problemy ze spyware'ami. proszę o pomoc

**Posty:** 131 · przez **Superpippo** 18 Maj 2008, 21:01

Mam problemy ze spywarami. Zmienia mi ciągle tapete na "Your privacy is in danger", ciągle wyskakują jakieś stronki z płatnymi programami antywirusowymi, zamula mi kompa.
Wrzucam log z ComboFixa.

Prosze o pomoc.

Kod: Zaznacz wszystko: ComboFix 08-05-15.3 - Michael 2008-05-18 20:41:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.601 [GMT 2:00] Running from: C:\Documents and Settings\Michael\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\All Users\Menu Start\UUSEE~1.LNK C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\XP Antivirus 2008 C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\XP Antivirus 2008\XP Antivirus 2008.lnk C:\Documents and Settings\Ewelina.SUPERPIPPO\Pulpit\Error Cleaner.url C:\Documents and Settings\Ewelina.SUPERPIPPO\Pulpit\Privacy Protector.url C:\Documents and Settings\Ewelina.SUPERPIPPO\Pulpit\Spyware&Malware Protection.url C:\Documents and Settings\Ewelina.SUPERPIPPO\Ulubione\Error Cleaner.url C:\Documents and Settings\Ewelina.SUPERPIPPO\Ulubione\Privacy Protector.url C:\Documents and Settings\Ewelina.SUPERPIPPO\Ulubione\Spyware&Malware Protection.url C:\Program Files\PlayMP3z C:\Program Files\PlayMP3z\uninstall.exe C:\Program Files\uusee C:\Program Files\uusee\AD\1\[u]0[/u]00\index_new.html C:\Program Files\uusee\AD\1\[u]0[/u]00\uue_new.jpg C:\Program Files\uusee\AD\1\[u]0[/u]01\index_new.html C:\Program Files\uusee\AD\1\[u]0[/u]01\uue_new.jpg C:\Program Files\uusee\AD\1\cy\cy.html C:\Program Files\uusee\AD\1\dm\dm.html C:\Program Files\uusee\AD\1\dy\dy.html C:\Program Files\uusee\AD\1\gp\gp.html C:\Program Files\uusee\AD\1\jk\jk.html C:\Program Files\uusee\AD\1\ty\ty.html C:\Program Files\uusee\AD\1\uu\uu.html C:\Program Files\uusee\AD\1\yl\yl.html C:\Program Files\uusee\AD\1\yx\yx.html C:\Program Files\uusee\AD\1\zx\zx.html C:\Program Files\uusee\AD\UUAD.xml.zip C:\Program Files\uusee\AD\UUAD_Banner.gif C:\Program Files\uusee\AD\UUAD_Banner.html C:\Program Files\uusee\AD\UUAD_Banner_1.html C:\Program Files\uusee\AD\UUAD_Banner_3.html C:\Program Files\uusee\AD\UUAD_Buffering.html C:\Program Files\uusee\AD\UUAD_Buffering.jpg C:\Program Files\uusee\AD\UUAD_TextLink_0.xml C:\Program Files\uusee\bass-plugins.exe C:\Program Files\uusee\channelid_chatid.txt C:\Program Files\uusee\skins\UUPlayer\About.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp C:\Program Files\uusee\skins\UUPlayer\Resource.h C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_1.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_2.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_3.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp C:\Program Files\uusee\skins\UUPlayer\Thumbs.db C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp C:\Program Files\uusee\uninstuusee.exe C:\Program Files\uusee\UUPlayer.dll C:\Program Files\uusee\UUPlayer_update.ini C:\Program Files\uusee\UUSee.url C:\Program Files\uusee\UUSeePlayer.exe C:\Program Files\uusee\UUTV_Chat.xml C:\Program Files\uusee\UUTV_MY.xml C:\Program Files\uusee\UUTV_UUPlayer.xml C:\Program Files\XP Antivirus C:\Program Files\XP Antivirus\xpa.exe C:\WINDOWS\rs.txt C:\WINDOWS\system32\acsobelu.ini C:\WINDOWS\system32\ajdntcqg.ini C:\WINDOWS\system32\ftsfmemq.ini C:\WINDOWS\system32\jvswcpry.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\UBLlkUtv.ini C:\WINDOWS\system32\UBLlkUtv.ini2 C:\WINDOWS\system32\vtUklLBU.dll ----- BITS: Possible infected sites ----- hxxp://77.91.228.188 hxxp://82.103.137.14 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_IPRIP -------\Service_6to4 -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))) . 2008-05-18 20:48 . 2008-05-18 20:48 294 ---hs---- C:\WINDOWS\system32\ajdntcqg.ini 2008-05-18 19:46 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-18 19:46 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-18 19:46 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-18 19:46 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-18 19:46 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-18 19:46 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-18 19:46 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-18 19:46 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-17 23:28 . 2008-05-18 19:46 3,480 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-17 16:33 . 2008-05-18 19:49 <DIR> d-------- C:\SmitfraudFix 2008-05-17 16:33 . 2008-05-17 16:33 1,326,512 --a------ C:\SmitfraudFix.zip 2008-05-17 13:52 . 2008-05-17 01:58 172,032 --a------ C:\WINDOWS\emxa.exe 2008-05-17 11:20 . 2008-05-17 11:20 91,264 --a------ C:\WINDOWS\system32\gqctndja.dll 2008-05-16 21:33 . 2008-05-16 21:33 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Gadu-Gadu 2008-05-16 21:23 . 2008-05-16 21:23 77,613 --a------ C:\WINDOWS\system32\scui.cpl 2008-05-16 21:16 . 2008-05-16 21:31 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\TmpRecentIcons 2008-05-16 15:47 . 2008-05-17 18:33 <DIR> d-------- C:\Program Files\BurstWriting 2008-05-16 15:46 . 2008-05-16 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited 2008-05-16 13:52 . 2008-05-16 02:03 159,744 --a------ C:\WINDOWS\exnk.exe 2008-05-15 20:57 . 2008-05-15 20:57 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Gadu-Gadu 2008-05-15 20:54 . 2008-05-15 20:54 91,264 --a------ C:\WINDOWS\system32\qmemfstf.dll 2008-05-15 20:46 . 2008-05-15 20:46 <DIR> d-------- C:\Program Files\Common Files\OczyszczaczKomputerza 2008-05-15 19:50 . 2008-05-15 19:50 <DIR> d-------- C:\WINDOWS\system32\AlertModule 2008-05-15 19:50 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe 2008-05-15 19:50 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll 2008-05-15 18:56 . 2001-10-26 19:29 18,944 --a------ C:\WINDOWS\system32\simptcp.dll 2008-05-15 18:56 . 2001-10-26 19:29 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll 2008-05-15 13:41 . 2008-05-15 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-05-15 12:33 . 2008-05-15 12:33 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-15 05:08 . 2008-05-15 05:08 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\TmpRecentIcons 2008-05-14 22:23 . 2008-05-15 19:51 1,426 ---hs---- C:\WINDOWS\system32\mqjlumem.ini 2008-05-14 22:16 . 2008-05-17 01:57 290,816 --a------ C:\WINDOWS\mpfanvqg.dll 2008-05-14 22:16 . 2008-05-17 01:59 94,208 --a------ C:\WINDOWS\oadkxrts.exe 2008-05-14 22:16 . 2008-05-14 19:10 94,208 --a------ C:\WINDOWS\emtd.exe 2008-05-14 22:16 . 2008-05-14 22:16 29,824 --a------ C:\WINDOWS\system32\urqQjhEx.dll 2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\games 2008-05-12 15:10 . 2008-05-12 15:10 0 --a------ C:\10.1.19.109 2008-05-04 23:11 . 2008-05-04 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-05-04 23:10 . 2008-05-04 23:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-05-04 23:10 . 2008-05-04 23:10 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-05-04 23:10 . 2008-05-04 23:11 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-05-04 23:10 . 2008-05-04 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-04-22 21:34 . 2008-04-22 21:34 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Teleca 2008-04-22 21:25 . 2008-04-22 21:25 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Sony Ericsson 2008-04-22 20:21 . 2008-04-22 20:21 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Teleca 2008-04-22 20:20 . 2008-04-22 20:20 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Sony Ericsson 2008-04-22 20:18 . 2008-05-04 23:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-22 20:17 . 2008-05-05 09:29 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-04-22 20:08 . 2008-04-22 20:09 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-04-22 20:04 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-22 20:04 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-04-18 21:27 . 2008-04-18 21:27 <DIR> d-------- C:\Program Files\Canada Poker 2008-04-18 10:14 . 2008-04-18 10:14 4 --a------ C:\WINDOWS\system32\proc1795523372.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 18:48 --------- d-----w C:\Program Files\neostrada tp 2008-05-18 18:48 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\OpenOffice.org2 2008-05-18 06:58 --------- d-----w C:\Program Files\BrowsingSoftware 2008-05-16 19:41 --------- d-----w C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\OpenOffice.org2 2008-05-15 18:56 --------- d-----w C:\Program Files\Gadu-Gadu 2008-05-15 11:43 --------- d-----w C:\Program Files\Alwil Software 2008-05-14 20:30 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\GanymedeNet 2008-05-09 14:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spadester 2008-05-04 16:53 --------- d-----w C:\Program Files\SunPoker.com 2008-05-04 16:23 --------- d-----w C:\Program Files\PokerStars 2008-05-03 15:58 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Microgaming 2008-04-30 20:23 --------- d-----w C:\Program Files\CarbonPoker 2008-04-18 18:58 --------- d-----w C:\Program Files\Everest Poker 2008-04-18 18:56 --------- d-----w C:\Program Files\WalkerPoker 2008-04-18 07:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-17 22:33 --------- d-----w C:\Program Files\TP 2008-04-17 11:06 --------- d-----w C:\Program Files\Axxo Poker 2008-04-17 11:02 --------- d-----w C:\Program Files\Poker Royale 2008-04-15 13:40 --------- d-----w C:\Program Files\Ace Venue 2008-04-09 17:14 --------- d-----w C:\Program Files\PokerRoom.com 2008-04-07 08:22 --------- d-----w C:\Program Files\MGS FF Helper 2008-04-06 16:08 --------- d-----w C:\Program Files\G2GPoker 2008-04-05 16:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\microgaming 2008-04-03 12:28 --------- d-----w C:\Program Files\SubEdit-Player 2008-04-01 11:43 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Ankh 2008-03-31 08:08 --------- d-----w C:\Program Files\FMA 2 2008-03-29 14:51 --------- d-----w C:\Program Files\Palace of Chance 2008-03-28 14:25 --------- d-----w C:\Program Files\Betway 2008-03-26 09:31 --------- d-----w C:\Program Files\Audacity 2008-03-25 17:09 --------- d-----w C:\Program Files\VIP Lounge 2008-03-25 17:07 --------- d-----w C:\Program Files\Absolute Poker 2008-03-24 18:48 --------- d-----w C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\FMA 2008-03-24 16:21 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\FMA 2008-03-20 16:48 --------- d-----w C:\Program Files\VIA 2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files\InstallShield 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06DF596B-3170-4F07-BE10-86E31456BC56}] 2008-05-14 22:16 29824 --a------ C:\WINDOWS\system32\urqQjhEx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] 2008-03-27 14:57 247296 --a------ C:\Program Files\BurstWriting\BurstWriting.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}] 2007-12-30 22:48 1019904 --a------ C:\Program Files\BrowsingSoftware\BrowsingSoftware-1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] "WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [2008-05-16 15:47 1338880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 11:40 28672] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-25 23:02 6746112] "nwiz"="nwiz.exe" [2005-05-25 23:02 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-25 23:02 86016] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 17:21 270336] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768] "8c56754f"="C:\WINDOWS\system32\gqctndja.dll" [2008-05-17 11:20 91264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] C:\Documents and Settings\Michael\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{06DF596B-3170-4F07-BE10-86E31456BC56}"= C:\WINDOWS\system32\urqQjhEx.dll [2008-05-14 22:16 29824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "mpfanvqg"= {95778FA4-94CA-4F44-8E13-7301F247DA29} - C:\WINDOWS\mpfanvqg.dll [2008-05-17 01:57 290816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQjhEx] urqQjhEx.dll 2008-05-14 22:16 29824 C:\WINDOWS\system32\urqQjhEx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\PPMate\\ppmate.exe"= "C:\\Program Files\\Internet\\PCast\\PCast.exe"= "C:\\Program Files\\PPMate\\ppmnet.exe"= "C:\\Program Files\\IBP 9\\IBP.exe"= "C:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"= "C:\\Program Files\\Windows Media Components\\Encoder\\wmstreamedt.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows "3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 12:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 12:07] S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 p2psvc;Sieć równorzędna;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol);C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 19:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 20:48:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\urqQjhEx.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\gqctndja.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\File Manager\SendToDevice.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2008-05-18 20:57:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-18 18:56:51 ComboFix2.txt 2007-12-26 19:54:55 Pre-Run: 751,513,600 bajtów wolnych Post-Run: 714,825,728 bajt˘w wolnych 448

**Posty:** 18165 · przez **wojtas** 18 Maj 2008, 21:16

Wykonaj to co jest podane w tym temacie

zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

oraz te skanery po klika razy

VundoFix

VirtumundoBeGone

FixVundo

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 131 · przez **Superpippo** 18 Maj 2008, 22:59

Zrobiłem wszystko jak napisałeś.

Log z SDFix

Kod: Zaznacz wszystko: [b]SDFix: Version 1.183 [/b] Run by Michael on 2008-05-18 at 22:24 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\mpfanvqg.dll - Deleted C:\WINDOWS\oadkxrts.exe - Deleted Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 22:33:26 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:b0,65,20,c1,f5,ed,cf,72,82,67,10,39,9c,22,b6,8c,3b,65,61,1e,ff,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f1,36,fb,7a,3e,b4,07,95,d1,bd,c2,9e,2f,40,55,8c,57,.. "khjeh"=hex:c2,c8,d1,a8,54,4f,85,d0,77,19,6e,89,92,8c,85,d9,8c,c0,d4,43,da,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:38,e4,5d,53,3c,fd,03,de,42,be,a2,49,15,e3,a9,1b,2c,05,c1,f5,4d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:2a,72,71,64,a4,f5,8c,5d,00,10,8c,7d,24,b8,5f,25,33,17,6c,b7,a0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:24,49,a9,ff,75,cc,f9,51,62,12,f6,7e,61,69,dc,eb,d2,8e,d3,70,71,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:b0,65,20,c1,f5,ed,cf,72,82,67,10,39,9c,22,b6,8c,3b,65,61,1e,ff,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f1,36,fb,7a,3e,b4,07,95,d1,bd,c2,9e,2f,40,55,8c,57,.. "khjeh"=hex:a2,40,c0,a6,e1,88,82,a4,52,5b,52,17,2a,eb,5a,99,54,f0,bb,a2,b1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:06,38,ac,78,78,73,ed,11,42,ab,36,19,66,77,49,b0,f6,5e,30,88,38,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:bb,22,e2,7d,e3,9d,a8,60,29,49,a3,29,a9,45,f2,83,65,42,5c,8b,90,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:38,e4,5d,53,3c,fd,03,de,42,be,a2,49,15,e3,a9,1b,2c,05,c1,f5,4d,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:24,49,a9,ff,75,cc,f9,51,62,12,f6,7e,61,69,dc,eb,d2,8e,d3,70,71,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:b0,65,20,c1,f5,ed,cf,72,82,67,10,39,9c,22,b6,8c,3b,65,61,1e,ff,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f1,36,fb,7a,3e,b4,07,95,d1,bd,c2,9e,2f,40,55,8c,57,.. "khjeh"=hex:a2,40,c0,a6,e1,88,82,a4,52,5b,52,17,2a,eb,5a,99,54,f0,bb,a2,b1,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:38,e4,5d,53,3c,fd,03,de,42,be,a2,49,15,e3,a9,1b,2c,05,c1,f5,4d,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:bb,22,e2,7d,e3,9d,a8,60,29,49,a3,29,a9,45,f2,83,65,42,5c,8b,90,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:38,e4,5d,53,3c,fd,03,de,42,be,a2,49,15,e3,a9,1b,2c,05,c1,f5,4d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:24,49,a9,ff,75,cc,f9,51,62,12,f6,7e,61,69,dc,eb,d2,8e,d3,70,71,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:b0,65,20,c1,f5,ed,cf,72,82,67,10,39,9c,22,b6,8c,3b,65,61,1e,ff,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f1,36,fb,7a,3e,b4,07,95,d1,bd,c2,9e,2f,40,55,8c,57,.. "khjeh"=hex:a2,40,c0,a6,e1,88,82,a4,52,5b,52,17,2a,eb,5a,99,54,f0,bb,a2,b1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:38,e4,5d,53,3c,fd,03,de,42,be,a2,49,15,e3,a9,1b,2c,05,c1,f5,4d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:bb,22,e2,7d,e3,9d,a8,60,29,49,a3,29,a9,45,f2,83,65,42,5c,8b,90,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:38,e4,5d,53,3c,fd,03,de,42,be,a2,49,15,e3,a9,1b,2c,05,c1,f5,4d,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer" "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast" "C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate" "C:\\Program Files\\Internet\\PCast\\PCast.exe"="C:\\Program Files\\Internet\\PCast\\PCast.exe:*:Enabled:PCast" "C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate" "C:\\Program Files\\IBP 9\\IBP.exe"="C:\\Program Files\\IBP 9\\IBP.exe:*:Enabled:Internet Business Promoter (IBP)" "C:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"="C:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe:*:Enabled:Windows Media Encoder" "C:\\Program Files\\Windows Media Components\\Encoder\\wmstreamedt.exe"="C:\\Program Files\\Windows Media Components\\Encoder\\wmstreamedt.exe:*:Enabled:Edytor strumieni Windows Media" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" Wed 13 Sep 2006 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Wed 4 Aug 2004 60,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe" Wed 4 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe" Tue 9 Jan 2007 2,045 ...H. --- "C:\WINDOWS\system32\whlb32g.dll" Mon 11 Feb 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 5 Feb 2007 908,881 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\066f4c6032ec52b2d0460047fd5c67aa\BIT58.tmp" Thu 20 Mar 2008 493,608 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\06b1ad86386b7c899ddafec3bb1f61ff\BIT63.tmp" Thu 20 Mar 2008 123,990 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a33163d15adaaab174ed56d924bc89a\BIT52.tmp" Thu 24 Jan 2008 104,385 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\11a57a6ce332895115505eafdfc919de\BIT4F.tmp" Fri 25 Jan 2008 103,853 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1266de12fb0254294043dc0b0d734bbc\BIT2C.tmp" Wed 21 Nov 2007 103,731 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\142dc52d18dcafef987cea8cc7f29744\BIT33.tmp" Wed 3 Oct 2007 885,640 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1679cd06c3d72c42ad169baedad676c9\BIT5F.tmp" Sat 31 Mar 2007 106,066 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1b87084fdbfcd6d6273c66bb33faa288\BIT4B.tmp" Thu 20 Mar 2008 104,695 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1e8afa3658b5bc586a1b5742690c3402\BIT3B.tmp" Sat 23 Sep 2006 153,926 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22d177b61fde58f114e05dfd9b70c96d\BIT54.tmp" Fri 29 Jun 2007 157,574 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24823ed08383f02a4a29c3ae029f9c14\BIT5A.tmp" Thu 20 Dec 2007 103,762 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\273b740ad076bd194b25292bd4f83e18\BIT53.tmp" Mon 5 Feb 2007 100,837 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\286ced246fa8efd37a907f9f08846ce8\BIT6C.tmp" Sat 1 Dec 2007 2,175,552 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30c909f932d6a0ab8df38a40ee5c1b07\BIT4A.tmp" Fri 1 Feb 2008 14,794,272 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3dbc83ff5f16e1a91f17471a2831f4be\BIT60.tmp" Sat 4 Nov 2006 153,883 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42a9e16ebc4d2a5515c111ecad82af2f\BIT57.tmp" Fri 30 Mar 2007 157,434 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4594f50665d34bef5af87c38b6953ce2\BIT4C.tmp" Wed 19 Mar 2008 104,873 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\72d36abeae3c2f15ec573ce9048651d0\BIT43.tmp" Wed 19 Mar 2008 104,190 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\762b473845578141657f6acb3dcf0395\BIT32.tmp" Mon 5 Feb 2007 100,967 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\762fc57e7d7138faef1f37e9eec268dc\BIT62.tmp" Wed 21 Nov 2007 104,206 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bdd15c0b5ad5fb92cbbb9ad5b1cc5c9\BIT46.tmp" Mon 19 Nov 2007 1,288,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7e9f3b2e3c26b6f6676fb2ea5fd45d3a\BIT2B.tmp" Sat 30 Jun 2007 9,249,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\80541332f80149b5f3f271f730226312\BIT39.tmp" Sat 1 Dec 2007 106,887 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b79eb92d3b27c28e8aa12021ca20231\BIT3C.tmp" Tue 2 Oct 2007 104,465 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8c0a744aa1b9e906a1121808c059800c\BIT3F.tmp" Sat 31 Mar 2007 104,456 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93f2b91bb6cc5cb38584bf245cd36cae\BIT41.tmp" Sat 4 Nov 2006 154,107 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\955f27c5c4f218cbb2ef80aaafccb6df\BIT35.tmp" Sat 2 Dec 2006 152,968 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\99c63b8154c86bb80bd4d4ef1f97d4ee\BIT3E.tmp" Tue 7 Aug 2007 157,530 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e6443517b40ee6dc8c01624ff3d2084\BIT3D.tmp" Fri 30 Mar 2007 104,463 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9fde447cfd86a360844378b784e73f37\BIT56.tmp" Sat 23 Sep 2006 155,177 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a23edd26fc03189a66774c8772cf784c\BIT66.tmp" Mon 5 Feb 2007 153,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a700888399b59cee38c0ae52e87f0a91\BIT6B.tmp" Fri 1 Jun 2007 157,022 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a8e852df97910fef5d18e30ff3fc6517\BIT2D.tmp" Tue 26 Sep 2006 153,176 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a973a4b0bff52375def6ea55f54d9f60\BIT65.tmp" Tue 7 Aug 2007 157,014 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\abf37927fe96bc682b342849c5743771\BIT59.tmp" Sat 2 Dec 2006 153,126 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b96f4018a5a1e8840e523891e4664d45\BIT4D.tmp" Fri 1 Jun 2007 106,080 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\baf5873d097c20aedd3e06e2ff27a933\BIT42.tmp" Fri 29 Jun 2007 5,652,328 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\be9cf81654629f0178f1fbd377160e05\BIT2F.tmp" Tue 7 Aug 2007 2,306,464 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c7ca82c6527101a1221a39f48bd67bac\BIT55.tmp" Fri 2 Nov 2007 3,125,288 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ce6ce445a88a6f40117b1bf83ba65bc4\BIT6A.tmp" Tue 3 Oct 2006 707,670 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d36bccab140cfdcbeab0c880e5a7c294\BIT40.tmp" Tue 1 Apr 2008 104,805 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d581b61ff7296a34dce29eca29eb7afd\BIT50.tmp" Tue 14 Sep 2004 221,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da4f9530bbf808442a49c750952b9170\BIT2E.tmp" Sat 31 Mar 2007 159,486 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\df4c8391579dd99f8d7ffa70e2eb37c3\BIT61.tmp" Fri 29 Jun 2007 804,768 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6a7525a4b32c7adb3b1c81ba8f28cb5\BIT4E.tmp" Sat 12 May 2007 1,273,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea216091dad4e92b51c259526a41a4e5\BIT51.tmp" Mon 26 Nov 2007 159,262 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ef06b968bfb1fabae91356dffab7b790\BIT64.tmp" Sat 2 Dec 2006 153,378 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f34ea1aa600dc2889509baa1a15ec8f8\BIT47.tmp" Sat 4 Nov 2006 154,099 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f57c255e25adcef74d2dff8c5940b09c\BIT5D.tmp" Tue 1 Apr 2008 107,496 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f99caf315eddf99a1888d73e43fa1f8d\BIT30.tmp" Tue 1 May 2007 156,804 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f9a86bbc0294618e780cd186dcfdb1b9\BIT31.tmp" Sat 10 May 2008 8,502,904 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa7431e5b6c6ef5b2a4a86419ca21980\BIT2A.tmp" Fri 1 Jun 2007 104,413 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ff7cdeb5b319e52da26114e216140ae5\BIT34.tmp" Mon 11 Feb 2008 4,348 ...H. --- "C:\Documents and Settings\Michael\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak" Wed 30 Apr 2008 20 A..H. --- "C:\Documents and Settings\Michael\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak" Wed 30 Apr 2008 400 ...H. --- "C:\Documents and Settings\Michael\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak" Wed 30 Apr 2008 1,536 A..H. --- "C:\Documents and Settings\Michael\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2lic.bak" Mon 5 Feb 2007 234,091 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\56218116adeb0961447eecf6b4b00c7a\download\BIT38.tmp" Wed 21 Nov 2007 18,846 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f9082cc81df264a2c3245b9cfc2236bc\download\BIT3A.tmp" [b]Finished![/b]

Log z ComboFix

Kod: Zaznacz wszystko: ComboFix 08-05-15.3 - Michael 2008-05-18 22:38:58.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.569 [GMT 2:00] Running from: C:\Documents and Settings\Michael\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\loUBKRqr.ini C:\WINDOWS\system32\loUBKRqr.ini2 C:\WINDOWS\system32\qcwupgjr.ini . ((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))) . 2008-05-18 22:43 . 2008-05-18 22:43 294 ---hs---- C:\WINDOWS\system32\qcwupgjr.ini 2008-05-18 22:15 . 2008-05-18 22:36 <DIR> d-------- C:\SDFix 2008-05-18 22:14 . 2008-05-18 22:14 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-18 21:39 . 2008-05-18 21:39 <DIR> d-------- C:\VundoFix Backups 2008-05-18 21:04 . 2008-05-18 21:04 90,752 --a------ C:\WINDOWS\system32\rjgpuwcq.dll 2008-05-18 21:02 . 2008-05-18 21:02 319,872 --a------ C:\WINDOWS\system32\rqRKBUol.dll 2008-05-18 21:01 . 2008-05-18 21:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-18 20:48 . 2008-05-18 20:57 354 ---hs---- C:\WINDOWS\system32\ajdntcqg.ini 2008-05-17 23:28 . 2008-05-18 21:35 3,078 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-17 16:33 . 2008-05-18 19:49 <DIR> d-------- C:\SmitfraudFix 2008-05-17 16:33 . 2008-05-17 16:33 1,326,512 --a------ C:\SmitfraudFix.zip 2008-05-17 13:52 . 2008-05-17 01:58 172,032 --a------ C:\WINDOWS\emxa.exe 2008-05-16 21:33 . 2008-05-16 21:33 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Gadu-Gadu 2008-05-16 21:23 . 2008-05-16 21:23 77,613 --a------ C:\WINDOWS\system32\scui.cpl 2008-05-16 21:16 . 2008-05-16 21:31 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\TmpRecentIcons 2008-05-16 15:47 . 2008-05-17 18:33 <DIR> d-------- C:\Program Files\BurstWriting 2008-05-16 15:46 . 2008-05-16 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited 2008-05-16 13:52 . 2008-05-16 02:03 159,744 --a------ C:\WINDOWS\exnk.exe 2008-05-15 20:57 . 2008-05-15 20:57 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Gadu-Gadu 2008-05-15 20:54 . 2008-05-15 20:54 91,264 --a------ C:\WINDOWS\system32\qmemfstf.dll 2008-05-15 20:46 . 2008-05-15 20:46 <DIR> d-------- C:\Program Files\Common Files\OczyszczaczKomputerza 2008-05-15 19:50 . 2008-05-15 19:50 <DIR> d-------- C:\WINDOWS\system32\AlertModule 2008-05-15 19:50 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe 2008-05-15 19:50 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll 2008-05-15 18:56 . 2001-10-26 19:29 18,944 --a------ C:\WINDOWS\system32\simptcp.dll 2008-05-15 18:56 . 2001-10-26 19:29 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll 2008-05-15 13:41 . 2008-05-15 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-05-15 12:33 . 2008-05-15 12:33 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-15 05:08 . 2008-05-15 05:08 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\TmpRecentIcons 2008-05-14 22:23 . 2008-05-15 19:51 1,426 ---hs---- C:\WINDOWS\system32\mqjlumem.ini 2008-05-14 22:16 . 2008-05-14 19:10 94,208 --a------ C:\WINDOWS\emtd.exe 2008-05-14 22:16 . 2008-05-14 22:16 29,824 --a------ C:\WINDOWS\system32\urqQjhEx.dll.vir 2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\games 2008-05-12 15:10 . 2008-05-12 15:10 0 --a------ C:\10.1.19.109 2008-05-04 23:11 . 2008-05-04 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-05-04 23:10 . 2008-05-04 23:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-05-04 23:10 . 2008-05-04 23:10 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-05-04 23:10 . 2008-05-04 23:11 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-05-04 23:10 . 2008-05-04 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-04-22 21:34 . 2008-04-22 21:34 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Teleca 2008-04-22 21:25 . 2008-04-22 21:25 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Sony Ericsson 2008-04-22 20:21 . 2008-04-22 20:21 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Teleca 2008-04-22 20:20 . 2008-04-22 20:20 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Sony Ericsson 2008-04-22 20:18 . 2008-05-04 23:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-22 20:17 . 2008-05-05 09:29 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-04-22 20:08 . 2008-04-22 20:09 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-04-22 20:04 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-22 20:04 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-04-18 21:27 . 2008-04-18 21:27 <DIR> d-------- C:\Program Files\Canada Poker 2008-04-18 10:14 . 2008-04-18 10:14 4 --a------ C:\WINDOWS\system32\proc1795523372.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 20:42 --------- d-----w C:\Program Files\neostrada tp 2008-05-18 20:42 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\OpenOffice.org2 2008-05-18 06:58 --------- d-----w C:\Program Files\BrowsingSoftware 2008-05-16 19:41 --------- d-----w C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\OpenOffice.org2 2008-05-15 18:56 --------- d-----w C:\Program Files\Gadu-Gadu 2008-05-15 11:43 --------- d-----w C:\Program Files\Alwil Software 2008-05-14 20:30 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\GanymedeNet 2008-05-09 14:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spadester 2008-05-04 16:53 --------- d-----w C:\Program Files\SunPoker.com 2008-05-04 16:23 --------- d-----w C:\Program Files\PokerStars 2008-05-03 15:58 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Microgaming 2008-04-30 20:23 --------- d-----w C:\Program Files\CarbonPoker 2008-04-18 18:58 --------- d-----w C:\Program Files\Everest Poker 2008-04-18 18:56 --------- d-----w C:\Program Files\WalkerPoker 2008-04-18 07:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-17 22:33 --------- d-----w C:\Program Files\TP 2008-04-17 11:06 --------- d-----w C:\Program Files\Axxo Poker 2008-04-17 11:02 --------- d-----w C:\Program Files\Poker Royale 2008-04-15 13:40 --------- d-----w C:\Program Files\Ace Venue 2008-04-09 17:14 --------- d-----w C:\Program Files\PokerRoom.com 2008-04-07 08:22 --------- d-----w C:\Program Files\MGS FF Helper 2008-04-06 16:08 --------- d-----w C:\Program Files\G2GPoker 2008-04-05 16:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\microgaming 2008-04-03 12:28 --------- d-----w C:\Program Files\SubEdit-Player 2008-04-01 11:43 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Ankh 2008-03-31 08:08 --------- d-----w C:\Program Files\FMA 2 2008-03-29 14:51 --------- d-----w C:\Program Files\Palace of Chance 2008-03-28 14:25 --------- d-----w C:\Program Files\Betway 2008-03-26 09:31 --------- d-----w C:\Program Files\Audacity 2008-03-25 17:09 --------- d-----w C:\Program Files\VIP Lounge 2008-03-25 17:07 --------- d-----w C:\Program Files\Absolute Poker 2008-03-24 18:48 --------- d-----w C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\FMA 2008-03-24 16:21 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\FMA 2008-03-20 16:48 --------- d-----w C:\Program Files\VIA 2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files\InstallShield 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-05-18_20.56.24.57 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-18 18:48:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-18 20:42:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2007-12-23 23:54:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-05-17 00:22:37 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE - 2007-12-26 13:20:07 1,437,696 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-05-18 20:19:48 6,373,376 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT - 2007-12-26 13:20:08 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-05-18 20:19:48 20,480 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat - 2004-08-04 00:43:54 66,560 ----a-w C:\WINDOWS\system32\cdm.dll + 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll - 2004-08-04 00:43:54 66,560 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2004-08-04 00:44:16 431,616 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2004-08-04 00:44:30 112,128 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2004-08-04 00:44:16 1,134,592 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2004-08-04 00:44:16 113,664 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2004-08-04 00:44:16 36,864 ----a-w C:\WINDOWS\system32\dllcache\wups.dll + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll - 2004-08-04 00:44:16 120,320 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll - 2004-08-04 00:44:16 431,616 ----a-w C:\WINDOWS\system32\wuapi.dll + 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll - 2004-08-04 00:44:30 112,128 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2004-08-04 00:44:16 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2004-08-04 00:44:16 113,664 ----a-w C:\WINDOWS\system32\wucltui.dll + 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll - 2004-08-04 00:44:16 36,864 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll - 2004-08-04 00:44:16 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] 2008-03-27 14:57 247296 --a------ C:\Program Files\BurstWriting\BurstWriting.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}] 2007-12-30 22:48 1019904 --a------ C:\Program Files\BrowsingSoftware\BrowsingSoftware-1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C711BBC2-6AAE-400B-9288-8301B1E69EB6}] 2008-05-18 21:02 319872 --a------ C:\WINDOWS\system32\rqRKBUol.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] "WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [2008-05-16 15:47 1338880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 11:40 28672] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-25 23:02 6746112] "nwiz"="nwiz.exe" [2005-05-25 23:02 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-25 23:02 86016] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 17:21 270336] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768] "8c56754f"="C:\WINDOWS\system32\rjgpuwcq.dll" [2008-05-18 21:04 90752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] C:\Documents and Settings\Michael\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\PPMate\\ppmate.exe"= "C:\\Program Files\\Internet\\PCast\\PCast.exe"= "C:\\Program Files\\PPMate\\ppmnet.exe"= "C:\\Program Files\\IBP 9\\IBP.exe"= "C:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"= "C:\\Program Files\\Windows Media Components\\Encoder\\wmstreamedt.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows "3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 12:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 12:07] S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 p2psvc;Sieć równorzędna;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol);C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 19:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc *Newly Created Service* - SISPORT . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 22:42:27 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\qcwupgjr.ini 294 bytes ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\rjgpuwcq.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\File Manager\SendToDevice.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\MOZILL~1\firefox.exe . ************************************************************************** . Completion time: 2008-05-18 22:53:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-18 20:52:11 ComboFix2.txt 2008-05-18 18:57:11 ComboFix3.txt 2007-12-26 19:54:55 Pre-Run: 1,076,428,800 bajtów wolnych Post-Run: 981,250,048 bajt˘w wolnych 258

Log z Hijack

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:54:44, on 2008-05-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\File Manager\SendToDevice.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\neostrada tp\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BurstWriting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\BurstWriting\BurstWriting.dll O2 - BHO: BrowsingSoftware - {B886C1F4-D1D3-45F5-F45E-75EB024320AC} - C:\Program Files\BrowsingSoftware\BrowsingSoftware-1.dll O2 - BHO: (no name) - {C711BBC2-6AAE-400B-9288-8301B1E69EB6} - C:\WINDOWS\system32\rqRKBUol.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [8c56754f] rundll32.exe "C:\WINDOWS\system32\rjgpuwcq.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Program Files\Betway\Casino\casinogame.exe O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\Betway\Poker\MPPoker.exe O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Microgaming\Poker\pokertimeMPP\MPPoker.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe O9 - Extra button: G2GPoker - b259f30a-f4f4-4fe5-81b4-9696d9c75daf - C:\Documents and Settings\Michael\Menu Start\Programy\G2GPoker\G2GPoker.lnk (HKCU) O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\Michael\Menu Start\Programy\Walker Poker\Walker Poker.lnk (HKCU) O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Michael\Menu Start\Programy\CarbonPoker\CarbonPoker.lnk (HKCU) O15 - Trusted Zone: http://linktrader.cyberspacehq.com O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.microgaming.com/generic/FlashAX2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5E5553EF-A5CE-4220-9034-AECB2BFE7B9B}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9334 bytes

**Posty:** 18165 · przez **wojtas** 18 Maj 2008, 23:08

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\qcwupgjr.ini
C:\WINDOWS\system32\rjgpuwcq.dll
C:\WINDOWS\system32\rqRKBUol.dll
C:\WINDOWS\system32\ajdntcqg.ini
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\emxa.exe
C:\WINDOWS\system32\qcwupgjr.ini
C:\WINDOWS\exnk.exe
C:\WINDOWS\system32\qmemfstf.dll
C:\WINDOWS\system32\mqjlumem.ini
C:\WINDOWS\emtd.exe
C:\WINDOWS\system32\urqQjhEx.dll.vir
C:\10.1.19.109

Folder::
C:\Program Files\Common Files\OczyszczaczKomputerza
C:\Program Files\BurstWriting
C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C711BBC2-6AAE-400B-9288-8301B1E69EB6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8c56754f"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSpywareProtect (ver. 5.1)"=-

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

P.S grasz w pokera na kompie bo duzo jakis aplikacji jest od tego

np:

C:\Program Files\Axxo Poker
C:\Program Files\Poker Royale
C:\Program Files\Ace Venue
C:\Program Files\PokerRoom.com

**Posty:** 131 · przez **Superpippo** 19 Maj 2008, 12:08

Log z ComboFixa.

Ps. Kiedyś grałem dużo w pokera. teraz już tylko czasami mój brat.

Kod: Zaznacz wszystko: ComboFix 08-05-15.3 - Michael 2008-05-19 11:43:45.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.589 [GMT 2:00] Running from: C:\Documents and Settings\Michael\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Michael\Pulpit\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\10.1.19.109 C:\WINDOWS\emtd.exe C:\WINDOWS\emxa.exe C:\WINDOWS\exnk.exe C:\WINDOWS\system32\ajdntcqg.ini C:\WINDOWS\system32\mqjlumem.ini C:\WINDOWS\system32\qcwupgjr.ini C:\WINDOWS\system32\qmemfstf.dll C:\WINDOWS\system32\rjgpuwcq.dll C:\WINDOWS\system32\rqRKBUol.dll C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\urqQjhEx.dll.vir . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\10.1.19.109 C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080516154713671.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080516224116671.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080517074503203.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080517080128078.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080517164015718.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080517173755546.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080517174054140.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080517233447156.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518002243375.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518002624203.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518083808609.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518195310718.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518204841703.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518212640906.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518213307453.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518215215671.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518223658890.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518224228718.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080518230610421.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\LOG\20080519113131234.log C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe C:\Program Files\BurstWriting C:\Program Files\BurstWriting\BurstWriting.dll C:\Program Files\BurstWriting\uninstall.dat C:\Program Files\BurstWriting\Uninstall.exe C:\Program Files\Common Files\OczyszczaczKomputerza C:\Program Files\Common Files\OczyszczaczKomputerza\stm.exe C:\WINDOWS\emtd.exe C:\WINDOWS\emxa.exe C:\WINDOWS\exnk.exe C:\WINDOWS\system32\ajdntcqg.ini C:\WINDOWS\system32\ijdvbqlu.ini C:\WINDOWS\system32\loUBKRqr.ini C:\WINDOWS\system32\loUBKRqr.ini2 C:\WINDOWS\system32\mqjlumem.ini C:\WINDOWS\system32\qcwupgjr.ini C:\WINDOWS\system32\qmemfstf.dll C:\WINDOWS\system32\rqRKBUol.dll C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\urqQjhEx.dll.vir . ((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))) . 2008-05-18 22:56 . 2008-05-18 22:56 90,752 --a------ C:\WINDOWS\system32\ulqbvdji.dll 2008-05-18 22:54 . 2008-05-18 22:54 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 22:15 . 2008-05-18 22:36 <DIR> d-------- C:\SDFix 2008-05-18 22:14 . 2008-05-18 22:14 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-18 21:39 . 2008-05-18 21:39 <DIR> d-------- C:\VundoFix Backups 2008-05-18 21:01 . 2008-05-18 22:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-17 16:33 . 2008-05-18 19:49 <DIR> d-------- C:\SmitfraudFix 2008-05-17 16:33 . 2008-05-17 16:33 1,326,512 --a------ C:\SmitfraudFix.zip 2008-05-16 21:33 . 2008-05-16 21:33 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Gadu-Gadu 2008-05-16 21:23 . 2008-05-16 21:23 77,613 --a------ C:\WINDOWS\system32\scui.cpl 2008-05-16 21:16 . 2008-05-16 21:31 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\TmpRecentIcons 2008-05-15 20:57 . 2008-05-15 20:57 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Gadu-Gadu 2008-05-15 19:50 . 2008-05-15 19:50 <DIR> d-------- C:\WINDOWS\system32\AlertModule 2008-05-15 19:50 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe 2008-05-15 19:50 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll 2008-05-15 18:56 . 2001-10-26 19:29 18,944 --a------ C:\WINDOWS\system32\simptcp.dll 2008-05-15 18:56 . 2001-10-26 19:29 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll 2008-05-15 13:41 . 2008-05-15 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-05-15 12:33 . 2008-05-15 12:33 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-15 05:08 . 2008-05-15 05:08 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\TmpRecentIcons 2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\games 2008-05-04 23:11 . 2008-05-04 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-05-04 23:10 . 2008-05-04 23:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-05-04 23:10 . 2008-05-04 23:10 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-05-04 23:10 . 2008-05-04 23:11 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-05-04 23:10 . 2008-05-04 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-04-22 21:34 . 2008-04-22 21:34 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Teleca 2008-04-22 21:25 . 2008-04-22 21:25 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Sony Ericsson 2008-04-22 20:21 . 2008-04-22 20:21 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Teleca 2008-04-22 20:20 . 2008-04-22 20:20 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Sony Ericsson 2008-04-22 20:18 . 2008-05-04 23:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-22 20:17 . 2008-05-05 09:29 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-04-22 20:08 . 2008-04-22 20:09 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-04-22 20:04 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-22 20:04 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 09:47 --------- d-----w C:\Program Files\neostrada tp 2008-05-19 09:47 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\OpenOffice.org2 2008-05-18 06:58 --------- d-----w C:\Program Files\BrowsingSoftware 2008-05-16 19:41 --------- d-----w C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\OpenOffice.org2 2008-05-15 18:56 --------- d-----w C:\Program Files\Gadu-Gadu 2008-05-15 11:43 --------- d-----w C:\Program Files\Alwil Software 2008-05-14 20:30 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\GanymedeNet 2008-05-09 14:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spadester 2008-05-04 16:23 --------- d-----w C:\Program Files\PokerStars 2008-05-03 15:58 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Microgaming 2008-04-30 20:23 --------- d-----w C:\Program Files\CarbonPoker 2008-04-18 19:27 --------- d-----w C:\Program Files\Canada Poker 2008-04-18 18:58 --------- d-----w C:\Program Files\Everest Poker 2008-04-18 07:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-17 22:33 --------- d-----w C:\Program Files\TP 2008-04-17 11:06 --------- d-----w C:\Program Files\Axxo Poker 2008-04-17 11:02 --------- d-----w C:\Program Files\Poker Royale 2008-04-15 13:40 --------- d-----w C:\Program Files\Ace Venue 2008-04-09 17:14 --------- d-----w C:\Program Files\PokerRoom.com 2008-04-07 08:22 --------- d-----w C:\Program Files\MGS FF Helper 2008-04-06 16:08 --------- d-----w C:\Program Files\G2GPoker 2008-04-05 16:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\microgaming 2008-04-03 12:28 --------- d-----w C:\Program Files\SubEdit-Player 2008-04-01 11:43 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Ankh 2008-03-31 08:08 --------- d-----w C:\Program Files\FMA 2 2008-03-29 14:51 --------- d-----w C:\Program Files\Palace of Chance 2008-03-28 14:25 --------- d-----w C:\Program Files\Betway 2008-03-26 09:31 --------- d-----w C:\Program Files\Audacity 2008-03-25 17:09 --------- d-----w C:\Program Files\VIP Lounge 2008-03-25 17:07 --------- d-----w C:\Program Files\Absolute Poker 2008-03-24 18:48 --------- d-----w C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\FMA 2008-03-24 16:21 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\FMA 2008-03-20 16:48 --------- d-----w C:\Program Files\VIA 2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files\InstallShield 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot_2008-05-18_22.51.54.01 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-18 20:42:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-19 09:46:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 11:40 28672] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-25 23:02 6746112] "nwiz"="nwiz.exe" [2005-05-25 23:02 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-25 23:02 86016] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 17:21 270336] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] C:\Documents and Settings\Michael\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\PPMate\\ppmate.exe"= "C:\\Program Files\\Internet\\PCast\\PCast.exe"= "C:\\Program Files\\PPMate\\ppmnet.exe"= "C:\\Program Files\\IBP 9\\IBP.exe"= "C:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"= "C:\\Program Files\\Windows Media Components\\Encoder\\wmstreamedt.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows "3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 12:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 12:07] S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 p2psvc;Sieć równorzędna;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol);C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 19:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc *Newly Created Service* - SISPORT . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 11:47:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\File Manager\SendToDevice.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\SoftwareDistribution\Download\c383584119af831a75aa3baf2b5378b8\update\update.exe . ************************************************************************** . Completion time: 2008-05-19 11:57:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 09:57:23 ComboFix2.txt 2008-05-18 20:53:22 ComboFix3.txt 2008-05-18 18:57:11 ComboFix4.txt 2007-12-26 19:54:55 Pre-Run: 1,025,425,408 bajtów wolnych Post-Run: 896,274,432 bajt˘w wolnych 242

[ Dodano: Dzisiaj o 15:42 ]
Dodam jeszcze, że zniknął mi kalkulator systenowy :roll:

**Posty:** 466 · przez **Kenji** 19 Maj 2008, 18:05

Superpippo napisał(a):Dodam jeszcze, że zniknął mi kalkulator systenowy Rolling Eyes

Start > Uruchom > wpisujesz: calc . Powinien się pojawić

**Posty:** 131 · przez **Superpippo** 19 Maj 2008, 19:09

Kenji napisał(a):
Superpippo napisał(a):Dodam jeszcze, że zniknął mi kalkulator systenowy Rolling Eyes

Start > Uruchom > wpisujesz: calc . Powinien się pojawić

Pfff... Mówię że zniknął z kompa. Zrozum..

**Posty:** 7956 · przez **Magik** 19 Maj 2008, 19:14

Superpippo napisał(a):Pfff... Mówię że zniknął z kompa. Zrozum..

Do wrzuc do c:\windows\system32 ten pliczek
http://rapidshare.com/files/116081260/calc.exe.html

i juz bedziesz mial :wink:

**Posty:** 18165 · przez **wojtas** 19 Maj 2008, 20:39

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\ulqbvdji.dll

Folder::
C:\VundoFix Backups
C:\SDFix

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 131 · przez **Superpippo** 19 Maj 2008, 22:57

Kod: Zaznacz wszystko: ComboFix 08-05-15.3 - Michael 2008-05-19 22:51:49.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.584 [GMT 2:00] Running from: C:\Zamiast formata\ComboFix.exe Command switches used :: C:\Zamiast formata\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\ulqbvdji.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\cliptext.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\HPFix8.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\W2K.exe C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\XP.exe C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swreg.exe C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\backups\backupreg.zip C:\SDFix\backups\backups.zip C:\SDFix\backups\HOSTS C:\SDFix\catchme.exe C:\SDFix\dummy.sys C:\SDFix\Report.txt C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\WINDOWS\system32\ulqbvdji.dll . ((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))) . 2008-05-19 18:13 . 2008-05-19 18:13 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\.jpi_cache 2008-05-19 18:13 . 2008-05-19 18:13 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\.java 2008-05-19 13:21 . 2008-05-19 13:21 21 --a------ C:\WINDOWS\kit.ini 2008-05-19 12:50 . 2008-05-19 22:51 <DIR> d-------- C:\Zamiast formata 2008-05-18 22:54 . 2008-05-18 22:54 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 22:14 . 2008-05-18 22:14 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-18 21:01 . 2008-05-19 12:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-17 16:33 . 2008-05-18 19:49 <DIR> d-------- C:\SmitfraudFix 2008-05-16 21:33 . 2008-05-16 21:33 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Gadu-Gadu 2008-05-16 21:23 . 2008-05-16 21:23 77,613 --a------ C:\WINDOWS\system32\scui.cpl 2008-05-16 21:16 . 2008-05-16 21:31 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\TmpRecentIcons 2008-05-15 20:57 . 2008-05-15 20:57 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Gadu-Gadu 2008-05-15 19:50 . 2008-05-15 19:50 <DIR> d-------- C:\WINDOWS\system32\AlertModule 2008-05-15 19:50 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe 2008-05-15 19:50 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll 2008-05-15 18:56 . 2001-10-26 19:29 18,944 --a------ C:\WINDOWS\system32\simptcp.dll 2008-05-15 18:56 . 2001-10-26 19:29 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll 2008-05-15 12:33 . 2008-05-15 12:33 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-15 05:08 . 2008-05-15 05:08 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\TmpRecentIcons 2008-05-04 23:11 . 2008-05-04 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-05-04 23:10 . 2008-05-04 23:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-05-04 23:10 . 2008-05-04 23:10 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-05-04 23:10 . 2008-05-04 23:11 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-05-04 23:10 . 2008-05-04 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-04-22 21:34 . 2008-04-22 21:34 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Teleca 2008-04-22 21:25 . 2008-04-22 21:25 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Sony Ericsson 2008-04-22 20:21 . 2008-04-22 20:21 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Teleca 2008-04-22 20:20 . 2008-04-22 20:20 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Sony Ericsson 2008-04-22 20:18 . 2008-05-04 23:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-22 20:17 . 2008-05-05 09:29 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-04-22 20:08 . 2008-04-22 20:09 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-04-22 20:04 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-22 20:04 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 19:16 --------- d-----w C:\Program Files\neostrada tp 2008-05-19 16:53 --------- d-----w C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\OpenOffice.org2 2008-05-19 10:39 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\OpenOffice.org2 2008-05-18 06:58 --------- d-----w C:\Program Files\BrowsingSoftware 2008-05-15 18:56 --------- d-----w C:\Program Files\Gadu-Gadu 2008-05-14 20:30 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\GanymedeNet 2008-05-09 14:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spadester 2008-05-03 15:58 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Microgaming 2008-04-18 07:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-17 22:33 --------- d-----w C:\Program Files\TP 2008-04-07 08:22 --------- d-----w C:\Program Files\MGS FF Helper 2008-04-05 16:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\microgaming 2008-04-03 12:28 --------- d-----w C:\Program Files\SubEdit-Player 2008-04-01 11:43 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Ankh 2008-03-31 08:08 --------- d-----w C:\Program Files\FMA 2 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-24 18:48 --------- d-----w C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\FMA 2008-03-24 16:21 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\FMA 2008-03-20 16:48 --------- d-----w C:\Program Files\VIA 2008-03-20 16:48 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:23 147,968 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 11:40 28672] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-25 23:02 6746112] "nwiz"="nwiz.exe" [2005-05-25 23:02 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-25 23:02 86016] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 17:21 270336] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\PPMate\\ppmate.exe"= "C:\\Program Files\\PPMate\\ppmnet.exe"= "C:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"= "C:\\Program Files\\Windows Media Components\\Encoder\\wmstreamedt.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows "3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 12:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 12:07] S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 p2psvc;Sieć równorzędna;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol);C:\WINDOWS\system32\svchost.exe [2004-08-04 02:44] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 19:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc *Newly Created Service* - CATCHME *Newly Created Service* - SISPORT . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 22:53:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-05-19 22:56:12 ComboFix-quarantined-files.txt 2008-05-19 20:55:09 ComboFix2.txt 2008-05-19 09:57:50 ComboFix3.txt 2008-05-18 20:53:22 ComboFix4.txt 2008-05-18 18:57:11 ComboFix5.txt 2007-12-26 19:54:55 Pre-Run: 5,430,898,688 bajtów wolnych Post-Run: 5,418,323,968 bajtów wolnych 233 --- E O F --- 2008-05-19 10:00:48

**Posty:** 18165 · przez **wojtas** 20 Maj 2008, 19:51

C:\WINDOWS\kit.ini

skasuj ten plik

i bedzie ok

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

Autor postu otrzymał pochwałę

**Posty:** 131 · przez **Superpippo** 20 Maj 2008, 23:26

thx bardzo.

problemy ze spyware'ami. proszę o pomoc

Problemy ze spyware'ami. Proszę o pomoc

Kto jest na forum