Internet [muli]

[Gerwazy]

Od wczoraj internet strasznie muli jest więcej wysyłanych Kb/s niż odebranych.

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:24, on 2008-07-30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-21-1123561945-602162358-725345543-1003\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Urządzenie alarmowe (Alerter) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Przeglądarka komputera (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Usługi kryptograficzne (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Klient DHCP (Dhcp) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Menedżer dysków logicznych (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Klient DNS (Dnscache) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serwer (lanmanserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Stacja robocza (lanmanworkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Połączenia sieciowe (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rejestr zdalny (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Harmonogram zadań (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Logowanie pomocnicze (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zapora połączenia internetowego / Udostępnianie połączenia internetowego (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa przywracania systemu (srservice) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telefonia (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługi terminalowe (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Kompozycje (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Menedżer przekazywania (uploadmgr) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Numer seryjny nośnika przenośnego (WmdmPmSp) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rozszerzenia sterownika Instrumentacji zarządzania Windows (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe

--
End of file - 7950 bytes


Kod: Zaznacz wszystko

ComboFix 08-07-29.1 - Gerwazy 2008-07-30 12:14:05.8 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.159 [GMT 2:00]
Running from: C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\.exe

.
(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-30  )))))))))))))))))))))))))))))))
.

2008-07-29 22:04 . 2008-07-29 22:04   0   --a------   C:\adware.exe
2008-07-28 22:41 . 2008-07-28 22:41   393,216   ---hs----   C:\WINDOWS\system32\start0s.exe
2008-07-28 15:00 . 2008-07-28 15:01   <DIR>   d--------   C:\WINDOWS\speech
2008-07-28 14:59 . 2008-07-28 15:02   <DIR>   d--------   C:\Program Files\ivo
2008-07-27 17:18 . 2008-07-27 17:18   <DIR>   d--------   C:\Program Files\Thomson
2008-07-27 17:18 . 2003-12-08 12:53   5,606   --a------   C:\WINDOWS\system32\stci.dll
2008-07-27 17:16 . 2008-07-29 22:00   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2008-07-26 21:00 . 2008-07-26 21:00   393,216   ---hs----   C:\WINDOWS\system32\ProsFix.exe
2008-07-24 10:36 . 2008-07-24 10:35   446,464   ---hs----   C:\WINDOWS\system32\uthn.exe
2008-07-22 10:54 . 2008-07-22 10:54   1,138,688   ---hs----   C:\WINDOWS\system32\wingatey32.exe
2008-07-22 10:54 . 2008-07-22 10:54   33,952   --a------   C:\WINDOWS\system32\drivers\oreans32.sys
2008-07-21 09:06 . 2008-07-21 09:06   389,120   ---hs----   C:\WINDOWS\system32\Regdll.exe
2008-07-20 23:24 . 2008-07-27 10:35   446,464   ---hs----   C:\WINDOWS\system32\reag.exe
2008-07-20 17:40 . 2008-07-29 00:18   389,120   ---hs----   C:\WINDOWS\system32\winsro.exe
2008-07-20 16:37 . 2008-07-28 15:01   <DIR>   d--------   C:\WINDOWS\LastGood
2008-07-20 16:36 . 2008-07-20 16:36   <DIR>   d--------   C:\Program Files\ESET
2008-07-20 16:36 . 2008-07-20 16:36   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-20 15:24 . 2008-07-20 15:24   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-18 18:52 . 2008-07-18 18:56   <DIR>   d--------   C:\Documents and Settings\Gerwazy\Dane aplikacji\Ventrilo
2008-07-18 13:07 . 2007-09-06 00:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-07-18 13:07 . 2006-04-27 17:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-07-18 13:07 . 2008-05-29 09:35   87,040   --a------   C:\WINDOWS\system32\VACFix.exe
2008-07-18 13:07 . 2008-05-18 21:40   83,456   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-07-18 13:07 . 2008-07-02 13:33   82,944   --a------   C:\WINDOWS\system32\IEDFix.C.exe
2008-07-18 13:07 . 2008-05-23 18:21   82,432   --a------   C:\WINDOWS\system32\404FIX.EXE
2008-07-18 13:07 . 2003-06-05 21:13   57,344   --a------   C:\WINDOWS\system32\Process.exe
2008-07-18 13:07 . 2004-07-31 18:50   51,712   --a------   C:\WINDOWS\system32\dumphive.exe
2008-07-18 13:07 . 2007-10-04 00:36   26,112   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 12:40 . 2008-07-18 12:40   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-07-18 12:40 . 2008-07-18 13:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-16 15:38 . 2008-07-20 16:47   <DIR>   d--------   C:\Program Files\VentriloMIX
2008-07-16 13:59 . 2005-07-07 16:25   81,728   -ra------   C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-07-16 13:59 . 2005-07-07 16:26   6,144   -ra------   C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-07-16 13:59 . 2005-07-07 16:26   6,144   -ra------   C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-16 13:58 . 2005-07-07 16:25   79,488   -ra------   C:\WINDOWS\system32\drivers\k750obex.sys
2008-07-16 13:57 . 2008-07-16 13:59   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2008-07-16 13:57 . 2005-07-07 16:25   89,872   -ra------   C:\WINDOWS\system32\drivers\k750mdm.sys
2008-07-16 13:57 . 2005-07-07 16:26   55,216   -ra------   C:\WINDOWS\system32\drivers\k750bus.sys
2008-07-16 13:57 . 2005-07-07 16:26   6,576   -ra------   C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-07-16 13:57 . 2005-07-07 16:25   5,744   -ra------   C:\WINDOWS\system32\drivers\k750whnt.sys
2008-07-16 13:57 . 2005-07-07 16:25   5,744   -ra------   C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-16 13:56 . 2003-08-25 18:06   182,880   --a------   C:\WINDOWS\system32\iuenginenew.dll
2008-07-13 19:55 . 2008-07-20 16:46   <DIR>   d--------   C:\Program Files\No-IP
2008-07-13 19:26 . 2008-07-20 16:56   <DIR>   d--------   C:\xampp
2008-07-13 17:47 . 2008-07-20 16:48   <DIR>   d--------   C:\Program Files\WebServ
2008-07-13 17:47 . 2007-06-19 21:52   419,840   --a------   C:\WINDOWS\system32\ws_edit.lib
2008-07-13 17:47 . 2006-08-17 22:37   130,048   --a------   C:\WINDOWS\system32\webserv.cpl
2008-07-13 17:47 . 2008-07-13 17:48   40,230   --a------   C:\WINDOWS\php.ini
2008-07-13 17:06 . 2008-07-13 17:48   427   --a------   C:\WINDOWS\my.ini
2008-06-10 18:56 . 2008-06-10 18:56   34,312   --a------   C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48   53,256   --a------   C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47   39,944   --a------   C:\WINDOWS\system32\drivers\eamon.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 22:14   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\Tibia
2008-07-27 15:18   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-20 14:46   ---------   d-----w   C:\Program Files\Tibia
2008-07-20 14:45   ---------   d-----w   C:\Program Files\AvRack
2008-07-13 13:01   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\Gadu-Gadu
2008-07-13 13:00   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-07-13 12:32   ---------   d-----w   C:\Program Files\ToniArts
2008-07-13 12:31   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-07-13 12:25   ---------   d-----w   C:\Program Files\Trend Micro
2008-07-13 12:23   ---------   d-----w   C:\Program Files\Gigabyte
2008-07-13 12:22   ---------   d-----w   C:\Program Files\VIA
2008-07-13 12:21   ---------   d-----w   C:\Program Files\Realtek Sound Manager
2008-07-13 12:20   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\ATI
2008-07-13 12:16   ---------   d-----w   C:\Program Files\ATI Technologies
2008-07-13 12:04   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-07-13 12:03   558,142   ----a-w   C:\WINDOWS\java\Packages\4FVJBFLJ.ZIP
2008-07-13 12:03   155,995   ----a-w   C:\WINDOWS\java\Packages\SNVVTRX3.ZIP
2008-07-13 12:02   ---------   d-----w   C:\Program Files\Usługi online
.

------- Sigcheck -------

2002-09-29 00:00  22528  2c32caaba2bc6829af189b3016d620ba   C:\WINDOWS\system32\svchost.exe
2002-09-29 00:00  12800  2a97d47128cf7f388c7614dd141e18a6   C:\WINDOWS\system32\dllcache\svchost.exe

2002-09-29 00:00  1006080  59bde136249c3c8792280f9ca7e63be0   C:\WINDOWS\EXPLORER.EXE
2002-09-29 00:00  1006080  1d189592616d67d20ac11996bc486bfd   C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-29 00:00  13824  eea18fa5de87a6305b45bdbd008fe8ee   C:\WINDOWS\system32\ctfmon.exe
2002-09-29 00:00  13824  ae65d00dddffc4d466e93700ff8f6e66   C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-09-29 00:00  51712  c956d63e28bb4d806adcece22bc41c26   C:\WINDOWS\system32\SPOOLSV.EXE
2002-09-29 00:00  51200  a632cbf77b95c443c45cbf12e0cfed14   C:\WINDOWS\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 878080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:25 32768]

R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 12:31]
S1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-07-22 10:54]
S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-01-18 01:37]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\System32\DRIVERS\nvmini.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]

*Newly Created Service* - PSEXESVC
.
.
------- Supplementary Scan -------
.

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 12:15:35
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-30 12:17:46
ComboFix-quarantined-files.txt  2008-07-30 10:16:43

Pre-Run: 25,994,608,640 bajtów wolnych
Post-Run: 25,980,272,640 bajtów wolnych

137

[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

[MaTi]

Gerwazy, logi proszę wstawić w CODE wykonaj edycje swojego postu.

[Gerwazy]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:01, on 2008-07-30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-21-1123561945-602162358-725345543-1003\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Urządzenie alarmowe (Alerter) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Przeglądarka komputera (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Usługi kryptograficzne (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Klient DHCP (Dhcp) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Menedżer dysków logicznych (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Klient DNS (Dnscache) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serwer (lanmanserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Stacja robocza (lanmanworkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Połączenia sieciowe (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rejestr zdalny (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Harmonogram zadań (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Logowanie pomocnicze (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zapora połączenia internetowego / Udostępnianie połączenia internetowego (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa przywracania systemu (srservice) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telefonia (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługi terminalowe (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Kompozycje (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Menedżer przekazywania (uploadmgr) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Numer seryjny nośnika przenośnego (WmdmPmSp) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rozszerzenia sterownika Instrumentacji zarządzania Windows (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe

--
End of file - 8360 bytes


Kod: Zaznacz wszystko

ComboFix 08-07-29.1 - Gerwazy 2008-07-30 13:20:02.9 - NTFSx86

Running from: C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-30  )))))))))))))))))))))))))))))))
.

2008-07-30 13:02 . 2008-07-30 13:02   674   --a------   C:\WINDOWS\system32\tmp.reg
2008-07-30 12:52 . 2008-07-30 13:13   <DIR>   d--------   C:\SDFix
2008-07-30 12:50 . 2008-07-30 13:16   389,120   --a------   C:\WINDOWS\system32\hqghumea.dll
2008-07-30 12:46 . 2008-07-30 12:46   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-07-30 12:46 . 2005-04-28 21:35   1,190,400   --a------   C:\WINDOWS\system32\ole32.dll
2008-07-30 12:46 . 2005-04-28 21:35   1,190,400   --a--c---   C:\WINDOWS\system32\dllcache\ole32.dll
2008-07-30 12:46 . 2004-03-06 04:21   535,552   --a------   C:\WINDOWS\system32\rpcrt4.dll
2008-07-30 12:46 . 2004-03-06 04:21   535,552   --a--c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-30 12:46 . 2005-04-28 21:35   275,456   --a------   C:\WINDOWS\system32\rpcss.dll
2008-07-30 12:46 . 2005-04-28 21:35   275,456   --a--c---   C:\WINDOWS\system32\dllcache\rpcss.dll
2008-07-30 12:46 . 2005-04-28 21:35   69,120   --a------   C:\WINDOWS\system32\olecli32.dll
2008-07-30 12:40 . 2008-07-30 12:40   <DIR>   d--------   C:\Program Files\Yahoo!
2008-07-30 12:40 . 2008-07-30 12:40   <DIR>   d--------   C:\Program Files\CCleaner
2008-07-28 15:00 . 2008-07-28 15:01   <DIR>   d--------   C:\WINDOWS\speech
2008-07-28 14:59 . 2008-07-28 15:02   <DIR>   d--------   C:\Program Files\ivo
2008-07-27 17:18 . 2008-07-27 17:18   <DIR>   d--------   C:\Program Files\Thomson
2008-07-27 17:18 . 2003-12-08 12:53   5,606   --a------   C:\WINDOWS\system32\stci.dll
2008-07-27 17:16 . 2008-07-30 13:10   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2008-07-26 21:00 . 2008-07-26 21:00   393,216   ---hs----   C:\WINDOWS\system32\ProsFix.exe
2008-07-24 10:36 . 2008-07-24 10:35   446,464   ---hs----   C:\WINDOWS\system32\uthn.exe
2008-07-22 10:54 . 2008-07-22 10:54   1,138,688   ---hs----   C:\WINDOWS\system32\wingatey32.exe
2008-07-22 10:54 . 2008-07-22 10:54   33,952   --a------   C:\WINDOWS\system32\drivers\oreans32.sys
2008-07-21 09:06 . 2008-07-21 09:06   389,120   ---hs----   C:\WINDOWS\system32\Regdll.exe
2008-07-20 23:24 . 2008-07-27 10:35   446,464   ---hs----   C:\WINDOWS\system32\reag.exe
2008-07-20 17:40 . 2008-07-29 00:18   389,120   ---hs----   C:\WINDOWS\system32\winsro.exe
2008-07-20 16:37 . 2008-07-28 15:01   <DIR>   d--------   C:\WINDOWS\LastGood
2008-07-20 16:36 . 2008-07-20 16:36   <DIR>   d--------   C:\Program Files\ESET
2008-07-20 16:36 . 2008-07-20 16:36   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-20 15:24 . 2008-07-20 15:24   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-18 18:52 . 2008-07-18 18:56   <DIR>   d--------   C:\Documents and Settings\Gerwazy\Dane aplikacji\Ventrilo
2008-07-18 13:07 . 2007-09-06 00:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-07-18 13:07 . 2006-04-27 17:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-07-18 13:07 . 2008-05-29 09:35   87,040   --a------   C:\WINDOWS\system32\VACFix.exe
2008-07-18 13:07 . 2008-05-18 21:40   83,456   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-07-18 13:07 . 2008-07-02 13:33   82,944   --a------   C:\WINDOWS\system32\IEDFix.C.exe
2008-07-18 13:07 . 2008-05-23 18:21   82,432   --a------   C:\WINDOWS\system32\404FIX.EXE
2008-07-18 13:07 . 2003-06-05 21:13   57,344   --a------   C:\WINDOWS\system32\Process.exe
2008-07-18 13:07 . 2004-07-31 18:50   51,712   --a------   C:\WINDOWS\system32\dumphive.exe
2008-07-18 13:07 . 2007-10-04 00:36   26,112   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 12:40 . 2008-07-18 12:40   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-07-18 12:40 . 2008-07-30 12:41   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-16 15:38 . 2008-07-20 16:47   <DIR>   d--------   C:\Program Files\VentriloMIX
2008-07-16 13:59 . 2005-07-07 16:25   81,728   -ra------   C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-07-16 13:59 . 2005-07-07 16:26   6,144   -ra------   C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-07-16 13:59 . 2005-07-07 16:26   6,144   -ra------   C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-16 13:58 . 2005-07-07 16:25   79,488   -ra------   C:\WINDOWS\system32\drivers\k750obex.sys
2008-07-16 13:57 . 2008-07-16 13:59   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2008-07-16 13:57 . 2005-07-07 16:25   89,872   -ra------   C:\WINDOWS\system32\drivers\k750mdm.sys
2008-07-16 13:57 . 2005-07-07 16:26   55,216   -ra------   C:\WINDOWS\system32\drivers\k750bus.sys
2008-07-16 13:57 . 2005-07-07 16:26   6,576   -ra------   C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-07-16 13:57 . 2005-07-07 16:25   5,744   -ra------   C:\WINDOWS\system32\drivers\k750whnt.sys
2008-07-16 13:57 . 2005-07-07 16:25   5,744   -ra------   C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-16 13:56 . 2003-08-25 18:06   182,880   --a------   C:\WINDOWS\system32\iuenginenew.dll
2008-07-13 19:55 . 2008-07-20 16:46   <DIR>   d--------   C:\Program Files\No-IP
2008-07-13 19:26 . 2008-07-20 16:56   <DIR>   d--------   C:\xampp
2008-07-13 17:47 . 2008-07-20 16:48   <DIR>   d--------   C:\Program Files\WebServ
2008-07-13 17:47 . 2007-06-19 21:52   419,840   --a------   C:\WINDOWS\system32\ws_edit.lib
2008-07-13 17:47 . 2006-08-17 22:37   130,048   --a------   C:\WINDOWS\system32\webserv.cpl
2008-07-13 17:47 . 2008-07-13 17:48   40,230   --a------   C:\WINDOWS\php.ini
2008-07-13 17:06 . 2008-07-13 17:48   427   --a------   C:\WINDOWS\my.ini
2008-06-10 18:56 . 2008-06-10 18:56   34,312   --a------   C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48   53,256   --a------   C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47   39,944   --a------   C:\WINDOWS\system32\drivers\eamon.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 22:14   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\Tibia
2008-07-27 15:18   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-20 14:46   ---------   d-----w   C:\Program Files\Tibia
2008-07-20 14:45   ---------   d-----w   C:\Program Files\AvRack
2008-07-13 13:01   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\Gadu-Gadu
2008-07-13 13:00   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-07-13 12:32   ---------   d-----w   C:\Program Files\ToniArts
2008-07-13 12:31   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-07-13 12:25   ---------   d-----w   C:\Program Files\Trend Micro
2008-07-13 12:23   ---------   d-----w   C:\Program Files\Gigabyte
2008-07-13 12:22   ---------   d-----w   C:\Program Files\VIA
2008-07-13 12:21   ---------   d-----w   C:\Program Files\Realtek Sound Manager
2008-07-13 12:20   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\ATI
2008-07-13 12:16   ---------   d-----w   C:\Program Files\ATI Technologies
2008-07-13 12:04   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-07-13 12:03   558,142   ----a-w   C:\WINDOWS\java\Packages\4FVJBFLJ.ZIP
2008-07-13 12:03   155,995   ----a-w   C:\WINDOWS\java\Packages\SNVVTRX3.ZIP
2008-07-13 12:02   ---------   d-----w   C:\Program Files\Usługi online
.

------- Sigcheck -------

    md5deep:   C:\WINDOWS\system32\svchost.exe: Permission denied
2002-09-29 00:00  12800  2a97d47128cf7f388c7614dd141e18a6   C:\WINDOWS\system32\dllcache\svchost.exe

2002-09-29 00:00  1006080  59bde136249c3c8792280f9ca7e63be0   C:\WINDOWS\EXPLORER.EXE
2002-09-29 00:00  1006080  1d189592616d67d20ac11996bc486bfd   C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-29 00:00  13824  eea18fa5de87a6305b45bdbd008fe8ee   C:\WINDOWS\system32\ctfmon.exe
2002-09-29 00:00  13824  ae65d00dddffc4d466e93700ff8f6e66   C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-09-29 00:00  51712  c956d63e28bb4d806adcece22bc41c26   C:\WINDOWS\system32\SPOOLSV.EXE
2002-09-29 00:00  51200  a632cbf77b95c443c45cbf12e0cfed14   C:\WINDOWS\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((   snapshot@2008-07-30_12.16.31.20   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28   173,056   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2008-07-17 10:57:07   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-27 22:36:28   173,056   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
- 2008-07-27 12:37:54   1,310,720   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-30 11:04:34   2,781,184   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-07-20 13:24:42   16,384   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-30 11:04:34   16,384   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
- 2000-08-31 06:00:00   38,400   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00   28,672   ----a-w   C:\WINDOWS\NIRCMD.EXE
- 2000-08-31 06:00:00   108,544   ----a-w   C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00   98,816   ----a-w   C:\WINDOWS\sed.exe
- 2000-08-31 06:00:00   171,520   ----a-w   C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00   161,792   ----a-w   C:\WINDOWS\SWREG.EXE
- 2008-07-30 10:12:46   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-30 11:09:28   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-30 10:12:46   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-07-30 11:09:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-07-30 10:12:46   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-30 11:09:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2002-09-28 22:00:00   69,120   -c--a-w   C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-04-28 19:35:21   69,120   -c--a-w   C:\WINDOWS\system32\dllcache\olecli32.dll
- 2002-09-28 22:00:00   34,304   -c--a-w   C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-04-28 19:35:21   35,328   -c--a-w   C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2002-09-28 22:00:00   34,304   ----a-w   C:\WINDOWS\system32\olecnv32.dll
+ 2005-04-28 19:35:21   35,328   ----a-w   C:\WINDOWS\system32\olecnv32.dll
+ 2005-02-25 03:36:06   16,096   ------w   C:\WINDOWS\system32\spmsg.dll
- 2000-08-31 06:00:00   61,440   ----a-w   C:\WINDOWS\VFind.exe
+ 2000-08-31 06:00:00   49,152   ----a-w   C:\WINDOWS\VFIND.EXE
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 878080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:25 32768]

.
.
------- Supplementary Scan -------
.
O17 -: HKLM\CCS\Interface\{0089120A-98A4-45D3-9492-1420D9EDF926}: NameServer = 213.241.79.37 83.238.255.76

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 13:25:01
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-30 13:29:15
ComboFix-quarantined-files.txt  2008-07-30 11:27:46

Pre-Run: 25,721,950,208 bajtów wolnych
Post-Run: 25,735,225,344 bajtów wolnych

172

Kod: Zaznacz wszystko

[b]SDFix: Version 1.209 [/b]
Run by Gerwazy on 2008-07-30 at 13:06

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 13:11:37
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sat 26 Jul 2008       393,216 ..SH. --- "C:\WINDOWS\system32\ProsFix.exe"
Sun 27 Jul 2008       446,464 ..SH. --- "C:\WINDOWS\system32\reag.exe"
Mon 21 Jul 2008       389,120 ..SH. --- "C:\WINDOWS\system32\Regdll.exe"
Thu 24 Jul 2008       446,464 ..SH. --- "C:\WINDOWS\system32\uthn.exe"
Tue 22 Jul 2008     1,138,688 ..SH. --- "C:\WINDOWS\system32\wingatey32.exe"
Tue 29 Jul 2008       389,120 ..SH. --- "C:\WINDOWS\system32\winsro.exe"

[b]Finished![/b]


[Okocza]

otwórz notatnik i wklej:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\dumphive.exe


zapisz jako CFScript.txt i przeciągnij na ikonkę Combofix.exe

wróć z nowym logiem

[Gerwazy]

Kod: Zaznacz wszystko

ComboFix 08-07-29.1 - Gerwazy 2008-07-30 13:56:22.10 - NTFSx86

Running from: C:\Documents and Settings\Gerwazy\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gerwazy\Pulpit\CFScript.txt

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\hqghumea.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\geBtRiJb.dll
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\vtUmLbyX.dll

.
(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-30  )))))))))))))))))))))))))))))))
.

2008-07-30 13:53 . 2008-07-30 13:53   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-07-30 13:02 . 2008-07-30 13:02   674   --a------   C:\WINDOWS\system32\tmp.reg
2008-07-30 12:52 . 2008-07-30 13:13   <DIR>   d--------   C:\SDFix
2008-07-30 12:46 . 2008-07-30 12:46   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-07-30 12:46 . 2005-04-28 21:35   1,190,400   --a------   C:\WINDOWS\system32\ole32.dll
2008-07-30 12:46 . 2005-04-28 21:35   1,190,400   --a--c---   C:\WINDOWS\system32\dllcache\ole32.dll
2008-07-30 12:46 . 2004-03-06 04:21   535,552   --a------   C:\WINDOWS\system32\rpcrt4.dll
2008-07-30 12:46 . 2004-03-06 04:21   535,552   --a--c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-30 12:46 . 2005-04-28 21:35   275,456   --a------   C:\WINDOWS\system32\rpcss.dll
2008-07-30 12:46 . 2005-04-28 21:35   275,456   --a--c---   C:\WINDOWS\system32\dllcache\rpcss.dll
2008-07-30 12:46 . 2005-04-28 21:35   69,120   --a------   C:\WINDOWS\system32\olecli32.dll
2008-07-30 12:40 . 2008-07-30 12:40   <DIR>   d--------   C:\Program Files\Yahoo!
2008-07-30 12:40 . 2008-07-30 12:40   <DIR>   d--------   C:\Program Files\CCleaner
2008-07-28 15:00 . 2008-07-28 15:01   <DIR>   d--------   C:\WINDOWS\speech
2008-07-28 14:59 . 2008-07-28 15:02   <DIR>   d--------   C:\Program Files\ivo
2008-07-27 17:18 . 2008-07-27 17:18   <DIR>   d--------   C:\Program Files\Thomson
2008-07-27 17:18 . 2003-12-08 12:53   5,606   --a------   C:\WINDOWS\system32\stci.dll
2008-07-27 17:16 . 2008-07-30 13:59   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2008-07-26 21:00 . 2008-07-26 21:00   393,216   ---hs----   C:\WINDOWS\system32\ProsFix.exe
2008-07-24 10:36 . 2008-07-24 10:35   446,464   ---hs----   C:\WINDOWS\system32\uthn.exe
2008-07-22 10:54 . 2008-07-22 10:54   1,138,688   ---hs----   C:\WINDOWS\system32\wingatey32.exe
2008-07-22 10:54 . 2008-07-22 10:54   33,952   --a------   C:\WINDOWS\system32\drivers\oreans32.sys
2008-07-21 09:06 . 2008-07-21 09:06   389,120   ---hs----   C:\WINDOWS\system32\Regdll.exe
2008-07-20 23:24 . 2008-07-27 10:35   446,464   ---hs----   C:\WINDOWS\system32\reag.exe
2008-07-20 17:40 . 2008-07-29 00:18   389,120   ---hs----   C:\WINDOWS\system32\winsro.exe
2008-07-20 16:37 . 2008-07-30 13:53   <DIR>   d--------   C:\WINDOWS\LastGood
2008-07-20 16:36 . 2008-07-20 16:36   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-20 15:24 . 2008-07-20 15:24   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-18 18:52 . 2008-07-18 18:56   <DIR>   d--------   C:\Documents and Settings\Gerwazy\Dane aplikacji\Ventrilo
2008-07-18 13:07 . 2007-09-06 00:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-07-18 13:07 . 2006-04-27 17:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-07-18 13:07 . 2008-05-29 09:35   87,040   --a------   C:\WINDOWS\system32\VACFix.exe
2008-07-18 13:07 . 2008-05-18 21:40   83,456   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-07-18 13:07 . 2008-07-02 13:33   82,944   --a------   C:\WINDOWS\system32\IEDFix.C.exe
2008-07-18 13:07 . 2008-05-23 18:21   82,432   --a------   C:\WINDOWS\system32\404FIX.EXE
2008-07-18 13:07 . 2003-06-05 21:13   57,344   --a------   C:\WINDOWS\system32\Process.exe
2008-07-18 13:07 . 2007-10-04 00:36   26,112   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 12:40 . 2008-07-18 12:40   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-07-18 12:40 . 2008-07-30 12:41   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-16 15:38 . 2008-07-20 16:47   <DIR>   d--------   C:\Program Files\VentriloMIX
2008-07-16 13:59 . 2005-07-07 16:25   81,728   -ra------   C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-07-16 13:59 . 2005-07-07 16:26   6,144   -ra------   C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-07-16 13:59 . 2005-07-07 16:26   6,144   -ra------   C:\WINDOWS\system32\drivers\k750cm.sys
2008-07-16 13:58 . 2005-07-07 16:25   79,488   -ra------   C:\WINDOWS\system32\drivers\k750obex.sys
2008-07-16 13:57 . 2008-07-16 13:59   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2008-07-16 13:57 . 2005-07-07 16:25   89,872   -ra------   C:\WINDOWS\system32\drivers\k750mdm.sys
2008-07-16 13:57 . 2005-07-07 16:26   55,216   -ra------   C:\WINDOWS\system32\drivers\k750bus.sys
2008-07-16 13:57 . 2005-07-07 16:26   6,576   -ra------   C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-07-16 13:57 . 2005-07-07 16:25   5,744   -ra------   C:\WINDOWS\system32\drivers\k750whnt.sys
2008-07-16 13:57 . 2005-07-07 16:25   5,744   -ra------   C:\WINDOWS\system32\drivers\k750wh.sys
2008-07-16 13:56 . 2003-08-25 18:06   182,880   --a------   C:\WINDOWS\system32\iuenginenew.dll
2008-07-13 19:55 . 2008-07-20 16:46   <DIR>   d--------   C:\Program Files\No-IP
2008-07-13 19:26 . 2008-07-20 16:56   <DIR>   d--------   C:\xampp
2008-07-13 17:47 . 2008-07-20 16:48   <DIR>   d--------   C:\Program Files\WebServ
2008-07-13 17:47 . 2007-06-19 21:52   419,840   --a------   C:\WINDOWS\system32\ws_edit.lib
2008-07-13 17:47 . 2006-08-17 22:37   130,048   --a------   C:\WINDOWS\system32\webserv.cpl
2008-07-13 17:47 . 2008-07-13 17:48   40,230   --a------   C:\WINDOWS\php.ini
2008-07-13 17:06 . 2008-07-13 17:48   427   --a------   C:\WINDOWS\my.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 22:14   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\Tibia
2008-07-27 15:18   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-20 14:46   ---------   d-----w   C:\Program Files\Tibia
2008-07-20 14:45   ---------   d-----w   C:\Program Files\AvRack
2008-07-13 13:01   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\Gadu-Gadu
2008-07-13 13:00   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-07-13 12:32   ---------   d-----w   C:\Program Files\ToniArts
2008-07-13 12:31   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-07-13 12:25   ---------   d-----w   C:\Program Files\Trend Micro
2008-07-13 12:23   ---------   d-----w   C:\Program Files\Gigabyte
2008-07-13 12:22   ---------   d-----w   C:\Program Files\VIA
2008-07-13 12:21   ---------   d-----w   C:\Program Files\Realtek Sound Manager
2008-07-13 12:20   ---------   d-----w   C:\Documents and Settings\Gerwazy\Dane aplikacji\ATI
2008-07-13 12:16   ---------   d-----w   C:\Program Files\ATI Technologies
2008-07-13 12:04   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-07-13 12:03   558,142   ----a-w   C:\WINDOWS\java\Packages\4FVJBFLJ.ZIP
2008-07-13 12:03   155,995   ----a-w   C:\WINDOWS\java\Packages\SNVVTRX3.ZIP
2008-07-13 12:02   ---------   d-----w   C:\Program Files\Usługi online
.

------- Sigcheck -------

2002-09-29 00:00  22528  2c32caaba2bc6829af189b3016d620ba   C:\WINDOWS\system32\svchost.exe
2002-09-29 00:00  12800  2a97d47128cf7f388c7614dd141e18a6   C:\WINDOWS\system32\dllcache\svchost.exe

2002-09-29 00:00  1006080  59bde136249c3c8792280f9ca7e63be0   C:\WINDOWS\EXPLORER.EXE
2002-09-29 00:00  1006080  1d189592616d67d20ac11996bc486bfd   C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-29 00:00  13824  eea18fa5de87a6305b45bdbd008fe8ee   C:\WINDOWS\system32\ctfmon.exe
2002-09-29 00:00  13824  ae65d00dddffc4d466e93700ff8f6e66   C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-09-29 00:00  51712  c956d63e28bb4d806adcece22bc41c26   C:\WINDOWS\system32\SPOOLSV.EXE
2002-09-29 00:00  51200  a632cbf77b95c443c45cbf12e0cfed14   C:\WINDOWS\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((   snapshot_2008-07-30_13.27.24.40   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28   173,056   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-06-10 16:47:42   39,944   ----a-w   C:\WINDOWS\LastGood\System32\DRIVERS\eamon.sys
+ 2008-06-10 16:48:38   53,256   ----a-w   C:\WINDOWS\LastGood\System32\DRIVERS\easdrv.sys
+ 2008-06-10 16:56:10   34,312   ----a-w   C:\WINDOWS\LastGood\System32\DRIVERS\epfwtdir.sys
- 2000-08-31 06:00:00   28,672   ----a-w   C:\WINDOWS\NIRCMD.EXE
+ 2000-08-31 06:00:00   38,400   ----a-w   C:\WINDOWS\NIRCMD.EXE
- 2000-08-31 06:00:00   161,792   ----a-w   C:\WINDOWS\SWREG.EXE
+ 2000-08-31 06:00:00   171,520   ----a-w   C:\WINDOWS\SWREG.EXE
- 2008-07-30 11:09:28   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-30 11:58:49   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-30 11:09:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-07-30 11:58:49   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-07-30 11:09:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-30 11:58:49   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 878080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:25 32768]

.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{24DAAFB8-B7F5-463F-88C1-D497611FC253} - C:\WINDOWS\System32\vtUmLbyX.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 13:59:38
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ATI2EVXX.EXE
C:\xampp\apache\bin\apache.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\ATI2EVXX.EXE
C:\xampp\apache\bin\apache.exe
.
**************************************************************************
.
Completion time: 2008-07-30 14:03:20 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-30 12:02:25
ComboFix2.txt  2008-07-30 11:29:17

Pre-Run: 25,559,625,728 bajtów wolnych
Post-Run: 25,522,851,840 bajt˘w wolnych

167

[Okocza]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.