Log wolny internet

[Olek9]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32, on 2008-11-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Netia\Net\netianet.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\runservice.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\windows\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Gadu-Gadu 7.0.6\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\CF5388.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\VFIND.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\VFIND.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.10\RivaTuner.exe" /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GM_DevUpdate.lnk = C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{390A465C-446F-4A51-9070-8242F6ACA0E7}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - (no file)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe

--
End of file - 7953 bytes


Kod: Zaznacz wszystko

ComboFix 08-11-20.02 - User 2008-11-21 14:32:39.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.591 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\Ja vs Wirusy\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\setup.exe
c:\windows\hosts
c:\windows\system32\kmd.exe
D:\Autorun.inf
D:\MS32DLL.dll.vbs
E:\Autorun.inf

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-21 do 2008-11-21  )))))))))))))))))))))))))))))))
.

2008-11-20 21:11 . 2008-11-20 21:11   <DIR>   d--------   c:\program files\Trend Micro
2008-11-18 17:37 . 2008-11-18 17:51   <DIR>   d--------   C:\Age of Empires III
2008-11-17 16:05 . 2008-11-17 16:05   0   --a------   C:\.tm23B.tmp
2008-11-16 13:22 . 2008-03-05 16:03   479,752   --a------   c:\windows\system32\XAudio2_0.dll
2008-11-16 13:22 . 2008-03-05 16:00   25,608   --a------   c:\windows\system32\X3DAudio1_3.dll
2008-11-16 11:28 . 2008-11-16 11:28   0   --a------   C:\.tm495.tmp
2008-11-16 11:25 . 2008-11-16 11:25   0   --a------   C:\.tm48F.tmp
2008-11-12 17:00 . 2008-11-12 17:00   <DIR>   d--------   c:\program files\Microsoft Games
2008-11-12 16:38 . 2008-11-12 16:38   <DIR>   d--------   c:\program files\RivaTuner v2.10
2008-11-12 13:25 . 2002-10-16 11:38   2,359,350   --a------   c:\windows\bf1942_1.bmp
2008-11-12 01:55 . 2002-10-16 11:38   2,359,350   --a------   c:\windows\bf1942_2.bmp
2008-11-12 01:54 . 2002-10-16 11:38   2,359,350   --a------   c:\windows\bf1942_4.bmp
2008-11-12 01:54 . 2002-09-22 12:51   104,448   --a------   c:\windows\setwall.exe
2008-11-11 21:04 . 2001-05-11 13:18   420,240   --a------   c:\windows\system32\mpg4c32.dll
2008-11-11 21:04 . 2001-05-16 17:54   309,616   --a------   c:\windows\system32\wmv8dmod.dll
2008-11-11 21:04 . 2001-03-26 04:41   245,760   --a------   c:\windows\system32\mp4sds32.ax
2008-11-11 20:38 . 2008-11-11 20:38   <DIR>   d--------   c:\program files\Futuremark
2008-10-31 19:04 . 2008-10-31 19:04   994,260   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part10.rar
2008-10-31 16:23 . 2008-10-31 17:00   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part13
2008-10-31 15:49 . 2008-10-31 16:19   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part12
2008-10-30 16:05 . 2008-10-30 16:34   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part11.rar
2008-10-30 02:24 . 2008-10-30 02:24   42,320   --a------   c:\windows\system32\xfcodec.dll
2008-10-29 19:13 . 2008-10-29 19:13   0   --a------   C:\.tm113.tmp
2008-10-29 18:49 . 2008-10-29 18:49   0   --a------   C:\.tmE8.tmp
2008-10-29 15:40 . 2008-10-29 16:07   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part10
2008-10-29 15:07 . 2008-10-29 15:34   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part09.rar
2008-10-28 18:28 . 2008-10-28 19:21   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part08.rar
2008-10-28 16:50 . 2008-10-28 17:19   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part07.rar
2008-10-28 16:15 . 2008-10-28 16:45   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part06.rar
2008-10-28 14:34 . 2008-10-28 15:02   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part05.rar
2008-10-27 17:16 . 2008-10-27 17:53   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part04.rar
2008-10-27 15:57 . 2008-10-27 16:26   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part03.rar
2008-10-27 15:16 . 2008-10-27 15:44   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part02.rar
2008-10-27 14:26 . 2008-10-27 14:54   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part01.rar
2008-10-25 19:16 . 2008-10-25 19:16   0   --a------   C:\.tm43F.tmp
2008-10-25 19:15 . 2008-10-25 19:15   0   --a------   C:\.tm43D.tmp

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 13:07   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\teamspeak2
2008-11-21 13:01   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-20 21:03   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Xfire
2008-11-20 20:07   ---------   d-----w   c:\program files\SpeedFan
2008-11-20 19:50   139,152   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 19:50   111,928   ----a-w   c:\windows\system32\PnkBstrB.exe
2008-11-19 19:13   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-11-19 15:14   ---------   d-s---w   c:\program files\Xfire
2008-11-18 15:53   ---------   d-----w   c:\program files\eMule
2008-11-17 13:26   ---------   d-----w   c:\program files\Winamp
2008-11-16 16:00   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-10 10:50   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Skype
2008-11-10 08:28   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2008-10-29 21:16   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\ipla
2008-10-29 21:16   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ipla
2008-10-29 18:08   ---------   d-----w   c:\program files\ipla
2008-10-28 17:22   ---------   d-----w   c:\program files\CCleaner
2008-10-27 17:40   ---------   d-----w   c:\program files\Opera
2008-10-26 16:05   ---------   d-----w   c:\program files\SystemRequirementsLab
2008-10-24 15:27   ---------   d-----w   c:\program files\Premium Booster
2008-10-22 14:50   ---------   d-----w   c:\program files\PC Tools Firewall Plus
2008-10-20 15:05   ---------   d-----w   c:\program files\Prime95
2008-10-20 14:22   ---------   d-----w   c:\program files\ASUS
2008-10-19 20:29   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\AdobeUM
2008-10-18 13:04   ---------   d-----w   c:\program files\Neostrada TP
2008-10-18 13:04   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-10-18 13:04   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\DNA
2008-10-18 13:04   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\BitTorrent
2008-10-18 13:02   ---------   d-----w   c:\program files\Ashampoo
2008-10-16 17:46   ---------   d-----w   c:\program files\RivaTuner v2(2).10
2008-10-16 17:45   ---------   d-----w   c:\program files\RivaTuner v2(3).10
2008-10-16 15:07   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ATI
2008-10-16 15:03   ---------   d-----w   c:\program files\ATI Technologies
2008-10-15 16:32   ---------   d-----w   c:\program files\OO Software
2008-10-14 12:00   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Daoisoft
2008-10-14 10:48   ---------   d-----w   c:\program files\Defraggler
2008-10-12 20:30   ---------   d-----w   c:\program files\Common Files\Teleca Shared
2008-10-10 13:49   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-07 14:34   ---------   d-----w   c:\program files\SubEdit-Player
2008-10-06 14:57   ---------   d-----w   c:\program files\YouTube Downloader
2008-10-06 14:49   ---------   d-----w   c:\program files\Wondershare
2008-10-04 21:40   ---------   d-----w   c:\program files\Sony Setup
2008-10-04 21:40   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Sony Setup
2008-09-30 16:42   ---------   d-----w   c:\program files\WINnerTweak3
2008-09-27 16:10   ---------   d-----w   c:\program files\BrainWave Generator
2008-09-25 16:02   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Gearbox Software
2008-06-22 08:44   22,328   ----a-w   c:\documents and settings\User\Dane aplikacji\PnkBstrK.sys
2008-03-30 19:09   176   ---ha-w   c:\documents and settings\User\Dane aplikacji\hpothb07.dat
2008-03-30 13:29   1,599,488   --sha-w   c:\documents and settings\User\Moje dokumentyUxm2Pl_cfdg.exe
2006-07-20 00:17   93,653   ----a-w   c:\program files\fasterfox-1.0.3-fx.xpi
2006-06-19 10:08   774,144   ----a-w   c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"NETIANET"="c:\program files\Netia\Net\netianet.exe" [2007-02-16 474112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 344064]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-07-08 2602904]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTuner.exe" [2008-08-31 2711552]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\User\Menu Start\Programy\Autostart\
GM_DevUpdate.lnk - c:\program files\USB all-in-one game controller\GM_DevUpdate.exe [2008-08-04 45056]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^Morpheus.lnk]
backup=c:\windows\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2005-05-05 16:31 3632640 c:\asus\Ai Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-05-19 17:11 18577448 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 17:45 36352 c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="c:\program files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Gadu-Gadu 7.0.6\\gg.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Call of Duty 2\\CoD2MP_s.exe"=
"e:\\Battlefield\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"e:\\Battlefield\\Battlefield Vietnam\\BfVietnam.exe"=
"c:\\Program Files\\Kazaa Lite Rewolucja\\kazaalite.kpp"=
"e:\\Battlefield\\Battlfield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"=
"e:\\Battlefield\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 VirtualK;VirtaulK;c:\windows\system32\drivers\VirtualK.sys [2008-08-04 3968]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-07-06 159896]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-08-19 2560]
R2 Vcs;Vcs support;\??\c:\windows\system32\Drivers\Vcs.sys [2007-12-20 6852]
R3 FWAuth;FWAuth Driver;\??\c:\windows\system32\drivers\FWAuthDriver.sys [2008-07-06 57240]
R3 GMFilter;GMFilter HID Filter Driver;c:\windows\system32\Drivers\GMFilter.sys [2008-08-04 21760]
R3 skbusenum;SKBus Enumerator;c:\windows\system32\DRIVERS\skbusenum.sys [2008-08-04 10880]
R3 uscsc108;uscsc108;c:\windows\system32\DRIVERS\uscsc108.sys [2003-03-09 102336]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys []
S2 ArcaVirMonitor;ArcaVir Antivirus Monitor Service; []
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys []
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc []
S3 arcaen;ArcaVir Monitor Kernel Engine Driver;\??\c:\program files\ArcaBit\ArcaVir\arcaen.sys []
S3 arcaev;ArcaVir Monitor Kernel Events Driver;\??\c:\program files\ArcaBit\ArcaVir\arcaev.sys []
S3 arcafd;ArcaVir Monitor Kernel Filter Driver;\??\c:\program files\ArcaBit\ArcaVir\arcafd.sys []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\DRIVERS\KS-959.sys [2006-05-10 19034]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24afa62e-6559-11dd-8995-000e50b103f1}]
\Shell\Auto\command - K:\setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52efc730-d325-11dc-9402-000e50b103f1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\o4f53a07.default\
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 14:37:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-21 14:41:05
ComboFix-quarantined-files.txt  2008-11-21 13:41:00

Przed: 618 840 064 bajtów wolnych
Po: 602,533,888 bajtów wolnych

236   --- E O F ---   2008-06-15 08:01:43


[wojtas]

opisz swoj problem..

[Olek9]

Jak odpalam opere wpisuje adres i naciskam enter to strona wyskakuje po jakiś 8 sek. wcześniej tak nie było

Dodano 22.11.2008 11:05:37:
to jak nikt nie ma żadnego pomysłu log czysty ? to może pora na format

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\.tm23B.tmp
C:\.tm495.tmp
C:\.tm48F.tmp
C:\.tm43F.tmp
C:\.tm43D.tmp
C:\.tm113.tmp
C:\.tmE8.tmp


Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24afa62e-6559-11dd-8995-000e50b103f1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52efc730-d325-11dc-9402-000e50b103f1}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[Olek9]

Kod: Zaznacz wszystko

ComboFix 08-11-21.05 - User 2008-11-22 16:25:37.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.549 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\Ja vs Wirusy\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\User\Pulpit\Ja vs Wirusy\CFScript.txt
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]

FILE ::
C:\.tm113.tmp
C:\.tm23B.tmp
C:\.tm43D.tmp
C:\.tm43F.tmp
C:\.tm48F.tmp
C:\.tm495.tmp
C:\.tmE8.tmp
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.tm113.tmp
C:\.tm23B.tmp
C:\.tm43D.tmp
C:\.tm43F.tmp
C:\.tm48F.tmp
C:\.tm495.tmp
C:\.tmE8.tmp

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-22 do 2008-11-22  )))))))))))))))))))))))))))))))
.

2008-11-20 21:11 . 2008-11-20 21:11   <DIR>   d--------   c:\program files\Trend Micro
2008-11-18 17:37 . 2008-11-18 17:51   <DIR>   d--------   C:\Age of Empires III
2008-11-16 13:22 . 2008-03-05 16:03   479,752   --a------   c:\windows\system32\XAudio2_0.dll
2008-11-16 13:22 . 2008-03-05 16:00   25,608   --a------   c:\windows\system32\X3DAudio1_3.dll
2008-11-12 17:00 . 2008-11-12 17:00   <DIR>   d--------   c:\program files\Microsoft Games
2008-11-12 16:38 . 2008-11-12 16:38   <DIR>   d--------   c:\program files\RivaTuner v2.10
2008-11-12 13:25 . 2002-10-16 11:38   2,359,350   --a------   c:\windows\bf1942_1.bmp
2008-11-12 01:55 . 2002-10-16 11:38   2,359,350   --a------   c:\windows\bf1942_2.bmp
2008-11-12 01:54 . 2002-10-16 11:38   2,359,350   --a------   c:\windows\bf1942_4.bmp
2008-11-12 01:54 . 2002-09-22 12:51   104,448   --a------   c:\windows\setwall.exe
2008-11-11 21:04 . 2001-05-11 13:18   420,240   --a------   c:\windows\system32\mpg4c32.dll
2008-11-11 21:04 . 2001-05-16 17:54   309,616   --a------   c:\windows\system32\wmv8dmod.dll
2008-11-11 21:04 . 2001-03-26 04:41   245,760   --a------   c:\windows\system32\mp4sds32.ax
2008-11-11 20:38 . 2008-11-11 20:38   <DIR>   d--------   c:\program files\Futuremark
2008-10-31 19:04 . 2008-10-31 19:04   994,260   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part10.rar
2008-10-31 16:23 . 2008-10-31 17:00   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part13
2008-10-31 15:49 . 2008-10-31 16:19   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part12
2008-10-30 16:05 . 2008-10-30 16:34   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part11.rar
2008-10-30 02:24 . 2008-10-30 02:24   42,320   --a------   c:\windows\system32\xfcodec.dll
2008-10-29 15:40 . 2008-10-29 16:07   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part10
2008-10-29 15:07 . 2008-10-29 15:34   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part09.rar
2008-10-28 18:28 . 2008-10-28 19:21   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part08.rar
2008-10-28 16:50 . 2008-10-28 17:19   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part07.rar
2008-10-28 16:15 . 2008-10-28 16:45   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part06.rar
2008-10-28 14:34 . 2008-10-28 15:02   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part05.rar
2008-10-27 17:16 . 2008-10-27 17:53   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part04.rar
2008-10-27 15:57 . 2008-10-27 16:26   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part03.rar
2008-10-27 15:16 . 2008-10-27 15:44   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part02.rar
2008-10-27 14:26 . 2008-10-27 14:54   104,857,600   --a------   C:\F1.GP_Wlk.Brytanii_2008__Sport-Video.pl_.part01.rar

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 14:03   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-21 21:41   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Xfire
2008-11-21 21:35   139,152   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2008-11-21 21:35   111,928   ----a-w   c:\windows\system32\PnkBstrB.exe
2008-11-21 16:56   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-11-21 15:19   ---------   d-----w   c:\program files\SpeedFan
2008-11-21 15:01   ---------   d-s---w   c:\program files\Xfire
2008-11-21 13:07   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\teamspeak2
2008-11-18 15:53   ---------   d-----w   c:\program files\eMule
2008-11-17 13:26   ---------   d-----w   c:\program files\Winamp
2008-11-16 16:00   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-10 10:50   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Skype
2008-11-10 08:28   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2008-10-29 21:16   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\ipla
2008-10-29 21:16   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ipla
2008-10-29 18:08   ---------   d-----w   c:\program files\ipla
2008-10-28 17:22   ---------   d-----w   c:\program files\CCleaner
2008-10-27 17:40   ---------   d-----w   c:\program files\Opera
2008-10-26 16:05   ---------   d-----w   c:\program files\SystemRequirementsLab
2008-10-24 15:27   ---------   d-----w   c:\program files\Premium Booster
2008-10-22 14:50   ---------   d-----w   c:\program files\PC Tools Firewall Plus
2008-10-20 15:05   ---------   d-----w   c:\program files\Prime95
2008-10-20 14:22   ---------   d-----w   c:\program files\ASUS
2008-10-19 20:29   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\AdobeUM
2008-10-18 13:04   ---------   d-----w   c:\program files\Neostrada TP
2008-10-18 13:04   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-10-18 13:04   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\DNA
2008-10-18 13:04   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\BitTorrent
2008-10-18 13:02   ---------   d-----w   c:\program files\Ashampoo
2008-10-16 17:46   ---------   d-----w   c:\program files\RivaTuner v2(2).10
2008-10-16 17:45   ---------   d-----w   c:\program files\RivaTuner v2(3).10
2008-10-16 15:07   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ATI
2008-10-16 15:03   ---------   d-----w   c:\program files\ATI Technologies
2008-10-15 16:32   ---------   d-----w   c:\program files\OO Software
2008-10-14 12:00   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Daoisoft
2008-10-14 10:48   ---------   d-----w   c:\program files\Defraggler
2008-10-12 20:30   ---------   d-----w   c:\program files\Common Files\Teleca Shared
2008-10-10 13:49   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-07 14:34   ---------   d-----w   c:\program files\SubEdit-Player
2008-10-06 14:57   ---------   d-----w   c:\program files\YouTube Downloader
2008-10-06 14:49   ---------   d-----w   c:\program files\Wondershare
2008-10-04 21:40   ---------   d-----w   c:\program files\Sony Setup
2008-10-04 21:40   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Sony Setup
2008-09-30 16:42   ---------   d-----w   c:\program files\WINnerTweak3
2008-09-27 16:10   ---------   d-----w   c:\program files\BrainWave Generator
2008-09-25 16:02   ---------   d-----w   c:\documents and settings\User\Dane aplikacji\Gearbox Software
2008-06-22 08:44   22,328   ----a-w   c:\documents and settings\User\Dane aplikacji\PnkBstrK.sys
2008-03-30 19:09   176   ---ha-w   c:\documents and settings\User\Dane aplikacji\hpothb07.dat
2008-03-30 13:29   1,599,488   --sha-w   c:\documents and settings\User\Moje dokumentyUxm2Pl_cfdg.exe
2006-07-20 00:17   93,653   ----a-w   c:\program files\fasterfox-1.0.3-fx.xpi
2006-06-19 10:08   774,144   ----a-w   c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"NETIANET"="c:\program files\Netia\Net\netianet.exe" [2007-02-16 474112]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\program files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 344064]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-07-08 2602904]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTuner.exe" [2008-08-31 2711552]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\User\Menu Start\Programy\Autostart\
GM_DevUpdate.lnk - c:\program files\USB all-in-one game controller\GM_DevUpdate.exe [2008-08-04 45056]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^Morpheus.lnk]
backup=c:\windows\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2005-05-05 16:31 3632640 c:\asus\Ai Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-05-19 17:11 18577448 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 17:45 36352 c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="c:\program files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Gadu-Gadu 7.0.6\\gg.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Call of Duty 2\\CoD2MP_s.exe"=
"e:\\Battlefield\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"e:\\Battlefield\\Battlefield Vietnam\\BfVietnam.exe"=
"c:\\Program Files\\Kazaa Lite Rewolucja\\kazaalite.kpp"=
"e:\\Battlefield\\Battlfield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"=
"e:\\Battlefield\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 VirtualK;VirtaulK;c:\windows\system32\drivers\VirtualK.sys [2008-08-04 3968]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-07-06 159896]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-08-19 2560]
R2 Vcs;Vcs support;\??\c:\windows\system32\Drivers\Vcs.sys [2007-12-20 6852]
R3 FWAuth;FWAuth Driver;\??\c:\windows\system32\drivers\FWAuthDriver.sys [2008-07-06 57240]
R3 GMFilter;GMFilter HID Filter Driver;c:\windows\system32\Drivers\GMFilter.sys [2008-08-04 21760]
R3 skbusenum;SKBus Enumerator;c:\windows\system32\DRIVERS\skbusenum.sys [2008-08-04 10880]
R3 uscsc108;uscsc108;c:\windows\system32\DRIVERS\uscsc108.sys [2003-03-09 102336]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys []
S2 ArcaVirMonitor;ArcaVir Antivirus Monitor Service; []
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys []
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc []
S3 arcaen;ArcaVir Monitor Kernel Engine Driver;\??\c:\program files\ArcaBit\ArcaVir\arcaen.sys []
S3 arcaev;ArcaVir Monitor Kernel Events Driver;\??\c:\program files\ArcaBit\ArcaVir\arcaev.sys []
S3 arcafd;ArcaVir Monitor Kernel Filter Driver;\??\c:\program files\ArcaBit\ArcaVir\arcafd.sys []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\DRIVERS\KS-959.sys [2006-05-10 19034]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 16:28:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-22 16:29:55
ComboFix-quarantined-files.txt  2008-11-22 15:29:33
ComboFix2.txt  2008-11-21 13:41:09

Przed: 463 056 896 bajtów wolnych
Po: 447,758,336 bajtów wolnych

227   --- E O F ---   2008-06-15 08:01:43


[wojtas]

te plik/i :

c:\windows\setwall.exe

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[Olek9]

http://virusscan.jotti.org/

Kod: Zaznacz wszystko

File:    setwall.exe
Status:    OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5:    7426fe1a60f2c893282630c8ef97df12
Packers detected:    -

Scanner results
Scan taken on 22 Nov 2008 18:31:59 (GMT)
A-Squared    Found nothing
AntiVir    Found nothing
ArcaVir    Found nothing
Avast    Found nothing
AVG Antivirus    Found nothing
BitDefender    Found nothing
ClamAV    Found nothing
CPsecure    Found nothing
Dr.Web    Found nothing
F-Prot Antivirus    Found nothing
F-Secure Anti-Virus    Found nothing
G DATA    Found nothing
Ikarus    Found nothing
Kaspersky Anti-Virus    Found nothing
NOD32    Found nothing
Norman Virus Control    Found nothing
Panda Antivirus    Found nothing
Sophos Antivirus    Found nothing
VirusBuster    Found nothing
VBA32    Found nothing

http://www.virustotal.com/

Kod: Zaznacz wszystko

Plik został już przeskanowany:MD5:   7426fe1a60f2c893282630c8ef97df12
First received:   -
Data:   2008.11.22 19:25:47 (CET) [<1D]
Wyniki:   0/37
Permalink:   analisis/b1683abadc924dea11a4722fb257523b

OTMoveIt C:\Qoobox nie mam takiego folderu

Kod: Zaznacz wszystko

File/Folder avenger.zip not found.
File/Folder avenger.exe not found.
File/Folder Avenger not found.
File/Folder avenger.txt not found.
File/Folder bfu.zip not found.
File/Folder BFU not found.
File/Folder combofix.exe not found.
File/Folder Combo-Fix.sys not found.
File/Folder ComboFix not found.
File/Folder erdnt\subs not found.
File/Folder QooBox not found.
File/Folder ComboFix*.txt not found.
Service not present: catchme.
File/Folder catchme.exe not found.
File/Folder fdsv.exe not found.
File/Folder grep.exe not found.
File/Folder moveex.exe not found.
File/Folder nircmd.exe not found.
File/Folder sed.exe not found.
File/Folder swreg.exe not found.
File/Folder Swsc.exe not found.
File/Folder Swxcacls.exe not found.
File/Folder VFind.exe not found.
File/Folder WS2Fix.exe not found.
File/Folder zip.exe not found.
File/Folder tmp.reg not found.
File/Folder dss.exe not found.
File/Folder Deckard not found.
File/Folder deljob.exe not found.
File/Folder deljob not found.
File/Folder logit.txt not found.
File/Folder FindAWF.exe not found.
File/Folder AWF.txt not found.
File/Folder fixwareout.exe not found.
File/Folder fixwareout not found.
File/Folder fsbl.exe not found.
File/Folder fsbl*.log not found.
File/Folder gmer.exe not found.
File/Folder gmer.dll not found.
File/Folder gmer.ini not found.
File/Folder gmer.log not found.
File/Folder gmer_uninstall.cmd not found.
File/Folder gmer.sys not found.
Service not present: gmer.
File/Folder haxfix.exe not found.
File/Folder haxfix.txt not found.
File/Folder killbox.exe not found.
File/Folder !Killbox not found.
File/Folder NoLop.exe not found.
File/Folder NoLop.txt not found.
File/Folder NoLopOLD.txt not found.
File/Folder delete.bat not found.
File/Folder OTListIt.exe not found.
File/Folder OTListIt.txt not found.
File/Folder Extras.txt not found.
File/Folder OTMoveIt.exe not found.
File/Folder OTMoveIt2.exe not found.
File delete failed. C:\Documents and Settings\User\Pulpit\Programy\OTMoveIt3.exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Pulpit\Programy\OTMoveIt3.exe scheduled to be deleted on reboot.


ATF_Cleaner

Done Cleaning !! ATF Cleaner has freed 100.996 MBs

skan zrobie kiedy indziej w 50 min miałem 26% ...

[wojtas]

daj znac jak bedziesz mial raport