Proszę o spr. loga (rootkit-agent.cw i downloader.small.fta)

**Posty:** 9 · przez **nosek83** 30 Kwi 2009, 23:21

Proszę o sprawdzenie loga (problem z Rootkit-Agent.CW i Downloader.Small.FTA lub FTG)
Antywirus wykrywa mi Rootkit-Agent.CW i Downloader.Small.FTA lub FTG, ale chyba nie potrafi sobie z nimi poradzić, bo przy każdym połączeniu z netem wychwytuje je ponownie).
Komputer wyraźnie zwalnia, nie chcą się otwierać wszystkie foldery i cały czas na iPlusie wyświetlają się wysyłane i pobierane dane chociaż nic nie robię.
Pomóżcie proszę. Poniżej zamieszczam log z Combofixa, będę wdzięczna za interpretację i instrukcje co powinnam zrobić.

Kod: Zaznacz wszystko: ComboFix 09-04-30.02 - nosek 2009-04-30 22:27.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.510.170 [GMT 2:00] Uruchomiony z: c:\programy\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\CF6407.EXE . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-28 do 2009-04-30 ))))))))))))))))))))))))))))))) . 2009-04-30 13:17 . 2009-04-30 13:17 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP 2009-04-30 13:15 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll 2009-04-30 13:15 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll 2009-04-30 13:15 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll 2009-04-30 13:15 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll 2009-04-30 13:15 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\documents and settings\nosek\Application Data\Simply Super Software 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\program files\Trojan Remover 2009-04-30 13:03 . 2009-04-30 13:03 -------- d-----w c:\documents and settings\nosek\Local Settings\Application Data\GHISLER 2009-04-30 07:00 . 2009-04-30 07:00 -------- d-----w c:\program files\Anti Trojan Elite 2009-04-30 06:41 . 2009-04-30 06:41 -------- d-----w c:\program files\Anti-Trojan-55 2009-04-29 21:22 . 2007-06-14 07:29 241904 ----a-w c:\windows\UNBOC.EXE 2009-04-29 21:22 . 2007-05-08 15:01 208896 ----a-w c:\windows\CMDLIC.DLL 2009-04-29 21:21 . 2009-04-29 21:21 -------- d-----w c:\program files\Comodo 2009-04-29 21:14 . 2006-01-13 12:00 15872 ----a-w c:\windows\system32\drivers\vd_filedisk.sys 2009-04-29 21:14 . 2009-04-29 21:14 -------- d-----w c:\documents and settings\nosek\Application Data\HEXelon 2009-04-29 21:13 . 2009-04-29 21:13 -------- d-----w c:\program files\TC UP . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-30 19:11 . 2006-09-06 22:21 12 ----a-w c:\windows\bthservsdp.dat 2009-04-16 23:28 . 2009-01-19 18:05 73232 ----a-w c:\documents and settings\nosek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-05 21:06 . 2009-03-09 18:34 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-25 07:38 . 2009-03-25 07:38 -------- d-----w c:\program files\LizardTech 2009-03-24 10:45 . 2009-03-24 10:45 -------- d-----w c:\program files\NAPI-PROJEKT 2009-03-19 19:50 . 2009-03-19 19:50 -------- d-----w c:\program files\WinHTTrack 2009-03-09 18:34 . 2009-03-09 18:34 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-09 18:34 . 2009-03-09 18:34 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-09 18:33 . 2009-03-09 18:33 -------- d-----w c:\program files\AVG 2009-01-21 23:42 . 2009-01-20 09:30 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-21 23:42 . 2009-01-20 09:30 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-21 23:42 . 2009-01-20 09:30 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-21 23:42 . 2009-01-20 09:30 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-21 23:42 . 2009-01-20 09:30 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-01-30 1716224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-19 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-19 86016] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2008-05-30 409600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1932568] "AT-Watch"="c:\program files\Anti-Trojan-55\ATWatch.exe" [2002-09-08 26624] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-18 1206664] "Anti-Trojan-Watch"="c:\program files\Anti-Trojan-55\ATWatch.exe" [2002-09-08 26624] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-19 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-24 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-09 18:34 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgscanx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe"= "c:\\Program Files\\iPlus\\iPlusFlashSkin.exe"= "c:\\programy\\ComboFix.exe"= "c:\\WINDOWS\\NIRCMD.exe"= "c:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\nosek\\Application Data\\Simply Super Software\\Trojan Remover\\rtj1.exe"= "c:\\WINDOWS\\ehome\\ehtray.exe"= "c:\\WINDOWS\\eHome\\ehmsas.exe"= "c:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"= "c:\\WINDOWS\\RTHDCPL.EXE"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Acer\\Empowering Technology\\admtray.exe"= "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"= "c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"= "c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"= "c:\\Program Files\\Launch Manager\\LManager.exe"= "c:\\WINDOWS\\system32\\LVCOMSX.EXE"= "c:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"= "c:\\WINDOWS\\system32\\ElkCtrl.exe"= "c:\\Program Files\\iPlus\\iPlusChecker.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\\Program Files\\AVG\\AVG8\\avgtray.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\\WINDOWS\\NOTEPAD.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgui.exe"= "c:\\Program Files\\Trojan Remover\\Trjscan.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 ati64si;ati64si; [x] R2 netsik;netsik; [x] R2 nicsk32;nicsk32; [x] R2 port135sik;port135sik; [x] R2 securentm;securentm; [x] R2 ws2_32sik;ws2_32sik; [x] R3 ATE_PROCMON;ATE_PROCMON; [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-09 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-05 108552] S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106] S1 VD_FileDisk;VD_FileDisk; [x] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264] S2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-01-23 4096] S2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-01-23 78208] S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296] S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010] S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-06-19 1097728] S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - INT15.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\u.bat \Shell\explore\Command - F:\u.bat \Shell\open\Command - F:\u.bat . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-nosek - c:\documents and settings\nosek\nosek.exe HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe HKLM-Run-TE_RegProtect - c:\program files\Anti Trojan Elite\TERegPct.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://aia.posadzdrzewo.pl/ mStart Page = hxxp://pl.intl.acer.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://pl.intl.acer.yahoo.com/ uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\nosek\Application Data\Mozilla\Firefox\Profiles\otsd92l0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://aia.posadzdrzewo.pl/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-30 22:29 Windows 5.1.2600 Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-04-30 22:30 ComboFix-quarantined-files.txt 2009-04-30 20:30 Przed: 22 834 020 352 bytes free Po: 22 845 915 136 bajtów wolnych 205

Proszę pomóżcie

Sama nie dam rady sciana

**Posty:** 8001 · przez **Okocza** 01 Maj 2009, 13:47

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

Autor postu otrzymał pochwałę

**Posty:** 9 · przez **nosek83** 04 Maj 2009, 22:20

Zamieszczam log z SDFix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by nosek on 2009-05-04 at 21:52 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-04 21:57:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\\Program Files\\AVG\\AVG8\\avgscanx.exe"="C:\\Program Files\\AVG\\AVG8\\avgscanx.exe:*:Enabled:ENABLE" "C:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe"="C:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe:*:Enabled:ENABLE" "C:\\Program Files\\iPlus\\iPlusFlashSkin.exe"="C:\\Program Files\\iPlus\\iPlusFlashSkin.exe:*:Enabled:ENABLE" "C:\\programy\\ComboFix.exe"="C:\\programy\\ComboFix.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\NIRCMD.exe"="C:\\WINDOWS\\NIRCMD.exe:*:Enabled:ENABLE" "C:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe"="C:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\system32\\netsh.exe"="C:\\WINDOWS\\system32\\netsh.exe:*:Enabled:ENABLE" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:ENABLE" "C:\\Documents and Settings\\nosek\\Application Data\\Simply Super Software\\Trojan Remover\\rtj1.exe"="C:\\Documents and Settings\\nosek\\Application Data\\Simply Super Software\\Trojan Remover\\rtj1.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\ehome\\ehtray.exe"="C:\\WINDOWS\\ehome\\ehtray.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\eHome\\ehmsas.exe"="C:\\WINDOWS\\eHome\\ehmsas.exe:*:Enabled:ENABLE" "C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\RTHDCPL.EXE"="C:\\WINDOWS\\RTHDCPL.EXE:*:Enabled:ENABLE" "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe:*:Enabled:ENABLE" "C:\\Acer\\Empowering Technology\\admtray.exe"="C:\\Acer\\Empowering Technology\\admtray.exe:*:Enabled:ENABLE" "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe:*:Enabled:ENABLE" "C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\system32\\wbem\\unsecapp.exe"="C:\\WINDOWS\\system32\\wbem\\unsecapp.exe:*:Enabled:ENABLE" "C:\\Program Files\\Launch Manager\\LManager.exe"="C:\\Program Files\\Launch Manager\\LManager.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\system32\\LVCOMSX.EXE"="C:\\WINDOWS\\system32\\LVCOMSX.EXE:*:Enabled:ENABLE" "C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\system32\\ElkCtrl.exe"="C:\\WINDOWS\\system32\\ElkCtrl.exe:*:Enabled:ENABLE" "C:\\Program Files\\iPlus\\iPlusChecker.exe"="C:\\Program Files\\iPlus\\iPlusChecker.exe:*:Enabled:ENABLE" "C:\\Program Files\\Java\\jre6\\bin\\jusched.exe"="C:\\Program Files\\Java\\jre6\\bin\\jusched.exe:*:Enabled:ENABLE" "C:\\Program Files\\AVG\\AVG8\\avgtray.exe"="C:\\Program Files\\AVG\\AVG8\\avgtray.exe:*:Enabled:ENABLE" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:ENABLE" "C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"="C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\NOTEPAD.EXE"="C:\\WINDOWS\\NOTEPAD.EXE:*:Enabled:ENABLE" "C:\\Program Files\\AVG\\AVG8\\avgui.exe"="C:\\Program Files\\AVG\\AVG8\\avgui.exe:*:Enabled:ENABLE" "C:\\Program Files\\Trojan Remover\\Trjscan.exe"="C:\\Program Files\\Trojan Remover\\Trjscan.exe:*:Enabled:ENABLE" "C:\\WINDOWS\\system32\\wscntfy.exe"="C:\\WINDOWS\\system32\\wscntfy.exe:*:Enabled:ENABLE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Wed 6 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll" Wed 6 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll" Wed 6 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Wed 6 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll" Wed 6 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll" Mon 28 Aug 2006 90,112 A..H. --- "C:\Program Files\iPlus\tools.exe" Tue 24 Feb 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe" Wed 16 Jan 2002 27,648 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\SysIni.dll" Thu 12 Sep 2002 28,672 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\WinExit.dll" Thu 6 Sep 2001 40,960 A..H. --- "C:\Program Files\Anti-Trojan-55\DLL\ATRep.dll" Wed 16 Jan 2002 134,144 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\ATT.dll" Wed 16 Jan 2002 113,152 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\ATTexte.dll" Wed 16 Jan 2002 23,040 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\BetriebsSys.dll" Wed 2 May 2001 23,552 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\FileOp.dll" Wed 16 Jan 2002 40,960 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\FileSys.dll" Wed 2 May 2001 28,672 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\ListBox.dll" Wed 2 May 2001 24,064 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\Registry.dll" Wed 2 May 2001 32,256 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\RegValues.dll" Wed 2 May 2001 53,248 A.SH. --- "C:\Program Files\Anti-Trojan-55\DLL\ATPS.dll" Wed 2 May 2001 36,352 A.SHR --- "C:\Program Files\Anti-Trojan-55\PlugIns\ProcView.dll" Tue 8 May 2001 88,576 A.SHR --- "C:\Program Files\Anti-Trojan-55\PlugIns\ATPClose.dll" [b]Finished![/b]

i log z Combofix:

Kod: Zaznacz wszystko: ComboFix 09-04-30.02 - nosek 2009-04-30 22:27.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.510.170 [GMT 2:00] Uruchomiony z: c:\programy\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\CF6407.EXE . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-28 do 2009-04-30 ))))))))))))))))))))))))))))))) . 2009-04-30 13:17 . 2009-04-30 13:17 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP 2009-04-30 13:15 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll 2009-04-30 13:15 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll 2009-04-30 13:15 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll 2009-04-30 13:15 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll 2009-04-30 13:15 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\documents and settings\nosek\Application Data\Simply Super Software 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\program files\Trojan Remover 2009-04-30 13:03 . 2009-04-30 13:03 -------- d-----w c:\documents and settings\nosek\Local Settings\Application Data\GHISLER 2009-04-30 07:00 . 2009-04-30 07:00 -------- d-----w c:\program files\Anti Trojan Elite 2009-04-30 06:41 . 2009-04-30 06:41 -------- d-----w c:\program files\Anti-Trojan-55 2009-04-29 21:22 . 2007-06-14 07:29 241904 ----a-w c:\windows\UNBOC.EXE 2009-04-29 21:22 . 2007-05-08 15:01 208896 ----a-w c:\windows\CMDLIC.DLL 2009-04-29 21:21 . 2009-04-29 21:21 -------- d-----w c:\program files\Comodo 2009-04-29 21:14 . 2006-01-13 12:00 15872 ----a-w c:\windows\system32\drivers\vd_filedisk.sys 2009-04-29 21:14 . 2009-04-29 21:14 -------- d-----w c:\documents and settings\nosek\Application Data\HEXelon 2009-04-29 21:13 . 2009-04-29 21:13 -------- d-----w c:\program files\TC UP . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-30 19:11 . 2006-09-06 22:21 12 ----a-w c:\windows\bthservsdp.dat 2009-04-16 23:28 . 2009-01-19 18:05 73232 ----a-w c:\documents and settings\nosek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-05 21:06 . 2009-03-09 18:34 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-25 07:38 . 2009-03-25 07:38 -------- d-----w c:\program files\LizardTech 2009-03-24 10:45 . 2009-03-24 10:45 -------- d-----w c:\program files\NAPI-PROJEKT 2009-03-19 19:50 . 2009-03-19 19:50 -------- d-----w c:\program files\WinHTTrack 2009-03-09 18:34 . 2009-03-09 18:34 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-09 18:34 . 2009-03-09 18:34 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-09 18:33 . 2009-03-09 18:33 -------- d-----w c:\program files\AVG 2009-01-21 23:42 . 2009-01-20 09:30 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-21 23:42 . 2009-01-20 09:30 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-21 23:42 . 2009-01-20 09:30 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-21 23:42 . 2009-01-20 09:30 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-21 23:42 . 2009-01-20 09:30 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-01-30 1716224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-19 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-19 86016] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2008-05-30 409600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1932568] "AT-Watch"="c:\program files\Anti-Trojan-55\ATWatch.exe" [2002-09-08 26624] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-18 1206664] "Anti-Trojan-Watch"="c:\program files\Anti-Trojan-55\ATWatch.exe" [2002-09-08 26624] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-19 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-24 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-09 18:34 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgscanx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe"= "c:\\Program Files\\iPlus\\iPlusFlashSkin.exe"= "c:\\programy\\ComboFix.exe"= "c:\\WINDOWS\\NIRCMD.exe"= "c:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\nosek\\Application Data\\Simply Super Software\\Trojan Remover\\rtj1.exe"= "c:\\WINDOWS\\ehome\\ehtray.exe"= "c:\\WINDOWS\\eHome\\ehmsas.exe"= "c:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"= "c:\\WINDOWS\\RTHDCPL.EXE"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Acer\\Empowering Technology\\admtray.exe"= "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"= "c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"= "c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"= "c:\\Program Files\\Launch Manager\\LManager.exe"= "c:\\WINDOWS\\system32\\LVCOMSX.EXE"= "c:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"= "c:\\WINDOWS\\system32\\ElkCtrl.exe"= "c:\\Program Files\\iPlus\\iPlusChecker.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\\Program Files\\AVG\\AVG8\\avgtray.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\\WINDOWS\\NOTEPAD.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgui.exe"= "c:\\Program Files\\Trojan Remover\\Trjscan.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 ati64si;ati64si; [x] R2 netsik;netsik; [x] R2 nicsk32;nicsk32; [x] R2 port135sik;port135sik; [x] R2 securentm;securentm; [x] R2 ws2_32sik;ws2_32sik; [x] R3 ATE_PROCMON;ATE_PROCMON; [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-09 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-05 108552] S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106] S1 VD_FileDisk;VD_FileDisk; [x] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264] S2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-01-23 4096] S2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-01-23 78208] S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296] S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010] S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-06-19 1097728] S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - INT15.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\u.bat \Shell\explore\Command - F:\u.bat \Shell\open\Command - F:\u.bat . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-nosek - c:\documents and settings\nosek\nosek.exe HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe HKLM-Run-TE_RegProtect - c:\program files\Anti Trojan Elite\TERegPct.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://aia.posadzdrzewo.pl/ mStart Page = hxxp://pl.intl.acer.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://pl.intl.acer.yahoo.com/ uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\nosek\Application Data\Mozilla\Firefox\Profiles\otsd92l0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://aia.posadzdrzewo.pl/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-30 22:29 Windows 5.1.2600 Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-04-30 22:30 ComboFix-quarantined-files.txt 2009-04-30 20:30 Przed: 22 834 020 352 bytes free Po: 22 845 915 136 bajtów wolnych 205

i log z hijackthis:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:10:22, on 2009-05-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Acer\Empowering Technology\admServ.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Anti-Trojan-55\ATWatch.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPlus\iPlusFlashSkin.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\DOCUME~1\nosek\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\bezpieczeństwo\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aia.posadzdrzewo.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pl.intl.acer.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6E7A87FF-A974-4702-9BBC-4A87ADE6EA62}: NameServer = 212.2.96.54 212.2.96.53 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 9963 bytes

Dziękuję za pomoc...czekam z niecierpliwością na C.D.

**Posty:** 18165 · przez **wojtas** 04 Maj 2009, 22:28

Otworz notatnik i wklej w nim to:

Folder::
C:\DOCUME~1\nosek\LOCALS~1\Temp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

Driver::
ati64si
netsik
nicsk32
port135sik
securentm
ws2_32sik

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 9 · przez **nosek83** 04 Maj 2009, 22:55

Zrobiłam jak radziłeś....nowy log z Combofix:

Kod: Zaznacz wszystko: ComboFix 09-04-30.02 - nosek 2009-05-04 22:42.7 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.510.234 [GMT 2:00] Uruchomiony z: c:\programy\ComboFix.exe Użyto następujących komend :: c:\documents and settings\nosek\Desktop\CFScript.txt.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\nosek\LOCALS~1\Temp c:\docume~1\nosek\LOCALS~1\Temp\_iu14D2N.tmp c:\docume~1\nosek\LOCALS~1\Temp\~DF240E.tmp c:\docume~1\nosek\LOCALS~1\Temp\Arabic.bin c:\docume~1\nosek\LOCALS~1\Temp\Av-test.txt c:\docume~1\nosek\LOCALS~1\Temp\Czech.bin c:\docume~1\nosek\LOCALS~1\Temp\Danish.bin c:\docume~1\nosek\LOCALS~1\Temp\Dutch.bin c:\docume~1\nosek\LOCALS~1\Temp\English.bin c:\docume~1\nosek\LOCALS~1\Temp\Finnish.bin c:\docume~1\nosek\LOCALS~1\Temp\Flash6MovieV2.cu.mvx c:\docume~1\nosek\LOCALS~1\Temp\French.bin c:\docume~1\nosek\LOCALS~1\Temp\German.bin c:\docume~1\nosek\LOCALS~1\Temp\Greek.bin c:\docume~1\nosek\LOCALS~1\Temp\Hebrew.bin c:\docume~1\nosek\LOCALS~1\Temp\Hungarian.bin c:\docume~1\nosek\LOCALS~1\Temp\Italian.bin c:\docume~1\nosek\LOCALS~1\Temp\Japanese.bin c:\docume~1\nosek\LOCALS~1\Temp\jusched.log c:\docume~1\nosek\LOCALS~1\Temp\Korean.bin c:\docume~1\nosek\LOCALS~1\Temp\LVCOMSX.LOG c:\docume~1\nosek\LOCALS~1\Temp\MFPL7014.DLL c:\docume~1\nosek\LOCALS~1\Temp\mPlayer.cu.dll c:\docume~1\nosek\LOCALS~1\Temp\Norwegian.bin c:\docume~1\nosek\LOCALS~1\Temp\plugin.cu.mfx c:\docume~1\nosek\LOCALS~1\Temp\Polish.bin c:\docume~1\nosek\LOCALS~1\Temp\Portuguese(Brazil).bin c:\docume~1\nosek\LOCALS~1\Temp\Portuguese.bin c:\docume~1\nosek\LOCALS~1\Temp\RtkBtMnt.exe c:\docume~1\nosek\LOCALS~1\Temp\Russian.bin c:\docume~1\nosek\LOCALS~1\Temp\SimChin.bin c:\docume~1\nosek\LOCALS~1\Temp\Spanish.bin c:\docume~1\nosek\LOCALS~1\Temp\SWEDISH.bin c:\docume~1\nosek\LOCALS~1\Temp\System.cu.mfx c:\docume~1\nosek\LOCALS~1\Temp\Thai.bin c:\docume~1\nosek\LOCALS~1\Temp\TradChin.bin c:\docume~1\nosek\LOCALS~1\Temp\Turkish.bin . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ATI64SI -------\Legacy_NETSIK -------\Legacy_NICSK32 -------\Legacy_PORT135SIK -------\Legacy_SECURENTM -------\Legacy_WS2_32SIK -------\Service_ati64si -------\Service_netsik -------\Service_nicsk32 -------\Service_port135sik -------\Service_securentm -------\Service_ws2_32sik ((((((((((((((((((((((((( Pliki utworzone od 2009-04-04 do 2009-05-04 ))))))))))))))))))))))))))))))) . 2009-05-04 19:50 . 2009-05-04 19:50 -------- d-----w c:\windows\ERUNT 2009-05-04 19:39 . 2008-11-06 00:03 -------- d-----w C:\SDFix 2009-05-04 19:15 . 2009-05-04 19:15 -------- d-----w C:\bezpieczeństwo 2009-04-30 13:17 . 2009-04-30 13:17 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP 2009-04-30 13:15 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll 2009-04-30 13:15 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll 2009-04-30 13:15 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll 2009-04-30 13:15 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll 2009-04-30 13:15 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\documents and settings\nosek\Application Data\Simply Super Software 2009-04-30 13:15 . 2009-04-30 13:15 -------- d-----w c:\program files\Trojan Remover 2009-04-30 13:03 . 2009-04-30 13:03 -------- d-----w c:\documents and settings\nosek\Local Settings\Application Data\GHISLER 2009-04-30 07:00 . 2009-04-30 07:00 -------- d-----w c:\program files\Anti Trojan Elite 2009-04-30 06:41 . 2009-04-30 06:41 -------- d-----w c:\program files\Anti-Trojan-55 2009-04-29 21:22 . 2007-06-14 07:29 241904 ----a-w c:\windows\UNBOC.EXE 2009-04-29 21:22 . 2007-05-08 15:01 208896 ----a-w c:\windows\CMDLIC.DLL 2009-04-29 21:21 . 2009-04-29 21:21 -------- d-----w c:\program files\Comodo 2009-04-29 21:14 . 2006-01-13 12:00 15872 ----a-w c:\windows\system32\drivers\vd_filedisk.sys 2009-04-29 21:14 . 2009-04-29 21:14 -------- d-----w c:\documents and settings\nosek\Application Data\HEXelon 2009-04-29 21:13 . 2009-04-29 21:13 -------- d-----w c:\program files\TC UP . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-04 20:44 . 2006-09-06 22:21 12 ----a-w c:\windows\bthservsdp.dat 2009-04-16 23:28 . 2009-01-19 18:05 73232 ----a-w c:\documents and settings\nosek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-05 21:06 . 2009-03-09 18:34 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-25 07:38 . 2009-03-25 07:38 -------- d-----w c:\program files\LizardTech 2009-03-24 10:45 . 2009-03-24 10:45 -------- d-----w c:\program files\NAPI-PROJEKT 2009-03-19 19:50 . 2009-03-19 19:50 -------- d-----w c:\program files\WinHTTrack 2009-03-09 18:34 . 2009-03-09 18:34 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-09 18:34 . 2009-03-09 18:34 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-09 18:33 . 2009-03-09 18:33 -------- d-----w c:\program files\AVG 2009-01-21 23:42 . 2009-01-20 09:30 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-21 23:42 . 2009-01-20 09:30 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-21 23:42 . 2009-01-20 09:30 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-21 23:42 . 2009-01-20 09:30 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-21 23:42 . 2009-01-20 09:30 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-30_20.29.30 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-04 20:46 . 2009-05-04 20:46 16384 c:\windows\Temp\Perflib_Perfdata_620.dat + 2009-05-04 19:50 . 2009-05-04 19:50 163840 c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2009-05-04 19:50 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-05-04 19:51 . 2009-05-04 19:51 163840 c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2009-05-04 19:51 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-05-04 19:50 . 2009-05-04 19:50 7282688 c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2009-05-04 19:51 . 2009-05-04 19:51 7282688 c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-01-30 1716224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-19 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-19 86016] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2008-05-30 409600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1932568] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-18 1206664] "Anti-Trojan-Watch"="c:\program files\Anti-Trojan-55\ATWatch.exe" [2002-09-08 26624] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-19 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-24 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-09 18:34 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgscanx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe"= "c:\\Program Files\\iPlus\\iPlusFlashSkin.exe"= "c:\\programy\\ComboFix.exe"= "c:\\WINDOWS\\NIRCMD.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\ehome\\ehtray.exe"= "c:\\WINDOWS\\eHome\\ehmsas.exe"= "c:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"= "c:\\WINDOWS\\RTHDCPL.EXE"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Acer\\Empowering Technology\\admtray.exe"= "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"= "c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"= "c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"= "c:\\Program Files\\Launch Manager\\LManager.exe"= "c:\\WINDOWS\\system32\\LVCOMSX.EXE"= "c:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"= "c:\\WINDOWS\\system32\\ElkCtrl.exe"= "c:\\Program Files\\iPlus\\iPlusChecker.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\\Program Files\\AVG\\AVG8\\avgtray.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\\WINDOWS\\NOTEPAD.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgui.exe"= "c:\\Program Files\\Trojan Remover\\Trjscan.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 ATE_PROCMON;ATE_PROCMON; [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-09 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-05 108552] S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106] S1 VD_FileDisk;VD_FileDisk; [x] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264] S2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-01-23 4096] S2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-01-23 78208] S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296] S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010] S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-06-19 1097728] S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-AT-Watch - (no file) . ------- Skan uzupełniający ------- . uStart Page = hxxp://aia.posadzdrzewo.pl/ mStart Page = hxxp://pl.intl.acer.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://pl.intl.acer.yahoo.com/ uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\nosek\Application Data\Mozilla\Firefox\Profiles\otsd92l0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://aia.posadzdrzewo.pl/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-04 22:48 Windows 5.1.2600 Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(6460) c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\windows\system32\MSNChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\MSVCR71.dll c:\windows\system32\msi.dll c:\acer\Empowering Technology\ePower\SysHook.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\acer\Empowering Technology\admServ.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dllhost.exe c:\windows\system32\rundll32.exe c:\windows\eHome\ehmsas.exe c:\windows\system32\rundll32.exe c:\windows\system32\wbem\unsecapp.exe c:\docume~1\nosek\LOCALS~1\Temp\RtkBtMnt.exe . ************************************************************************** . Czas ukończenia: 2009-05-04 22:50 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-05-04 20:50 ComboFix2.txt 2009-04-30 20:30 Przed: 22 577 086 464 bytes free Po: 22 526 590 976 bajtów wolnych 288

Czy teraz jest już wsjo ok :?:

**Posty:** 18165 · przez **wojtas** 05 Maj 2009, 13:06

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 9 · przez **nosek83** 06 Maj 2009, 12:15

troszkę to potrwało, ale zrobiłam wszystko wg punktów;]

log z kaspersky o który prosiłeś:

Kod: Zaznacz wszystko: -------------------------------------------------------------------------------- RAPORT KASPERSKY ONLINE SCANNER 7.0 środa, 6 maj 2009 System operacyjny: Microsoft Windows XP Professional Service Pack 2 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Wednesday, May 06, 2009 07:55:29 Liczba wpisów: 2136826 -------------------------------------------------------------------------------- Ustawienia skanowania: Typ bazy danych użytej do skanowania: rozszerzona Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: C:\ D:\ E:\ Statystyki skanowania: Przeskanowanych plików: 58008 Nazwa zagrożenia: 2 Zainfekowanych obiektów: 3 Podejrzanych obiektów: 0 Czas skanowania: 01:19:44 Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń C:\Program Files\TC UP\PLUGINS\Tools\FtpPasswordRipper\Windows_Commander_FTP_Password_RIPPER.exe Zainfekowany: not-a-virus:PSWTool.Win32.Delf.f 1 C:\Program Files\TC UP\PLUGINS\Tools\Revelation\Revelation.exe Zainfekowany: not-a-virus:PSWTool.Win32.SnadBoy.2011 1 C:\Program Files\TC UP\PLUGINS\Tools\Revelation\RevelationHelper.dll Zainfekowany: not-a-virus:PSWTool.Win32.SnadBoy.2011 1 Wybrany obszar został przeskanowany.

co teraz?

**Posty:** 18165 · przez **wojtas** 06 Maj 2009, 12:31

czysto juz

Autor postu otrzymał pochwałę

**Posty:** 9 · przez **nosek83** 06 Maj 2009, 12:40

cudownie

dzięki wielkie za pomoc!

Kto jest na forum