trojany, wolna praca komputera i problem z ładowaniem stron

**Posty:** 17 · przez **mokkunia** 19 Kwi 2008, 12:01

Witam,
mam od jakiegoś tygodnia, dwóch problem z komputerem. Najpierw strony www ładowały się coraz wolniej, nawet po kilka minut, teraz niektóre nie chcą się otwierać wcale (używam Mozilla Firefox 2.0.0.13). Ostatnio program antywirusowy (NOD32) ciągle wyświetla mi komunikaty o różnych atakach trojanów.
Przeskanowałam przed chwilą dyski - nie znalazł nic. Mam jednak wcześniejsze pliki dziennika, gdzie są nazwy tych trojanów (nie wiem, mam wkleić te raporty?)
Zrobiłam log z HijackThis, ale na tym kończą się moje zdolności, dlatego bardzo proszę o pomoc.

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:08:49, on 2008-04-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\drivers\spools.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AutoRun] "G:\AUTORUN\AutoRun.exe" "/26" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\12520437v.exe O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\AnQ\cftmon.exe O4 - HKLM\..\Run: [54e8e83e] rundll32.exe "C:\WINDOWS\system32\vakfwqaq.dll",b O4 - HKLM\..\Run: [BM57dbdba2] Rundll32.exe "C:\WINDOWS\system32\gnmwifgw.dll",s O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\12520437v.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\12520437v.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\AnQ\cftmon.exe O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\12520437v.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204304760718 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D810B98B-507D-4929-A467-33C52479142B}: NameServer = 85.255.114.14,85.255.112.207 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Harmonogram zadań (Schedule) - 589ukjh - C:\WINDOWS\system32\drivers\spools.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9061 bytes

[ Dodano: Dzisiaj o 14:27 ]
Doczytałam, żeby zrobić loga z Combofixa.

Kod: Zaznacz wszystko: ComboFix 08-04-18.3 - AnQ 2008-04-19 14:16:38.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.501 [GMT 2:00] Running from: C:\Documents and Settings\AnQ\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . [i] ADS - svchost.exe: deleted 28160 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\runsql.exe C:\WINDOWS\sv.exe C:\WINDOWS\svc.exe C:\WINDOWS\svhoster.exe C:\WINDOWS\svx.exe C:\WINDOWS\svzip.exe C:\WINDOWS\system32\drivers\spools.exe C:\WINDOWS\system32\fccbBUOh.dll C:\WINDOWS\system32\gnmwifgw.dll C:\WINDOWS\system32\hOUBbccf.ini C:\WINDOWS\system32\hOUBbccf.ini2 C:\WINDOWS\system32\kdxen.exe C:\WINDOWS\system32\kr_done1 C:\WINDOWS\system32\ndjigidq.dll C:\WINDOWS\system32\qaqwfkav.ini C:\WINDOWS\system32\unijrcnv.ini C:\WINDOWS\system32\vakfwqaq.dll C:\WINDOWS\system32\vncrjinu.dll C:\WINDOWS\Temp\1000688937.exe C:\WINDOWS\Temp\1216260574.exe C:\WINDOWS\Temp\139511110.exe C:\WINDOWS\Temp\1503804351.exe C:\WINDOWS\Temp\1528855314.exe C:\WINDOWS\Temp\1598036840.exe C:\WINDOWS\Temp\1615995593.exe C:\WINDOWS\Temp\1677741423.exe C:\WINDOWS\Temp\1708737354.exe C:\WINDOWS\Temp\2027815003.exe C:\WINDOWS\Temp\2031470778.exe C:\WINDOWS\Temp\203792254.exe C:\WINDOWS\Temp\2072027627.exe C:\WINDOWS\Temp\2089100626.exe C:\WINDOWS\Temp\2138790622.exe C:\WINDOWS\Temp\645963577.exe C:\WINDOWS\Temp\735378171.exe C:\WINDOWS\Temp\750297153.exe C:\WINDOWS\Temp\960568014.exe C:\WINDOWS\wdmon.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ICF -------\Service_grande48 -------\Service_ICF -------\Legacy_Schedule -------\Schedule ((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))) . 2008-04-19 09:06 . 2008-04-19 14:22 3,373,917 --a------ C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80271102}.BAK 2008-04-19 09:06 . 2008-04-19 09:06 29 --a------ C:\WINDOWS\system32\sioawfeq.tmp 2008-04-18 20:56 . 2008-04-18 20:56 1,409 --a------ C:\WINDOWS\system32\tmpCA446.FOT 2008-04-18 20:56 . 2008-04-18 20:56 1,409 --a------ C:\WINDOWS\system32\tmpBE446.FOT 2008-04-18 20:56 . 2008-04-18 20:56 1,409 --a------ C:\WINDOWS\system32\tmpA0546.FOT 2008-04-18 19:50 . 2008-04-19 09:35 109,765 --a------ C:\WINDOWS\BM57dbdba2.xml 2008-04-18 09:54 . 2008-04-18 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-18 09:54 . 2008-04-18 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-18 07:37 . 2008-04-18 07:37 172,032 --a------ C:\hoxi.exe 2008-04-18 07:37 . 2008-04-18 07:37 58,880 --a------ C:\vqvtx.exe 2008-04-18 07:37 . 2008-04-18 07:37 55,218 --a------ C:\WINDOWS\zsqalpdt.sys 2008-04-18 07:37 . 2008-04-18 07:37 54,317 --a------ C:\Documents and Settings\LocalService\cftmon.exe 2008-04-18 07:37 . 2008-04-18 07:38 2 --a------ C:\1424550033 2008-04-17 18:47 . 2008-04-17 18:48 <DIR> d-------- C:\Program Files\PITy2007 2008-04-17 18:22 . 2008-04-17 18:22 169,984 --a------ C:\soegj.exe 2008-04-17 18:21 . 2008-04-19 09:06 57,321 --a------ C:\Documents and Settings\AnQ\cftmon.exe 2008-04-17 18:21 . 2008-04-17 18:21 9,216 --a------ C:\WINDOWS\system32\~.exe 2008-04-17 18:21 . 2008-04-17 18:21 7,168 --a------ C:\yvy.exe 2008-04-17 18:20 . 2008-04-17 18:20 9,216 --a------ C:\gDe.exe 2008-04-13 20:37 . 2008-04-13 20:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 18:43 . 2008-04-13 19:18 <DIR> d-------- C:\Program Files\SkanerOnline 2008-04-13 09:41 . 2008-04-13 09:41 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\ACD Systems 2008-04-11 11:40 . 2008-04-11 11:33 180,736 --a------ C:\WINDOWS\svw.exe 2008-04-11 11:40 . 2008-04-11 11:35 180,224 --a------ C:\WINDOWS\vlc.exe 2008-04-11 11:40 . 2008-04-11 11:36 46,080 -r-hs---- C:\WINDOWS\system32\12520437v.exe 2008-04-11 11:40 . 2008-04-11 11:40 144 --ahs---- C:\WINDOWS\system32\1424550033.dat 2008-04-10 14:43 . 2008-04-10 14:44 38 --a------ C:\WINDOWS\avisplitter.INI 2008-04-06 19:15 . 2008-04-06 19:15 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\PC Suite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-04-06 15:51 . 2008-04-06 15:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-04-06 15:51 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-04-06 15:51 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-04-06 15:51 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-04-06 15:48 . 2008-04-06 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-06 13:20 . 2008-04-06 13:20 <DIR> d-------- C:\Program Files\DIFX 2008-04-06 13:19 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Nokia 2008-04-06 13:19 . 2008-04-06 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-06 13:19 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-04-02 21:58 . 2008-04-02 21:58 <DIR> d-------- C:\WINDOWS\Sun 2008-04-02 21:57 . 2008-04-02 21:57 <DIR> d-------- C:\Program Files\Java 2008-04-02 21:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-02 21:55 . 2008-04-02 21:55 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-28 09:11 . 2008-03-28 09:11 0 --a------ C:\WINDOWS\Irremote.ini 2008-03-26 18:36 . 2008-03-26 18:36 <DIR> d-------- C:\Program Files\Safari 2008-03-20 11:43 . 2008-03-20 11:43 <DIR> d-------- C:\Documents and Settings\MACIU~2\dane aplikacji 2008-03-20 11:43 . 2008-04-18 22:10 <DIR> d-------- C:\Documents and Settings\Maciu˜ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 12:22 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Skype 2008-04-19 12:14 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\MEGAUPLOADTOOLBAR 2008-04-19 07:33 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-04-19 07:06 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\skypePM 2008-04-18 19:41 --------- d-----w C:\Program Files\Odkurzacz 2008-04-17 16:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-04-17 07:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-17 07:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-11 10:10 --------- d-----w C:\Program Files\The Bat! 2008-04-02 14:49 --------- d-----w C:\Program Files\Yahoo! 2008-03-28 07:22 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-28 07:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-03-26 18:19 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Apple Computer 2008-03-09 14:15 --------- d-----w C:\Program Files\QuickTime 2008-03-05 10:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-05 10:31 --------- d-----w C:\Program Files\UltraISO 2008-03-05 10:31 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-03-05 10:04 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-05 10:02 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-04 10:23 --------- d-----w C:\Program Files\MagicISO 2008-03-04 08:51 --------- d-----w C:\Program Files\MegauploadToolbar 2008-03-03 13:51 --------- d-----w C:\Program Files\PITy 2008-03-02 11:37 --------- d-----w C:\Program Files\Lavasoft 2008-03-02 11:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-02 09:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\Common Files\TechSmith Shared 2008-03-02 07:49 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Program Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems 2008-03-01 17:49 --------- d-----w C:\Program Files\iTunes 2008-03-01 17:48 --------- d-----w C:\Program Files\iPod 2008-03-01 17:48 --------- d-----w C:\Program Files\Bonjour 2008-03-01 17:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-03-01 17:47 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-01 17:47 --------- d-----w C:\Program Files\Apple Software Update 2008-03-01 17:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-03-01 17:41 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Nero 2008-03-01 17:39 --------- d-----w C:\Program Files\Nero 2008-03-01 08:13 --------- d-----w C:\Program Files\SubEdit-Player 2008-03-01 01:09 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Gadu-Gadu 2008-02-29 18:36 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-02-29 18:27 --------- d-----w C:\Program Files\Skype 2008-02-29 18:27 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-29 18:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-02-29 18:14 --------- d-----w C:\Program Files\Gadu-Gadu 2008-02-29 18:10 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Talkback 2008-02-29 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-29 17:53 --------- d-----w C:\Program Files\Creative 2008-02-29 17:52 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-29 17:37 --------- d-----w C:\Program Files\ESET 2008-02-29 17:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-02-29 17:29 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Thunderbird 2008-02-29 17:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-29 17:27 --------- d-----w C:\Program Files\CachemanXP 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-02-29 17:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Logitech 2008-02-29 17:15 --------- d-----w C:\Program Files\BitLord 2008-02-29 16:33 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-29 16:33 --------- d-----w C:\Program Files\ATI Technologies 2008-02-29 16:26 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-02-29 16:26 --------- d-----w C:\Program Files\Logitech 2008-02-29 16:26 --------- d-----w C:\Program Files\Common Files\LogiShared 2008-02-29 16:26 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Logitech 2008-02-29 16:24 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-29 16:24 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\InstallShield 2008-02-29 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd 2008-02-29 16:11 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-29 16:10 --------- d-----w C:\Program Files\Usługi online . ------- Sigcheck ------- 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872] "Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-02-04 19:13 266240] "UpdateWin"="C:\WINDOWS\system32\12520437v.exe" [2008-04-11 11:36 46080] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "UpdateWin"="C:\WINDOWS\system32\12520437v.exe" [2008-04-11 11:36 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00 294912] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "AutoRun"="G:\AUTORUN\AutoRun.exe" [ ] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "CTHelper"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 16:03 108592 C:\WINDOWS\system32\TWEAKUI.CPL] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "UpdateWin"="C:\WINDOWS\system32\12520437v.exe" [2008-04-11 11:36 46080] "vlc"="C:\WINDOWS\vlc.exe" [2008-04-11 11:35 180224] "netw"="C:\WINDOWS\svw.exe" [2008-04-11 11:33 180736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "UpdateWin"="C:\WINDOWS\system32\12520437v.exe" [2008-04-11 11:36 46080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-29 18:26:05 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-29 18:24:37 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBuvsQ] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] UpdateWin REG_SZ C:\WINDOWS\system32\12520437v.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57132:TCP"= 57132:TCP:Pando P2P TCP Listening Port "57132:UDP"= 57132:UDP:Pando P2P UDP Listening Port R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52] R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-01-27 08:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}] \Shell\AutoRun\command - G:\AUTORUN\AUTORUN.EXE . Contents of the 'Scheduled Tasks' folder "2008-04-09 15:32:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 14:22:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\qandr.sys 125952 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qandr] "ImagePath"="\??\C:\WINDOWS\system32\drivers\qandr.sys" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-04-19 14:24:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-19 12:24:00 Pre-Run: 4,917,800,960 bajtów wolnych Post-Run: 4,950,765,568 bajt˘w wolnych 291

**Posty:** 18165 · przez **wojtas** 19 Kwi 2008, 16:00

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 17 · przez **mokkunia** 19 Kwi 2008, 16:45

wojtas napisał(a):Wykonaj to co jest podane w tym temacie

zrobione

Kod: Zaznacz wszystko: [b]SDFix: Version 1.172 [/b] Run by AnQ on 2008-04-19 at 16:31 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\12520437v.exe - Deleted C:\142455~1 - Deleted C:\WINDOWS\system32\~.exe - Deleted C:\WINDOWS\svw.exe - Deleted C:\WINDOWS\vlc.exe - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 16:34:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qandr] "Type"=dword:00000001 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\qandr.sys" "DisplayName"="qandr" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qandr\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:c22e189a "s2"=dword:e0d70a17 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zsqalpdt] "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"\??\C:\WINDOWS\zsqalpdt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zsqalpdt\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qandr] "Type"=dword:00000001 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\qandr.sys" "DisplayName"="qandr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qandr\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zsqalpdt] "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"\??\C:\WINDOWS\zsqalpdt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zsqalpdt\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\qandr.sys 125952 bytes executable scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 1 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 4 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" [b]Finished![/b]

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:40:54, on 2008-04-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AutoRun] "G:\AUTORUN\AutoRun.exe" "/26" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204304760718 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D810B98B-507D-4929-A467-33C52479142B}: NameServer = 85.255.114.14,85.255.112.207 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: efcBuvsQ - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Usługa iPod (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7629 bytes

Kod: Zaznacz wszystko: ComboFix 08-04-18.3 - AnQ 2008-04-19 16:42:07.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.639 [GMT 2:00] Running from: C:\Documents and Settings\AnQ\Pulpit\ComboFix.exe * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))) . 2008-04-19 16:30 . 2008-04-19 16:30 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-19 16:28 . 2008-04-19 16:36 <DIR> d-------- C:\SDFix 2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d-------- C:\Program Files\iTunes 2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d-------- C:\Program Files\iPod 2008-04-19 15:19 . 2008-04-19 16:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-19 15:19 . 2008-04-19 15:19 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-19 15:17 . 2008-04-19 15:18 <DIR> d-------- C:\Program Files\QuickTime 2008-04-19 14:52 . 2008-04-19 14:52 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\DivX 2008-04-19 14:24 . 2008-04-19 14:24 <DIR> d-------- C:\Documents and Settings\Maciuť 2008-04-19 09:06 . 2008-04-19 16:36 3,373,917 --a------ C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80271102}.BAK 2008-04-19 09:06 . 2008-04-19 09:06 29 --a------ C:\WINDOWS\system32\sioawfeq.tmp 2008-04-18 20:56 . 2008-04-18 20:56 1,409 --a------ C:\WINDOWS\system32\tmpCA446.FOT 2008-04-18 20:56 . 2008-04-18 20:56 1,409 --a------ C:\WINDOWS\system32\tmpBE446.FOT 2008-04-18 20:56 . 2008-04-18 20:56 1,409 --a------ C:\WINDOWS\system32\tmpA0546.FOT 2008-04-18 19:50 . 2008-04-19 09:35 109,765 --a------ C:\WINDOWS\BM57dbdba2.xml 2008-04-18 09:54 . 2008-04-18 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-18 09:54 . 2008-04-18 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-18 07:38 . 2008-04-18 22:10 85,187 --a------ C:\Documents and Settings\Maciuś\cftmon.exe 2008-04-18 07:38 . 2008-04-18 22:10 85,187 --a------ C:\Documents and Settings\Maciuś\cftmon.exe 2008-04-18 07:37 . 2008-04-18 07:37 172,032 --a------ C:\hoxi.exe 2008-04-18 07:37 . 2008-04-18 07:37 58,880 --a------ C:\vqvtx.exe 2008-04-18 07:37 . 2008-04-18 07:37 55,218 --a------ C:\WINDOWS\zsqalpdt.sys 2008-04-18 07:37 . 2008-04-18 07:37 54,317 --a------ C:\Documents and Settings\LocalService\cftmon.exe 2008-04-17 18:47 . 2008-04-17 18:48 <DIR> d-------- C:\Program Files\PITy2007 2008-04-17 18:22 . 2008-04-17 18:22 169,984 --a------ C:\soegj.exe 2008-04-17 18:21 . 2008-04-19 09:06 57,321 --a------ C:\Documents and Settings\AnQ\cftmon.exe 2008-04-17 18:21 . 2008-04-17 18:21 7,168 --a------ C:\yvy.exe 2008-04-17 18:20 . 2008-04-17 18:20 9,216 --a------ C:\gDe.exe 2008-04-13 20:37 . 2008-04-13 20:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 18:43 . 2008-04-13 19:18 <DIR> d-------- C:\Program Files\SkanerOnline 2008-04-13 09:41 . 2008-04-13 09:41 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\ACD Systems 2008-04-11 11:40 . 2008-04-11 11:40 144 --ahs---- C:\WINDOWS\system32\1424550033.dat 2008-04-10 14:43 . 2008-04-10 14:44 38 --a------ C:\WINDOWS\avisplitter.INI 2008-04-06 19:15 . 2008-04-06 19:15 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\PC Suite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-04-06 15:51 . 2008-04-06 15:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-04-06 15:51 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-04-06 15:51 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-04-06 15:51 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-04-06 15:48 . 2008-04-06 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-06 15:44 . 2008-04-06 15:54 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\Nokia 2008-04-06 13:24 . 2008-04-06 16:08 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\Nokia Multimedia Player 2008-04-06 13:20 . 2008-04-06 13:20 <DIR> d-------- C:\Program Files\DIFX 2008-04-06 13:19 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Nokia 2008-04-06 13:19 . 2008-04-06 15:59 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\PC Suite 2008-04-06 13:19 . 2008-04-06 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-06 13:19 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-04-02 21:58 . 2008-04-02 21:58 <DIR> d-------- C:\WINDOWS\Sun 2008-04-02 21:57 . 2008-04-02 21:57 <DIR> d-------- C:\Program Files\Java 2008-04-02 21:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-02 21:55 . 2008-04-02 21:55 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-02 19:53 . 2008-04-02 19:53 <DIR> d---s---- C:\Documents and Settings\Maciuś\UserData 2008-04-02 19:53 . 2008-04-02 19:53 <DIR> d---s---- C:\Documents and Settings\Maciuś\UserData 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 09:11 . 2008-03-28 09:11 0 --a------ C:\WINDOWS\Irremote.ini 2008-03-26 18:36 . 2008-04-19 15:01 <DIR> d-------- C:\Program Files\Safari 2008-03-20 11:43 . 2008-03-20 11:43 <DIR> d-------- C:\Documents and Settings\MACIU~2\dane aplikacji 2008-03-20 11:43 . 2008-04-18 22:10 <DIR> d-------- C:\Documents and Settings\Maciuś . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 14:38 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Skype 2008-04-19 14:21 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 12:14 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\MEGAUPLOADTOOLBAR 2008-04-19 07:33 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-04-19 07:06 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\skypePM 2008-04-18 20:04 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\MegauploadToolbar 2008-04-18 19:41 --------- d-----w C:\Program Files\Odkurzacz 2008-04-17 16:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-04-17 07:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-17 07:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-11 10:10 --------- d-----w C:\Program Files\The Bat! 2008-04-02 14:49 --------- d-----w C:\Program Files\Yahoo! 2008-03-28 07:22 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-28 07:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-03-28 07:08 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Apple Computer 2008-03-26 18:19 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Apple Computer 2008-03-05 10:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-05 10:31 --------- d-----w C:\Program Files\UltraISO 2008-03-05 10:31 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-03-05 10:04 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-05 10:02 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-04 10:23 --------- d-----w C:\Program Files\MagicISO 2008-03-04 08:51 --------- d-----w C:\Program Files\MegauploadToolbar 2008-03-03 13:51 --------- d-----w C:\Program Files\PITy 2008-03-02 11:37 --------- d-----w C:\Program Files\Lavasoft 2008-03-02 11:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-02 09:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\Common Files\TechSmith Shared 2008-03-02 08:09 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Program Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems 2008-03-01 20:31 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Nero 2008-03-01 17:48 --------- d-----w C:\Program Files\Bonjour 2008-03-01 17:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-03-01 17:47 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-01 17:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-03-01 17:41 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Nero 2008-03-01 17:39 --------- d-----w C:\Program Files\Nero 2008-03-01 08:13 --------- d-----w C:\Program Files\SubEdit-Player 2008-03-01 06:15 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Thunderbird 2008-03-01 01:09 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Gadu-Gadu 2008-02-29 18:36 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-02-29 18:27 --------- d-----w C:\Program Files\Skype 2008-02-29 18:27 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-29 18:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-02-29 18:14 --------- d-----w C:\Program Files\Gadu-Gadu 2008-02-29 18:10 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Talkback 2008-02-29 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-29 17:53 --------- d-----w C:\Program Files\Creative 2008-02-29 17:53 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Talkback 2008-02-29 17:52 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-29 17:37 --------- d-----w C:\Program Files\ESET 2008-02-29 17:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-02-29 17:29 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Logitech 2008-02-29 17:29 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Thunderbird 2008-02-29 17:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-29 17:27 --------- d-----w C:\Program Files\CachemanXP 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-02-29 17:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Logitech 2008-02-29 17:15 --------- d-----w C:\Program Files\BitLord 2008-02-29 16:33 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-29 16:33 --------- d-----w C:\Program Files\ATI Technologies 2008-02-29 16:26 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-02-29 16:26 --------- d-----w C:\Program Files\Logitech 2008-02-29 16:26 --------- d-----w C:\Program Files\Common Files\LogiShared 2008-02-29 16:26 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Logitech 2008-02-29 16:24 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-29 16:24 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\InstallShield 2008-02-29 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd 2008-02-29 16:11 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-29 16:10 --------- d-----w C:\Program Files\Usługi online 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ------- Sigcheck ------- 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-19_14.23.50.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-19 12:22:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-19 14:33:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-04-19 14:30:05 3,006,464 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-19 14:30:05 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-04-19 14:30:05 3,006,464 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-19 14:30:05 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-19 12:55:59 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-04-19 13:01:28 307,200 ----a-r C:\WINDOWS\Installer\{40589552-3892-409E-B92C-9F5032A4B2F0}\SafariIco.exe + 2008-04-19 13:19:45 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe - 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872] "Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-02-04 19:13 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00 294912] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "AutoRun"="G:\AUTORUN\AutoRun.exe" [ ] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "CTHelper"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 16:03 108592 C:\WINDOWS\system32\TWEAKUI.CPL] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-29 18:26:05 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-29 18:24:37 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBuvsQ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57132:TCP"= 57132:TCP:Pando P2P TCP Listening Port "57132:UDP"= 57132:UDP:Pando P2P UDP Listening Port R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52] S2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-01-27 08:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}] \Shell\AutoRun\command - G:\AUTORUN\AUTORUN.EXE . Contents of the 'Scheduled Tasks' folder "2008-04-19 12:55:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 16:43:22 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\qandr.sys 125952 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qandr] "ImagePath"="\??\C:\WINDOWS\system32\drivers\qandr.sys" . Completion time: 2008-04-19 16:43:50 ComboFix-quarantined-files.txt 2008-04-19 14:43:48 ComboFix2.txt 2008-04-19 12:24:06 Pre-Run: 4,588,072,960 bajtów wolnych Post-Run: 4,767,133,696 bajtów wolnych 245

[ Dodano: Dzisiaj o 17:59 ]
CWShredder 2.19 znalazł mi
CWS.Smartsearch - usunęłam

**Posty:** 18165 · przez **wojtas** 19 Kwi 2008, 22:24

w dodaj usuń programy odinstaluj Desktop Messenger

skasuj te wpisy w hijacku:

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D810B98B-507D-4929-A467-33C52479142B}: NameServer = 85.255.114.14,85.255.112.207
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
O20 - Winlogon Notify: efcBuvsQ - C:\WINDOWS\

Ściągnij program Fixwareout i zastosuj go

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\drivers\qandr.sys
C:\WINDOWS\system32\sioawfeq.tmp
C:\WINDOWS\system32\tmpCA446.FOT
C:\WINDOWS\system32\tmpBE446.FOT
C:\WINDOWS\system32\tmpA0546.FOT
C:\Documents and Settings\Maciuś\cftmon.exe
C:\Documents and Settings\Maciuś\cftmon.exe
C:\hoxi.exe
C:\vqvtx.exe
C:\WINDOWS\zsqalpdt.sys
C:\Documents and Settings\LocalService\cftmon.exe
C:\soegj.exe
C:\Documents and Settings\AnQ\cftmon.exe
C:\yvy.exe
C:\WINDOWS\system32\1424550033.dat
C:\gDe.exe

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qandr]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zsqalpdt]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qandr]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zsqalpdt]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qandr\Security]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 17 · przez **mokkunia** 20 Kwi 2008, 08:39

Dzięki za odpowiedź

Zrobiłam wszystko - oto nowy log:

Kod: Zaznacz wszystko: ComboFix 08-04-18.3 - AnQ 2008-04-20 8:30:35.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.602 [GMT 2:00] Running from: C:\Documents and Settings\AnQ\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\AnQ\Pulpit\CFScript.txt * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\Documents and Settings\AnQ\cftmon.exe C:\Documents and Settings\LocalService\cftmon.exe C:\Documents and Settings\Maciuś\cftmon.exe C:\gDe.exe C:\hoxi.exe C:\soegj.exe C:\vqvtx.exe C:\WINDOWS\system32\1424550033.dat C:\WINDOWS\system32\drivers\qandr.sys C:\WINDOWS\system32\sioawfeq.tmp C:\WINDOWS\system32\tmpA0546.FOT C:\WINDOWS\system32\tmpBE446.FOT C:\WINDOWS\system32\tmpCA446.FOT C:\WINDOWS\zsqalpdt.sys C:\yvy.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\AnQ\cftmon.exe C:\Documents and Settings\LocalService\cftmon.exe C:\Documents and Settings\Maciuś\cftmon.exe C:\gDe.exe C:\hoxi.exe C:\soegj.exe C:\vqvtx.exe C:\WINDOWS\system32\1424550033.dat C:\WINDOWS\system32\sioawfeq.tmp C:\WINDOWS\system32\tmpA0546.FOT C:\WINDOWS\system32\tmpBE446.FOT C:\WINDOWS\system32\tmpCA446.FOT C:\WINDOWS\zsqalpdt.sys C:\yvy.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\zsqalpdt ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 08:11 . 2008-04-20 08:17 <DIR> d-------- C:\fixwareout 2008-04-19 19:00 . 2008-04-19 19:00 <DIR> d-------- C:\Program Files\PrevxCSI 2008-04-19 19:00 . 2008-04-20 08:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI 2008-04-19 19:00 . 2008-04-20 08:25 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\Grisoft 2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2008-04-19 17:33 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-19 16:30 . 2008-04-19 16:30 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-19 16:28 . 2008-04-19 16:36 <DIR> d-------- C:\SDFix 2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d-------- C:\Program Files\iTunes 2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d-------- C:\Program Files\iPod 2008-04-19 15:19 . 2008-04-20 08:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-19 15:19 . 2008-04-19 15:19 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-19 15:17 . 2008-04-19 15:18 <DIR> d-------- C:\Program Files\QuickTime 2008-04-19 14:52 . 2008-04-19 14:52 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\DivX 2008-04-19 14:24 . 2008-04-19 14:24 <DIR> d-------- C:\Documents and Settings\Maciuś 2008-04-19 14:24 . <DIR> C:\Documents and Settings\Maciuť\Ustawienia lokalne 2008-04-19 14:24 . <DIR> C:\Documents and Settings\Maciuť\Ustawienia lokalne 2008-04-19 09:06 . 2008-04-20 08:34 3,373,917 --a------ C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80271102}.BAK 2008-04-18 19:50 . 2008-04-19 09:35 109,765 --a------ C:\WINDOWS\BM57dbdba2.xml 2008-04-18 09:54 . 2008-04-18 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-18 09:54 . 2008-04-18 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-17 18:47 . 2008-04-17 18:48 <DIR> d-------- C:\Program Files\PITy2007 2008-04-13 20:37 . 2008-04-13 20:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 18:43 . 2008-04-13 19:18 <DIR> d-------- C:\Program Files\SkanerOnline 2008-04-13 09:41 . 2008-04-13 09:41 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\ACD Systems 2008-04-10 14:43 . 2008-04-10 14:44 38 --a------ C:\WINDOWS\avisplitter.INI 2008-04-06 19:15 . 2008-04-06 19:15 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\PC Suite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-04-06 15:51 . 2008-04-06 15:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-04-06 15:51 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-04-06 15:51 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-04-06 15:51 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-04-06 15:48 . 2008-04-06 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-06 13:20 . 2008-04-06 13:20 <DIR> d-------- C:\Program Files\DIFX 2008-04-06 13:19 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Nokia 2008-04-06 13:19 . 2008-04-06 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-06 13:19 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-04-02 21:58 . 2008-04-02 21:58 <DIR> d-------- C:\WINDOWS\Sun 2008-04-02 21:57 . 2008-04-02 21:57 <DIR> d-------- C:\Program Files\Java 2008-04-02 21:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-02 21:55 . 2008-04-02 21:55 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 09:11 . 2008-03-28 09:11 0 --a------ C:\WINDOWS\Irremote.ini 2008-03-26 18:36 . 2008-04-19 15:01 <DIR> d-------- C:\Program Files\Safari 2008-03-20 11:43 . 2008-03-20 11:43 <DIR> d-------- C:\Documents and Settings\MACIU~2\dane aplikacji 2008-03-20 11:43 . 2008-04-20 08:30 <DIR> d-------- C:\Documents and Settings\Maciu˜ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 06:18 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Skype 2008-04-20 06:10 --------- d-----w C:\Program Files\Logitech 2008-04-19 15:44 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\MEGAUPLOADTOOLBAR 2008-04-19 14:21 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 07:33 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-04-19 07:06 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\skypePM 2008-04-18 19:41 --------- d-----w C:\Program Files\Odkurzacz 2008-04-17 16:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-04-17 07:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-17 07:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-11 10:10 --------- d-----w C:\Program Files\The Bat! 2008-04-02 14:49 --------- d-----w C:\Program Files\Yahoo! 2008-03-28 07:22 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-28 07:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-03-26 18:19 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Apple Computer 2008-03-05 10:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-05 10:31 --------- d-----w C:\Program Files\UltraISO 2008-03-05 10:31 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-03-05 10:04 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-05 10:02 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-04 10:23 --------- d-----w C:\Program Files\MagicISO 2008-03-04 08:51 --------- d-----w C:\Program Files\MegauploadToolbar 2008-03-03 13:51 --------- d-----w C:\Program Files\PITy 2008-03-02 11:37 --------- d-----w C:\Program Files\Lavasoft 2008-03-02 11:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-02 09:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\Common Files\TechSmith Shared 2008-03-02 07:49 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Program Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems 2008-03-01 17:48 --------- d-----w C:\Program Files\Bonjour 2008-03-01 17:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-03-01 17:47 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-01 17:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-03-01 17:41 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Nero 2008-03-01 17:39 --------- d-----w C:\Program Files\Nero 2008-03-01 08:13 --------- d-----w C:\Program Files\SubEdit-Player 2008-03-01 01:09 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Gadu-Gadu 2008-02-29 18:36 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-02-29 18:27 --------- d-----w C:\Program Files\Skype 2008-02-29 18:27 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-29 18:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-02-29 18:14 --------- d-----w C:\Program Files\Gadu-Gadu 2008-02-29 18:10 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Talkback 2008-02-29 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-29 17:53 --------- d-----w C:\Program Files\Creative 2008-02-29 17:52 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-29 17:37 --------- d-----w C:\Program Files\ESET 2008-02-29 17:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-02-29 17:29 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Thunderbird 2008-02-29 17:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-29 17:27 --------- d-----w C:\Program Files\CachemanXP 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-02-29 17:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Logitech 2008-02-29 17:15 --------- d-----w C:\Program Files\BitLord 2008-02-29 16:33 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-29 16:33 --------- d-----w C:\Program Files\ATI Technologies 2008-02-29 16:26 --------- d-----w C:\Program Files\Common Files\LogiShared 2008-02-29 16:26 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Logitech 2008-02-29 16:24 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-29 16:24 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\InstallShield 2008-02-29 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd 2008-02-29 16:11 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-29 16:10 --------- d-----w C:\Program Files\Usługi online 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ------- Sigcheck ------- 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-19_14.23.50.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-19 12:22:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-20 06:34:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-04-19 14:30:05 3,006,464 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-19 14:30:05 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-04-19 14:30:05 3,006,464 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-19 14:30:05 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-19 12:55:59 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-04-19 13:01:28 307,200 ----a-r C:\WINDOWS\Installer\{40589552-3892-409E-B92C-9F5032A4B2F0}\SafariIco.exe + 2008-04-19 13:19:45 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe - 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-04-19 16:09:46 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe + 2008-04-20 06:34:13 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872] "Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-02-04 19:13 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00 294912] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "AutoRun"="G:\AUTORUN\AutoRun.exe" [ ] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "CTHelper"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 16:03 108592 C:\WINDOWS\system32\TWEAKUI.CPL] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "PrevxCSI"="C:\Program Files\PrevxCSI\PrevxCSI.exe" [2008-04-19 19:00 650296] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-29 18:24:37 692224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57132:TCP"= 57132:TCP:Pando P2P TCP Listening Port "57132:UDP"= 57132:UDP:Pando P2P UDP Listening Port R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-20 08:25] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52] R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-01-27 08:22] R2 csiscanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}] \Shell\AutoRun\command - G:\AUTORUN\AUTORUN.EXE . Contents of the 'Scheduled Tasks' folder "2008-04-19 12:55:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 08:34:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\qandr.sys 125952 bytes executable C:\WINDOWS\system32\qtodageu.tmp 29 bytes scan completed successfully hidden files: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qandr] "ImagePath"="\??\C:\WINDOWS\system32\drivers\qandr.sys" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe . ************************************************************************** . Completion time: 2008-04-20 8:36:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-20 06:36:21 ComboFix2.txt 2008-04-19 14:43:51 ComboFix3.txt 2008-04-19 12:24:06 Pre-Run: 4,662,231,040 bajtów wolnych Post-Run: 4,666,064,896 bajt˘w wolnych 288

[ Dodano: Dzisiaj o 8:41 ]
Mam jeszcze pytane, co powinnam zrobić, żeby na przyszłość uniknąć takich problemów? Kończy mi się ważność NOD32, nie wiem jaki antywirus jest najlepszy? Może możecie mi coś polecić, najlepiej bezpłatnego.

**Posty:** 18165 · przez **wojtas** 20 Kwi 2008, 09:15

wklej do notatnika:

File::
C:\WINDOWS\system32\drivers\qandr.sys
C:\WINDOWS\system32\qtodageu.tmp

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qandr]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 17 · przez **mokkunia** 20 Kwi 2008, 09:25

Kod: Zaznacz wszystko: ComboFix 08-04-18.3 - AnQ 2008-04-20 9:21:47.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.558 [GMT 2:00] Running from: C:\Documents and Settings\AnQ\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\AnQ\Pulpit\CFScript.txt * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\drivers\qandr.sys C:\WINDOWS\system32\qtodageu.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\qtodageu.tmp . ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 08:11 . 2008-04-20 08:17 <DIR> d-------- C:\fixwareout 2008-04-19 19:00 . 2008-04-19 19:00 <DIR> d-------- C:\Program Files\PrevxCSI 2008-04-19 19:00 . 2008-04-20 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI 2008-04-19 19:00 . 2008-04-20 08:44 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\Grisoft 2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2008-04-19 17:33 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-19 16:30 . 2008-04-19 16:30 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-19 16:28 . 2008-04-19 16:36 <DIR> d-------- C:\SDFix 2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d-------- C:\Program Files\iTunes 2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d-------- C:\Program Files\iPod 2008-04-19 15:19 . 2008-04-20 08:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-19 15:19 . 2008-04-19 15:19 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-19 15:17 . 2008-04-19 15:18 <DIR> d-------- C:\Program Files\QuickTime 2008-04-19 14:52 . 2008-04-19 14:52 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\DivX 2008-04-19 14:24 . 2008-04-19 14:24 <DIR> d-------- C:\Documents and Settings\Maciuť 2008-04-19 09:06 . 2008-04-20 08:34 3,373,917 --a------ C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80271102}.BAK 2008-04-18 19:50 . 2008-04-19 09:35 109,765 --a------ C:\WINDOWS\BM57dbdba2.xml 2008-04-18 09:54 . 2008-04-18 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-18 09:54 . 2008-04-18 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-17 18:47 . 2008-04-17 18:48 <DIR> d-------- C:\Program Files\PITy2007 2008-04-13 20:37 . 2008-04-13 20:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 18:43 . 2008-04-13 19:18 <DIR> d-------- C:\Program Files\SkanerOnline 2008-04-13 09:41 . 2008-04-13 09:41 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\ACD Systems 2008-04-10 14:43 . 2008-04-10 14:44 38 --a------ C:\WINDOWS\avisplitter.INI 2008-04-06 19:15 . 2008-04-06 19:15 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\PC Suite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-04-06 15:51 . 2008-04-06 15:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-04-06 15:51 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-04-06 15:51 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-04-06 15:51 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-04-06 15:48 . 2008-04-06 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-06 15:44 . 2008-04-06 15:54 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\Nokia 2008-04-06 13:24 . 2008-04-06 16:08 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\Nokia Multimedia Player 2008-04-06 13:20 . 2008-04-06 13:20 <DIR> d-------- C:\Program Files\DIFX 2008-04-06 13:19 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Nokia 2008-04-06 13:19 . 2008-04-06 15:59 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\PC Suite 2008-04-06 13:19 . 2008-04-06 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-06 13:19 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-04-02 21:58 . 2008-04-02 21:58 <DIR> d-------- C:\WINDOWS\Sun 2008-04-02 21:57 . 2008-04-02 21:57 <DIR> d-------- C:\Program Files\Java 2008-04-02 21:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-02 21:55 . 2008-04-02 21:55 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-02 19:53 . 2008-04-02 19:53 <DIR> d---s---- C:\Documents and Settings\Maciuś\UserData 2008-04-02 19:53 . 2008-04-02 19:53 <DIR> d---s---- C:\Documents and Settings\Maciuś\UserData 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 09:11 . 2008-03-28 09:11 0 --a------ C:\WINDOWS\Irremote.ini 2008-03-26 18:36 . 2008-04-19 15:01 <DIR> d-------- C:\Program Files\Safari 2008-03-20 11:43 . 2008-03-20 11:43 <DIR> d-------- C:\Documents and Settings\MACIU~2\dane aplikacji 2008-03-20 11:43 . 2008-04-20 08:30 <DIR> d-------- C:\Documents and Settings\Maciuś . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 06:35 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Skype 2008-04-20 06:10 --------- d-----w C:\Program Files\Logitech 2008-04-19 15:44 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\MEGAUPLOADTOOLBAR 2008-04-19 14:21 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 07:33 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-04-19 07:06 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\skypePM 2008-04-18 20:04 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\MegauploadToolbar 2008-04-18 19:41 --------- d-----w C:\Program Files\Odkurzacz 2008-04-17 16:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-04-17 07:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-17 07:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-11 10:10 --------- d-----w C:\Program Files\The Bat! 2008-04-02 14:49 --------- d-----w C:\Program Files\Yahoo! 2008-03-28 07:22 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-28 07:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-03-28 07:08 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Apple Computer 2008-03-26 18:19 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Apple Computer 2008-03-05 10:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-05 10:31 --------- d-----w C:\Program Files\UltraISO 2008-03-05 10:31 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-03-05 10:04 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-05 10:02 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-04 10:23 --------- d-----w C:\Program Files\MagicISO 2008-03-04 08:51 --------- d-----w C:\Program Files\MegauploadToolbar 2008-03-03 13:51 --------- d-----w C:\Program Files\PITy 2008-03-02 11:37 --------- d-----w C:\Program Files\Lavasoft 2008-03-02 11:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-02 09:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\Common Files\TechSmith Shared 2008-03-02 08:09 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Program Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems 2008-03-01 20:31 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Nero 2008-03-01 17:48 --------- d-----w C:\Program Files\Bonjour 2008-03-01 17:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-03-01 17:47 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-01 17:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-03-01 17:41 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Nero 2008-03-01 17:39 --------- d-----w C:\Program Files\Nero 2008-03-01 08:13 --------- d-----w C:\Program Files\SubEdit-Player 2008-03-01 06:15 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Thunderbird 2008-03-01 01:09 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Gadu-Gadu 2008-02-29 18:36 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-02-29 18:27 --------- d-----w C:\Program Files\Skype 2008-02-29 18:27 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-29 18:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-02-29 18:14 --------- d-----w C:\Program Files\Gadu-Gadu 2008-02-29 18:10 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Talkback 2008-02-29 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-29 17:53 --------- d-----w C:\Program Files\Creative 2008-02-29 17:53 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Talkback 2008-02-29 17:52 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-29 17:37 --------- d-----w C:\Program Files\ESET 2008-02-29 17:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-02-29 17:29 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Logitech 2008-02-29 17:29 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Thunderbird 2008-02-29 17:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-29 17:27 --------- d-----w C:\Program Files\CachemanXP 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-02-29 17:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Logitech 2008-02-29 17:15 --------- d-----w C:\Program Files\BitLord 2008-02-29 16:33 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-29 16:33 --------- d-----w C:\Program Files\ATI Technologies 2008-02-29 16:26 --------- d-----w C:\Program Files\Common Files\LogiShared 2008-02-29 16:26 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Logitech 2008-02-29 16:24 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-29 16:24 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\InstallShield 2008-02-29 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd 2008-02-29 16:11 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-29 16:10 --------- d-----w C:\Program Files\Usługi online 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ------- Sigcheck ------- 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-19_14.23.50.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-19 12:22:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-20 06:34:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-04-19 14:30:05 3,006,464 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-19 14:30:05 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-04-19 14:30:05 3,006,464 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-19 14:30:05 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-19 12:55:59 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-04-19 13:01:28 307,200 ----a-r C:\WINDOWS\Installer\{40589552-3892-409E-B92C-9F5032A4B2F0}\SafariIco.exe + 2008-04-19 13:19:45 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe - 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-04-19 16:09:46 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872] "Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-02-04 19:13 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00 294912] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "AutoRun"="G:\AUTORUN\AutoRun.exe" [ ] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "CTHelper"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 16:03 108592 C:\WINDOWS\system32\TWEAKUI.CPL] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "PrevxCSI"="C:\Program Files\PrevxCSI\PrevxCSI.exe" [2008-04-19 19:00 650296] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-29 18:24:37 692224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57132:TCP"= 57132:TCP:Pando P2P TCP Listening Port "57132:UDP"= 57132:UDP:Pando P2P UDP Listening Port R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-20 08:44] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52] R2 csiscanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service [] S2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-01-27 08:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}] \Shell\AutoRun\command - G:\AUTORUN\AUTORUN.EXE . Contents of the 'Scheduled Tasks' folder "2008-04-19 12:55:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 09:23:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\qandr.sys 125952 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qandr] "ImagePath"="\??\C:\WINDOWS\system32\drivers\qandr.sys" . Completion time: 2008-04-20 9:24:10 ComboFix-quarantined-files.txt 2008-04-20 07:24:07 ComboFix2.txt 2008-04-20 06:36:28 ComboFix3.txt 2008-04-19 14:43:51 ComboFix4.txt 2008-04-19 12:24:06 Pre-Run: 4,657,172,480 bajtów wolnych Post-Run: 4,647,096,320 bajtów wolnych 253

**Posty:** 18165 · przez **wojtas** 20 Kwi 2008, 10:51

mam pytanie

masz płytke od windowsa?

Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\drivers\qandr.sys

Registry keys to delete:

HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qandr

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z combofixa

**Posty:** 17 · przez **mokkunia** 20 Kwi 2008, 10:56

wojtas napisał(a):mam pytanie masz płytke od windowsa?

No i tu zaczyna się problem, bo niestety nie mam

Czy mimo to, mam zrobić to co napisałeś?

**Posty:** 8001 · przez **Okocza** 20 Kwi 2008, 10:57

tak zrób to co opisał Wojtas.

**Posty:** 17 · przez **mokkunia** 20 Kwi 2008, 11:12

wojtas napisał(a):Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Nie mogę znaleźć takiej opcji, lupki też nie

Mam takie coś po uruchomieniu The Avenger http://img402.imageshack.us/img402/1131/beztytuujh0.jpg

[ Dodano: Dzisiaj o 12:05 ]
Poszperałam trochę w necie, po prostu ta wersja The Avenger jest nowsza i stąd rozbieżność.
Już wiem co i jak. Idę wykonać.

[ Dodano: Dzisiaj o 12:16 ]

Kod: Zaznacz wszystko: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "qandr" found! DisplayName: qandr ImagePath: \??\C:\WINDOWS\system32\drivers\qandr.sys Start Type: 2 (Automatic) Rootkit scan completed. File "C:\WINDOWS\system32\drivers\qandr.sys" deleted successfully. Registry key "HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qandr" deleted successfully. Completed script processing. ******************* Finished! Terminate.

Kod: Zaznacz wszystko: ComboFix 08-04-18.3 - AnQ 2008-04-20 12:11:58.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.611 [GMT 2:00] Running from: C:\Documents and Settings\AnQ\Pulpit\ComboFix.exe * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 08:11 . 2008-04-20 08:17 <DIR> d-------- C:\fixwareout 2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\Grisoft 2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2008-04-19 17:33 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-19 16:30 . 2008-04-19 16:30 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-19 16:28 . 2008-04-19 16:36 <DIR> d-------- C:\SDFix 2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d-------- C:\Program Files\iTunes 2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d-------- C:\Program Files\iPod 2008-04-19 15:17 . 2008-04-19 15:18 <DIR> d-------- C:\Program Files\QuickTime 2008-04-19 14:52 . 2008-04-19 14:52 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\DivX 2008-04-19 14:24 . 2008-04-19 14:24 <DIR> d-------- C:\Documents and Settings\Maciuť 2008-04-19 09:06 . 2008-04-20 12:09 3,373,917 --a------ C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80271102}.BAK 2008-04-18 19:50 . 2008-04-19 09:35 109,765 --a------ C:\WINDOWS\BM57dbdba2.xml 2008-04-17 18:47 . 2008-04-17 18:48 <DIR> d-------- C:\Program Files\PITy2007 2008-04-13 20:37 . 2008-04-13 20:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 18:43 . 2008-04-20 10:23 <DIR> d-------- C:\Program Files\SkanerOnline 2008-04-13 09:41 . 2008-04-13 09:41 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\ACD Systems 2008-04-10 14:43 . 2008-04-10 14:44 38 --a------ C:\WINDOWS\avisplitter.INI 2008-04-06 19:15 . 2008-04-06 19:15 <DIR> d-------- C:\Documents and Settings\AnQ\Dane aplikacji\PC Suite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-04-06 15:52 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-04-06 15:51 . 2008-04-06 15:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-04-06 15:51 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-04-06 15:51 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-04-06 15:51 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-04-06 15:51 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-04-06 15:48 . 2008-04-06 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-06 15:44 . 2008-04-06 15:54 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\Nokia 2008-04-06 13:24 . 2008-04-06 16:08 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\Nokia Multimedia Player 2008-04-06 13:20 . 2008-04-06 13:20 <DIR> d-------- C:\Program Files\DIFX 2008-04-06 13:19 . 2008-04-06 15:52 <DIR> d-------- C:\Program Files\Nokia 2008-04-06 13:19 . 2008-04-06 15:59 <DIR> d-------- C:\Documents and Settings\Maciuś\Dane aplikacji\PC Suite 2008-04-06 13:19 . 2008-04-06 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-06 13:19 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-04-02 21:58 . 2008-04-02 21:58 <DIR> d-------- C:\WINDOWS\Sun 2008-04-02 21:57 . 2008-04-02 21:57 <DIR> d-------- C:\Program Files\Java 2008-04-02 21:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-02 21:55 . 2008-04-02 21:55 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-02 19:53 . 2008-04-02 19:53 <DIR> d---s---- C:\Documents and Settings\Maciuś\UserData 2008-04-02 19:53 . 2008-04-02 19:53 <DIR> d---s---- C:\Documents and Settings\Maciuś\UserData 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 09:11 . 2008-03-28 09:11 0 --a------ C:\WINDOWS\Irremote.ini 2008-03-26 18:36 . 2008-04-19 15:01 <DIR> d-------- C:\Program Files\Safari 2008-03-20 11:43 . 2008-03-20 11:43 <DIR> d-------- C:\Documents and Settings\MACIU~2\dane aplikacji 2008-03-20 11:43 . 2008-04-20 08:30 <DIR> d-------- C:\Documents and Settings\Maciuś . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 10:11 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Skype 2008-04-20 06:10 --------- d-----w C:\Program Files\Logitech 2008-04-19 15:44 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\MEGAUPLOADTOOLBAR 2008-04-19 14:21 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 07:33 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-04-19 07:06 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\skypePM 2008-04-18 20:04 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\MegauploadToolbar 2008-04-18 19:41 --------- d-----w C:\Program Files\Odkurzacz 2008-04-17 16:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-04-17 07:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-17 07:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-11 10:10 --------- d-----w C:\Program Files\The Bat! 2008-04-02 14:49 --------- d-----w C:\Program Files\Yahoo! 2008-03-28 07:22 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-28 07:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-03-28 07:08 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Apple Computer 2008-03-26 18:19 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Apple Computer 2008-03-05 10:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-05 10:31 --------- d-----w C:\Program Files\UltraISO 2008-03-05 10:31 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-03-05 10:04 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-05 10:02 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-04 10:23 --------- d-----w C:\Program Files\MagicISO 2008-03-04 08:51 --------- d-----w C:\Program Files\MegauploadToolbar 2008-03-03 13:51 --------- d-----w C:\Program Files\PITy 2008-03-02 11:37 --------- d-----w C:\Program Files\Lavasoft 2008-03-02 11:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-02 09:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\TechSmith 2008-03-02 09:17 --------- d-----w C:\Program Files\Common Files\TechSmith Shared 2008-03-02 08:09 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Program Files\ACD Systems 2008-03-02 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems 2008-03-01 20:31 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Nero 2008-03-01 17:48 --------- d-----w C:\Program Files\Bonjour 2008-03-01 17:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-03-01 17:47 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-01 17:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-03-01 17:41 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Nero 2008-03-01 17:39 --------- d-----w C:\Program Files\Nero 2008-03-01 08:13 --------- d-----w C:\Program Files\SubEdit-Player 2008-03-01 06:15 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Thunderbird 2008-03-01 01:09 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Gadu-Gadu 2008-02-29 18:36 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-02-29 18:27 --------- d-----w C:\Program Files\Skype 2008-02-29 18:27 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-29 18:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-02-29 18:14 --------- d-----w C:\Program Files\Gadu-Gadu 2008-02-29 18:10 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Talkback 2008-02-29 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-29 17:53 --------- d-----w C:\Program Files\Creative 2008-02-29 17:53 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Talkback 2008-02-29 17:52 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-29 17:37 --------- d-----w C:\Program Files\ESET 2008-02-29 17:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-02-29 17:29 --------- d-----w C:\Documents and Settings\Maciuś\Dane aplikacji\Logitech 2008-02-29 17:29 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Thunderbird 2008-02-29 17:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-29 17:27 --------- d-----w C:\Program Files\CachemanXP 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-29 17:23 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-02-29 17:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Logitech 2008-02-29 17:15 --------- d-----w C:\Program Files\BitLord 2008-02-29 16:33 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-29 16:33 --------- d-----w C:\Program Files\ATI Technologies 2008-02-29 16:26 --------- d-----w C:\Program Files\Common Files\LogiShared 2008-02-29 16:26 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\Logitech 2008-02-29 16:24 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-29 16:24 --------- d-----w C:\Documents and Settings\AnQ\Dane aplikacji\InstallShield 2008-02-29 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd 2008-02-29 16:11 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-29 16:10 --------- d-----w C:\Program Files\Usługi online 2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ------- Sigcheck ------- 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-19_14.23.50.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-19 12:22:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-20 10:07:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-04-19 14:30:05 3,006,464 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-19 14:30:05 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-04-19 14:30:05 3,006,464 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-19 14:30:05 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-19 12:55:59 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-04-19 13:01:28 307,200 ----a-r C:\WINDOWS\Installer\{40589552-3892-409E-B92C-9F5032A4B2F0}\SafariIco.exe + 2008-04-19 13:19:45 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe - 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-04-19 16:09:46 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872] "Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-02-04 19:13 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00 294912] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "AutoRun"="G:\AUTORUN\AutoRun.exe" [ ] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "CTHelper"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160] "Tweak UI"="TWEAKUI.CPL" [2000-06-18 16:03 108592 C:\WINDOWS\system32\TWEAKUI.CPL] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-29 18:24:37 692224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57132:TCP"= 57132:TCP:Pando P2P TCP Listening Port "57132:UDP"= 57132:UDP:Pando P2P UDP Listening Port R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52] S2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-01-27 08:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb5b1dd-e6e5-11dc-a224-806d6172696f}] \Shell\AutoRun\command - G:\AUTORUN\AUTORUN.EXE *Newly Created Service* - catchme . Contents of the 'Scheduled Tasks' folder "2008-04-19 12:55:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 12:13:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-20 12:14:30 ComboFix-quarantined-files.txt 2008-04-20 10:14:24 ComboFix2.txt 2008-04-20 07:24:11 ComboFix3.txt 2008-04-20 06:36:28 ComboFix4.txt 2008-04-19 14:43:51 ComboFix5.txt 2008-04-19 12:24:06 Pre-Run: 4,719,194,112 bajtów wolnych Post-Run: 4,716,986,368 bajtów wolnych 233

**Posty:** 8001 · przez **Okocza** 20 Kwi 2008, 14:07

jest już ok :?:

czy dalej to samo :?:

**Posty:** 17 · przez **mokkunia** 20 Kwi 2008, 14:19

okocza napisał(a):jest już ok czy dalej to samo

wydaje mi się, że wszystko wróciło do normy
strony się ładują wszystkie i nawet szybko
antywirus nie krzyczy

Dziękuję za pomoc

Podpowiedzcie mi proszę jeszcze jak na przyszłość uniknąć takich problemów?
Jakiego antywirusa i firewalla najlepiej zainstalować (raczej w grę wchodzą darmowe programy)?

**Posty:** 8001 · przez **Okocza** 20 Kwi 2008, 14:40

systemowa z SP2 powinna wystarczyć a co do anty wirusa - czasem pełne wersje są dodawane do gazet komputerowych, ostatnio dali z enterem albo z Chipem jakiegoś, bodajże AVG ale nie jestem pewien na 100%

albo zainstaluj avasta

http://www.programosy.pl/program,avast-home.html

trojany, wolna praca komputera i problem z ładowaniem stron

trojany, wolna praca komputera i problem z ładowaniem stron

Kto jest na forum