prosze o sprawdznie, pilnie, chyba wirus!

[alex11]

prosze o bezwloczne sprawdzenie loga

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 20:09:00, on 2007-12-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Ultimate Defender\UltimateDefender.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\shovth.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mateusz\USTAWI~1\Temp\Rar$EX03.563\HijackThis.exe
C:\WINDOWS\system32\reg.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\zeeluudo\auzydlue.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKLM\..\Run: [gfqjehsx] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\gfqjehsx.dll"
O4 - HKLM\..\Run: [zqtgjkpa] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\zqtgjkpa.dll"
O4 - HKLM\..\Run: [dghipahw] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\dghipahw.dll"
O4 - HKLM\..\Run: [hufwvwdw] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\hufwvwdw.dll"
O4 - HKLM\..\Run: [razqrgzk] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\razqrgzk.dll"
O4 - HKLM\..\Run: [delklqdi] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\delklqdi.dll"
O4 - HKLM\..\Run: [kvurwhkl] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\kvurwhkl.dll"
O4 - HKLM\..\Run: [wpsvifcn] regsvr32 /u "C:\Documents and Settings\All Users\Dane aplikacji\wpsvifcn.dll"
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [StartUp] C:\WINDOWS\trayicons.exe /optimize speed
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Startup: .protected
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: findfast.exe
O4 - Startup: infos.exe
O4 - Global Startup: .protected
O4 - Global Startup: autorun.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa Kaspersky Anti-Virus (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[wojtas]

prosze o bezwloczne sprawdzenie loga

spokojnie... wytlumacz co sie dzieje z kompem ?jakies problemy? info daj

[alex11]

a wiec tak:

dziś pojawiła mi sie aktualizacja do Internet Explorer, pobrałem
następnie pojawil mi sie niby jakis antywirus ultimate defender( nie wiem skad on wgole i po co), miał on w sobie 2 wirusy- kon trojanski i jakis reklamator
teraz Windows mi wariuje: po uruchomieniu komputera pojawia mi sie masa błędów(ok.7), okienko w pasku narzędzi z chmurka, gdy wyłączam komputer pisze ze mam fałszywe oprogramowanie Windows, co jakiś czas pojawia mi sie jakieś okno po angielsku( nie znam ang), zablokowało mi panel sterowania- nie mam do niego dostepu(komunikat ze administrator nie pozwala tam wejść( czy coś)

co to jest???

[wojtas]

Wykonaj to co jest podane w tym temacie

zastosuj:

smitfraudfix z opcji 2

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[alex11]

Kod: Zaznacz wszystko

SmitFraudFix v2.265

Scan done at 16:08:06,18, 2007-12-12
Run from C:\Documents and Settings\Mateusz\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Ultimate Defender\UltimateDefender.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\shovth.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\reg.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

10.18.250.4   download.microsoft.com
10.18.250.4   downloads.microsoft.com
10.18.250.4   go.microsoft.com
10.18.250.4   microsoft.com
10.18.250.4   msdn.microsoft.com
10.18.250.4   office.microsoft.com
10.18.250.4   support.microsoft.com
10.18.250.4   windowsupdate.microsoft.com
10.18.250.4   www.microsoft.com
10.18.250.4   pandasoftware.com
10.18.250.4   www.pandasoftware.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !
C:\WINDOWS\shell.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\bronto.dll FOUND !
C:\WINDOWS\system32\printer.exe FOUND !
C:\WINDOWS\system32\proper.exe FOUND !
C:\WINDOWS\system32\spoolvs.exe  FOUND !
C:\WINDOWS\system32\winter.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mateusz


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mateusz\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\Mateusz\MENUST~1\Programy\AUTOST~1\.protected FOUND !
C:\DOCUME~1\Mateusz\MENUST~1\Programy\AUTOST~1\infos.exe FOUND !
C:\DOCUME~1\Mateusz\MENUST~1\Programy\AUTOST~1\findfast.exe FOUND !
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\autos.exe FOUND !
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\autorun.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mateusz\Ulubione


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\wowfx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 80.249.0.18
DNS Server Search Order: 80.249.5.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer=80.249.0.18 80.249.5.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer=80.249.0.18 80.249.5.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer=80.249.0.18 80.249.5.5


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



[ Dodano: Dzisiaj o 16:56 ]

Kod: Zaznacz wszystko

ComboFix 07-12-12.3 - Mateusz 2007-12-12 16:30:32.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.555 [GMT 1:00]
Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.exe
C:\.protected
C:\Autorun.inf
C:\Documents and Settings\All Users\Menu Start\Programy.\Ultimate Defender
C:\Documents and Settings\All Users\Menu Start\Programy.\Ultimate Defender\Ultimate Defender Uninstall.lnk
C:\Documents and Settings\All Users\Menu Start\Programy.\Ultimate Defender\Ultimate Defender.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.protected
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\autorun.exe
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\autos.exe
C:\Documents and Settings\All Users\Menu Start\Programy\Ultimate Defender\Ultimate Defender Uninstall.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\Ultimate Defender\Ultimate Defender.lnk
C:\Documents and Settings\Mateusz\Dane aplikacji.\Ultimate Defender
C:\Documents and Settings\Mateusz\Dane aplikacji.\Ultimate Defender\logs\1197399269.log
C:\Documents and Settings\Mateusz\Dane aplikacji\26415.exe
C:\Documents and Settings\Mateusz\Dane aplikacji\printer.exe
C:\Documents and Settings\Mateusz\Dane aplikacji\trant.exe
C:\Documents and Settings\Mateusz\Dane aplikacji\Ultimate Defender\logs\1197399269.log
C:\Documents and Settings\Mateusz\Menu Start\Programy\Autostart\.protected
C:\Documents and Settings\Mateusz\Menu Start\Programy\Autostart\findfast.exe
C:\Documents and Settings\Mateusz\Menu Start\Programy\Autostart\infos.exe
C:\Program Files\Ultimate Defender
C:\Program Files\Ultimate Defender\program.info
C:\Program Files\Ultimate Defender\UltimateDefender.db
C:\Program Files\Ultimate Defender\UltimateDefender.exe
C:\Program Files\Ultimate Defender\UltimateDefender.pkg
C:\Program Files\Ultimate Defender\Uninstall.exe
C:\WINDOWS\.protected
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\1033\1033.exe
C:\WINDOWS\system32\1045\1045.exe
C:\WINDOWS\system32\bronto.dll
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\restore\restore.exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\winter.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\windows.exe
D:\Autorun.inf
E:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DRIVER


(((((((((((((((((((((((((   Files Created from 2007-11-12 to 2007-12-12  )))))))))))))))))))))))))))))))
.

2007-12-12 16:14 . 2007-12-12 16:14   <DIR>   d--------   C:\WINDOWS\ERUNT
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2007-12-12 16:13 . 2007-08-30 21:37   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2007-12-12 16:13 . 2007-12-12 16:25   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-12 16:08 . 2007-12-12 16:08   5,032   --a------   C:\WINDOWS\system32\tmp.reg
2007-12-12 16:07 . 2007-09-05 23:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2007-12-12 16:07 . 2006-04-27 16:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2007-12-12 16:07 . 2003-06-05 20:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2007-12-12 16:07 . 2004-07-31 17:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2007-12-12 16:07 . 2007-10-03 23:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2007-12-11 20:46 . 2007-12-11 17:49   89,088   ---h-----   C:\WINDOWS\system32\config\systemprofile\systemprofile.exe
2007-12-11 20:39 . 2007-12-11 20:39   0   --a------   C:\WINDOWS\wsystmp_nbi.exe
2007-12-11 20:26 . 2007-12-11 20:26   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2007-12-11 20:26 . 2007-12-11 20:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations
2007-12-11 20:25 . 2007-12-11 20:25   0   --a------   C:\WINDOWS\wsystmp_nkf.exe
2007-12-11 18:08 . 2007-12-11 17:49   89,088   ---h-----   C:\WINDOWS\system32\drivers\drivers.exe
2007-12-11 17:51 . 2007-12-11 18:15   21,371   --a------   C:\Documents and Settings\Mateusz\Dane aplikacji\info.dat
2007-12-11 17:49 . 2007-12-11 17:49   89,088   --a------   C:\WINDOWS\wsystmp_akb.exe
2007-12-11 17:49 . 2007-12-11 17:49   89,088   ---hs----   C:\WINDOWS\system32\winsn.exe
2007-12-11 17:49 . 2007-12-11 17:49   89,088   ---hs----   C:\WINDOWS\system32\shovth.exe
2007-12-11 17:49 . 2007-12-11 17:49   89,088   ---hs----   C:\24AC683B.exe
2007-12-11 17:49 . 2007-12-12 16:34   28,929   --a------   C:\WINDOWS\system32\winsos.exe
2007-12-11 17:47 . 2007-12-11 17:47   29,184   --a------   C:\WINDOWS\wsystmp_vie.exe
2007-12-11 17:46 . 2007-12-12 16:21   <DIR>   d--------   C:\Program Files\zeeluudo
2007-12-11 17:44 . 2007-12-11 17:44   1,262   --a------   C:\WINDOWS\wsystmp_tvk.exe
2007-12-11 17:38 . 2007-12-11 17:38   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2007-12-11 17:36 . 2007-12-11 17:38   1,393   --a------   C:\WINDOWS\imsins.BAK
2007-12-04 21:33 . 2007-12-04 21:33   16,384   --a------   C:\WINDOWS\windisk.dll
2007-12-04 21:15 . 2007-12-04 21:15   28,929   --a------   C:\WINDOWS\trayicons.exe
2007-12-04 18:02 . 2007-12-04 18:02   119,568   ---------   C:\WINDOWS\system32\vb6fr.dll
2007-12-04 18:02 . 2007-12-04 18:02   15,872   ---------   C:\WINDOWS\system32\winskfr.dll
2007-12-04 18:00 . 2007-12-11 17:51   <DIR>   d--------   C:\WINDOWS\Eurobarre
2007-12-01 12:33 . 2007-12-01 12:33   <DIR>   d--------   C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeAUM
2007-11-29 14:39 . 2007-12-05 15:56   <DIR>   d--------   C:\Program Files\EA SPORTS
2007-11-25 13:00 . 2007-11-25 13:00   <DIR>   d--------   C:\Program Files\CCleaner
2007-11-22 08:09 . 2007-11-22 08:09   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-11-21 20:05 . 2004-08-03 23:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-11-21 18:19 . 2007-11-21 18:41   <DIR>   d--------   C:\Program Files\7-Zip
2007-11-21 18:18 . 2007-11-25 16:04   <DIR>   d--------   C:\Kompres
2007-11-21 07:02 . 2007-12-11 20:18   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 15:32   96,256   ----a-w   C:\WINDOWS\system32\drivers\sptd1581.sys
2007-12-11 17:39   ---------   d-----w   C:\Program Files\DAEMON Tools
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\srchasst\srchasst.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\srchasst\mui\[u]0[/u]415\[u]0[/u]415.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\srchasst\chars\chars.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Registration\Registration.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\UploadLB\Config\Config.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\UploadLB\Binaries\Binaries.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Remote Assistance.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\Unsolicited.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\Email.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Common.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\Css.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\Common.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\UpdateCtr\UpdateCtr.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\System.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfo.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\graphics.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\47x24pie.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\33x16pie.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\scripts\scripts.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Remote Assistance.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\Server.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Common.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\Client.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Css\Css.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\Common.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\rc\rc.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\subpanels.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\panels\panels.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\NetDiag\NetDiag.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\images\images.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\images\Expando\Expando.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\images\Centers\Centers.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\images\48x48\48x48.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\images\32x32\32x32.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\images\24x24\24x24.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\images\16x16\16x16.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\errors\errors.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\ErrMsg\ErrMsg.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\DVDUpgrd\DVDUpgrd.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\dialogs\dialogs.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\css\css.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\CompatCtr\CompatCtr.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\System\blurbs\blurbs.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\PackageStore\PackageStore.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\OfflineCache\Professional_32#0415\Professional_32#0415.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\OfflineCache\OfflineCache.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Logs\Logs.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Indices\Indices.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\DataColl\DataColl.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Database\Database.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Config\Config.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\pchealth\helpctr\binaries\binaries.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Media\Media.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\WindowsMediaPlayer.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\Video.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\Scr.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\WMarks.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Img.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\Btn.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\Css.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\Cnt.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\Wav.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Audio.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\mmTour\mmTour.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Tours\htmlTour\htmlTour.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\nvcpl\nvcpl.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Help\Help.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\Cursors\Cursors.exe
2007-12-11 16:49   89,088   ---h--w   C:\WINDOWS\AppPatch\AppPatch.exe
2007-12-08 19:20   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-12-05 14:58   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Hamachi
2007-11-28 15:31   ---------   d-----w   C:\Program Files\Usługi online
2007-11-26 16:44   ---------   d-----w   C:\Program Files\Google
2007-11-08 13:15   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-07 18:46   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Image Zone Express
2007-11-07 16:51   ---------   d-----w   C:\Program Files\BearShare
2007-11-07 16:40   ---------   d-----w   C:\Program Files\Java
2007-11-07 16:40   ---------   d-----w   C:\Program Files\Common Files\Java
2007-11-07 15:47   25,280   ----a-w   C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-07 15:47   ---------   d-----w   C:\Program Files\Hamachi
2007-11-01 12:14   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu
2007-11-01 11:49   ---------   d-----w   C:\Program Files\Opera
2007-10-29 11:44   ---------   d-----w   C:\Program Files\Alawar
2007-10-28 16:56   ---------   d-----w   C:\Program Files\Hasbro Interactive
2007-10-28 11:26   98,304   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 13:04   ---------   d-----w   C:\Program Files\Common Files\EasyInfo
2007-10-23 16:05   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-10-18 23:07   ---------   d-----w   C:\Program Files\directx
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 14:09]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-12 16:44 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"sis32"="C:\WINDOWS\system32\winsos.exe" [2007-12-12 16:34]
"winroot"="C:\WINDOWS\system32\winsn.exe" [2007-12-11 17:49]
"KAVWks50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 19:18]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
"StartUp"="C:\WINDOWS\Temp\checkmem.exe" []

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

R1 klmc;Sterownik KLMC;C:\WINDOWS\system32\drivers\klmc.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 16:34:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1059

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\windisk.dll
.
Completion time: 2007-12-12 16:35:29 - machine was rebooted
.
2007-12-11 20:08:05   --- E O F --- 


[/quote]

[ Dodano: Dzisiaj o 16:56 ]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 16:38:04, on 2007-12-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\shovth.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mateusz\USTAWI~1\Temp\Rar$EX00.344\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa Kaspersky Anti-Virus (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



[ Dodano: Dzisiaj o 17:00 ]
log z SDFix: Version 1.118 jest za dlugi co zrobic???

[wojtas]

zastosuj smitfraudfix z opcji 2 wlacz wcisnij liczbe 2 i enter i czekaj potem

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\wsystmp_nbi.exe
C:\WINDOWS\wsystmp_nkf.exe
C:\WINDOWS\system32\config\systemprofile\systemprofile.exe
C:\WINDOWS\system32\drivers\drivers.exe
C:\WINDOWS\wsystmp_akb.exe
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\shovth.exe
C:\24AC683B.exe
C:\WINDOWS\system32\winsos.exe
C:\WINDOWS\wsystmp_vie.exe
C:\WINDOWS\wsystmp_tvk.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\windisk.dll
C:\WINDOWS\trayicons.exe
C:\WINDOWS\system32\vb6fr.dll
C:\WINDOWS\system32\winskfr.dll
C:\WINDOWS\srchasst\srchasst.exe
C:\WINDOWS\srchasst\mui\0415\0415.exe
C:\WINDOWS\srchasst\chars\chars.exe
C:\WINDOWS\Registration\Registration.exe
C:\WINDOWS\pchealth\UploadLB\Config\Config.exe
C:\WINDOWS\pchealth\UploadLB\Binaries\Binaries.exe
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Remote Assistance.exe
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\Unsolicited.exe
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\Email.exe
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Common.exe
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\Css.exe
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\Common.exe
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US.exe
C:\WINDOWS\pchealth\helpctr\System\UpdateCtr\UpdateCtr.exe
C:\WINDOWS\pchealth\helpctr\System\System.exe
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfo.exe
C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\graphics.exe
C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\47x24pie.exe
C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\33x16pie.exe
C:\WINDOWS\pchealth\helpctr\System\scripts\scripts.exe
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Remote Assistance.exe
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\Server.exe
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Common.exe
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\Client.exe
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Css\Css.exe
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\Common.exe
C:\WINDOWS\pchealth\helpctr\System\rc\rc.exe
C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\subpanels.exe
C:\WINDOWS\pchealth\helpctr\System\panels\panels.exe
C:\WINDOWS\pchealth\helpctr\System\NetDiag\NetDiag.exe
C:\WINDOWS\pchealth\helpctr\System\images\images.exe
C:\WINDOWS\pchealth\helpctr\System\images\Expando\Expando.exe
C:\WINDOWS\pchealth\helpctr\System\images\Centers\Centers.exe
C:\WINDOWS\pchealth\helpctr\System\images\48x48\48x48.exe
C:\WINDOWS\pchealth\helpctr\System\images\32x32\32x32.exe
C:\WINDOWS\pchealth\helpctr\System\images\24x24\24x24.exe
C:\WINDOWS\pchealth\helpctr\System\images\16x16\16x16.exe
C:\WINDOWS\pchealth\helpctr\System\errors\errors.exe
C:\WINDOWS\pchealth\helpctr\System\ErrMsg\ErrMsg.exe
C:\WINDOWS\pchealth\helpctr\System\DVDUpgrd\DVDUpgrd.exe
C:\WINDOWS\pchealth\helpctr\System\dialogs\dialogs.exe
C:\WINDOWS\pchealth\helpctr\System\css\css.exe
C:\WINDOWS\pchealth\helpctr\System\CompatCtr\CompatCtr.exe
C:\WINDOWS\pchealth\helpctr\System\blurbs\blurbs.exe
C:\WINDOWS\pchealth\helpctr\PackageStore\PackageStore.exe
C:\WINDOWS\pchealth\helpctr\OfflineCache\Professional_32#0415\Professional_32#0415.exe
C:\WINDOWS\pchealth\helpctr\OfflineCache\OfflineCache.exe
C:\WINDOWS\pchealth\helpctr\Logs\Logs.exe
C:\WINDOWS\pchealth\helpctr\Indices\Indices.exe
C:\WINDOWS\pchealth\helpctr\DataColl\DataColl.exe
C:\WINDOWS\pchealth\helpctr\Database\Database.exe
C:\WINDOWS\pchealth\helpctr\Config\Config.exe
C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache.exe
C:\WINDOWS\pchealth\helpctr\binaries\binaries.exe
C:\WINDOWS\Media\Media.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\WindowsMediaPlayer.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\Video.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\Scr.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\WMarks.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Img.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\Btn.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\Css.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\Cnt.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\Wav.exe
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Audio.exe
C:\WINDOWS\Help\Tours\mmTour\mmTour.exe
C:\WINDOWS\Help\Tours\htmlTour\htmlTour.exe
C:\WINDOWS\Help\nvcpl\nvcpl.exe
C:\WINDOWS\Help\Help.exe
C:\WINDOWS\Cursors\Cursors.exe
C:\WINDOWS\AppPatch\AppPatch.exe

Folder::
C:\Program Files\zeeluudo

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sis32"=-
"winroot"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartUp"=-

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

[alex11]

zastosowalem smitfraudfix z opcji 2
Plik przeciągniąłem i upuściłem na ikonę ComboFixa, usuneło

nowe logi:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:13:05, on 2007-12-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mateusz\USTAWI~1\Temp\Rar$EX00.359\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa Kaspersky Anti-Virus (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Kod: Zaznacz wszystko

ComboFix 07-12-12.3 - Mateusz 2007-12-13 17:17:02.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.588 [GMT 1:00]
Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-11-13 to 2007-12-13  )))))))))))))))))))))))))))))))
.

2007-12-12 16:14 . 2007-12-12 16:14   <DIR>   d--------   C:\WINDOWS\ERUNT
2007-12-12 16:13 . 2007-12-13 17:10   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2007-12-12 16:13 . 2007-08-30 21:37   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2007-12-12 16:13 . 2007-12-12 18:12   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-12 16:08 . 2007-12-13 16:53   2,926   --a------   C:\WINDOWS\system32\tmp.reg
2007-12-11 20:26 . 2007-12-11 20:26   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2007-12-11 20:26 . 2007-12-11 20:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations
2007-12-11 17:51 . 2007-12-11 18:15   21,371   --a------   C:\Documents and Settings\Mateusz\Dane aplikacji\info.dat
2007-12-11 17:38 . 2007-12-11 17:38   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2007-12-04 18:00 . 2007-12-11 17:51   <DIR>   d--------   C:\WINDOWS\Eurobarre
2007-12-01 12:33 . 2007-12-01 12:33   <DIR>   d--------   C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeAUM
2007-11-29 14:39 . 2007-12-05 15:56   <DIR>   d--------   C:\Program Files\EA SPORTS
2007-11-25 13:00 . 2007-11-25 13:00   <DIR>   d--------   C:\Program Files\CCleaner
2007-11-22 08:09 . 2007-11-22 08:09   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-11-21 20:05 . 2004-08-03 23:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-11-21 18:19 . 2007-11-21 18:41   <DIR>   d--------   C:\Program Files\7-Zip
2007-11-21 18:18 . 2007-11-25 16:04   <DIR>   d--------   C:\Kompres
2007-11-21 07:02 . 2007-12-11 20:18   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 15:32   96,256   ----a-w   C:\WINDOWS\system32\drivers\sptd1581.sys
2007-12-11 17:39   ---------   d-----w   C:\Program Files\DAEMON Tools
2007-12-08 19:20   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-12-05 14:58   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Hamachi
2007-11-28 15:31   ---------   d-----w   C:\Program Files\Usługi online
2007-11-26 16:44   ---------   d-----w   C:\Program Files\Google
2007-11-08 13:15   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-07 18:46   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Image Zone Express
2007-11-07 16:51   ---------   d-----w   C:\Program Files\BearShare
2007-11-07 16:40   ---------   d-----w   C:\Program Files\Java
2007-11-07 16:40   ---------   d-----w   C:\Program Files\Common Files\Java
2007-11-07 15:47   25,280   ----a-w   C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-01 12:14   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu
2007-11-01 11:49   ---------   d-----w   C:\Program Files\Opera
2007-10-29 11:44   ---------   d-----w   C:\Program Files\Alawar
2007-10-28 16:56   ---------   d-----w   C:\Program Files\Hasbro Interactive
2007-10-28 11:26   98,304   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 13:04   ---------   d-----w   C:\Program Files\Common Files\EasyInfo
2007-10-23 16:05   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-10-18 23:07   ---------   d-----w   C:\Program Files\directx
.

(((((((((((((((((((((((((((((   snapshot@2007-12-12_16.34.41.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-11 16:49:50   89,088   ---h--w   C:\WINDOWS\erdnt\subs\F3M\F3M.exe
+ 2007-12-11 16:49:50   89,088   ---h--w   C:\WINDOWS\erdnt\subs\subs.exe
- 2007-12-11 19:26:37   44,555   ----a-w   C:\WINDOWS\system32\drivers\klick.sys
+ 2007-12-13 14:45:57   85,860   ----a-w   C:\WINDOWS\system32\drivers\klick.sys
- 2007-12-11 19:26:37   45,352   ----a-w   C:\WINDOWS\system32\drivers\klin.sys
+ 2007-12-13 14:45:57   90,980   ----a-w   C:\WINDOWS\system32\drivers\klin.sys
+ 2007-12-11 16:49:50   89,088   ---h--w   C:\WINDOWS\system32\Setup\Setup.exe
- 2006-01-09 08:36:06   40,960   ----a-w   C:\WINDOWS\system32\swsc.exe
+ 2007-12-04 00:00:42   136,704   ----a-w   C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32   79,360   ----a-w   C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 04:20:32   212,480   ----a-w   C:\WINDOWS\system32\swxcacls.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 14:09]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-12 16:44 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"KAVWks50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 19:18]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

R1 klmc;Sterownik KLMC;C:\WINDOWS\system32\drivers\klmc.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 17:17:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-13 17:18:43
C:\ComboFix2.txt ... 2007-12-13 17:10
C:\ComboFix3.txt ... 2007-12-13 17:03
.
2007-12-13 16:03:07   --- E O F --- 


[ Dodano: Dzisiaj o 17:33 ]
hmm.. jak usunąc niby jakieś fałszywe oprogramowanie do Windowsa chyba


i jeszcze mi sie to pojawia gdy wylaczam komputer( zapisywanie zmian, obok jest jakies kokienko z tym falszywym oprogramowaniem)

[wojtas]

sciagnij i zastosuj:

http://www.idg.pl/ftp/pc_11721/RemoveWGA.1.2.html

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\erdnt\subs\F3M\F3M.exe
C:\WINDOWS\erdnt\subs\subs.exe

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

[alex11]

nowe logi:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:50:28, on 2007-12-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mateusz\USTAWI~1\Temp\Rar$EX00.656\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa Kaspersky Anti-Virus (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Kod: Zaznacz wszystko

ComboFix 07-12-12.3 - Mateusz 2007-12-13 17:51:24.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.623 [GMT 1:00]
Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-11-13 to 2007-12-13  )))))))))))))))))))))))))))))))
.

2007-12-12 16:14 . 2007-12-12 16:14   <DIR>   d--------   C:\WINDOWS\ERUNT
2007-12-12 16:13 . 2007-12-13 17:49   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2007-12-12 16:13 . 2007-08-30 21:37   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2007-12-12 16:13 . 2007-12-12 18:12   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-12 16:08 . 2007-12-13 16:53   2,926   --a------   C:\WINDOWS\system32\tmp.reg
2007-12-11 20:26 . 2007-12-11 20:26   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2007-12-11 20:26 . 2007-12-11 20:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations
2007-12-11 17:51 . 2007-12-11 18:15   21,371   --a------   C:\Documents and Settings\Mateusz\Dane aplikacji\info.dat
2007-12-11 17:38 . 2007-12-11 17:38   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2007-12-04 18:00 . 2007-12-11 17:51   <DIR>   d--------   C:\WINDOWS\Eurobarre
2007-12-01 12:33 . 2007-12-01 12:33   <DIR>   d--------   C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeAUM
2007-11-29 14:39 . 2007-12-05 15:56   <DIR>   d--------   C:\Program Files\EA SPORTS
2007-11-25 13:00 . 2007-11-25 13:00   <DIR>   d--------   C:\Program Files\CCleaner
2007-11-22 08:09 . 2007-11-22 08:09   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-11-21 20:05 . 2004-08-03 23:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-11-21 18:19 . 2007-11-21 18:41   <DIR>   d--------   C:\Program Files\7-Zip
2007-11-21 18:18 . 2007-11-25 16:04   <DIR>   d--------   C:\Kompres
2007-11-21 07:02 . 2007-12-11 20:18   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 15:32   96,256   ----a-w   C:\WINDOWS\system32\drivers\sptd1581.sys
2007-12-11 17:39   ---------   d-----w   C:\Program Files\DAEMON Tools
2007-12-08 19:20   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-12-05 14:58   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Hamachi
2007-11-28 15:31   ---------   d-----w   C:\Program Files\Usługi online
2007-11-26 16:44   ---------   d-----w   C:\Program Files\Google
2007-11-08 13:15   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-07 18:46   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Image Zone Express
2007-11-07 16:51   ---------   d-----w   C:\Program Files\BearShare
2007-11-07 16:40   ---------   d-----w   C:\Program Files\Java
2007-11-07 16:40   ---------   d-----w   C:\Program Files\Common Files\Java
2007-11-07 15:47   25,280   ----a-w   C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-01 12:14   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu
2007-11-01 11:49   ---------   d-----w   C:\Program Files\Opera
2007-10-29 11:44   ---------   d-----w   C:\Program Files\Alawar
2007-10-28 16:56   ---------   d-----w   C:\Program Files\Hasbro Interactive
2007-10-28 11:26   98,304   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 13:04   ---------   d-----w   C:\Program Files\Common Files\EasyInfo
2007-10-23 16:05   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-10-18 23:07   ---------   d-----w   C:\Program Files\directx
.

(((((((((((((((((((((((((((((   snapshot@2007-12-12_16.34.41.59   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-11 19:26:37   44,555   ----a-w   C:\WINDOWS\system32\drivers\klick.sys
+ 2007-12-13 14:45:57   85,860   ----a-w   C:\WINDOWS\system32\drivers\klick.sys
- 2007-12-11 19:26:37   45,352   ----a-w   C:\WINDOWS\system32\drivers\klin.sys
+ 2007-12-13 14:45:57   90,980   ----a-w   C:\WINDOWS\system32\drivers\klin.sys
+ 2007-12-11 16:49:50   89,088   ---h--w   C:\WINDOWS\system32\Setup\Setup.exe
- 2006-01-09 08:36:06   40,960   ----a-w   C:\WINDOWS\system32\swsc.exe
+ 2007-12-04 00:00:42   136,704   ----a-w   C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32   79,360   ----a-w   C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 04:20:32   212,480   ----a-w   C:\WINDOWS\system32\swxcacls.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 14:09]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-12 16:44 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"KAVWks50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 19:18]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

R1 klmc;Sterownik KLMC;C:\WINDOWS\system32\drivers\klmc.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 17:52:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 2327

**************************************************************************
.
Completion time: 2007-12-13 17:52:35
C:\ComboFix2.txt ... 2007-12-13 17:49
C:\ComboFix3.txt ... 2007-12-13 17:18
.
2007-12-13 16:03:07   --- E O F --- 


[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\Setup\Setup.exe

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

[alex11]

prosze:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 18:14:00, on 2007-12-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mateusz\USTAWI~1\Temp\Rar$EX00.875\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B327B6A-99B0-4D90-9E50-1C7A0A15B3D6}: NameServer = 80.249.0.18 80.249.5.5
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa Kaspersky Anti-Virus (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Kod: Zaznacz wszystko

ComboFix 07-12-12.3 - Mateusz 2007-12-13 18:14:47.8 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.608 [GMT 1:00]
Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-11-13 to 2007-12-13  )))))))))))))))))))))))))))))))
.

2007-12-12 16:14 . 2007-12-12 16:14   <DIR>   d--------   C:\WINDOWS\ERUNT
2007-12-12 16:13 . 2007-12-13 18:13   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2007-12-12 16:13 . 2007-08-30 21:37   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2007-12-12 16:13 . 2007-12-12 18:12   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2007-12-12 16:13 . 2007-09-30 23:22   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-12 16:08 . 2007-12-13 16:53   2,926   --a------   C:\WINDOWS\system32\tmp.reg
2007-12-11 20:26 . 2007-12-11 20:26   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2007-12-11 20:26 . 2007-12-11 20:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations
2007-12-11 17:51 . 2007-12-11 18:15   21,371   --a------   C:\Documents and Settings\Mateusz\Dane aplikacji\info.dat
2007-12-11 17:38 . 2007-12-11 17:38   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2007-12-04 18:00 . 2007-12-11 17:51   <DIR>   d--------   C:\WINDOWS\Eurobarre
2007-12-01 12:33 . 2007-12-01 12:33   <DIR>   d--------   C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeAUM
2007-11-29 14:39 . 2007-12-05 15:56   <DIR>   d--------   C:\Program Files\EA SPORTS
2007-11-25 13:00 . 2007-11-25 13:00   <DIR>   d--------   C:\Program Files\CCleaner
2007-11-22 08:09 . 2007-11-22 08:09   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-11-21 20:05 . 2004-08-03 23:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-11-21 18:19 . 2007-11-21 18:41   <DIR>   d--------   C:\Program Files\7-Zip
2007-11-21 18:18 . 2007-11-25 16:04   <DIR>   d--------   C:\Kompres
2007-11-21 07:02 . 2007-12-11 20:18   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 15:32   96,256   ----a-w   C:\WINDOWS\system32\drivers\sptd1581.sys
2007-12-11 17:39   ---------   d-----w   C:\Program Files\DAEMON Tools
2007-12-08 19:20   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-12-05 14:58   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Hamachi
2007-11-28 15:31   ---------   d-----w   C:\Program Files\Usługi online
2007-11-26 16:44   ---------   d-----w   C:\Program Files\Google
2007-11-08 13:15   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-07 18:46   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Image Zone Express
2007-11-07 16:51   ---------   d-----w   C:\Program Files\BearShare
2007-11-07 16:40   ---------   d-----w   C:\Program Files\Java
2007-11-07 16:40   ---------   d-----w   C:\Program Files\Common Files\Java
2007-11-07 15:47   25,280   ----a-w   C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-01 12:14   ---------   d-----w   C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu
2007-11-01 11:49   ---------   d-----w   C:\Program Files\Opera
2007-10-29 11:44   ---------   d-----w   C:\Program Files\Alawar
2007-10-28 16:56   ---------   d-----w   C:\Program Files\Hasbro Interactive
2007-10-28 11:26   98,304   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 13:04   ---------   d-----w   C:\Program Files\Common Files\EasyInfo
2007-10-23 16:05   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-10-18 23:07   ---------   d-----w   C:\Program Files\directx
.

(((((((((((((((((((((((((((((   snapshot@2007-12-12_16.34.41.59   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-11 19:26:37   44,555   ----a-w   C:\WINDOWS\system32\drivers\klick.sys
+ 2007-12-13 14:45:57   85,860   ----a-w   C:\WINDOWS\system32\drivers\klick.sys
- 2007-12-11 19:26:37   45,352   ----a-w   C:\WINDOWS\system32\drivers\klin.sys
+ 2007-12-13 14:45:57   90,980   ----a-w   C:\WINDOWS\system32\drivers\klin.sys
- 2006-01-09 08:36:06   40,960   ----a-w   C:\WINDOWS\system32\swsc.exe
+ 2007-12-04 00:00:42   136,704   ----a-w   C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32   79,360   ----a-w   C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 04:20:32   212,480   ----a-w   C:\WINDOWS\system32\swxcacls.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 14:09]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-12 16:44 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"KAVWks50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 19:18]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

R1 klmc;Sterownik KLMC;C:\WINDOWS\system32\drivers\klmc.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 18:15:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 2327

**************************************************************************
.
Completion time: 2007-12-13 18:16:00
C:\ComboFix2.txt ... 2007-12-13 18:13
C:\ComboFix3.txt ... 2007-12-13 17:52
.
2007-12-13 16:03:07   --- E O F --- 


[wojtas]

wydaje sie byc ok

Autor postu otrzymał pochwałę

[alex11]

dobra, dzieki wielkie

[alex11]

pozniej z robilem skan kacperskim, wyniki:


teraz musze format robic czy da sie jakos inaczej to obejsc??

[Dzi@dek]

tematy połączyłem

[wojtas]

pokaz caly raport ze skanu a nie czesc

[alex11]

calego nie pokaze, wyszloby mi z 15 screenow albo i wiecej(teraz mam to wszystko w kopii zapasowej w kacperskim)
byly tam pliki prawie ze wszystkiego co mam na kompie: gg, pliki tekstowe, pojedyncze pliki z gier, windowsa

[wojtas]

pewnie wszystkie pliki o rozszerzeniu *.exe

zastosuj moze cos pomoze :

http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html

[alex11]

a moze jakis inny sposob??

[wojtas]

mowie jesli masz zainfekowane pliki exe to zastosuj szczepionke jesli nie pomoze to znaczy ze bedziesz musial robic formata wszyskich partycji. (mozesz zachowac filmy, muze ale te co maja rozszerzenie exe niestety musisz skasowac)