Files\LimeWire 2008-07-06 20:48 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-07-06 20:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2008-07-06 20:11 --------- d-----w C:\Program Files\Dota Keys 2008-07-04 15:05 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-04 15:05 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-04 15:05 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-03 16:53 --------- d-----w C:\Program Files\Ventrilo 2008-07-03 16:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-28 14:34 --------- d-----w C:\Program Files\Octoshape Streaming Services 2008-06-27 23:27 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll 2008-06-27 23:27 --------- d--h--r C:\Documents and Settings\Administrator\Dane aplikacji\SecuROM 2008-06-27 23:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-25 21:14 --------- d-----w C:\Program Files\Dyyno 2008-06-25 20:23 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\WellCraftedTimer 2008-06-25 20:05 --------- d-----w C:\Program Files\WellCraftedTimer 2008-06-23 13:24 --------- d-----w C:\Program Files\AVG 2008-06-23 13:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg8 2008-06-19 13:18 --------- d-----w C:\Program Files\NCH Software 2008-06-19 13:16 --------- d-----w C:\Program Files\NCH Swift Sound 2008-06-19 13:16 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\NCH Swift Sound 2008-06-19 12:53 --------- d-----w C:\Program Files\Audacity 2008-06-19 12:33 --------- d-----w C:\Program Files\Cell Phone Manager 2008-06-17 11:38 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-06-15 13:08 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2008-06-15 13:08 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2008-06-15 13:08 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2008-06-15 13:00 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-06-15 13:00 106,496 ----a-w C:\WINDOWS\DIIUnin.exe 2007-06-12 14:55 18 ----a-w C:\Documents and Settings\Administrator\autoexec.bat 2006-06-27 11:45 176,886 ----a-w C:\Documents and Settings\Administrator\FLASH895.EXE 2007-12-19 20:37 23 --sha-w C:\WINDOWS\system32\adfccda_r.dll . ------- Sigcheck ------- 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB884020$\tcpip.sys 2008-02-17 22:40 359040 09eb23a4567bdd56d9580a059e616e23 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-02-17 22:40 359040 09eb23a4567bdd56d9580a059e616e23 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016] "ImageShackUtil"="C:\Program Files\ImageShack\QuickShot\QuickShot.exe" [2006-04-30 00:42 1046528] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 17:05 1232152] "cFosSpeed"="F:\cfos\cFosSpeed.exe" [2008-02-12 15:16 863448] "PCSuiteTrayApplication"="F:\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360] "Nokia.PCSync"="F:\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ EasyTune5.lnk - C:\Program Files\Gigabyte\ET5\ET5SC.exe [2007-06-20 12:31:09 27456] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-25 00:32:22 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2007-11-03 20:59 286016 C:\Program Files\BitTorrent_DNA\dna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV] --a------ 2006-12-15 14:13 31552 C:\Program Files\Gigabyte\ET5\ETcall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-06-29 13:44 1990704 F:\flashget\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] --a------ 2006-11-14 11:12 1849032 F:\Gadu-Gadu\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2007-12-19 16:48 172280 C:\Program Files\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-17 07:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-17 07:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-04-19 13:26 7700480 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] --a------ 2008-05-22 15:59 156944 C:\Program Files\Octoshape Streaming Services\Administrator\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap] --a------ 2007-10-09 17:26 225280 C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-26 15:16 282624 F:\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell] --a------ 2004-08-04 01:44 8412672 C:\WINDOWS\system32\shell32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras] --a------ 2007-02-13 16:19 194128 C:\WINDOWS\adiras.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "srservice"=2 (0x2) "CiSvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent_DNA\\dna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 17:05] R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-07-04 17:52] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 17:05] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 17:05] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 17:05] R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2006-11-21 20:20] S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys [2007-02-07 16:50] S3 npkycryp;npkycryp;G:\Program Files\Lineage inter\system\npkycryp.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6668e18b-0d98-11dd-83e6-4d6564696130}] \Shell\AutoRun\command - K:\LaunchU3.exe -a *Newly Created Service* - MARKFUN_NT . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\ FF -: plugin - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\plugins\npoctoshape.dll FF -: plugin - C:\Program Files\BitTorrent_DNA\npbtdna.dll FF -: plugin - C:\Program Files\Dyyno\Dyyno Player\npvlc.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Octoshape Streaming Services\Administrator\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npnul32.dll FF -: plugin - F:\Program Files\Opera\program\plugins\npdivx32.dll FF -: plugin - F:\Program Files\Opera\program\plugins\npdsplay.dll FF -: plugin - F:\Program Files\Opera\program\plugins\nppl3260.dll FF -: plugin - F:\Program Files\Opera\program\plugins\nprpjplug.dll FF -: plugin - F:\Program Files\Opera\program\plugins\NPSWF32.dll FF -: plugin - F:\Program Files\Opera\program\plugins\npwmsdrm.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin2.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin3.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin4.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin5.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin6.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin7.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 14:59:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT] "ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe F:\cfos\spd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Gigabyte\ET5\GUI.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-08-16 15:02:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-16 13:02:55 Pre-Run: 1,006,952,448 bajtów wolnych Post-Run: 962,535,424 bajt˘w wolnych 268

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 14:44:49, on 2008-08-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe F:\cfos\spd.exe f:\Program Files\FileZilla Server\FileZilla Server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ImageShack\QuickShot\QuickShot.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe F:\cfos\cFosSpeed.exe F:\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Gigabyte\ET5\GUI.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe F:\mIRC\mirc.exe F:\Program Files\Mozilla Firefox\firefox.exe G:\Program Files\Lineage II\system\l2.exe G:\Program Files\Lineage II\system\l2.exe F:\Gadu-Gadu\gg.exe C:\Documents and Settings\Administrator\Pulpit\Instalki\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ImageShackUtil] C:\Program Files\ImageShack\QuickShot\QuickShot.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [cFosSpeed] F:\cfos\cFosSpeed.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [FileZilla Server Interface] "f:\Program Files\FileZilla Server\FileZilla Server Interface.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: EasyTune5.lnk = C:\Program Files\Gigabyte\ET5\ET5SC.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\flashget\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\flashget\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\M814F~1.OFF\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'w2pxdrv.dll' missing O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - F:\cfos\spd.exe" -service (file missing) O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - f:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

**Posty:** 18165 · przez **wojtas** 16 Sie 2008, 15:41

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 45 · przez **magic666** 16 Sie 2008, 16:02

Kod: Zaznacz wszystko: ComboFix 08-08-15.04 - Administrator 2008-08-16 16:03:14.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1613 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-16 15:45 . 2008-08-16 15:58 <DIR> d-------- C:\SDFix 2008-08-11 14:06 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-08-11 14:06 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-08-02 22:47 . 2008-02-12 15:16 717,016 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2008-08-02 22:47 . 2008-02-12 15:16 285,912 --a------ C:\WINDOWS\system32\cfosspeed.dll 2008-07-31 16:49 . 2008-07-31 16:49 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-28 16:53 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-28 01:48 . 2005-01-28 13:44 258,296 --a------ C:\WINDOWS\system32\setb0.tmp 2008-07-28 01:48 . 2005-01-28 13:44 224,768 --a------ C:\WINDOWS\system32\setb1.tmp 2008-07-28 01:47 . 2008-07-28 02:02 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-07-16 17:48 . 2008-07-16 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser 2008-07-16 17:48 . 2008-08-11 14:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-16 17:48 . 2008-07-16 17:48 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-16 17:45 . 2008-07-16 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\DIFX 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite 2008-07-16 17:41 . 2008-07-16 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Nokia 2008-07-16 17:41 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-07-16 17:41 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-07-16 17:41 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-07-16 17:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-07-16 17:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-07-16 17:41 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-07-16 17:40 . 2008-07-16 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-07-16 17:37 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-07-16 17:37 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-16 17:37 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-07-16 11:32 . 2008-07-16 11:32 <DIR> d-------- C:\Documents and Settings\Administrator\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 07:05 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000 2008-08-08 15:25 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-08-08 10:25 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\mIRC 2008-08-02 20:18 --------- d-----w C:\Program Files\cFosSpeed 2008-08-01 14:49 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent 2008-07-31 14:25 --------- d-----w C:\Program Files\ICQToolbar 2008-07-31 02:44 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\LimeWire 2008-07-24 13:43 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-07-14 02:27 --------- d-----w C:\Program Files\SpeedFan 2008-07-11 18:58 --------- d-----w C:\Program Files\LimeWire 2008-07-06 20:48 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-07-06 20:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2008-07-06 20:11 --------- d-----w C:\Program Files\Dota Keys 2008-07-04 15:05 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-04 15:05 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-04 15:05 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-03 16:53 --------- d-----w C:\Program Files\Ventrilo 2008-07-03 16:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-28 14:34 --------- d-----w C:\Program Files\Octoshape Streaming Services 2008-06-27 23:27 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll 2008-06-27 23:27 --------- d--h--r C:\Documents and Settings\Administrator\Dane aplikacji\SecuROM 2008-06-27 23:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-25 21:14 --------- d-----w C:\Program Files\Dyyno 2008-06-25 20:23 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\WellCraftedTimer 2008-06-25 20:05 --------- d-----w C:\Program Files\WellCraftedTimer 2008-06-23 13:24 --------- d-----w C:\Program Files\AVG 2008-06-23 13:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg8 2008-06-19 13:18 --------- d-----w C:\Program Files\NCH Software 2008-06-19 13:16 --------- d-----w C:\Program Files\NCH Swift Sound

Kod: Zaznacz wszystko: [b]SDFix: Version 1.216 [/b] Run by Administrator on 2008-08-16 at 15:54 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.curse-gaming.com\settings.sol - Deleted Folder C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.curse-gaming.com - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 15:57:38 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000001 "hdf12"=hex:2c,78,06,de,63,71,a6,c7,3f,ba,0e,d3,e5,47,a6,a8,4a,a5,38,3a,8f,.. "p0"="C:\Program Files\DAEMON Tools Pro\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,75,0c,13,3a,f8,da,9f,fe,3d,41,d6,ca,53,4e,d1,61,0b,.. "hdf12"=hex:ea,b8,bd,27,3e,6f,33,5a,d1,8d,48,78,13,a1,76,e7,24,46,98,a6,80,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:4a,e6,61,fb,8f,cf,7a,a2,db,76,49,e1,b1,6b,58,d9,d4,d4,a7,2d,80,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002] "a0"=hex:20,01,00,00,ca,ed,17,3a,d3,cf,8d,47,de,bd,7f,2b,bb,1f,b1,15,ef,.. "hdf12"=hex:38,32,49,19,5d,a0,a8,c6,1f,a8,e9,0b,ad,27,42,89,93,ea,34,2c,31,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0] "hdf12"=hex:61,b3,2f,2e,95,dc,c7,b3,70,e0,0a,27,99,3d,2a,26,95,d4,58,39,11,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:cf,e1,ce,34,05,8e,9c,ad,9b,86,b2,a3,79,cf,33,d4,cf,aa,b5,17,74,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000001 "hdf12"=hex:2c,78,06,de,63,71,a6,c7,3f,ba,0e,d3,e5,47,a6,a8,4a,a5,38,3a,8f,.. "p0"="C:\Program Files\DAEMON Tools Pro\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,75,0c,13,3a,f8,da,9f,fe,3d,41,d6,ca,53,4e,d1,61,0b,.. "hdf12"=hex:ea,b8,bd,27,3e,6f,33,5a,d1,8d,48,78,13,a1,76,e7,24,46,98,a6,80,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:4a,e6,61,fb,8f,cf,7a,a2,db,76,49,e1,b1,6b,58,d9,d4,d4,a7,2d,80,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002] "a0"=hex:20,01,00,00,ca,ed,17,3a,d3,cf,8d,47,de,bd,7f,2b,bb,1f,b1,15,ef,.. "hdf12"=hex:38,32,49,19,5d,a0,a8,c6,1f,a8,e9,0b,ad,27,42,89,93,ea,34,2c,31,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0] "hdf12"=hex:61,b3,2f,2e,95,dc,c7,b3,70,e0,0a,27,99,3d,2a,26,95,d4,58,39,11,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:cf,e1,ce,34,05,8e,9c,ad,9b,86,b2,a3,79,cf,33,d4,cf,aa,b5,17,74,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9" "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10" "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 19 Dec 2007 23 A.SH. --- "C:\WINDOWS\system32\adfccda_r.dll" Fri 28 Jul 2006 337,320 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll" Sat 28 Jun 2008 444 ...HR --- "C:\Documents and Settings\Administrator\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak" [b]Finished![/b]

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:02:30, on 2008-08-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe F:\cfos\spd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\ImageShack\QuickShot\QuickShot.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe F:\cfos\cFosSpeed.exe F:\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Gigabyte\ET5\GUI.exe F:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Pulpit\Instalki\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ImageShackUtil] C:\Program Files\ImageShack\QuickShot\QuickShot.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [cFosSpeed] F:\cfos\cFosSpeed.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: EasyTune5.lnk = C:\Program Files\Gigabyte\ET5\ET5SC.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\flashget\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\flashget\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\M814F~1.OFF\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'w2pxdrv.dll' missing O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{0E60181C-1D27-43EF-99BE-4EFE02027361}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - F:\cfos\spd.exe" -service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

z cfa zaraz bedzie

**Posty:** 18165 · przez **wojtas** 16 Sie 2008, 16:16

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

skasuj ^^

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef

Autor postu otrzymał pochwałę

**Posty:** 45 · przez **magic666** 16 Sie 2008, 18:15

Kod: Zaznacz wszystko: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 16 sierpień 2008 18:08:40 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.98.1 Ostatnia aktualizacja Kaspersky Anti-Virus16/08/2008 Liczba wpisów w bazie danych Kaspersky Anti-Virus1098468 ------------------------------------------------------------------------------- Ustawienia skanowania: Skanowanie przy użyciu następujących baz danych: rozszerzone Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ M:\ N:\ O:\ Statystyki skanowania: Liczba skanowanych obiektów: 80470 Liczba wykrytych wirusów: 7 Liczba zainfekowanych obiektów: 42 Liczba podejrzanych obiektów: 0 Czas trwania skanowania: 00:55:08 Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\cert8.db Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\content-prefs.sqlite Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\cookies.sqlite Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\downloads.sqlite Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\formhistory.sqlite Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\key3.db Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\parent.lock Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\permissions.sqlite Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\places.sqlite Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\places.sqlite-journal Object is locked pominięty C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\search.sqlite Object is locked pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mIRC_6.17_nnscript_4.03.zip/mirc617.exe/data0001.bin Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.617 pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mIRC_6.17_nnscript_4.03.zip/mirc617.exe Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.617 pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mIRC_6.17_nnscript_4.03.zip ZIP: zainfekowany - 2 pominięty C:\Documents and Settings\Administrator\Moje dokumenty\sdsad\plugin\f1ndip.dll Object is locked pominięty C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\FLV2Video_Setup.exe/file29/file12 Zainfekowanych: Backdoor.Win32.Sheldor.bj pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\FLV2Video_Setup.exe/file29 Zainfekowanych: Backdoor.Win32.Sheldor.bj pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\FLV2Video_Setup.exe Inno: zainfekowany - 2 pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546\setup.exe/mm.FList.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546\setup.exe/mm.ItemReader.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546\setup.exe/mm.RBlocks.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546\setup.exe SetupFactory: zainfekowany - 3 pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546.rar/setup.exe/mm.FList.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546.rar/setup.exe/mm.ItemReader.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546.rar/setup.exe/mm.RBlocks.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546.rar/setup.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT.546.rar RAR: zainfekowany - 4 pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546\mmBOT546.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546\Tools\mm.FList\mm.FList.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546\Tools\mm.ItemReader\mm.ItemReader.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546\Tools\mm.RBlocks\mm.RBlocks.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546.zip/mmBOT546/mmBOT546.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546.zip/mmBOT546/Tools/mm.FList/mm.FList.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546.zip/mmBOT546/Tools/mm.ItemReader/mm.ItemReader.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546.zip/mmBOT546/Tools/mm.RBlocks/mm.RBlocks.exe Zainfekowanych: not-a-virus:AdWare.Win32.Maxifiles.ad pominięty C:\Documents and Settings\Administrator\Pulpit\Instalki\mmBOT546.zip ZIP: zainfekowany - 4 pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\Cache\_CACHE_001_ Object is locked pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\Cache\_CACHE_002_ Object is locked pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\Cache\_CACHE_003_ Object is locked pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\Cache\_CACHE_MAP_ Object is locked pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\urlclassifier3.sqlite Object is locked pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\avg8\emc\Log\emc.log Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\avg8\Log\avgcore.log Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\avg8\Log\avglng.log Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\avg8\Log\avgrs.log Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\avg8\Log\avgsched.log Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\avg8\Log\avgsrm.log Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\avg8\Log\avgui.log Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\avg8\Log\avgwd.log Object is locked pominięty C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\mIRC\mirc.exe Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.632 pominięty C:\mirc2\mirc.exe Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.632 pominięty C:\Program Files\Moyea\FLV to Video Pro\FLVDownloader_Install.exe/file12 Zainfekowanych: Backdoor.Win32.Sheldor.bj pominięty C:\Program Files\Moyea\FLV to Video Pro\FLVDownloader_Install.exe Inno: zainfekowany - 1 pominięty C:\Program Files\Proxy Labs\ProxyCap\ProxyCap Crack.exe Object is locked pominięty C:\Program Files\Proxy Labs\ProxyCap\spinstWI.dll Zainfekowanych: Trojan.Win32.Zapchast.mn pominięty C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty C:\System Volume Information\_restore{F6C36AC3-3B53-426A-80A2-57CA4AF94AD7}\RP3\change.log Object is locked pominięty C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty C:\WINDOWS\SchedLgU.Txt Object is locked pominięty C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty C:\WINDOWS\Sti_Trace.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\default Object is locked pominięty C:\WINDOWS\system32\config\default.LOG Object is locked pominięty C:\WINDOWS\system32\config\SAM Object is locked pominięty C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\SECURITY Object is locked pominięty C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty C:\WINDOWS\system32\config\software Object is locked pominięty C:\WINDOWS\system32\config\software.LOG Object is locked pominięty C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\system Object is locked pominięty C:\WINDOWS\system32\config\system.LOG Object is locked pominięty C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty C:\WINDOWS\system32\h323log.txt Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty C:\WINDOWS\wiadebug.log Object is locked pominięty C:\WINDOWS\wiaservc.log Object is locked pominięty C:\WINDOWS\WindowsUpdate.log Object is locked pominięty D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty E:\Temp\WCESLog.log Object is locked pominięty E:\TMP\etilqs_rBMv0v3RlO8iQgTaalxI Object is locked pominięty E:\TMP\Katalog tymczasowy 1 dla blabla.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 1 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 1 dla sdsad.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 10 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 2 dla blabla.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 2 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 2 dla sdsad.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 3 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 3 dla sdsad.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 4 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 4 dla sdsad.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 5 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 6 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 7 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 8 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty E:\TMP\Katalog tymczasowy 9 dla f1ndip-beta30.zip\plugin\f1ndip.dll Object is locked pominięty F:\Kopia mIRC\download\xaxaxaxa.zip/ProxyCap 3.02.msi/_7C13C8862FEC12BA6FDDCE0200CF10BC/_A90AB184185843B9BB102A1C62758F90 Zainfekowanych: Trojan.Win32.Zapchast.mn pominięty F:\Kopia mIRC\download\xaxaxaxa.zip/ProxyCap 3.02.msi/_7C13C8862FEC12BA6FDDCE0200CF10BC Zainfekowanych: Trojan.Win32.Zapchast.mn pominięty F:\Kopia mIRC\download\xaxaxaxa.zip/ProxyCap 3.02.msi Zainfekowanych: Trojan.Win32.Zapchast.mn pominięty F:\Kopia mIRC\download\xaxaxaxa.zip ZIP: zainfekowany - 3 pominięty F:\Kopia mIRC\mirc.exe Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.617 pominięty F:\mIRC\download\xaxaxaxa.zip/ProxyCap 3.02.msi/_7C13C8862FEC12BA6FDDCE0200CF10BC/_A90AB184185843B9BB102A1C62758F90 Zainfekowanych: Trojan.Win32.Zapchast.mn pominięty F:\mIRC\download\xaxaxaxa.zip/ProxyCap 3.02.msi/_7C13C8862FEC12BA6FDDCE0200CF10BC Zainfekowanych: Trojan.Win32.Zapchast.mn pominięty F:\mIRC\download\xaxaxaxa.zip/ProxyCap 3.02.msi Zainfekowanych: Trojan.Win32.Zapchast.mn pominięty F:\mIRC\download\xaxaxaxa.zip ZIP: zainfekowany - 3 pominięty F:\mIRC\mirc.exe Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.617 pominięty F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty F:\System Volume Information\_restore{F6C36AC3-3B53-426A-80A2-57CA4AF94AD7}\RP3\change.log Object is locked pominięty G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty H:\lol\sick hey.mp3 Zainfekowanych: Trojan-Downloader.WMA.Wimad.n pominięty H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty I:\Mirc.zip/Mirc/mirc.exe Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.621 pominięty I:\Mirc.zip ZIP: zainfekowany - 1 pominięty I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty Proces skanowania został zakończony.

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.5.4.6010 * * * ******************************************************************************** Created at 16:25:21 on Saturday, August 16, 2008 Time Zone : Logged On User : Administrator Operating System : Microsoft Windows XP Professional Dodatek Service Pack 2 OS Version : 5.1.2600 System Langauge : Polish Keyboard Layout : Polish Processor : X86 Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 Total Physical Memory : 2096620 KB Free Physical Memory : 1664012 KB Total Virtual Memory : 2097024 KB Free Virtual Memory : 2024696 KB Boot State : Normal boot -------------------------------------------------------------------------------- !!! Files that have been deleted !!! No malicious files found -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

troche to skanowanie zajelo ;d

**Posty:** 7956 · przez **Magik** 16 Sie 2008, 18:25

Przeskanuj kompa tym

http://www.programosy.pl/program,avg-anti-spyware.html

do tego sciagnij combosfix'a stąd i wklej log bo jest urwany

Autor postu otrzymał pochwałę

**Posty:** 45 · przez **magic666** 16 Sie 2008, 18:30

Kod: Zaznacz wszystko: ComboFix 08-08-15.04 - Administrator 2008-08-16 16:03:14.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1613 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-16 15:45 . 2008-08-16 15:58 <DIR> d-------- C:\SDFix 2008-08-11 14:06 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-08-11 14:06 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-08-02 22:47 . 2008-02-12 15:16 717,016 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2008-08-02 22:47 . 2008-02-12 15:16 285,912 --a------ C:\WINDOWS\system32\cfosspeed.dll 2008-07-31 16:49 . 2008-07-31 16:49 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-28 16:53 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-28 01:48 . 2005-01-28 13:44 258,296 --a------ C:\WINDOWS\system32\setb0.tmp 2008-07-28 01:48 . 2005-01-28 13:44 224,768 --a------ C:\WINDOWS\system32\setb1.tmp 2008-07-28 01:47 . 2008-07-28 02:02 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-07-16 17:48 . 2008-07-16 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser 2008-07-16 17:48 . 2008-08-11 14:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-16 17:48 . 2008-07-16 17:48 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-16 17:45 . 2008-07-16 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\DIFX 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-07-16 17:41 . 2008-07-16 17:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite 2008-07-16 17:41 . 2008-07-16 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Nokia 2008-07-16 17:41 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-07-16 17:41 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-07-16 17:41 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-07-16 17:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-07-16 17:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-07-16 17:41 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-07-16 17:40 . 2008-07-16 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-07-16 17:37 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-07-16 17:37 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-16 17:37 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-07-16 11:32 . 2008-07-16 11:32 <DIR> d-------- C:\Documents and Settings\Administrator\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 07:05 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000 2008-08-08 15:25 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-08-08 10:25 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\mIRC 2008-08-02 20:18 --------- d-----w C:\Program Files\cFosSpeed 2008-08-01 14:49 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent 2008-07-31 14:25 --------- d-----w C:\Program Files\ICQToolbar 2008-07-31 02:44 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\LimeWire 2008-07-24 13:43 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-07-14 02:27 --------- d-----w C:\Program Files\SpeedFan 2008-07-11 18:58 --------- d-----w C:\Program Files\LimeWire 2008-07-06 20:48 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-07-06 20:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2008-07-06 20:11 --------- d-----w C:\Program Files\Dota Keys 2008-07-04 15:05 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-04 15:05 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-04 15:05 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-03 16:53 --------- d-----w C:\Program Files\Ventrilo 2008-07-03 16:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-28 14:34 --------- d-----w C:\Program Files\Octoshape Streaming Services 2008-06-27 23:27 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll 2008-06-27 23:27 --------- d--h--r C:\Documents and Settings\Administrator\Dane aplikacji\SecuROM 2008-06-27 23:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-25 21:14 --------- d-----w C:\Program Files\Dyyno 2008-06-25 20:23 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\WellCraftedTimer 2008-06-25 20:05 --------- d-----w C:\Program Files\WellCraftedTimer 2008-06-23 13:24 --------- d-----w C:\Program Files\AVG 2008-06-23 13:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg8 2008-06-19 13:18 --------- d-----w C:\Program Files\NCH Software 2008-06-19 13:16 --------- d-----w C:\Program Files\NCH Swift Sound 2008-06-19 13:16 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\NCH Swift Sound 2008-06-19 12:53 --------- d-----w C:\Program Files\Audacity 2008-06-19 12:33 --------- d-----w C:\Program Files\Cell Phone Manager 2008-06-17 11:38 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-06-15 13:08 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2008-06-15 13:08 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2008-06-15 13:08 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2008-06-15 13:00 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-06-15 13:00 106,496 ----a-w C:\WINDOWS\DIIUnin.exe 2007-06-12 14:55 18 ----a-w C:\Documents and Settings\Administrator\autoexec.bat 2006-06-27 11:45 176,886 ----a-w C:\Documents and Settings\Administrator\FLASH895.EXE 2007-12-19 20:37 23 --sha-w C:\WINDOWS\system32\adfccda_r.dll . ------- Sigcheck ------- 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB884020$\tcpip.sys 2008-02-17 22:40 359040 09eb23a4567bdd56d9580a059e616e23 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-02-17 22:40 359040 09eb23a4567bdd56d9580a059e616e23 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-16_15.02.42.95 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-03 17:46:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE - 2007-11-06 18:01:23 4,100,096 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-08-16 13:52:33 5,726,208 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT - 2007-11-06 18:01:23 106,496 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-16 13:52:33 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016] "ImageShackUtil"="C:\Program Files\ImageShack\QuickShot\QuickShot.exe" [2006-04-30 00:42 1046528] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 17:05 1232152] "cFosSpeed"="F:\cfos\cFosSpeed.exe" [2008-02-12 15:16 863448] "PCSuiteTrayApplication"="F:\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360] "Nokia.PCSync"="F:\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ EasyTune5.lnk - C:\Program Files\Gigabyte\ET5\ET5SC.exe [2007-06-20 12:31:09 27456] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-25 00:32:22 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2007-11-03 20:59 286016 C:\Program Files\BitTorrent_DNA\dna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV] --a------ 2006-12-15 14:13 31552 C:\Program Files\Gigabyte\ET5\ETcall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-06-29 13:44 1990704 F:\flashget\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] --a------ 2006-11-14 11:12 1849032 F:\Gadu-Gadu\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2007-12-19 16:48 172280 C:\Program Files\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-17 07:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-17 07:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-04-19 13:26 7700480 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] --a------ 2008-05-22 15:59 156944 C:\Program Files\Octoshape Streaming Services\Administrator\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap] --a------ 2007-10-09 17:26 225280 C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-26 15:16 282624 F:\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell] --a------ 2004-08-04 01:44 8412672 C:\WINDOWS\system32\shell32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras] --a------ 2007-02-13 16:19 194128 C:\WINDOWS\adiras.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "srservice"=2 (0x2) "CiSvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent_DNA\\dna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 17:05] R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-07-04 17:52] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 17:05] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 17:05] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 17:05] S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys [2007-02-07 16:50] S3 npkycryp;npkycryp;G:\Program Files\Lineage inter\system\npkycryp.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6668e18b-0d98-11dd-83e6-4d6564696130}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fi34661t.default\ FF -: plugin - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\plugins\npoctoshape.dll FF -: plugin - C:\Program Files\BitTorrent_DNA\npbtdna.dll FF -: plugin - C:\Program Files\Dyyno\Dyyno Player\npvlc.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Octoshape Streaming Services\Administrator\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npnul32.dll FF -: plugin - F:\Program Files\Opera\program\plugins\npdivx32.dll FF -: plugin - F:\Program Files\Opera\program\plugins\npdsplay.dll FF -: plugin - F:\Program Files\Opera\program\plugins\nppl3260.dll FF -: plugin - F:\Program Files\Opera\program\plugins\nprpjplug.dll FF -: plugin - F:\Program Files\Opera\program\plugins\NPSWF32.dll FF -: plugin - F:\Program Files\Opera\program\plugins\npwmsdrm.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin2.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin3.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin4.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin5.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin6.dll FF -: plugin - F:\QuickTime\Plugins\npqtplugin7.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 16:04:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-16 16:05:03 ComboFix-quarantined-files.txt 2008-08-16 14:05:01 ComboFix2.txt 2008-08-16 13:03:01 Pre-Run: 1,002,766,336 bajtów wolnych Post-Run: 992,026,624 bajtów wolnych 251

chiba dziala od poltora godziny sie nie zdarzylo :> po pochwale dla panow

**Posty:** 18165 · przez **wojtas** 17 Sie 2008, 12:07

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem