Wolny internet / log hijackthis

[cnx1234]

Witam !
Otoz od jakiegos dnia strasznie zaczal mi internet chodzic tzn powoli i nie wiem czemu. Wkleje tu loga moze cos wykryjecie. z gory thx

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:42, on 2008-11-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programy Zainstalowane\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\cNx\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy Zainstalowane\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 3517 bytes

[quote][/quote]

[sgsman]

Wrzuć loga z combofixa.

[cnx1234]

log

Kod: Zaznacz wszystko

[quote]ComboFix 08-11-05.02 - cNx 2008-11-06 20:41:24.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.294 [GMT 1:00]
Uruchomiony z: c:\documents and settings\cNx\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-06 do 2008-11-06  )))))))))))))))))))))))))))))))
.

2008-11-06 08:09 . 2008-09-15 16:40   1,846,272   ---------   c:\windows\system32\dllcache\win32k.sys
2008-11-06 08:09 . 2008-11-06 08:09   0   --a------   c:\windows\nsreg.dat
2008-11-06 07:57 . 2008-08-28 11:04   333,056   ---------   c:\windows\system32\dllcache\srv.sys
2008-11-06 07:55 . 2008-11-06 07:55   <DIR>   d--------   c:\program files\Sun
2008-11-06 07:53 . 2008-11-06 07:52   410,976   --a------   c:\windows\system32\deploytk.dll
2008-11-06 07:53 . 2008-11-06 07:52   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-11-06 07:52 . 2008-11-06 07:52   <DIR>   d--------   c:\program files\Java
2008-11-06 07:51 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\dllcache\bthport.sys
2008-11-06 07:48 . 2008-08-14 10:51   138,368   ---------   c:\windows\system32\dllcache\afd.sys
2008-11-06 07:28 . 2008-04-11 19:51   683,520   ---------   c:\windows\system32\dllcache\inetcomm.dll
2008-11-06 07:28 . 2008-05-01 15:33   331,776   ---------   c:\windows\system32\dllcache\msadce.dll
2008-11-06 07:21 . 2008-10-15 18:00   332,800   ---------   c:\windows\system32\dllcache\netapi32.dll
2008-11-05 21:29 . 2008-11-05 21:29   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-11-05 21:26 . 2008-08-14 14:46   2,181,632   ---------   c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,137,600   ---------   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,059,008   ---------   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,017,280   ---------   c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-05 20:10 . 2008-11-05 20:10   <DIR>   d--hs----   C:\FOUND.000
2008-11-05 20:05 . 2008-11-05 20:42   96,976   --a------   c:\windows\system32\drivers\klin.dat
2008-11-05 20:05 . 2008-11-05 20:42   87,855   --a------   c:\windows\system32\drivers\klick.dat
2008-11-05 20:04 . 2008-11-05 20:04   <DIR>   d--------   c:\program files\Kaspersky Lab
2008-11-05 20:04 . 2008-11-05 20:04   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-05 20:04 . 2008-11-06 20:43   336,928   --ahs----   c:\windows\system32\drivers\fidbox.dat
2008-11-05 20:04 . 2008-11-06 20:43   49,184   --ahs----   c:\windows\system32\drivers\fidbox2.dat
2008-11-05 20:04 . 2008-11-06 20:43   4,760   --ahs----   c:\windows\system32\drivers\fidbox.idx
2008-11-05 20:04 . 2008-11-06 20:43   2,296   --ahs----   c:\windows\system32\drivers\fidbox2.idx
2008-11-05 20:03 . 2008-11-05 20:03   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\asdasd\Ustawienia lokalne
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   dr-------   c:\documents and settings\asdasd\Ulubione
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\asdasd\Szablony
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\asdasd\Pulpit
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   dr-------   c:\documents and settings\asdasd\Moje dokumenty
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\asdasd\Menu Start
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\asdasd\Dane aplikacji
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   d--------   c:\documents and settings\asdasd
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\Nikola\Ustawienia lokalne
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   dr-------   c:\documents and settings\Nikola\Ulubione
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\Nikola\Szablony
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\Nikola\Pulpit
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   dr-------   c:\documents and settings\Nikola\Moje dokumenty
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\Nikola\Menu Start
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\Nikola\Dane aplikacji
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   d--------   c:\documents and settings\Nikola
2008-11-05 17:34 . 2008-11-05 17:34   <DIR>   d--------   c:\program files\Realtek Sound Manager
2008-11-05 17:34 . 2008-11-05 17:34   <DIR>   d--------   c:\program files\AvRack
2008-11-05 17:34 . 2001-07-05 17:19   164   ---------   c:\windows\avrack.ini
2008-11-05 17:31 . 2008-11-05 17:31   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-11-05 17:24 . 2008-11-05 17:24   <DIR>   d--------   c:\documents and settings\cNx\Dane aplikacji\Gadu-Gadu
2008-11-05 17:15 . 2008-11-05 17:15   <DIR>   d--------   c:\documents and settings\LocalService\Menu Start
2008-11-05 17:11 . 2008-11-05 17:11   <DIR>   d--------   c:\windows\nview
2008-11-05 17:11 . 2004-05-14 06:41   5,128,192   -ra------   c:\windows\system32\nvoglnt.dll
2008-11-05 17:11 . 2004-05-14 06:41   3,784,704   ---------   c:\windows\system32\nvcpl.dll
2008-11-05 17:11 . 2004-05-14 06:41   241,664   -ra------   c:\windows\system32\nvnt4cpl.dll
2008-11-05 17:11 . 2004-05-14 06:41   172,032   --a------   c:\windows\system32\nvudisp.exe
2008-11-05 17:11 . 2004-05-14 06:41   114,755   -ra------   c:\windows\system32\nvsvc32.exe
2008-11-05 17:11 . 2004-05-14 06:41   81,920   -ra------   c:\windows\system32\nvmctray.dll
2008-11-05 17:11 . 2004-05-14 06:41   38,912   -ra------   c:\windows\system32\nvwddi.dll
2008-11-05 17:11 . 2004-05-14 06:41   32,256   -ra------   c:\windows\system32\nvcodins.dll
2008-11-05 17:11 . 2004-05-14 06:41   32,256   ---------   c:\windows\system32\nvcod.dll
2008-11-05 17:11 . 2004-05-14 06:41   13,474   --a------   c:\windows\system32\nvdisp.nvu
2008-11-05 16:54 . 2008-11-05 16:54   <DIR>   d--------   c:\windows\ServicePackFiles
2008-11-05 16:50 . 2005-02-25 04:36   22,752   --a------   c:\windows\system32\spupdsvc.exe
2008-11-05 16:50 . 2004-07-17 11:40   19,528   --a------   c:\windows\[u]0[/u]02178_.tmp
2008-11-05 16:48 . 2008-11-05 16:48   <DIR>   d--------   c:\windows\EHome
2008-11-05 16:46 . 2008-11-05 16:46   <DIR>   d--------   c:\documents and settings\cNx\Gadu-Gadu
2008-11-05 16:45 . 2008-11-05 17:15   316,640   --a------   c:\windows\WMSysPr9.prx
2008-11-05 16:42 . 2008-11-05 16:42   <DIR>   d--------   c:\program files\Winamp
2008-11-05 16:42 . 2008-11-05 16:42   <DIR>   d--------   c:\documents and settings\cNx\Dane aplikacji\Winamp
2008-11-05 16:35 . 2008-11-05 16:35   <DIR>   d--------   c:\program files\Opera
2008-11-05 16:34 . 2008-11-05 16:34   <DIR>   d--hs----   C:\Recycled
2008-11-05 16:33 . 2008-11-05 16:33   <DIR>   d---s----   c:\windows\system32\Microsoft
2008-11-05 16:33 . 2008-11-05 16:33   <DIR>   d--------   c:\windows\system32\DRVSTORE
2008-11-05 16:33 . 2006-05-04 19:02   380,928   --a------   c:\windows\system32\drivers\rt61.sys
2008-11-05 16:33 . 2005-12-15 10:38   315,392   --a------   c:\windows\system32\AegisI5.exe
2008-11-05 16:33 . 2006-05-15 16:25   295,028   --a------   c:\windows\system32\Install6x.dll
2008-11-05 16:33 . 2008-11-05 16:33   21,275   --a------   c:\windows\system32\drivers\AegisP.sys
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2661.bin
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561s.bin
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561.bin
2008-11-05 16:33 . 2006-03-10 15:33   78   --a------   c:\windows\filespec6x
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--------   c:\program files\RALINK
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\windows\Installer
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--h-----   c:\documents and settings\NetworkService\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\NetworkService\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\documents and settings\NetworkService
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--h-----   c:\documents and settings\LocalService\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\LocalService\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\documents and settings\LocalService
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\cNx\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 17:17   <DIR>   dr-------   c:\documents and settings\cNx\Ulubione
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\cNx\Szablony
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\cNx\Pulpit
2008-11-05 16:30 . 2008-11-05 17:17   <DIR>   dr-------   c:\documents and settings\cNx\Moje dokumenty
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\cNx\Menu Start
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\cNx\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\cNx

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 14:56   558,142   ----a-w   c:\windows\java\Packages\1NZHN93D.ZIP
2008-11-05 14:56   155,995   ----a-w   c:\windows\java\Packages\UUJ17N73.ZIP
2008-11-05 14:56   ---------   d-----w   c:\program files\microsoft frontpage
2008-11-05 14:53   ---------   d-----w   c:\program files\Usługi online
2008-09-15 15:40   1,846,272   ----a-w   c:\windows\system32\win32k.sys
2008-08-19 09:30   18,432   ------w   c:\windows\system32\dllcache\iedw.exe
2008-08-14 13:46   2,181,632   ----a-w   c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46   2,059,008   ----a-w   c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="e:\programy zainstalowane\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2004-05-14 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-11-05 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-06 152984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f665f129-ab4f-11dd-be54-806d6172696f}]
\Shell\AutoRun\command - f:\autorun\AUTORUN.EXE
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\cNx\Dane aplikacji\Mozilla\Firefox\Profiles\sha3vqod.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 20:45:22
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Czas ukończenia: 2008-11-06 20:47:46 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-11-06 19:46:50

Przed: 21 051 637 760 bajtów wolnych
Po: 21,031,600,128 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

185   --- E O F ---   2008-11-06 07:58:13
[/quote][code][/code]

[djarta]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f665f129-ab4f-11dd-be54-806d6172696f}]
\Shell\AutoRun\command - f:\autorun\AUTORUN.EXE

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
c:\windows\002178_.tmp

Folder::
C:\FOUND.000
C:\Recycled

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f665f129-ab4f-11dd-be54-806d6172696f}]


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.


=================
K.

[cnx1234]

Zrobilem 2 razy to samo. Oto logi

Kod: Zaznacz wszystko

ComboFix 08-11-05.02 - cNx 2008-11-07 15:12:45.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.317 [GMT 1:00]
Uruchomiony z: c:\documents and settings\cNx\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\cNx\Pulpit\CFScript.txt.txt
* Utworzono nowy punkt przywracania

FILE ::
c:\windows\[u]0[/u]02178_.tmp
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycled
c:\recycled\desktop.ini
c:\recycled\INFO2

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-07 do 2008-11-07  )))))))))))))))))))))))))))))))
.

2008-11-06 08:09 . 2008-09-15 16:40   1,846,272   ---------   c:\windows\system32\dllcache\win32k.sys
2008-11-06 08:09 . 2008-11-06 08:09   0   --a------   c:\windows\nsreg.dat
2008-11-06 07:57 . 2008-08-28 11:04   333,056   ---------   c:\windows\system32\dllcache\srv.sys
2008-11-06 07:55 . 2008-11-06 07:55   <DIR>   d--------   c:\program files\Sun
2008-11-06 07:53 . 2008-11-06 07:52   410,976   --a------   c:\windows\system32\deploytk.dll
2008-11-06 07:53 . 2008-11-06 07:52   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-11-06 07:52 . 2008-11-06 07:52   <DIR>   d--------   c:\program files\Java
2008-11-06 07:51 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\dllcache\bthport.sys
2008-11-06 07:48 . 2008-08-14 10:51   138,368   ---------   c:\windows\system32\dllcache\afd.sys
2008-11-06 07:28 . 2008-04-11 19:51   683,520   ---------   c:\windows\system32\dllcache\inetcomm.dll
2008-11-06 07:28 . 2008-05-01 15:33   331,776   ---------   c:\windows\system32\dllcache\msadce.dll
2008-11-06 07:21 . 2008-10-15 18:00   332,800   ---------   c:\windows\system32\dllcache\netapi32.dll
2008-11-05 21:29 . 2008-11-05 21:29   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-11-05 21:26 . 2008-08-14 14:46   2,181,632   ---------   c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,137,600   ---------   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,059,008   ---------   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,017,280   ---------   c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-05 20:05 . 2008-11-05 20:42   96,976   --a------   c:\windows\system32\drivers\klin.dat
2008-11-05 20:05 . 2008-11-05 20:42   87,855   --a------   c:\windows\system32\drivers\klick.dat
2008-11-05 20:04 . 2008-11-05 20:04   <DIR>   d--------   c:\program files\Kaspersky Lab
2008-11-05 20:04 . 2008-11-05 20:04   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-05 20:04 . 2008-11-06 21:17   336,928   --ahs----   c:\windows\system32\drivers\fidbox.dat
2008-11-05 20:04 . 2008-11-06 21:17   49,184   --ahs----   c:\windows\system32\drivers\fidbox2.dat
2008-11-05 20:04 . 2008-11-06 21:17   4,760   --ahs----   c:\windows\system32\drivers\fidbox.idx
2008-11-05 20:04 . 2008-11-06 21:17   2,296   --ahs----   c:\windows\system32\drivers\fidbox2.idx
2008-11-05 20:03 . 2008-11-05 20:03   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\asdasd\Ustawienia lokalne
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   dr-------   c:\documents and settings\asdasd\Ulubione
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\asdasd\Szablony
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\asdasd\Pulpit
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   dr-------   c:\documents and settings\asdasd\Moje dokumenty
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\asdasd\Menu Start
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\asdasd\Dane aplikacji
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   d--------   c:\documents and settings\asdasd
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\Nikola\Ustawienia lokalne
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   dr-------   c:\documents and settings\Nikola\Ulubione
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\Nikola\Szablony
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\Nikola\Pulpit
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   dr-------   c:\documents and settings\Nikola\Moje dokumenty
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\Nikola\Menu Start
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\Nikola\Dane aplikacji
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   d--------   c:\documents and settings\Nikola
2008-11-05 17:34 . 2008-11-05 17:34   <DIR>   d--------   c:\program files\Realtek Sound Manager
2008-11-05 17:34 . 2008-11-05 17:34   <DIR>   d--------   c:\program files\AvRack
2008-11-05 17:34 . 2001-07-05 17:19   164   ---------   c:\windows\avrack.ini
2008-11-05 17:31 . 2008-11-05 17:31   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-11-05 17:24 . 2008-11-05 17:24   <DIR>   d--------   c:\documents and settings\cNx\Dane aplikacji\Gadu-Gadu
2008-11-05 17:15 . 2008-11-05 17:15   <DIR>   d--------   c:\documents and settings\LocalService\Menu Start
2008-11-05 17:11 . 2008-11-05 17:11   <DIR>   d--------   c:\windows\nview
2008-11-05 17:11 . 2004-05-14 06:41   5,128,192   -ra------   c:\windows\system32\nvoglnt.dll
2008-11-05 17:11 . 2004-05-14 06:41   3,784,704   ---------   c:\windows\system32\nvcpl.dll
2008-11-05 17:11 . 2004-05-14 06:41   241,664   -ra------   c:\windows\system32\nvnt4cpl.dll
2008-11-05 17:11 . 2004-05-14 06:41   172,032   --a------   c:\windows\system32\nvudisp.exe
2008-11-05 17:11 . 2004-05-14 06:41   114,755   -ra------   c:\windows\system32\nvsvc32.exe
2008-11-05 17:11 . 2004-05-14 06:41   81,920   -ra------   c:\windows\system32\nvmctray.dll
2008-11-05 17:11 . 2004-05-14 06:41   38,912   -ra------   c:\windows\system32\nvwddi.dll
2008-11-05 17:11 . 2004-05-14 06:41   32,256   -ra------   c:\windows\system32\nvcodins.dll
2008-11-05 17:11 . 2004-05-14 06:41   32,256   ---------   c:\windows\system32\nvcod.dll
2008-11-05 17:11 . 2004-05-14 06:41   13,474   --a------   c:\windows\system32\nvdisp.nvu
2008-11-05 16:54 . 2008-11-05 16:54   <DIR>   d--------   c:\windows\ServicePackFiles
2008-11-05 16:50 . 2005-02-25 04:36   22,752   --a------   c:\windows\system32\spupdsvc.exe
2008-11-05 16:48 . 2008-11-05 16:48   <DIR>   d--------   c:\windows\EHome
2008-11-05 16:46 . 2008-11-05 16:46   <DIR>   d--------   c:\documents and settings\cNx\Gadu-Gadu
2008-11-05 16:45 . 2008-11-05 17:15   316,640   --a------   c:\windows\WMSysPr9.prx
2008-11-05 16:42 . 2008-11-05 16:42   <DIR>   d--------   c:\program files\Winamp
2008-11-05 16:42 . 2008-11-05 16:42   <DIR>   d--------   c:\documents and settings\cNx\Dane aplikacji\Winamp
2008-11-05 16:35 . 2008-11-05 16:35   <DIR>   d--------   c:\program files\Opera
2008-11-05 16:33 . 2008-11-05 16:33   <DIR>   d---s----   c:\windows\system32\Microsoft
2008-11-05 16:33 . 2008-11-05 16:33   <DIR>   d--------   c:\windows\system32\DRVSTORE
2008-11-05 16:33 . 2006-05-04 19:02   380,928   --a------   c:\windows\system32\drivers\rt61.sys
2008-11-05 16:33 . 2005-12-15 10:38   315,392   --a------   c:\windows\system32\AegisI5.exe
2008-11-05 16:33 . 2006-05-15 16:25   295,028   --a------   c:\windows\system32\Install6x.dll
2008-11-05 16:33 . 2008-11-05 16:33   21,275   --a------   c:\windows\system32\drivers\AegisP.sys
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2661.bin
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561s.bin
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561.bin
2008-11-05 16:33 . 2006-03-10 15:33   78   --a------   c:\windows\filespec6x
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--------   c:\program files\RALINK
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\windows\Installer
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--h-----   c:\documents and settings\NetworkService\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\NetworkService\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\documents and settings\NetworkService
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--h-----   c:\documents and settings\LocalService\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\LocalService\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\documents and settings\LocalService
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\cNx\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 17:17   <DIR>   dr-------   c:\documents and settings\cNx\Ulubione
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\cNx\Szablony
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\cNx\Pulpit
2008-11-05 16:30 . 2008-11-05 17:17   <DIR>   dr-------   c:\documents and settings\cNx\Moje dokumenty
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\cNx\Menu Start
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\cNx\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\cNx

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 14:56   558,142   ----a-w   c:\windows\java\Packages\1NZHN93D.ZIP
2008-11-05 14:56   155,995   ----a-w   c:\windows\java\Packages\UUJ17N73.ZIP
2008-11-05 14:56   ---------   d-----w   c:\program files\microsoft frontpage
2008-11-05 14:53   ---------   d-----w   c:\program files\Usługi online
2008-09-15 15:40   1,846,272   ----a-w   c:\windows\system32\win32k.sys
2008-08-19 09:30   18,432   ------w   c:\windows\system32\dllcache\iedw.exe
2008-08-14 13:46   2,181,632   ----a-w   c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46   2,059,008   ----a-w   c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-11-06_20.46.10.00   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-06 19:44:50   16,384   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-07 11:47:22   16,384   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-06 19:44:50   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-11-07 11:47:22   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-11-07 11:47:20   16,384   ----a-w   c:\windows\Temp\Perflib_Perfdata_794.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="e:\programy zainstalowane\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2004-05-14 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-11-05 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-06 152984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 15:14:31
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-07 15:14:58
ComboFix-quarantined-files.txt  2008-11-07 14:14:58
ComboFix3.txt  2008-11-06 19:47:48
ComboFix2.txt  2008-11-07 14:05:12

Przed: 20 976 648 192 bajtów wolnych
Po: 20,967,374,848 bajtów wolnych

177   --- E O F ---   2008-11-06 07:58:13

2 Log

Kod: Zaznacz wszystko

ComboFix 08-11-05.02 - cNx 2008-11-07 15:02:44.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.325 [GMT 1:00]
Uruchomiony z: c:\documents and settings\cNx\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\cNx\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

FILE ::
c:\windows\[u]0[/u]02178_.tmp
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
c:\found.000\FILE0005.CHK
c:\found.000\FILE0006.CHK
c:\found.000\FILE0007.CHK
c:\found.000\FILE0008.CHK
c:\found.000\FILE0009.CHK
c:\found.000\FILE0010.CHK
c:\found.000\FILE0011.CHK
c:\found.000\FILE0012.CHK
c:\found.000\FILE0013.CHK
c:\found.000\FILE0014.CHK
c:\found.000\FILE0015.CHK
c:\found.000\FILE0016.CHK
c:\found.000\FILE0017.CHK
c:\found.000\FILE0018.CHK
c:\found.000\FILE0019.CHK
c:\found.000\FILE0020.CHK
c:\found.000\FILE0021.CHK
c:\found.000\FILE0022.CHK
c:\found.000\FILE0023.CHK
C:\Recycled
c:\recycled\desktop.ini
c:\recycled\INFO2
c:\windows\[u]0[/u]02178_.tmp

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-07 do 2008-11-07  )))))))))))))))))))))))))))))))
.

2008-11-06 08:09 . 2008-09-15 16:40   1,846,272   ---------   c:\windows\system32\dllcache\win32k.sys
2008-11-06 08:09 . 2008-11-06 08:09   0   --a------   c:\windows\nsreg.dat
2008-11-06 07:57 . 2008-08-28 11:04   333,056   ---------   c:\windows\system32\dllcache\srv.sys
2008-11-06 07:55 . 2008-11-06 07:55   <DIR>   d--------   c:\program files\Sun
2008-11-06 07:53 . 2008-11-06 07:52   410,976   --a------   c:\windows\system32\deploytk.dll
2008-11-06 07:53 . 2008-11-06 07:52   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-11-06 07:52 . 2008-11-06 07:52   <DIR>   d--------   c:\program files\Java
2008-11-06 07:51 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\dllcache\bthport.sys
2008-11-06 07:48 . 2008-08-14 10:51   138,368   ---------   c:\windows\system32\dllcache\afd.sys
2008-11-06 07:28 . 2008-04-11 19:51   683,520   ---------   c:\windows\system32\dllcache\inetcomm.dll
2008-11-06 07:28 . 2008-05-01 15:33   331,776   ---------   c:\windows\system32\dllcache\msadce.dll
2008-11-06 07:21 . 2008-10-15 18:00   332,800   ---------   c:\windows\system32\dllcache\netapi32.dll
2008-11-05 21:29 . 2008-11-05 21:29   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-11-05 21:26 . 2008-08-14 14:46   2,181,632   ---------   c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,137,600   ---------   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,059,008   ---------   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-05 21:26 . 2008-08-14 14:46   2,017,280   ---------   c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-05 20:05 . 2008-11-05 20:42   96,976   --a------   c:\windows\system32\drivers\klin.dat
2008-11-05 20:05 . 2008-11-05 20:42   87,855   --a------   c:\windows\system32\drivers\klick.dat
2008-11-05 20:04 . 2008-11-05 20:04   <DIR>   d--------   c:\program files\Kaspersky Lab
2008-11-05 20:04 . 2008-11-05 20:04   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-05 20:04 . 2008-11-06 21:17   336,928   --ahs----   c:\windows\system32\drivers\fidbox.dat
2008-11-05 20:04 . 2008-11-06 21:17   49,184   --ahs----   c:\windows\system32\drivers\fidbox2.dat
2008-11-05 20:04 . 2008-11-06 21:17   4,760   --ahs----   c:\windows\system32\drivers\fidbox.idx
2008-11-05 20:04 . 2008-11-06 21:17   2,296   --ahs----   c:\windows\system32\drivers\fidbox2.idx
2008-11-05 20:03 . 2008-11-05 20:03   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\asdasd\Ustawienia lokalne
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   dr-------   c:\documents and settings\asdasd\Ulubione
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\asdasd\Szablony
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\asdasd\Pulpit
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   dr-------   c:\documents and settings\asdasd\Moje dokumenty
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\asdasd\Menu Start
2008-11-05 19:57 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\asdasd\Dane aplikacji
2008-11-05 19:57 . 2008-11-05 19:57   <DIR>   d--------   c:\documents and settings\asdasd
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\Nikola\Ustawienia lokalne
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   dr-------   c:\documents and settings\Nikola\Ulubione
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\Nikola\Szablony
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\Nikola\Pulpit
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   dr-------   c:\documents and settings\Nikola\Moje dokumenty
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\Nikola\Menu Start
2008-11-05 19:17 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\Nikola\Dane aplikacji
2008-11-05 19:17 . 2008-11-05 19:17   <DIR>   d--------   c:\documents and settings\Nikola
2008-11-05 17:34 . 2008-11-05 17:34   <DIR>   d--------   c:\program files\Realtek Sound Manager
2008-11-05 17:34 . 2008-11-05 17:34   <DIR>   d--------   c:\program files\AvRack
2008-11-05 17:34 . 2001-07-05 17:19   164   ---------   c:\windows\avrack.ini
2008-11-05 17:31 . 2008-11-05 17:31   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-11-05 17:24 . 2008-11-05 17:24   <DIR>   d--------   c:\documents and settings\cNx\Dane aplikacji\Gadu-Gadu
2008-11-05 17:15 . 2008-11-05 17:15   <DIR>   d--------   c:\documents and settings\LocalService\Menu Start
2008-11-05 17:11 . 2008-11-05 17:11   <DIR>   d--------   c:\windows\nview
2008-11-05 17:11 . 2004-05-14 06:41   5,128,192   -ra------   c:\windows\system32\nvoglnt.dll
2008-11-05 17:11 . 2004-05-14 06:41   3,784,704   ---------   c:\windows\system32\nvcpl.dll
2008-11-05 17:11 . 2004-05-14 06:41   241,664   -ra------   c:\windows\system32\nvnt4cpl.dll
2008-11-05 17:11 . 2004-05-14 06:41   172,032   --a------   c:\windows\system32\nvudisp.exe
2008-11-05 17:11 . 2004-05-14 06:41   114,755   -ra------   c:\windows\system32\nvsvc32.exe
2008-11-05 17:11 . 2004-05-14 06:41   81,920   -ra------   c:\windows\system32\nvmctray.dll
2008-11-05 17:11 . 2004-05-14 06:41   38,912   -ra------   c:\windows\system32\nvwddi.dll
2008-11-05 17:11 . 2004-05-14 06:41   32,256   -ra------   c:\windows\system32\nvcodins.dll
2008-11-05 17:11 . 2004-05-14 06:41   32,256   ---------   c:\windows\system32\nvcod.dll
2008-11-05 17:11 . 2004-05-14 06:41   13,474   --a------   c:\windows\system32\nvdisp.nvu
2008-11-05 16:54 . 2008-11-05 16:54   <DIR>   d--------   c:\windows\ServicePackFiles
2008-11-05 16:50 . 2005-02-25 04:36   22,752   --a------   c:\windows\system32\spupdsvc.exe
2008-11-05 16:48 . 2008-11-05 16:48   <DIR>   d--------   c:\windows\EHome
2008-11-05 16:46 . 2008-11-05 16:46   <DIR>   d--------   c:\documents and settings\cNx\Gadu-Gadu
2008-11-05 16:45 . 2008-11-05 17:15   316,640   --a------   c:\windows\WMSysPr9.prx
2008-11-05 16:42 . 2008-11-05 16:42   <DIR>   d--------   c:\program files\Winamp
2008-11-05 16:42 . 2008-11-05 16:42   <DIR>   d--------   c:\documents and settings\cNx\Dane aplikacji\Winamp
2008-11-05 16:35 . 2008-11-05 16:35   <DIR>   d--------   c:\program files\Opera
2008-11-05 16:33 . 2008-11-05 16:33   <DIR>   d---s----   c:\windows\system32\Microsoft
2008-11-05 16:33 . 2008-11-05 16:33   <DIR>   d--------   c:\windows\system32\DRVSTORE
2008-11-05 16:33 . 2006-05-04 19:02   380,928   --a------   c:\windows\system32\drivers\rt61.sys
2008-11-05 16:33 . 2005-12-15 10:38   315,392   --a------   c:\windows\system32\AegisI5.exe
2008-11-05 16:33 . 2006-05-15 16:25   295,028   --a------   c:\windows\system32\Install6x.dll
2008-11-05 16:33 . 2008-11-05 16:33   21,275   --a------   c:\windows\system32\drivers\AegisP.sys
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2661.bin
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561s.bin
2008-11-05 16:33 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561.bin
2008-11-05 16:33 . 2006-03-10 15:33   78   --a------   c:\windows\filespec6x
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--------   c:\program files\RALINK
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-11-05 16:32 . 2008-11-05 16:32   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\windows\Installer
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--h-----   c:\documents and settings\NetworkService\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\NetworkService\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\documents and settings\NetworkService
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--h-----   c:\documents and settings\LocalService\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\LocalService\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--hs----   c:\documents and settings\LocalService
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\cNx\Ustawienia lokalne
2008-11-05 16:30 . 2008-11-05 17:17   <DIR>   dr-------   c:\documents and settings\cNx\Ulubione
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--h-----   c:\documents and settings\cNx\Szablony
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   d--------   c:\documents and settings\cNx\Pulpit
2008-11-05 16:30 . 2008-11-05 17:17   <DIR>   dr-------   c:\documents and settings\cNx\Moje dokumenty
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   dr-------   c:\documents and settings\cNx\Menu Start
2008-11-05 16:30 . 2008-11-05 15:46   <DIR>   dr-h-----   c:\documents and settings\cNx\Dane aplikacji
2008-11-05 16:30 . 2008-11-05 16:30   <DIR>   d--------   c:\documents and settings\cNx

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 14:56   558,142   ----a-w   c:\windows\java\Packages\1NZHN93D.ZIP
2008-11-05 14:56   155,995   ----a-w   c:\windows\java\Packages\UUJ17N73.ZIP
2008-11-05 14:56   ---------   d-----w   c:\program files\microsoft frontpage
2008-11-05 14:53   ---------   d-----w   c:\program files\Usługi online
2008-09-15 15:40   1,846,272   ----a-w   c:\windows\system32\win32k.sys
2008-08-19 09:30   18,432   ------w   c:\windows\system32\dllcache\iedw.exe
2008-08-14 13:46   2,181,632   ----a-w   c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46   2,059,008   ----a-w   c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-11-06_20.46.10.00   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-06 19:44:50   16,384   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-07 11:47:22   16,384   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-06 19:44:50   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-11-07 11:47:22   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-11-07 11:47:20   16,384   ----a-w   c:\windows\Temp\Perflib_Perfdata_794.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="e:\programy zainstalowane\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2004-05-14 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-11-05 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-06 152984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 15:04:41
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-07 15:05:09
ComboFix-quarantined-files.txt  2008-11-07 14:05:08
ComboFix2.txt  2008-11-06 19:47:48

Przed: 21 009 481 728 bajtów wolnych
Po: 20,997,734,400 bajtów wolnych

202   --- E O F ---   2008-11-06 07:58:13


Co teraz zrobic ? usunac ten found ? oj tzn ten Qoobox

[djarta]

Czysto.

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.




============
K.

[cnx1234]

Zrobilem wszystko oprocz skana kaspersky bo wyskoczyl blad bo mam na komputerze zainstalowany.

Kod: Zaznacz wszystko


********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.20.6759                             *
*                                                                              *
********************************************************************************

Created at 15:48:23 on Friday, November 07, 2008

Time Zone            :

Logged On User       : cNx

Operating System     : Microsoft Windows XP Professional Dodatek Service Pack 2
OS Version           : 5.1.2600
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X86 AMD Sempron(tm)   2300+

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 24.99 GB
System Drive Free    : 21.24 GB

Total Physical Memory: 511 MB
Free Physical Memory : 329 MB
Total Page File      : 511 MB
Free Page File       : 1081 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1974 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

[djarta]

Wyłącz na czas skanowania swojego "Kaspra".

FixIEDef - czysto.


=============
K.

Autor postu otrzymał pochwałę

[cnx1234]

nie moge nawet jak wyloncze

[djarta]

No to przeskanuj tym --> KVRT.


==========
K.