free-viruscan.com/id/4912933/4/1/

[zolty22]

Witam!
Mam taki sam problem co koledzy wyżej.
Co mam z tym zrobić? Poniżej wklejam logi.
Przeskanowanie combo i sd nic nie dało.
Z góry dzięki.
Pozdrawiam.

Już się poprawiam po prostu nie tu mi się napisało.
Chodzi o to:
Kiedy chce otworzyć byle jaki folder to pokazuje mi się taki komunikat:

http://img299.imageshack.us/my.php?image=asdpe7.jpg

Nie ważne czy nacisnę TAK czy NIE to wchodzi automatycznie na taką stronkę:

http://img185.imageshack.us/my.php?image=asd2zs2.jpg

Kod: Zaznacz wszystko

ComboFix 08-07-22.4 - ppp 2008-07-23 22:49:56.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.110 [GMT 2:00]
Running from: G:\anty vir\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-06-23 to 2008-07-23  )))))))))))))))))))))))))))))))
.

2008-07-23 22:09 . 2008-07-23 22:09   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-23 22:08 . 2008-07-23 22:08   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-07-23 22:00 . 2008-07-23 22:28   <DIR>   d--------   C:\SDFix
2008-07-23 19:26 . 2008-07-23 19:26   17,920   --a------   C:\WINDOWS\system32\bhoext.dll
2008-07-23 19:25 . 2008-07-23 19:25   17,920   --a------   C:\WINDOWS\system32\ieextn.dll
2008-07-20 13:46 . 2007-07-11 11:17   528,384   --a------   C:\WINDOWS\system32\ElsaCfg.cpl
2008-07-19 22:18 . 2008-07-20 15:41   56   --a------   C:\WINDOWS\Acroread.ini
2008-07-19 21:57 . 2003-09-11 22:42   16,384   --a------   C:\WINDOWS\system32\FileOps.exe
2008-07-19 21:18 . 2008-07-19 21:18   <DIR>   d--------   C:\VW
2008-07-19 21:13 . 2008-07-20 13:44   <DIR>   d--------   C:\Program Files\Diagnose-BK
2008-07-19 21:13 . 2008-07-19 21:13   <DIR>   d--------   C:\ElsaWin
2008-07-19 00:13 . 2008-07-19 21:57   <DIR>   d--------   C:\WINDOWS\system32\Adobe
2008-07-19 00:13 . 2008-07-19 00:13   <DIR>   d--------   C:\WINDOWS\Profiles
2008-07-19 00:13 . 2008-07-19 00:13   <DIR>   d--------   C:\Documents and Settings\ppp\Dane aplikacji\InterTrust
2008-07-19 00:13 . 1998-10-07 13:54   327,168   --a------   C:\WINDOWS\IsUn0415.exe
2008-07-19 00:01 . 1997-04-08 20:08   299,520   --a------   C:\WINDOWS\uninst.exe
2008-07-01 21:43 . 2008-07-19 21:57   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-06-28 23:04 . 2005-09-01 12:03   127,488   ---------   C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-28 23:04 . 2005-09-01 12:03   5,888   ---------   C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-28 23:03 . 2004-07-26 17:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-06-28 23:03 . 2004-07-26 17:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-06-28 23:03 . 2004-07-26 17:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-06-28 23:03 . 2004-07-09 09:43   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2008-06-28 23:03 . 2004-07-26 17:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-06-28 23:03 . 2000-06-26 11:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-06-28 23:02 . 2008-06-28 23:02   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-06-28 23:02 . 2008-06-28 23:03   <DIR>   d--------   C:\Program Files\Ahead
2008-06-28 23:02 . 2001-07-09 11:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-06-28 21:49 . 2008-06-28 21:49   <DIR>   d--------   C:\Program Files\SlySoft
2008-06-28 20:16 . 2008-06-28 20:17   1,160   --a------   C:\WINDOWS\mozver.dat
2008-06-25 22:43 . 2008-06-25 22:43   <DIR>   d--------   C:\Documents and Settings\ppp\Dane aplikacji\Talkback
2008-06-25 22:43 . 2008-06-25 22:43   0   --a------   C:\WINDOWS\nsreg.dat
2008-06-25 22:41 . 2007-07-06 14:51   660,992   -----c---   C:\WINDOWS\system32\dllcache\mqqm.dll
2008-06-25 22:41 . 2007-07-06 14:51   512,000   -----c---   C:\WINDOWS\system32\dllcache\mqutil.dll
2008-06-25 22:41 . 2007-07-06 14:51   177,152   -----c---   C:\WINDOWS\system32\dllcache\mqrt.dll
2008-06-25 22:41 . 2007-07-06 14:51   138,240   -----c---   C:\WINDOWS\system32\dllcache\mqad.dll
2008-06-25 22:41 . 2007-07-06 14:51   95,744   -----c---   C:\WINDOWS\system32\dllcache\mqsec.dll
2008-06-25 22:41 . 2007-07-06 12:05   72,960   -----c---   C:\WINDOWS\system32\dllcache\mqac.sys
2008-06-25 22:41 . 2007-07-06 14:51   48,640   -----c---   C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-06-25 22:41 . 2007-07-06 14:51   47,104   -----c---   C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-06-25 22:41 . 2007-07-06 14:51   16,896   -----c---   C:\WINDOWS\system32\dllcache\mqise.dll
2008-06-25 22:40 . 2006-06-22 07:18   1,439,744   -----c---   C:\WINDOWS\system32\dllcache\query.dll
2008-06-25 22:40 . 2006-10-13 12:23   163,584   -----c---   C:\WINDOWS\system32\dllcache\nwrdr.sys
2008-06-25 22:40 . 2006-10-13 14:41   143,872   -----c---   C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-06-25 22:40 . 2006-06-22 07:18   69,120   -----c---   C:\WINDOWS\system32\dllcache\ciodm.dll
2008-06-25 22:40 . 2006-10-13 14:41   65,536   -----c---   C:\WINDOWS\system32\dllcache\nwwks.dll
2008-06-25 22:39 . 2006-08-17 14:30   332,288   -----c---   C:\WINDOWS\system32\dllcache\netapi32.dll
2008-06-25 22:39 . 2006-08-17 14:30   132,096   -----c---   C:\WINDOWS\system32\dllcache\wkssvc.dll
2008-06-25 22:38 . 2008-05-07 07:16   1,291,264   -----c---   C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-25 22:10 . 2008-06-25 22:19   <DIR>   d--------   C:\Program Files\Winamp
2008-06-25 22:10 . 2008-06-25 22:10   <DIR>   d--------   C:\Documents and Settings\ppp\Dane aplikacji\Winamp
2008-06-25 21:55 . 2007-06-26 08:10   1,104,896   -----c---   C:\WINDOWS\system32\dllcache\msxml3.dll
2008-06-25 21:54 . 2007-06-13 15:23   1,034,752   -----c---   C:\WINDOWS\system32\dllcache\explorer.exe
2008-06-25 21:53 . 2007-02-28 18:04   2,181,632   -----c---   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-25 21:53 . 2007-02-28 18:04   2,137,600   -----c---   C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-25 21:53 . 2007-02-28 18:04   2,017,280   -----c---   C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-06-25 21:52 . 2007-02-28 18:04   2,058,880   -----c---   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-06-24 22:57 . 2003-02-28 18:26   139,536   --a------   C:\WINDOWS\system32\javaee.dll
2008-06-24 22:55 . 2006-08-21 11:14   128,896   -----c---   C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-24 22:55 . 2006-08-21 11:14   23,040   -----c---   C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-24 22:55 . 2006-08-21 14:28   16,896   -----c---   C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-24 22:52 . 2008-06-14 20:01   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-24 22:41 . 2008-06-24 22:41   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-06-24 22:30 . 2007-07-09 15:11   584,192   -----c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-24 22:07 . 2008-07-09 15:24   <DIR>   d--------   C:\WINDOWS\$hf_mig$
2008-06-24 21:45 . 2008-07-20 15:05   970   --a------   C:\WINDOWS\ODBC.INI
2008-06-24 21:41 . 2008-06-24 21:41   <DIR>   d--------   C:\WINDOWS\ShellNew
2008-06-24 21:39 . 2008-06-24 21:39   <DIR>   d--------   C:\Documents and Settings\ppp\Dane aplikacji\Microsoft Web Folders
2008-06-24 21:35 . 2008-07-23 19:49   <DIR>   d--------   C:\Program Files\Eset
2008-06-24 21:35 . 2008-06-24 21:35   512,096   --a------   C:\WINDOWS\system32\drivers\amon.sys
2008-06-24 21:35 . 2008-06-24 21:35   298,104   --a------   C:\WINDOWS\system32\imon.dll
2008-06-24 21:35 . 2008-06-24 21:35   15,424   --a------   C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-24 21:34 . 2004-08-03 23:08   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-24 21:33 . 2008-06-24 21:33   25   --a------   C:\WINDOWS\mixerdef.ini
2008-06-24 21:31 . 2008-06-24 21:31   <DIR>   d--------   C:\Program Files\VIA
2008-06-24 21:31 . 2000-05-22 06:03   23,249   --a------   C:\WINDOWS\system32\drivers\viaagp1.sys
2008-06-24 21:29 . 2008-06-24 21:29   <DIR>   d--------   C:\Documents and Settings\ppp\WINDOWS
2008-06-24 21:29 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-06-24 21:17 . 2004-08-03 22:58   207,360   --a------   C:\WINDOWS\system32\drivers\Dot4.sys
2008-06-24 21:17 . 2004-08-03 22:58   207,360   --a--c---   C:\WINDOWS\system32\dllcache\dot4.sys
2008-06-24 21:17 . 2001-08-17 21:47   12,928   --a------   C:\WINDOWS\system32\drivers\Dot4Prt.sys
2008-06-24 21:17 . 2001-08-17 21:47   12,928   --a--c---   C:\WINDOWS\system32\dllcache\dot4prt.sys
2008-06-24 21:16 . 2006-02-15 02:22   142,464   --a------   C:\WINDOWS\system32\drivers\aec.sys
2008-06-24 21:16 . 2006-02-15 02:22   142,464   --a--c---   C:\WINDOWS\system32\dllcache\aec.sys
2008-06-24 21:16 . 2006-06-14 11:00   82,944   --a------   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-06-24 21:16 . 2006-06-14 11:00   82,944   --a--c---   C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-06-24 21:16 . 2001-08-17 22:00   54,272   --a------   C:\WINDOWS\system32\drivers\swmidi.sys
2008-06-24 21:16 . 2001-08-17 22:00   54,272   --a--c---   C:\WINDOWS\system32\dllcache\swmidi.sys
2008-06-24 21:16 . 2004-08-03 23:07   52,864   --a------   C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-24 21:16 . 2004-08-03 23:07   52,864   --a--c---   C:\WINDOWS\system32\dllcache\dmusic.sys
2008-06-24 21:16 . 2006-06-14 10:47   6,400   --a------   C:\WINDOWS\system32\drivers\splitter.sys
2008-06-24 21:16 . 2006-06-14 10:47   6,400   --a--c---   C:\WINDOWS\system32\dllcache\splitter.sys
2008-06-24 18:33 . 2001-08-17 22:59   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2008-06-24 18:32 . 2001-10-26 18:29   1,738,496   --a------   C:\WINDOWS\system32\nv4.dll
2008-06-24 18:32 . 2001-08-17 21:50   731,648   --a------   C:\WINDOWS\system32\drivers\nv4.sys
2008-06-24 18:32 . 2004-08-04 00:35   58,624   --a------   C:\WINDOWS\system32\drivers\redbook.sys
2008-06-24 18:32 . 2004-08-03 23:07   42,240   --a------   C:\WINDOWS\system32\drivers\viaagp.sys
2008-06-24 18:31 . 2004-08-04 00:44   77,312   --a------   C:\WINDOWS\system32\usbui.dll
2008-06-24 18:31 . 2004-08-03 22:31   20,992   --a------   C:\WINDOWS\system32\drivers\rtl8139.sys
2008-06-24 18:29 . 2001-07-22 05:15   1,685,606   --a--c---   C:\WINDOWS\system32\dllcache\sam.spd
2008-06-24 18:29 . 2008-06-28 19:59   763,990   --a------   C:\WINDOWS\system32\PerfStringBackup.INI
2008-06-24 18:29 . 2001-10-26 19:29   77,824   --a--c---   C:\WINDOWS\system32\dllcache\spcommon.dll
2008-06-24 18:29 . 2001-10-26 19:28   61,440   --a--c---   C:\WINDOWS\system32\dllcache\spcplui.dll
2008-06-24 18:29 . 2008-06-24 17:45   4,293   --a------   C:\WINDOWS\ODBCINST.INI
2008-06-24 18:29 . 2008-06-28 20:27   1,374   --a------   C:\WINDOWS\imsins.BAK
2008-06-24 18:28 . 2008-06-24 18:28   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Ustawienia lokalne
2008-06-24 18:28 . 2008-06-24 18:28   <DIR>   d--------   C:\Documents and Settings\Default User\Ulubione
2008-06-24 18:28 . 2008-06-24 17:37   <DIR>   d--h-----   C:\Documents and Settings\Default User\Szablony
2008-06-24 18:28 . 2008-06-24 18:28   <DIR>   d--------   C:\Documents and Settings\Default User\Pulpit
2008-06-24 18:28 . 2008-06-24 18:28   <DIR>   d--------   C:\Documents and Settings\Default User\Moje dokumenty
2008-06-24 18:28 . 2008-06-24 18:28   <DIR>   dr-------   C:\Documents and Settings\Default User\Menu Start
2008-06-24 18:28 . 2008-06-24 18:28   <DIR>   d--------   C:\Documents and Settings\All Users\Ulubione
2008-06-24 18:28 . 2008-06-24 18:28   <DIR>   d--h-----   C:\Documents and Settings\All Users\Szablony
2008-06-24 18:28 . 2008-07-20 13:47   <DIR>   d--------   C:\Documents and Settings\All Users\Pulpit
2008-06-24 18:28 . 2008-07-23 19:36   <DIR>   dr-------   C:\Documents and Settings\All Users\Menu Start
2008-06-24 18:28 . 2008-06-24 19:49   <DIR>   dr-------   C:\Documents and Settings\All Users\Dokumenty
2008-06-24 18:27 . 2008-07-23 22:36   <DIR>   d--------   C:\WINDOWS\system32\CatRoot2
2008-06-24 18:27 . 2008-06-24 22:47   <DIR>   d--------   C:\WINDOWS\system32\CatRoot
2008-06-24 18:27 . 2008-06-24 18:28   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Dane aplikacji
2008-06-24 18:27 . 2008-06-24 17:54   <DIR>   d--h-----   C:\Documents and Settings\Default User
2008-06-24 18:27 . 2008-06-24 18:28   <DIR>   dr-h-----   C:\Documents and Settings\All Users\Dane aplikacji
2008-06-24 18:27 . 2008-06-24 17:43   <DIR>   d--------   C:\Documents and Settings\All Users
2008-06-24 18:27 . 2008-07-23 22:08   <DIR>   d--------   C:\Documents and Settings
2008-06-24 18:25 . 2002-09-20 18:05   1,677,312   ---------   C:\WINDOWS\system32\wmvcore2.dll
2008-06-24 18:24 . 2005-07-26 06:42   1,267,200   --a------   C:\WINDOWS\system32\comsvcs.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 19:39   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-06-24 16:13   155,995   ----a-w   C:\WINDOWS\java\Packages\FBPRXV7B.ZIP
2008-06-24 15:42   ---------   d-----w   C:\Program Files\Usługi online
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01   273,024   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:16   1,291,264   ----a-w   C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-07-23_20.37.39.81   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-20 12:35:20   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-23 20:09:57   380,928   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-23 20:09:57   8,192   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-20 12:35:20   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-23 20:09:49   380,928   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-23 20:09:50   8,192   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBE58CC0-D14B-45FE-A717-57BB8247F652}]
2008-07-23 19:26   17920   --a------   C:\WINDOWS\system32\bhoext.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-24 21:35 949376]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-28 04:33 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"C-Media Mixer"="Mixer.exe" [2001-09-12 16:09 1134592 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 LcSvrAdm;ELSA Administration Service;E:\ElsaWin\ElsaWin\bin\LcSvrAdm.exe [2007-07-11 11:02]
R2 LcSvrDba;ELSA DBA Server;E:\ElsaWin\ElsaWin\bin\LcSvrDba.exe [2007-07-11 10:44]
R2 LcSvrHis;ELSA Historie Server;E:\ElsaWin\ElsaWin\bin\LcSvrHis.exe [2007-07-11 10:54]
R2 LcSvrPAS;ELSA PASS Server;E:\ElsaWin\ElsaWin\bin\LcSvrPas.exe [2007-07-11 10:46]
R2 LcSvrSaz;ELSA APOSpro Server;E:\ElsaWin\ElsaWin\bin\LcSvrSaz.exe [2007-07-11 10:54]
R2 VSGate;ELSA Vaudis Service;E:\ElsaWin\ElsaWin\bin\VSgate.exe [2007-07-11 11:15]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;E:\ElsaWin\ElsaWin\bin\LcSvrAuf.exe [2007-07-11 10:51]

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
O18 -: Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - E:\ElsaWin\ElsaWin\bin\wiprot.dll

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 22:52:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-07-23 22:54:29
ComboFix-quarantined-files.txt  2008-07-23 20:54:10
ComboFix2.txt  2008-07-23 20:38:09
ComboFix3.txt  2008-07-23 18:38:25

Pre-Run: 3,740,708,864 bajtów wolnych
Post-Run: 3,733,000,192 bajtów wolnych

212   --- E O F ---   2008-07-09 18:47:06




[b]SDFix: Version 1.207 [/b]
Run by Administrator on 2008-07-23 at 22:14

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 22:20:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 16 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a7603e7cf792509c9ebbd8c74c82553\BITB1.tmp"

[b]Finished![/b]



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:26, on 2008-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\ANTY VIR\A-SQUARED FREE\a2service.exe
E:\ElsaWin\ElsaWin\bin\LcSvrAdm.exe
E:\ElsaWin\ElsaWin\bin\LcSvrDba.exe
E:\ElsaWin\ElsaWin\bin\LcSvrHis.exe
E:\ElsaWin\ElsaWin\bin\LcSvrPas.exe
E:\ElsaWin\ElsaWin\bin\LcSvrSaz.exe
C:\Program Files\Eset\nod32krn.exe
E:\ElsaWin\ElsaWin\bin\VSgate.exe
E:\ElsaWin\ElsaWin\bin\LcSvrAuf.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
G:\anty vir\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - C:\WINDOWS\system32\bhoext.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - E:\ElsaWin\ElsaWin\bin\wiProt.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\ANTY VIR\A-SQUARED FREE\a2service.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ELSA Vaudis Service (VSGate) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\VSgate.exe

--
End of file - 3886 bytes

[Magik]

Witam!
Mam taki sam problem co koledzy wyżej.

zolty22 tzn jaki??......pozna pora na zgadywanki....bo tam wyzej to tylko tematy przyklejone i poradniki

dalej logi wstawiamy w tagi 'code'

[pershing444]

1. Zawsze pisz czytelnie
2. Logi w tagi (code)
3. zdjecia wrzucaj na up.programosy, bo nie wszystkim chce sie wchodzic na takie strony...

Co Ty z exploratora korzystasz przez firefoxa? Mialem kiedys z tym cos podobnego, tylko ze z "oczyszczacz komputera" bodajze, pojawialo sie, ale nie po kazdym kliknieciu na folder... Jak nazywa sie dokladnie ta aplikacja co Ci sie uruchamia?

[numerant*]

Co Ty z exploratora korzystasz przez firefoxa? :-/

Nie widzisz że to strona-fałszywka? To nie jest prawdziwy eksplorator tylko jego imitacja. Spójrz na pasek adresu

[zolty22]

Witam!
Dziękuję za pomoc, problem wydaje się być rozwiązany.
Już po zfixowaniu w HiJackThis wpisu

Kod: Zaznacz wszystko

O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - C:\WINDOWS\system32\bhoext.dll 

nie pojawiał się ten komunikat.
Pozostałe programy też coś znalazły i usunęły.
Jak będzie dalej, zobaczymy.
Póki co narazie dzięki.
Pozdrawiam.

[Magik]

Pozostałe programy też coś znalazły i usunęły.

wklej dla pewnosci logi

do tego:

1. wykonaj optymalizację windowsa
2.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[zolty22]

Obecnie skanuje jeszcze a-squared i później ewido anti-spyware, do czyszczenia mam RegHeal.
Poniżej zamieszczam logi.

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.5.2.6023                              *
*                                                                              *
********************************************************************************

Created at 20:54:44 on Thursday, July 24, 2008

Time Zone         :

Logged On User    : ppp

Operating System  : Microsoft Windows XP Professional Dodatek Service Pack 2
OS Version        : 5.1.2600
System Langauge   : Polish
Keyboard Layout   : Polish
Processor         : X86 AMD Duron(tm) Processor

System Drive      : C:\
Windows Directory : C:\WINDOWS
System Directory  : C:\WINDOWS\system32

Total Physical Memory : 392688 KB
Free Physical Memory  : 167880 KB
Total Virtual Memory  : 2097024 KB
Free Virtual Memory   : 2016216 KB

Boot State        : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\system32\ieextn.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\tmp.txt

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:46, on 2008-07-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
G:\ANTY VIR\A-SQUARED FREE\a2service.exe
E:\ElsaWin\ElsaWin\bin\LcSvrAdm.exe
E:\ElsaWin\ElsaWin\bin\LcSvrDba.exe
E:\ElsaWin\ElsaWin\bin\LcSvrHis.exe
E:\ElsaWin\ElsaWin\bin\LcSvrPas.exe
E:\ElsaWin\ElsaWin\bin\LcSvrSaz.exe
C:\Program Files\Eset\nod32krn.exe
E:\ElsaWin\ElsaWin\bin\VSgate.exe
E:\ElsaWin\ElsaWin\bin\LcSvrAuf.exe
C:\WINDOWS\System32\svchost.exe
G:\anty vir\a-squared Free\a2free.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
G:\anty vir\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - E:\ElsaWin\ElsaWin\bin\wiProt.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\ANTY VIR\A-SQUARED FREE\a2service.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ELSA Vaudis Service (VSGate) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\VSgate.exe

--
End of file - 3819 bytes



SmitFraudFix v2.331

Scan done at 18:18:18,13, 2008-07-25
Run from G:\anty vir\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{387AEC47-69AF-4ECC-8D40-8451BA9F1E02}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{387AEC47-69AF-4ECC-8D40-8451BA9F1E02}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{387AEC47-69AF-4ECC-8D40-8451BA9F1E02}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

ComboFix 08-07-22.4 - ppp 2008-07-25 19:48:57.4 - NTFSx86
Running from: G:\anty vir\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-06-25 to 2008-07-25  )))))))))))))))))))))))))))))))
.

2008-07-25 18:17 . 2007-09-06 00:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-07-25 18:17 . 2006-04-27 17:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-07-25 18:17 . 2008-05-29 09:35   86,528   --a------   C:\WINDOWS\system32\VACFix.exe
2008-07-25 18:17 . 2008-05-18 21:40   82,944   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-07-25 18:17 . 2008-07-02 13:33   82,432   --a------   C:\WINDOWS\system32\IEDFix.C.exe
2008-07-25 18:17 . 2008-05-23 18:21   81,920   --a------   C:\WINDOWS\system32\404Fix.exe
2008-07-25 18:17 . 2003-06-05 21:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-07-25 18:17 . 2004-07-31 18:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-07-25 18:17 . 2007-10-04 00:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 22:09 . 2008-07-23 22:09   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-23 22:08 . 2008-07-23 22:08   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-07-23 22:00 . 2008-07-23 22:28   <DIR>   d--------   C:\SDFix
2008-07-20 13:46 . 2007-07-11 11:17   528,384   --a------   C:\WINDOWS\system32\ElsaCfg.cpl
2008-07-19 22:18 . 2008-07-20 15:41   56   --a------   C:\WINDOWS\Acroread.ini
2008-07-19 21:57 . 2003-09-11 22:42   16,384   --a------   C:\WINDOWS\system32\FileOps.exe
2008-07-19 21:18 . 2008-07-19 21:18   <DIR>   d--------   C:\VW
2008-07-19 21:13 . 2008-07-20 13:44   <DIR>   d--------   C:\Program Files\Diagnose-BK
2008-07-19 21:13 . 2008-07-19 21:13   <DIR>   d--------   C:\ElsaWin
2008-07-19 00:13 . 2008-07-19 21:57   <DIR>   d--------   C:\WINDOWS\system32\Adobe
2008-07-19 00:13 . 2008-07-19 00:13   <DIR>   d--------   C:\WINDOWS\Profiles
2008-07-19 00:13 . 2008-07-19 00:13   <DIR>   d--------   C:\Documents and Settings\ppp\Dane aplikacji\InterTrust
2008-07-19 00:13 . 1998-10-07 13:54   327,168   --a------   C:\WINDOWS\IsUn0415.exe
2008-07-19 00:01 . 1997-04-08 20:08   299,520   --a------   C:\WINDOWS\uninst.exe
2008-07-01 21:43 . 2008-07-19 21:57   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-06-28 23:04 . 2005-09-01 12:03   127,488   ---------   C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-28 23:04 . 2005-09-01 12:03   5,888   ---------   C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-28 23:03 . 2004-07-26 17:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-06-28 23:03 . 2004-07-26 17:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-06-28 23:03 . 2004-07-26 17:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-06-28 23:03 . 2004-07-09 09:43   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2008-06-28 23:03 . 2004-07-26 17:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-06-28 23:03 . 2000-06-26 11:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-06-28 23:02 . 2008-06-28 23:02   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-06-28 23:02 . 2008-06-28 23:03   <DIR>   d--------   C:\Program Files\Ahead
2008-06-28 23:02 . 2001-07-09 11:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-06-28 21:49 . 2008-06-28 21:49   <DIR>   d--------   C:\Program Files\SlySoft
2008-06-28 20:16 . 2008-06-28 20:17   1,160   --a------   C:\WINDOWS\mozver.dat
2008-06-25 22:43 . 2008-06-25 22:43   <DIR>   d--------   C:\Documents and Settings\ppp\Dane aplikacji\Talkback
2008-06-25 22:43 . 2008-06-25 22:43   0   --a------   C:\WINDOWS\nsreg.dat
2008-06-25 22:41 . 2007-07-06 14:51   660,992   -----c---   C:\WINDOWS\system32\dllcache\mqqm.dll
2008-06-25 22:41 . 2007-07-06 14:51   512,000   -----c---   C:\WINDOWS\system32\dllcache\mqutil.dll
2008-06-25 22:41 . 2007-07-06 14:51   177,152   -----c---   C:\WINDOWS\system32\dllcache\mqrt.dll
2008-06-25 22:41 . 2007-07-06 14:51   138,240   -----c---   C:\WINDOWS\system32\dllcache\mqad.dll
2008-06-25 22:41 . 2007-07-06 14:51   95,744   -----c---   C:\WINDOWS\system32\dllcache\mqsec.dll
2008-06-25 22:41 . 2007-07-06 12:05   72,960   -----c---   C:\WINDOWS\system32\dllcache\mqac.sys
2008-06-25 22:41 . 2007-07-06 14:51   48,640   -----c---   C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-06-25 22:41 . 2007-07-06 14:51   47,104   -----c---   C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-06-25 22:41 . 2007-07-06 14:51   16,896   -----c---   C:\WINDOWS\system32\dllcache\mqise.dll
2008-06-25 22:40 . 2006-06-22 07:18   1,439,744   -----c---   C:\WINDOWS\system32\dllcache\query.dll
2008-06-25 22:40 . 2006-10-13 12:23   163,584   -----c---   C:\WINDOWS\system32\dllcache\nwrdr.sys
2008-06-25 22:40 . 2006-10-13 14:41   143,872   -----c---   C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-06-25 22:40 . 2006-06-22 07:18   69,120   -----c---   C:\WINDOWS\system32\dllcache\ciodm.dll
2008-06-25 22:40 . 2006-10-13 14:41   65,536   -----c---   C:\WINDOWS\system32\dllcache\nwwks.dll
2008-06-25 22:39 . 2006-08-17 14:30   332,288   -----c---   C:\WINDOWS\system32\dllcache\netapi32.dll
2008-06-25 22:39 . 2006-08-17 14:30   132,096   -----c---   C:\WINDOWS\system32\dllcache\wkssvc.dll
2008-06-25 22:38 . 2008-05-07 07:16   1,291,264   -----c---   C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-25 22:10 . 2008-06-25 22:19   <DIR>   d--------   C:\Program Files\Winamp
2008-06-25 22:10 . 2008-06-25 22:10   <DIR>   d--------   C:\Documents and Settings\ppp\Dane aplikacji\Winamp
2008-06-25 21:55 . 2007-06-26 08:10   1,104,896   -----c---   C:\WINDOWS\system32\dllcache\msxml3.dll
2008-06-25 21:54 . 2007-06-13 15:23   1,034,752   -----c---   C:\WINDOWS\system32\dllcache\explorer.exe
2008-06-25 21:53 . 2007-02-28 18:04   2,181,632   -----c---   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-25 21:53 . 2007-02-28 18:04   2,137,600   -----c---   C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-25 21:53 . 2007-02-28 18:04   2,017,280   -----c---   C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-06-25 21:52 . 2007-02-28 18:04   2,058,880   -----c---   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 17:49   ---------   d-----w   C:\Program Files\Eset
2008-06-24 19:39   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-06-24 19:39   ---------   d-----w   C:\Documents and Settings\ppp\Dane aplikacji\Microsoft Web Folders
2008-06-24 19:35   512,096   ----a-w   C:\WINDOWS\system32\drivers\amon.sys
2008-06-24 19:35   298,104   ----a-w   C:\WINDOWS\system32\imon.dll
2008-06-24 19:35   15,424   ----a-w   C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-24 19:31   ---------   d-----w   C:\Program Files\VIA
2008-06-24 16:13   155,995   ----a-w   C:\WINDOWS\java\Packages\FBPRXV7B.ZIP
2008-06-24 15:42   ---------   d-----w   C:\Program Files\Usługi online
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01   273,024   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:16   1,291,264   ----a-w   C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-07-23_20.37.39.81   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-20 12:35:20   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-23 20:09:57   380,928   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-23 20:09:57   8,192   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-20 12:35:20   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-23 20:09:49   380,928   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-23 20:09:50   8,192   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-25 17:05:33   56,808,288   ----a-w   C:\WINDOWS\temp\a2cache_04BFA551.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-24 21:35 949376]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-28 04:33 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"C-Media Mixer"="Mixer.exe" [2001-09-12 16:09 1134592 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 LcSvrAdm;ELSA Administration Service;E:\ElsaWin\ElsaWin\bin\LcSvrAdm.exe [2007-07-11 11:02]
R2 LcSvrDba;ELSA DBA Server;E:\ElsaWin\ElsaWin\bin\LcSvrDba.exe [2007-07-11 10:44]
R2 LcSvrHis;ELSA Historie Server;E:\ElsaWin\ElsaWin\bin\LcSvrHis.exe [2007-07-11 10:54]
R2 LcSvrPAS;ELSA PASS Server;E:\ElsaWin\ElsaWin\bin\LcSvrPas.exe [2007-07-11 10:46]
R2 LcSvrSaz;ELSA APOSpro Server;E:\ElsaWin\ElsaWin\bin\LcSvrSaz.exe [2007-07-11 10:54]
R2 VSGate;ELSA Vaudis Service;E:\ElsaWin\ElsaWin\bin\VSgate.exe [2007-07-11 11:15]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;E:\ElsaWin\ElsaWin\bin\LcSvrAuf.exe [2007-07-11 10:51]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
O18 -: Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - E:\ElsaWin\ElsaWin\bin\wiprot.dll

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 19:53:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-07-25 19:56:02
ComboFix-quarantined-files.txt  2008-07-25 17:55:53
ComboFix2.txt  2008-07-23 20:54:31
ComboFix3.txt  2008-07-23 20:38:09
ComboFix4.txt  2008-07-23 18:38:25

Pre-Run: 3,663,929,344 bajtów wolnych
Post-Run: 3,653,447,680 bajtów wolnych

155   --- E O F ---   2008-07-09 18:47:06

Pozdrawiam.

[Magik]

Log z Hijacka jest urwany, wklej samodzielnie jeszcze raz

Warto bylo odpalic Fix'a

[zolty22]

log z samego Hijacka

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:46, on 2008-07-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
G:\ANTY VIR\A-SQUARED FREE\a2service.exe
E:\ElsaWin\ElsaWin\bin\LcSvrAdm.exe
E:\ElsaWin\ElsaWin\bin\LcSvrDba.exe
E:\ElsaWin\ElsaWin\bin\LcSvrHis.exe
E:\ElsaWin\ElsaWin\bin\LcSvrPas.exe
E:\ElsaWin\ElsaWin\bin\LcSvrSaz.exe
C:\Program Files\Eset\nod32krn.exe
E:\ElsaWin\ElsaWin\bin\VSgate.exe
E:\ElsaWin\ElsaWin\bin\LcSvrAuf.exe
C:\WINDOWS\System32\svchost.exe
G:\anty vir\a-squared Free\a2free.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
G:\anty vir\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - E:\ElsaWin\ElsaWin\bin\wiProt.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\ANTY VIR\A-SQUARED FREE\a2service.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ELSA Vaudis Service (VSGate) - Volkswagen AG - E:\ElsaWin\ElsaWin\bin\VSgate.exe

--
End of file - 3819 bytes


[Magik]

Ten log czysciutki---->jak zrobisz to czyszczenie kompa co podawalem wyzej to tyle w temacie

Pozdrawiam

[zolty22]

Ok. Dzięki za pomoc emo Magik, browar w twoją stronę.
Pozdrawiam.